Literature Review:

The review of literature gives the clean picture of the problem to be solved as being a
prerequisite to actual planning and conducting the study. The review of past investigation serves
as a guide to the researchers as it avoids duplications in the field. The knowledge of what has
already been done in the area of investigation regarding the methods used for data. Collections
and results of their analysis keep a researcher systematic in his own endeavor. Thus, the review
of related literature is an indispensable step in research.

The purpose of Information Security is to protect the valuable resources of an organization such
as hardware, software and skilled people. Through the selection and application of appropriate
safeguard, security helps the organization to meet its business objectives or mission by protecting
its physical and financial resources, reputation, legal position, employees and other tangible and
intangible assets. Information systems security begins and ends with the people within the
organization and with the people that interact with the system, intentionally or otherwise. The
end-users who try to access the information which the security professionals are trying to protect
could be the weakest link in security chain. By understanding some of the behavioral aspects of
organizational science and change management, security administrators can greatly reduce the
levels of risk caused by end users and create more acceptable and supportable security profiles.
These measures, along with appropriate policy and training can substantially improve the
performance of end users and result in a more secured information system. Information security
is concerned with the assurance of confidentiality, integrity and availability of information in all
forms. Advances in the field of Information Technology also make Information Security an
inseparable part of it. In biometrics, human being needs to be identified based on some
characteristic physiological parameters. A wide variety of recognition schemes are used to either
confirm or determine the identity of an individual requesting their services. This Researcher has
collected comprehensive information from various books, manuals, magazines, journals, articles
and research websites. Information gathered through various seminars and conferences attended
also helped lot for the researcher.
1. Anil K.Jain (2007) focused on biometric template security which is an important issue
because, unlike passwords and tokens, compromised biometric templates cannot be
revoked and reissued. Protecting the template is a challenging task due to intra-user
variability in the acquired biometric traits. He present an overview of various biometric
template protection schemes and discuss their advantages and limitations in terms of
security, revocability, and impact on matching accuracy.
2. Brindha, V.E. (2011) presented about protection of fingerprint template from creation of
physical spoof and replacement by imposter's template to gain unauthorized access by
transformation based approaches and biometric cryptosystems. The security of the fuzzy
vault depends on the infeasibility of the polynomial reconstruction and the number of
chaff points. In the proposed system an even more secured fuzzy vault is generated with
combined features of fingerprint and palm print to enhance the security of the template
stored.
3. Comesana, P (2006) in his paper proposed a new version of the sensitivity attack based
on a general formulation; this method does not require any knowledge about the detection
function nor any other system parameter, but just the binary output of the detector, being
suitable for attacking most known watermarking methods.
4. C Cid (2006) presented an attack which exploits the cipher’s initialization procedure to
recover the 128 bit secrete key, the cipher is of cascade clock control sequence generator
based on notion of jump registers. Jump registers are autonomous Liner finite state
machines built on 14 memory cells. which behave as delay shift cells or feedback cell
depending on the value of jump control signal.
5. Dacheng Xu and Bailiang Li (2009) presented a pseudo-random sequence fingerprint key
algorithm based on fuzzy vault is proposed. It is usually difficult to transform template
and generate cancelable fingerprint template. In this method, the distribution of the
minutiae can be changed, which overcomes vulnerabilities. Further, a bounding box of
variable size minutiae matcher during decoding to account for nonlinear distortion is used
and this leads to find out reliable minutiae to improve the genuine accept rate.
6. Daesung Moon,Sungju Lee,Seunghwan Jung,Yongwha Chung (2006) presents an
implementation to improve the security of the typical PKI-based authentication by
protecting the private key with a fingerprint also the privacy issue of the fingerprint data
 by storing the fingerprint data not in a database, but in a user-carry device such as a smart
card or a USB token. Furthermore, the fingerprint data stored in the user-carry device is
conglomerated with the private key, and the private key is released only with the valid
fingerprint

7. Dake He (2008) presents about a AKA scheme (SPAKA) based on self-certified public-
key is proposed for the coming 4G system to reduce the storage, computation and
communicational load of existing public-key based user authentication schemes while
improving the security of 3G AKA scheme. Three authentication protocols including first-
time authentication, re-authentication and handoff authentication are designed respectively
for different authentication scenarios. It had outperformed related schemes by providing
better flexibility and scalability while maintain the expected security and efficiency.
8. Hailun Liu (2010) propose a new fuzzy vault method based on cubic spline interpolation.
The piecewise low-degree polynomial of spline interpolation could overcome poor
convergence problem and much longer key could be generated. Because the security of the
fuzzy vault arises from the number of chaff points in the vault, the same security level
could be guaranteed compared to polynomial reconstruction based fuzzy vault.
Experimental results based on HA-BJTU palm print database show the feasibility of the
proposed method and performances are satisfied.

