Human Factors Of Security Systems

Published Date: 02 Nov 2017

CHAPTER 1

INTRODUCTION

All security access methods are based on three fundamental pieces of information: who you are, what you have, and what you know. If users can provide proof in some or all of these areas, they are admitted to the system. Most login procedures require users to provide information in two of these authentication areas, and there are various options for the information required. The most common login procedure is for the user to provide a user ID and a shared secret password that they have chosen .The fixed password is perhaps the most common way of authenticating a user to a device such as a Personal Computer (PC). At the time of authentication, the user is identified by a user-name and prompted to enter a password. The system compares the entered password against the expected response and reacts accordingly. But users of password systems are notorious for many bad behaviors, including choosing easily guessed passwords, forgetting their passwords, writing them down, or telling them to friends and strangers.

A wide variety of systems require reliable personal recognition schemes to either confirm or determine the identity of an individual requesting their services. The purpose of such schemes is to ensure that the rendered services are accessed only by a legitimate user, and not anyone else. Examples of such applications include secure access to buildings, computer systems, laptops, cellular phones and ATMs. In the absence of robust personal recognition schemes, these systems are vulnerable to the wiles of an impostor. Biometric recognition, or simply biometrics, refers to the automatic recognition of individuals based on their physiological and/or behavioral characteristics. By using biometrics it is possible to confirm or establish an individual’s identity based on "who she is", rather than by "what she possesses" (e.g., an ID card) or "what she remembers" (e.g., a password).

Biometrics is the authentication of users using physiological or behavioral characteristics. Naturally, uniqueness and immutability features are strictly required to differentiate between different persons and these features should not change over the person's lifetime .In personal identification applications, the thumbprint has been a preferred choice over PIN numbers, key and passwords. This is due to the fact that physical existence of the authorized person is a must for identification purpose to ensure security. Biometrics systems function to identify individuals by matching a specific personal characteristic, the biometrics identifier, with one previously recorded. Biometric identification considers individual physiological characteristics and/or typical behavioral patterns of a person to validate their authenticity.

"HIGH SECURE CENTRALIZED FILE SERVER WITH MINUTIAE ENCRYPTION" (BioSec) is the system which is applicable for providing security for the files. The system uses the biometrics technology for the security providing medium. This system uses the fingerprints for the security system. Password can be hacked by trial and error basis. But it is not possible to break the biometric based security system. The system uses two algorithms for the process. The one way hash function is used for the key build process and the AES algorithm is used for the encryption/decryption process. A multilevel security system for plaintext file messages is proposed and implemented using the File Transfer Protocol (FTP) on the remote server.

CHAPTER 2

LITERATURE SURVEY

Encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. An encryption algorithm along with a key is used in the encryption and decryption of data. Data Encryption Standards (DES), Advanced Encryption Standard (AES), are the most popular algorithms used in symmetric key cryptography. AES is a symmetric block cipher that can encrypt and decrypt information. Cryptography provides the secure manner of information transmission over the insecure channel. It authenticates messages based on the key but not on the user. It requires a lengthy key to encrypt and decrypt the sending and receiving the messages, respectively. But these keys can be guessed or cracked. Moreover, maintaining and sharing lengthy, random keys in enciphering and deciphering process is the critical problem in the cryptography system .Many ideas and techniques have been proposed to solve this problem. However, these ideas were not as a unified solution,

1.HUMAN FACTORS OF SECURITY SYSTEMS: A BRIEF REVIEW

The current security model for verification of identity, protection of information and authentication to access data or services is based on using a token or password, tied to and thereby representing an individual to either authenticate identity or allow access to information. Password is the information associated with an entity that confirms the entity’s identity. This is an example of authentication mechanism based on what the people know. The user supplies a password, and the computer validates it. If the password is one associated with the user’s identity, the identity is authenticated. If not, the password is rejected and authentication fails. Users have been described as the weakest link in security systems because of their behavior when using user ID/password systems. This makes security systems quite vulnerable to crack attacks, where common passwords and dictionary words are tried until a password is broken.

Password is the most commonly used technology for authentication. It defined access control as the restriction of unauthorized user to access to a portion of a computerized user or to the entire system. Access to a computer consist of physical, access to system and access to specific commands, control transaction privileges , programs and data.

