CPSC 4600/5600: Biometrics and Cryptography
This course covers the basic concepts of pattern recognition and biometrics, current major biometric technologies, and analyzes specific case studies from technical, privacy, and social impact viewpoints along with a critical study of the cryptographic protocols used in many security applications. Prerequisites: CPSC 1110, 3200, 3600 and Mathematics 3030 with grades of C or better.
TextbooksRequired: Cryptography and Network Security, Behrouz A. Forouzan, McGraw Hill, ISBN: 9-780073-327532.
- Biometrics for Network Security, Edition: 1, Paul Reid, Prentice Hall, ISBN: 0-13-101549. More on Chapters Information.
- Implementing Biometric Security, Edition: 1, John Chirillo and Scott Blaul, Wiley, ISBN: 0-7645-2502-6. More on Chapters Information.
- David Hook. Beginning Cryptography with Java, Wiley, 2005, ISBN: 0-7645-9633-0
- Bill Ball. Linux in 24 hours, Sams. Free version of this book is available online. http://www.linux-books.us/linux_general_0009.php
- Paul Reid. Biometrics for Network Security. Prentice Hall, 2004, ISBN: 0-13-101549-4
- John Chirillo, Scott Blaul. Implementing Biometric Security, Wiley, ISBN 0-7645-2502-6
- Bruce Schneier, Applied Cryptography, Wiley, second edition, ISBN: 0-471-11709-9
Lecture 1: Introduction to Biometrics;
Lecture 2. Fingerprint Biometrics; NBIS.ppt; Multi-layer Perceptron Network (MLP)
Lecture 3. Face Biometrics; Principal Component Analysis (PCA) and Linear Discriminant Analysis (LDA)
Lecture 4. Graphology; Guidelines to Handwriting Analysis; NIST-Form-based Handprint Recognition System;
Lecture 5. Voice; Voice Biometrics (paper)
Lecture 6. IRIS-Retina; Deoxyribonucleic acid (DNA);
Lecture 7.The Future of Biometrics; Challenges; Evaluation
Lecture 8. Classical Cryptography
Lecture 9. Conventional Cryptography
Lecture 10. Key Distribution Center
Lecture 11. Public Key Cryptography and Identitiy-based Cryptography
Lecture 12. Public Key Management
Lecture 13. Authentication
Lecture 14. Hash
Lecture 15. Entity Authentication
Lecture 16. Quantum Cryptography
Evaluation of Presentation:
Hands-on Projects (Some labs were developed under sponsorship of NSF CCLI #0942581):
- Project on Fingerprint Biometrics
A. Install NIST Fingerprint Image Software 2.
B. Test and demo Command: PCASYS (PCASYSX), MINDTCT, NFIQ, and BOZORTH3.
C. The software is available in the CD distributed in the class. Write a report to document your efforts and observation including the following. You can feel free to add other comments to NBIS software.
1) Results and screenshots of NBIS software installation a) make config; b) make it; c) make install; d) make catalog
2) Explain purpose of PCASYS package, command you used, and screenshots of successful executionc. Explain purpose of MINDTCT package, command you used, and screenshots of successful executiond. Explain purpose of NFIQ package, command you used, and screenshots of successful executione. Explain purpose of BOZORTH3 package, command you used, and screenshots of successful execution
Optional Hands-on Projects
- Download and Install NFIS2 software, test and document command for fingerprint classification (PCASYSX), minutiae detection (MINDTCT), enrollment quality (NFIQ), and fingerprint matching (BOZORTH3).http://fingerprint.nist.gov/NFIS/
- Download and Install TrueFace software.