9. Hogan, M.T (2006) in his paper, had described about to construct blind classifiers capable
of detecting steganography in JPEG images and assigning stego images to six popular
JPEG embedding algorithms. The classifiers are support vector machines that use 23
calibrated DCT feature calculated from the luminance component
10. Jian-Shuen Fang (2007) This paper presents a novel biometric system for real-time walker
recognition using a pyroelectric infrared sensor, a Fresnel lens array and signal processing
based on the linear regression of sensor signal spectra. In the model training stage, the
maximum likelihood principal components estimation (MLPCE) method is utilized to
obtain the regression vector for each registered human subject. Receiver operating
characteristic (ROC) curves are also investigated to select a suitable threshold for
maximizing subject recognition rate.
11. Jinyang Shi (2009) In this paper, a new fuzzy cryptographic technique without use of
chaff data, Randomized Dissolvent Template (RDT), is proposed for biometric set
modalities. The proposed technique is designed to dissolve the enrolled biometric set into
a random secret resource, so as to construct robust secured templates by exploiting at least
two resources of randomness. In this way, when one fingerprint is used for multiple
applications, each time the additional information leakage by secured templates will not
exceed the new introduced random information, so RDT is reusable.
12. J. Nechvatal (2000) Described about AES, the algorithm may be implemented in
software, firmware, hardware, or any combination thereof. The specific implementation
may depend on several factors such as the application, the environment, the technology
used, etc. The algorithm shall be used in conjunction with a FIPS approved or NIST
recommended mode of operation
13. J Zhang (2006) propsed a secure buyer seller watermarking protocol without the
assistance of TTP (Trusted third party) is proposed in which there are only two
participants a seller and a buyer. Based on the idea of sharing a secret, a watermark is
embedded in digital content to trace piracy is composed of two pieces of information one
by seller another by buyer they cannot remove it thus tracing piracy and protecting the
customers rights.
14. Khan, M.K. (2008) demonstrate that their scheme is vulnerable and susceptible to the
attack and has some practical pitfalls. Their scheme performs unilateral authentication
(only client authentication) and there is no mutual authentication between user and remote
system, so their scheme suspects from the server spoofing attack. Furthermore, their
scheme is slow in detecting the wrong input-password, and users cannot change their
passwords. To solve the problems found in Wu-Chieu's scheme, they propose an efficient
and secure remote mutual authentication scheme by using one-way hash functions. The
computational cost and efficiency of the proposed scheme are better than other related
published schemes.

15. Kumar D (2008) Discussed about the problem that a person has to take many cards and
has to remember their passwords or secret codes and to keep secure to take with him all
time. Here a biometric the fingerprints payment system is used for various kinds of
 payment system. Biometric fingerprints payment system is much safe and secure and very
easy to use and even without using any password or secret codes to remember as compare
with previous system like credit card payment system, wireless system and mobile system
etc. Biometric fingerprints payment system is reliable and expensive and it has more
advantages as compare with others.

16. Li Fen, Wuhan, Liu Quan,Pang Liaojun,Pei Qingqi (2011) preseted a secure “strong two-
factor identity authentication” which stores digital certificate in smart card, and then
protects the PIN of smart card with fuzzy fingerprint vault. Only the legal user can release
the securely stored PIN to open the smart card and acquire the stored digital certificate
with its private key by inputting his/her fingerprint. This scheme further perfects the safe
authentication of PKI, and can be applied in the identity authentication of high-end user or
the user with special safety requirement.

17. M Jamzad (2006) had discussed the advantage of using Julian set pattern as a watermark,
instead of using pseudorandom noise pattern. Julian set pattern can be regenerated in a
receiver with few parameters such as coefficient of its function and an initial point. These
parameters can be embedded in the key.It not only manipulate lower number of pixels but
also compared with pseudorandom noise pattern. It increases the robustness of watermark
against attacks.

18. Mrunal Fatangare and K.N.Honwadkar (2011) discussed about Reliable information
security mechanisms are required in the today’s era of cyber theft. Current cryptographic
algorithms have a very high proven security but they suffer from the key management
problem. Therefore a blend of cryptography and biometric can becomes a upcoming
security tool. Using unique biometric identity of a person the keys for cryptosystem can be
made secure. Iris is one of the proven and accurate means to identify person and it does
not change throughout life of a person. A biometric solution to cryptographic key
management problem using iris based fuzzy vault can be more secure.
19. Mulyono, D. (2008) In this paper, he introduce preliminary process to enhance the image
quality worsened by light effect and noise produced by the web camera, then segment the
 vein pattern by using adaptive threshold method and matched them using improved
template matching. The experimental result shows that even the image quality is not good,
as long as our veins are clear and also with some appropriate process it still can be used as
the means of personal identification.
20. Nagar, A. (2009) show that the security of fuzzy vault can be improved by encrypting
these polynomial evaluations using a fuzzy commitment scheme. Which makes it difficult
for an adversary to decode the vault even if the correct set of minutiae is selected. He used
minutiae descriptors, which capture orientation and ridge frequency information in a
minutiapsilas neighborhood, for securing the polynomial evaluations. This modification
leads to a significant increase in both the security (number of tries an adversary has to
make in order to guess the secure key) and matching accuracy of the vault.