Very common problem is that users forget their passwords, because of the difficulty for remembering. The password which is the most commonly used technology for authentication may be guessed by hackers, eavesdropped, stolen, wired among others. Similar user IDs and passwords can lead to confusion and this is the most common problem for medium-use passwords .PINs, four or six digit numbers, are particularly difficult to remember and are easily confused even when used frequently. Another related human factors problem is the content of passwords. Our memory systems are particularly weak at remembering meaningless content. Other notorious password behaviors are: (1) users share their passwords with their friends and colleagues, (2) users fail to change their passwords on a regular basis even when instructed to, (3) users may choose the same password (or closely related passwords) for multiple systems,

2. AN INTRODUCTION TO BIOMETRIC RECOGNITION

Biometric recognition, or simply biometrics, refers to the automatic recognition of individuals based on their physiological and/or behavioral characteristics. A biometric system is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database. Humans have used fingerprints for personal identification for many centuries and the matching accuracy using fingerprints has been shown to be very high. A fingerprint is the pattern of ridges and valleys on the surface of a fingertip, the formation of which is determined during the first seven months of fetal development. Fingerprints of identical twins are different and so are the prints on each finger of the same person. The user picks up the fingerprint in the client. By fingerprint identification, the server is able to recognize the identity of the user. Then they can communicate one another by using the new cipher code acquired after identifying the fingerprint. Presently biometric systems use the central biometric template storage. The reason for this central storage can be seen in two different aspects. The first one is that the central template storage place avoids the extra cost and inconveniences of users. The second one is that standardization. Standards would resolve the compatibility problem over different services within the group and enable a possibility for adding a new service to the group.

The applications of biometrics can be divided into the following three main groups:

•Commercial applications such as computer network login, electronic data security, ecommerce, Internet access, ATM, credit card, physical access control, cellular phone, PDA,

medical records management, distance learning, etc.

• Government applications such as national ID card, correctional facility, driver’s license, social security, welfare-disbursement, border control, passport control, etc.

•Forensic applications such as corpse identification, criminal investigation, terrorist identification, parenthood determination, missing children, etc.

The advantage that Biometrics presents is that the information is unique for each individual and that it can identify the individual in spite of variations in the time (it does not matter if the first biometric sample was taken year ago).The pillars of e-learning security are: authentication, privacy (data confidentiality) authorization (access control), data integrity and non-repudiation. Biometric is a technique that can provide all this requirements with quite lot reliability. Although biometrics is considered the most effective and safe method. Fingerprints cannot be guessed

Biometrics is relatively new and some people may find their use intrusive (resisting). False reading, speed limits accuracy, and forgeries are main disadvantages of biometrics. Some of the genuine feature values are replaced with values selected by the attacker. Another attack is Template database attack e.g. addition, modification or removal of template.

3. ASYMMETRIC CRYPTOSYSTEMS

The first asymmetric cryptosystems appeared in 1970s to address the problem of key management in symmetric cryptography. In 1976, Whitfield Diffie and Martin Hellman published a key management scheme that was the predecessor to the first public-key cryptosystems; it later became known as the Diffie-Hellman Key Exchange Protocol. Later, several asymmetric cryptosystems were developed, including ElGamal, Rabin, and RSA cryptosystems. An asymmetric cryptosystem is associated with a pair of keys; therefore, not everything related to the cryptosystem needs to be kept secret. This kind of a cryptosystem is also called public-key cryptosystem. A public key cryptosystem consists of a public key, which is used for encryption, and a private key, used for decryption. Therefore, anybody can encrypt plaintext since the encryption key is available to everyone, but only the holders of the private key corresponding to the public key used for encryption can decrypt the cipher text.

With a known public key, with a large key space and a large key size, a public-key cryptosystem is usually more secure than symmetric systems. The most commonly used function is the product of two large prime numbers, which is a simple calculation, but going backwards from this large product number to the two primes used to produce it is not an easy task. This adds to the security of the system, which is almost invulnerable to brute-force attacks if correct steps are taken to prevent poor choices for inputs into a public key.

