DESIGN AND IMPLEMENTATION OF CLAIM BASED BIOMETRIC AUTHENTICATION SYSTEM OVER THE CLOUD
By
Osman Mirghani Osman Elsayed
Presented To
Department of Computer Science
ABSTRACT
In spite of their widespread use and ubiquity, passwords are unreliable as an
authentication methodology because they can be hacked or even guessed, yet when it comes to
biometrics it is very hard to impersonate someone. Therefore, biometric authentication schemes
are currently widely recognized as the strongest authentication technologies available on the
market.
Identity providers and claims-based identity are emerging technologies that aims to
decouple the authentication logic from the applicationâs business logic. This can be done by
assigning the authentication task to the identity provider and establishing a trust relationship
between the application and the identity provider so that the application relies on the identity
provider to authenticate the application users.
The project aims to develop an identity provider that uses fingerprint and facial
biometrics to authenticate users. The identity provider task is to determine the identity of the user
and pass the identity information to the relying applications which trust this identity provider.
For security purposes, the biometrics data of users is stored on a local server within the
sponsoring companyâs intranet. This local server is located behind firewalls and itâs address can
only be resolved internally within the intranet due to use of NAT. Therefore, the server doesnât
have a global IP address. Windows Azure cloud platform has a powerful component called
âWindows Azure Service Busâ which was used to solve this tough connectivity problem.
The project also aims to develop a simple employees management application that can be
used as an example of a relying application that relies on the developed identity provider to
authenticate the users.
Project management principles and software development lifecycle techniques were
applied during the project implementation. This approach has significantly streamlined the
project implementation process and the project objectives have been met.
TABLE OF CONTENTS
DICLARATION OF ORIGINALITY - - ii
ABSTRACT - - - iii
صÙختسÙ
Ùا - - - iv
ACKNOWLEDGEMENT - v
DEDICATION - vi
TABLE OF CONTENTS - - - vii
LIST OF FIGURES - - - ix
LIST OF ABBREVIATIONS - - - xi
1 INTRODUCTION - - 1
11 Introduction - - - 1
12 Project Background - - - 1
13 Problem Statement - - 1
14 Motivation - 1
15 Objectives - 2
16 Thesis Layout - - 2
2 LITERATURE REVIEW - - - 3
21 Introduction - - - 3
22 Authentication - - - 3
23 Biometrics - 4
231 Generic biometric authentication system - - - - _ 5
232 Fingerprint biometrics - - - - - 6
2321 Fingerprint characteristics - - - 6
2322 Issues in fingerprint recognition technology - - 7
233 Face biometrics - - - - - 8
2331 Processing workflow - 8
24 Software Architectural Concepts - - 9
241 Claims-Based Authentication and Identity Providers - - - _ 9
2411 Components of the claim-based authentication - - 10
2412 Claims-based authentication standards - - 12
2 413 Token format standard : Security Assertion Markup Language 20 (SAML 20) - - 12
242 Service oriented Architecture - - - - - 13
243 Model-View-Controller (MVC) - - - - 14
2431 Components interaction - - - 15
25 Programming Languages, Platforms, Technologies and Tools - 16
251 Programming languages - - - - _ 16
252 Platforms - - - - - - 16
253 Technologies - - - - - _ 16
254 Tools - - - - - - 18
3 METHODOLOGY - - - 20
31 Introduction - - 20
32 Project Initiation - 20
33 Project Planning - 22
331 Scope planning - - - - - _ 22
332 Time planning - - - - - 22
333 Risk management planning - - - - - 23
34 Project Execution - - 23
341 Software requirements - - - - - 24
342 Software design - - - - - _ 24
3421 BioSTS - - - 25
3422 Employees Administration Module - - 35
3423 Employees Access Module - 37
3424 Security Issues - - 37
35 Project Monitoring and Controlling - - 38
36 Project Closing - - 38
4 IMPLEMENTATION AND RESULTS - - 39
41 Introduction - - 39
42 Software Construction - - 39
421 BioSTS - - - - - 39
422 Employees Administration Module - - - - - 43
423 Employees Access Module - - - - - 45
43 Software Verification - - - 47
44 Software Deployment - - - 47
5 CONCLUSION AND FUTURE WORK - - 48
51 Project Review - - 48
52 Limitations - - - 48
53 Future Work - - - 49
BIBLIOGRAPHY - - - 50
Appendix A : Project Management Documents - - A-1
Appendix B : Software Engineering Documents - B-1
LIST OF FIGURES
Figure 2-1 Generic biometric authentication system - 6
Figure 2-2 Fingerprint points types - - 7
Figure 2-3 Face recognition system processing workflow - - - 8
Figure 2-4 Claims-based identity workflow - - 9
Figure 2-5 The format of the token - - 10
Figure 2-6 How does the STS works - - 11