21. Nandkumar K. and A K Jain presented a fully automatic implementation of the fuzzy
vault scheme based on fingerprint minutiae by extracting high curvature points derived
from the fingerprint orientation field and use them as helper data to align the template and
query minutiae. They applied a minutiae matcher during decoding to account for nonlinear
distortion and which leads to significant improvement in the genuine accept rate. The
performance of the vault implementation on two different fingerprint databases. Shown
the performance improvement can be achieved by using multiple fingerprint impressions
during enrollment and verification.

22. Nithyanandam,Thanjavur, Gayathri,Raja, K,Priyadarsini presents various approaches to

generate a unique and more secure cryptographic key from iris template. The iris images
are processed to produce iris template or code to be utilized for the encryption and
decryption tasks. The various cryptographic techniques such as AES, DES,
Add/Subtraction operations, Reed-Solomon error-correcting algorithm, Layered order
Encryption techniques and Fuzzy logic implementations are employed to directly encrypt
and decrypt the data. Recently, biometric cryptosystems have been introduced as a reliable
way of concealing private keys by using biometric data.
23. Ryan Henry and Ian Goldberg (2011) discuss the existing approaches in detail, they first
propose a formal definition for anonymous blacklisting systems, and a set of security and
privacy properties that these systems should possess. They also outline a set of new
performance requirements that anonymous blacklisting systems should satisfy to
maximize their potential for real-world adoption, and give formal definitions for several
optional features already supported by some schemes in the literature.

24. Scheirer, Walter; Boult, Terrance (2010) covers the ethics, privacy and security of
biometrics. Also an in-depth review of the state of the art in what is sometimes called
biometric template protection, including biometric encryption, fuzzy vaults, fuzzy
extractors, biometric hashing, and cancelable biometrics. Also covers a security analysis
of these technologies including the published attacks.

25. T. Allasiry (2006) described a forgery in which Bob able to forge Alice’s Signature
without knowing the keys required. Bob use his long term private key
26. U. Korte and R. Plaga (2007) shown how to use the approach of a cryptographic
protection of biometric templates in connection with biometric databases. they commented
on how to combine it with centralized PIN verification procedures in online banking
scenarios as a new application scenario and suggested a suitable integration in existing
protocols.
27. Xin Lai (2008) described about a scheme of ID-based signcryption key encapsulation.
Security properties of proposed scheme are proven in random oracle model. The proposed
scheme is ID-IND-CCA secure in confidentiality and ID-UF-CMA secure in
unforgeability. Owing to Sakai-Kasahara identity based keys contracture no paring
computing and no MapTo- Point hash function are required in the encapsulation phase of
proposed scheme. According to the recent advances in pairings optimized computing and
point reduction, his scheme is not only security but also have advantage on performance.
28. Xianfeng Guo (2008) proposed two improved schemes. One works in clock
synchronization, and the other can work without synchronization. The schemes are secure
against replaying attacks and can establish a shared session key. However, and point out
that all the aforementioned schemes are Non-contributory, i.e. the malicious party can
 predetermine the shared session key by the vice of several Chebyshev polynomials
passing through the same point. In particular, we demonstrate that the asynchronous key
agreement protocol can't resist replaying attack. Therefore, the use of these schemes for
secure applications may be discouraged.

29. Yu Zheng (2008) in this paper, he embark a new study on constructing a TMP according
to ME's feature, and performing mutual authentication in mobile user domain. A smart-
phone's processor is used as an example to demonstrate the constructing of TMP, along
with which three methods for adding trusted platform module (TPM) in ME are presented
respectively. In the framework of TMP, he also propose a user authentication scheme
combining password and fingerprint with the USIM (universal subscriber identity
module). The validation result shows that better efficiency and advanced security over the
authentication scheme presented in TMP's draft standard.

30. Z.-M. Lu (2006) had presented in his paper about Hybrid video compression (HVC) that adopts
both transform domain vector quantization (VQ) and scalar quantization(SQ) where the VQ is
employed for encoding intra- coded frames which achieve better rate distortion performance than
SQ adopted in H.263. The digital fingerprint, robust and fragile watermarks are embedded in
compressed video for pirate tracing, ownership identification and content authentication
respectively.