The asymmetric one is vulnerable to brute-force attacks. Another more serious attack is the side channel attack, which is based on information gained from the physical implementation of a cryptosystem rather than theoretical weaknesses of the algorithm. Another vulnerable attack on an asymmetric cryptosystem is the man-in-the-middle attack, in which a third malicious party intercepts and modifies the public key. This third party has to intercept and modify all the responses between the two communicating parties to give both parties a false sense of security. Another weakness of a public-key cryptosystem is that it takes much more time to apply encryption and decryption keys to plaintext than is the case in symmetric systems.

4. IDENTITIES AND AUTHENTICATION

As the automation of business and the use of electronic forms of communication increases, there are many challenges with finding equivalents to such basic security and crime prevention features as face-to-face recognition and hand written signatures. Although the technology is changing rapidly, when two people communicate electronically, for instance by email, they have usually lost the important facility of face-to-face recognition and need some other means of identifying each other. Consider stronger forms of authentication, instead of transferring a password as a means of authentication, the authenticating server and the claimant perform some protocol or exchange of messages. In general, the server sends a challenge to the token and a cryptographic computation takes place within the card or token. The result is sent back to the server for verification. The cryptographic computation can be based on secret key or public key techniques. In classical cryptography, the two participants in a cryptographic exchange share the same secret key. Such algorithms are referred to as secret key, or symmetric, algorithms. While there are now a wide variety of algorithms for achieving both confidentiality and authentication, it can be difficult to guarantee that both participants have the same key .In public key techniques we can deploy tokens that contain both the public and private key for that token. To verify some cryptographic operation, the public key can be sent together with the transformed challenge to the authenticating server. The entire computation can, therefore, be verified without any direct pre-existing relationship between the verifying server and the claimant token. Public key cryptosystem are simple to use .They are cryptographically strong. Open system deployment possible.

An alternative to challenge-response protocols based on public key techniques might be to use what are termed public key based interactive identification protocols .They can still be used to provide strong authentication, and they typically do so with less computational complexity. This can result in the need for less sophisticated cards or tokens, which, in turn, can lead to cheaper deployment. Of course, we do not get something for nothing. The algorithms and protocols we use do not provide public key encryption nor do they provide digital signatures. However, they remain public key techniques since the two participants in the interaction possess different keys. So, while they provide entity authentication at a particular instant, interactive identification protocols are much less versatile than the algorithms typically used in challenge-response protocols. Nevertheless, the reduction in computational complexity in these schemes means that interactive identification protocols are used in a range of practical deployments.

Disadvantage on public key encryption are speed and execution complexity. A token can be issued by a different administrational entity to the one that performs the authentication. Provided there is an adequate PKI linking administrative domains in an appropriate way.

5. THE RIJNDAEL BLOCK CIPHER: AES PROPOSAL

National Standards and Technology (NIST) chose the Rijndael algorithm to be adopted as Advanced Encryption Standard (AES) by the US. The AES algorithm is a subset of the Rijndael algorithm. The AES algorithm uses a 128 bit block and three different key sizes 128, 196 and 256 bits, where Rijndael allows multiple block sizes 128, 196, and 256 bits and for each it also allows multiple key sizes, again 128, 196, and 256 bits. The AES algorithm is a symmetric key algorithm which means the same key is used to both encrypt and decrypt a message. Also, the cipher text produced by the AES algorithm is the same size as the plain text message.

Rijndael has a very different structure from that of DES .Both ciphers have round functions with three layers: an S-Box layer (including the expansion function E in DES), a linear diffusion layer and a sub key XOR layer. The Round Key addition step in Rijndael clearly corresponds to the XOR of sub key material with the input to the f function in DES. The Mix column function in Rijndael is where the different bytes interact with each other, so it corresponds to the XOR of the f function output with the left half of the block in DES. The ByteSub function contributes the nonlinearity in Rijndael , and so it corresponds to the f function itself in des .The Shift Row function ensures that the different bytes of each row do not only interact with the corresponding byte in other rows. Thus, it corresponds to permutation P within DES.

Main advantages are simplicity of design ,variable block length (the block lengths of 192 and 256 bits allows the construction of a collision-resistant iterated hash function using Rijndael as the compression function),the possibility of extensions (although the number of rounds is fixed in the specifications, it can be modified as a parameter in case of security problems).