Figure 2-7 The complete scenario of the claims-based authentication - - 11
Figure 2-8 SAML 20 token format - - 13
Figure 2-9 Service components - - 14
Figure 2-10 MVC design pattern - - 15
Figure 2-11 Internet connectivity challenges - - 17
Figure 2-12 The service bus as a relay service - - 18
Figure 3-1 Project management lifecycle and software development lifecycle overlapping - - 21
Figure 3-2 Project time plan â“ page 1 - - 22
Figure 3-3 Project time plan â“ page 2 - - 23
Figure 3-4 The high level architecture of the system - - 24
Figure 3-5 The STS process workflow - - 25
Figure 3-6 IdentityServer architecture - - 26
Figure 3-7 Data flow used by UareU SDK in fingerprint recognition - 28
Figure 3-8 Transmitting the fingerprint as FMD over a network - - 29
Figure 3-9 Fingerprint enrollment/authentication block diagram - - 29
Figure 3-10 Face recognition REST API description - - 30
Figure 3-11 Face detection REST API description - - 31
Figure â 3-12 Tags saving REST API description - - 31
Figure â 3-13 Faces training REST API description - - 31
Figure 3-14 Face recognition enrollment flow chart - - 32
Figure 3-15 Face recognition authentication flow chart - - - 33
Figure 3-16 Overall authentication process workflow - 34
Figure 3-17 Employee enrollment use case - - 36
Figure 3-18 Modify employeeâs enrollment use case - - 36
Figure 3-19 Change employeeâs fingerprint use case - - 36
Figure 4-1 BioSTS architecture - 39
Figure 4-2 The customized users store - - 40
Figure 4-3 The UserRepository Class - - 40
Figure 4-4 The ClaimsRepository class - - 41
Figure 4-5 Fingerprint authentication user interface - - 41
Figure 4-6 Face authentication user interface - - 42
Figure 4-7 The BioSTS Users Repository Service - 42
Figure 4-8 Configure the Employees Administration Module to trust BioSTS - - 43
Figure 4-9 The Administration module employees list - - 43
Figure 4-10 The Administration module employee profile modification - 44
Figure 4-11 Administration Module Service - - 44
Figure 4-12 âAdministration Module Serviceâ service bus configuration - 45
Figure 4-13 Employees Access module home page - - 45
Figure 4-14 Employee information page - - 46
Figure 4-15 Employees Access Service - - 46
Figure 4-16 Employees Access Service service bus configuration - - 46
LIST OF ABBREVIATIONS
IIS Internet Information Services
NAT Network Address Translation
SOA Service Oriented Architecture
SAML Security Assertion Markup Language
WIF Windows Identity Foundation
WCF Windows Communication Foundation
SDLC Software Development Life Cycle
RP Relying Party
STS Security Token Service
- FOR ENQUIRY
- support@e-projecttopics.com
- 09019904113
Learn and Obtain Diploma in Web development, Software development, Business, Technology and Creative Skills taught by industry experts. Explore a wide range of skills with our professional tutorials.
About E-Project Material Centre
E-Project Material Centre is a web service aimed at successfully assisting final year students with quality, well researched, reliable and ready made project work. Our materials are recent, complete (chapter 1 to Minimum of Chapter 5, with references) and well written.INSTANT ACCESS! INSTANT DOWNLOAD. Simply select your department, choose from our list of topics available and explore your data
Why Students Love to Use E-Project Material ?
Guaranteed Delivery Getting your project delivered on time is essential. You cannot afford to turn in your project past the deadline. That is why you must get your project online from a company that guarantees to meet your deadline. e-Project Topics Material Centre is happy to offer instant delivery of projects listed on our website. We can handle just about any deadline you send our way. Satisfaction Guaranteed We always do whatever is necessary to ensure every customer's satisfaction
Disclaimer
E-Project Topics Material Centre will only provide projects as a reference for your research. The projects ordered and produced should be used as a guide or framework for your own project. The contents of the projects should be able to help you in generating new ideas and thoughts for your own project. It is the aim of e-Project Topics Centre to only provide guidance by which the projects should be pursued. We are neither encouraging any form of plagiarism nor are we advocating the use of the projects produced herein for cheating.
Terms and Condition
Using our service is LEGAL and IS NOT prohibited by any university/college policies You are allowed to use the original model papers you will receive in the following ways:
- As a source for additional understanding of the subject
- As a source for ideas for you own research (if properly referenced)
- For PROPER paraphrasing ( see your university definition of plagiarism and acceptable paraphrase) Direct citing ( if referenced properly)