- Download and Install face biometric software fromColoradoStateUniversity. Test and document the face recognition based on PCA, LDA and Bayesian Networks.http://www.cs.colostate.edu/evalfacerec/algorithms5.html
- Download and Install NIST form-based handprint software. Test and document the process of handwriting recognition. http://www.itl.nist.gov/iaui/vip/databases/defs/nist_ocr.html
- Download and Install voice recognition software (SPHIX3 or SPHIX4) from Carnegie Mellon University (CMU). Test and document the process of voice recognition.http://cmusphinx.sourceforge.net/html/cmusphinx.php
- Follow tutorial from Sun to generate and Verify Signatures. More information please refer to:http://java.sun.com/docs/books/tutorial/security/apisign/index.html
- More Security information in Java is here:http://java.sun.com/javase/6/docs/technotes/guides/security/index.html
More IA Study Materials
 Craig I. Watson, Michael D. Garris, Elham Tabassi, Charles L. Wilson, R. Michael McCabe, Stanley Janet and Kenneth Ko, User's Guide to NIST Biometric Image Software (NBIS), National Institute of Standards and Technology, 2006.http://fingerprint.nist.gov/NFIS/
 Craig I. Watson, Michael D. Garris, Elham Tabassi, Charles L. Wilson, R. Michael McCabe and Stanley Janet, User's Guide to NIST Fingerprint Image Software 2 (NFIS2), National Institute of Standards and Technology, 2006.http://www.itl.nist.gov/iad/894.03/nigos/NBIS/request_ecc_cd.html
 Ross Beveridge, David Bolme, Marcio Teixeira and Bruce Draper, The CSU Face Identification Evaluation System User's Guide: Version 5.0, Computer Science Department Colorado State University, 2003,http://www.cs.colostate.edu/evalfacerec/algorithms5.html
 The National Biometrics Challenge, National Science and Technology Council, Subcommittee on Biometrics, August 2006, http://www.biometrics.gov/NSTC/pubs/biochallengedoc.pdf
 Lodge Juliet, Trends in Biometrics, December 2006, http://www.libertysecurity.org/article1191.html
 P. Jonathon Phillips, Alvin Martin, C.l. Wilson, Mark Przybocki, "An Introduction to Evaluating Biometric Systems,"Computer, vol.33, no.2, pp. 56-63, February 2000.
 Michael D. Garris, James L. Blue, Gerald T. Candela, Patrick J. Grother, Stanley A. Janet and Charles L. Wilson, NIST Form-Based Handprint Recognition System (Release 2.0), NISTIR 5959, National Institute of Standards and Technology, April 2003.http://www.itl.nist.gov/iaui/vip/databases/defs/nist_ocr.html
 Markowitz, J. A. Voice biometrics. Commun. ACM 43, 9 (Sep. 2000), 66-73. DOI= http://doi.acm.org/10.1145/348941.348995
 Li Yang, Kathy Winters, Joseph M. Kizza, Biometrics Education with Hands-on Labs, Proceedings of the 46th annual southeast regional conference, ACM Digital Library, March, 2008.
IA Academic Links
- Institute of Electrical and Electronics Engineering/Institution of Engineering and Technology
- ACM Homepage
- National Information Assurance Training and Education Consortium (NATEC): http://www.niatec.org/
- CiteSeer.IST: http://citeseer.ist.psu.edu/
- National Vulnerability Database: http://nvd.nist.gov/
- The United States Computer Emergency Readiness Team (US-CERT): http://www.us-cert.gov/
- Computer Security Articles by Bruce Schneier: http://www.schneier.com/essays-comp.html
- National Institute of Standards and Technology: http://csrc.nist.gov/
- National Security Agency: http://www.nsa.gov/
- Department of Homeland Security: http://www.dhs.gov/index.shtm
- Protocols from The Internet Engineering Task Force (IETF)
- Transmission Control Protocol (TCP): http://www.faqs.org/rfcs/rfc793.html
- User Datagram Protocol (UDP): http://tools.ietf.org/html/rfc768
- Hypertext Transfer Protocol (HTTP): http://www.ietf.org/rfc/rfc2616.txt
- HTTP over TLS: http://www.ietf.org/rfc/rfc2818.txt
- Domain Name Service (DNS): http://www.ietf.org/rfc/rfc1035.txt
- File Transfer Protocol (FTP): http://www.ietf.org/rfc/rfc0959.txt
- Simple Mail Transfer Protocol (SMTP): http://www.ietf.org/rfc/rfc0821.txt