In AES, Data are encrypted in 128 -bit blocks using 128 bit key and transform 128 -bit input in a series of steps into 128-bit output. Brute force attack can break AES with work factor of 2128

CHAPTER 3

HIGH SECURE CENTRALIZED FILE SERVER WITH MINUTIAE ENCRYPTION (BioSec)

Biometric recognition system offer greater security and are more convenient than traditional methods, of personal recognition. The finger prints are one of the most widely used form of biometric identification. In ‘file encryption using finger print minutiae’, the commercially used encryption/ decryption algorithm such as DES with 56 bit key/AES with key of 256 bit is adopted and improved by adding a new security level based on the user’s biometric features. In addition to DES and AES, the proposed algorithm which involves XOR, file content reverse and thumbprint features allows for programmable security levels. In DES/AES algorithm the key is generated based on finger print minutiae. Using this key the file is encrypted .With the help of file transfer protocol ,all files can be shared with in the authorized users. So only authenticate person can access the file.

3.1 MODULES

In this system there are mainly three modules:

Fingerprint module

Encryption module

Decryption module

File transfer module

3.1.1 FINGERPRINT MODULE

Biometric recognition systems offer greater security and are more convenient than traditional methods of personal recognition. At the same time, the security of the biometric system itself has become more and more important. Of these, the fingerprints are one the most widely used form of biometric identification. Thumbprint is captured by using a device like Finger Print Module. This process depends on sensor speed, feature extraction algorithm and matching algorithm.

A minutia point is defined as the point where a fingerprint ridge ends or splits. The location and orientation of these points are fixed and unique to each finger. For user enrollment and authentication, the system extracts the location and orientation of all the minutia points of the registered fingerprint. A fingerprint template is then constructed from the minutiae points and stored in a shared system database. Size of this template is typically less than 400 bytes per finger. However, sometimes it extends to around 600 bytes depending on the quality of the acquired fingerprint image. They provide SDK component for enrolment and verification in C/Java. After that it stored in the database as .fpt format. It depends on the quality of fingerprints. This finger print is used as a key in encryption and decryption algorithms

3.1.2 ENCRYPTION MODULE

This module performs the document encoding task. The user can select any file for the encryption process. Using the generated key value performs the encryption process. It is very important that the user must generate the key value before performing the encryption or decryption task. For that purpose, a mask value is combined with finger print template for security. Then a corresponding hash value is generated using MD5 algorithm. To increase additional security some specified bytes of salt (predefined constant value) is added with the message digest. Algorithm uses this digest value as the encryption key. The encrypted data is stored into a file selected by the user. Here there are two options for encryption: DES and AES.

DES

The DES algorithm is a symmetric key algorithm which means the same key is used to both encrypt and decrypt a message. Key length is one of the two most important security factors of any encryption algorithm—the other one being the design of the algorithm itself. DES uses a 64-bit block for the key; however, 8 of these bits are used for odd parity and are, therefore, not counted in the key length. The effective key length is then calculated as 56 bits, giving 256 possible keys. A brute force attack is defined as a brute- force search to break a cipher by trying each possible key. In most cases, a cipher is considered secure if it can only be broken by brute force. The attacks depend on the block cipher, or the key length of any encryption algorithm .In DES, Data are encrypted in 64-bit blocks using 56 bit key and transform 64-bit input in a series of steps into 64-bit output. Brute force attack can break DES.

AES

The AES algorithm is a subset of the Rijndael algorithm. The AES algorithm uses a 128 bit block and three different key sizes 128, 196 and 256 bits, where Rijndael allows multiple block sizes 128, 196, and 256 bits and for each it also allows multiple key sizes, again 128, 196, and 256 bits. A 128-bit key is 272 times better than a 56-bit key. Brute force attack can break AES with work factor of 2128. It is better than DES .Also, the cipher text produced by the AES algorithm is the same size as the plain text message.

3.1.3 DECRYPTION MODULE

The decoding process is performed to retrieve the original document from the encoded document. The DES /AES algorithm is used for the decoding process. Two main tasks are performed in the unlock process. They are decoding and the key authentication process. At first the key authentication process is performed. The decoding process is done only the user produces an authenticated key value. If the produced key is not an authorized one then the process will be automatically terminated by the system .The user selects the encoded file name. The decoding process progress is displayed by the system. After completing the decoding process the system displays a message the decoded content is stored as file. After the decoding process, the user can get the original file without any change. The same key must be used for the encoding and the decoding process.