- POP3: http://www.ietf.org/rfc/rfc1939.txt
- IMAP: http://www.ietf.org/rfc/rfc2060.txt
- Internet Protocol (IP): http://www.ietf.org/rfc/rfc0791.txt
- IPv6: http://www.ietf.org/rfc/rfc2460.txt
- The IP Network Address Translator (NAT): http://www.ietf.org/rfc/rfc1631.txt
- Internet Control Message Protocol (ICMP): http://www.ietf.org/rfc/rfc792.txt
- Internet Routing Protocol Standardization Criteria: http://tools.ietf.org/html/rfc1264
- Session Initiation Protocol (SIP): http://www.ietf.org/rfc/rfc2543.txt
- Routing Information Protocol (RIP): http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rip.htm
- Open Shortest Path First (OSPF): http://www.ietf.org/rfc/rfc2328.txt ; http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ospf.htm
- Border Gateway Protocol (BGP): http://www.ietf.org/rfc/rfc1772.txt
- RTSP: http://www.ietf.org/rfc/rfc2326.txt
- Address Resolution Protocol (ARP): http://www.ietf.org/rfc/rfc826.txt
- The Point-to-Point Protocol (PPP): http://www.ietf.org/rfc/rfc1661.txt
- Asynchronous Transfer Mode (ATM): Shttp://www.techfest.com/networking/atm/atm.htm
- CSMA/CD: http://www.erg.abdn.ac.uk/users/gorry/eg3561/lan-pages/csma-cd.html
- CSMA/CA: http://www.science.uva.nl/research/air/projects/old_projects/wlan/simulations/Intro_-_WLAN/Intro_-_CSMA_CA/intro_-_csma_ca.html
- IEEE 802.11: http://www.ieee802.org/11/
- Extensible Authentication Protocol (EAP) Key Management Framework: http://tools.ietf.org/html/draft-ietf-eap-keying-11
- An Architecture for Differentiated Services (Diffserv): http://www.ietf.org/rfc/rfc2475.txt
- Multipurpose Internet Mail Extensions (MIME): http://www.ietf.org/rfc/rfc2045.txt
- Resource ReSerVation Protocol (RSVP): http://www.ietf.org/rfc/rfc2205.txt
- OpenPGP Message Format: http://www.ietf.org/rfc/rfc2440.txt
- TLS: http://www.ietf.org/rfc/rfc2246.txt
- Security Architecture for the Internet Protocol (IPSec): http://www.ietf.org/rfc/rfc2401.txt
- A Simple Network Management Protocol (SNMP): http://www.ietf.org/rfc/rfc1157.txt
- UNIX/sockets/C/C++/PERL/JAVA manuals
- Database Privacy from Microsoft Research: http://research.microsoft.com/research/sv/DatabasePrivacy/
- University of Tennessee at Chattanooga (UTC) library: http://www.lib.utc.edu/ Note many journals are available in UTC libraries, and some of them are accessible from any computers in UTC.
- ACM Transactions on Information and System Security (TISSEC): http://tissec.acm.org/ (On-line journal is accessible from any computer in UTC)
- IEEE security & privacy (available in UTC library): http://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=8013
- The Virus Bulletin: http://www.virusbtn.com/index
- IEEE Transactions on Dependable and Secure Computing (available in UTC library):
- Information Systems Control (available in UTC library): http://www.isaca.org/Content/NavigationMenu/Members_and_Leaders/Publications/Journal/Information_Systems_Control_Journal_Home.htm
- IEEE communications magazine (available in UTC library)
- IEEE distributed systems online (available in UTC library)
- IEEE eTransactions on network and service management (available in UTC library)
- IEEE internet computing (available in UTC library)
- IEEE network (0890-8044)(available in UTC library)
- IEEE parallel & distributed technology (available in UTC library)
- IEEE personal communications (available in UTC library)
- Journal of Cryptography: http://www.springer.com/west/home/computer/lncs?SGWID=4-164-70-1009426-0&referer=www.springeronline.com&SHORTCUT=www.springer.com/sgw/cda/frontpage/0,11855,4-164-70-1009426-0,00.html
- International Journal of Information and Computer Security: http://www.inderscience.com/browse/index.php?journalCODE=ijics
- Where Wizards Stay Up Late: The Origins of the Internet History of how a group of computer scientists tackled and achieved the "impossible", and created the Internet; fun and non-technical reading of how the Internet as we know it today got started and developed.
- Access Control & Biometrics
- User's Guide to NIST Biometric Image Software (NBIS)
- A Bayesian Similarity Measure for Direct Image Matching (1996)
- Discriminant Analysis of Principle Components for Face Recognition (1998)
- Voice Biometrics (2000)
- New Pen Device for Biometrical 3D Pressure Analysis of Handwritten Characters, Words and Signatures (2003)
- Diffusion of Biometrics In Information Systems
- NIST Form-Based Handprint Recognition System
- FERET (Face Recognition Technology) Recognition Algorithm Development and Test Results
General Security Policy: Cyber Ethics
General Security Policy: Information Technology Security Evaluation Criteria (ITSEC)
General Procedures: Inference
General Procedures: Rainbow Series
General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems
General Countermeasures and Safeguards: Computer Law
General Countermeasures and Safeguards: Computer Media
General Countermeasures and Safeguards: Evaluate Security Testing Tools
Administrative Countermeasures/Safeguards: Control Management
Administrative Countermeasures/Safeguards: Privacy Act
Operations Policies/Procedures: Keystroke Monitoring
Operations Policies/Procedures: Disaster Recovery Planning
Policy and Procedures: Incident Response
Policy and Procedures: Witness Interrogation
Operations Countermeasures/Safeguard: Computer Attacks
Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams
Administrative Policies/Procedures: Approval to Operate
Administrative Policies/Procedures: Configuration/Change Control
Administrative Policies/Procedures: Copyright Protection
Administrative Policies/Procedures: Patch Management
Administrative Policies/Procedures: Records Management
Administrative Policies/Procedures: Wireless Use Policies
Anomolies and Integrity
General Risk Management: Computer System Risk Management
Access Control Safeguards: Computer System Access Control
Access Control Safeguards: Protected Distribution Systems
Access Control Safeguards: Information Systems Access Restrictions
Access Control Mechanisms: KMI Applications
Access Control Mechanisms: Single Sign-on
- National Security Agency, Central Security Service—Information Assurance
- Information Assurance Support Environment
- Information Design Assurance Red Team (IDART)
- National Institute of Standards and Technology (NIST) Computer Security Division
- NIST Computer Security Resource Clearinghouse
- National Telecommunications and Information Administration (NTIA)
- ICAT Metabase
- ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.
- National Vulnerability Database (NVD)
- ASD NII
- Defense Advanced Research Projects Agency (DARPA)
- Defense Information Systems Agency (DISA)
- Internet Traffic Report
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100 and is updated ever 15 minutes. Higher values indicate faster and more reliable connections.
- Electronic Privacy Information Center Home Page
Public interest research center in Washington, D.C.
- Information Security Portal
This site provides information concerning the topic of Information Warfare including security tools, the law and legal issues, espionage, terrorism, and information operations.
- Internet Privacy Coalition
- International Computer Security Association (ICSA)
ICSA is known worldwide as an objective source for security assurance services.
- Glossary of Information Warfare Terms
- Cyberwar - Information warfare and psychological operations
Provides information on the topics of propaganda analysis, online journals, index and metapages, general resources, intelligence agencies, and articles and documents.
- Reliable Software Technologies (RST): Information Warfare
- Forum of Incident Response and Security Teams (FIRST)
- FIRST brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.
- International Association for Cryptologic Research (IACR)
The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose primary purpose is to further research in cryptology and related fields.
- International Biometrics Industry Association (IBIA)
- Common Vulnerabilities and Exposures
- A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
- Institute for Applied Network Security (IANETSEC)
The Institute for Applied Network Security is the premier membership organization for practicing information security professionals. The Institute's mission is to provide key technical and business insights to help members solve their most pressing professional challenges.
- Reliability Information Analysis Center (RIAC)
Reliability Information Analysis Center (RIAC) : A Government and Industry focal point for Reliability, Maintainability, Quality, Supportability, and Interoperability related Engineering, Data, Software, Information, Training and Technical Assistance.