3.1.4 FILE TRANSFER MODULE

The encrypted message content is then sent to the recipient’s side using the FTP protocol. It should be mentioned here that the recipient’s ID and his/her biometric features are not part of the sent message.

CHAPTER 4

IMPLEMENTATION DETAILS

As a method of biometrics, fingerprints are unique "signatures" of humans. The fingerprint minutia is captured using fingerprint sensor connected to the PC. Minutiae are unique features that are extracted from the fingerprint image, which is obtained when the user places his hand on the fingerprint sensor. This minutiae is then used for encrypting the files with DES/AES algorithm using JCE (Java Cryptographic Extension) APIs. Once encrypted, the file can be decrypted only by passing the minutiae which is used to encrypt the file. That is, the person has decrypt power has to place his finger on the reader to get the file decrypted.

4.1 JAVA-JDK6.0

Java technology is used to develop applications for a wide range of environments ,from consumer devices to heterogeneous enterprise systems. Like any programming language, the Java language has its own structure, syntax rules, and programming paradigm. The Java language's programming paradigm is based on the concept of object-oriented programming (OOP), which the language's features support. The Java language is a C-language derivative, so its syntax rules look much like C's: for example, code blocks are modularized into methods and delimited by braces ({and}), and variables are declared before they are used. Structurally, the Java language starts with packages. A package is the Java language's namespace mechanism. Within packages are classes, and within classes are methods, variables, constants, and so on. When doing programs in Java platform, one can write source code in .java files and then compile them. Then the compiler will check the code against language's syntax rules, then writes out byte codes in .class files. Byte codes are standard instructions targeted to run on a Java virtual machine (JVM). In adding this level of abstraction, the Java compiler differs from other language compilers, which write out instructions suitable for the CPU chipset the program will run on.

At run time, the JVM reads and interprets .class files and executes the program's instructions on the native hardware platform for which the JVM was written. The JVM interprets the byte codes just as a CPU would interpret assembly-language instructions. The difference is that the JVM is a piece of software written specifically for a particular platform. The JVM is the heart of the Java language's "write-once, run-anywhere" principle. Your code can run on any chipset for which a suitable JVM implementation is available. JVMs are available for major platforms like Linux and Windows, and subsets of the Java language have been implemented in JVMs for mobile phones and hobbyist chips.The JDK includes a set of command-line tools for compiling and running your Java code, including a complete copy of the JRE. Although you certainly can use these tools to develop applications, most developers appreciate the additional functionality, task management, and visual interface of an IDE. The Java Runtime Environment includes the JVM, code libraries, and components that are necessary for running programs written in the Java language. It is available for multiple platforms. It can freely redistribute the JRE within the applications, according to the terms of the JRE license, to give the application's users a platform on which to run the software. The JRE is included in the JDK.

4.2 SQLYOG

SQLyog is the most powerful MySQL manager and admin tool, combining the features of MySQL Administrator, phpMyAdmin and other MySQL Front Ends and MySQL GUI tools. It is developed by Webyog, Inc. based out of Bangalore, India and Santa Clara, California. SQLyog works on the Windows platform starting from Windows XP/Windows 2003 to Windows 7/Server 2008 R2. It has also been made to work under Linux and various UNIX’s (including Mac OS X) using the Wine environment. Further a subset of SQLyog Enterprise/Ultimate functionalities are available with the free SJA (SQLyog Job Agent) for Linux as a native Linux utility. This makes it possible to specify and test 'scheduled jobs' on a Windows environment and port execution parameters seamlessly to a Linux environment.

The SJA is a standalone command-line MySQL client available for WINDOWS and LINUX (the Windows version however can be started from inside the SQLyog GUI as well). To put it clear: the SJA will run on Windows and Linux but will connect to any MySQL servers running on any OS. That is the meaning of the term "MySQL client". One of the most important features of the program is to "synchronize" data (complete databases or individual tables) on two servers/host. It utilizes advanced checksum algorithms for comparison of the data and can be very effective in "finding out" which data must be INSERTed, UPDATEd or DELETEd on either of the hosts to bring them "in sync".

4.3 SYSTEM IMPLEMENTATION

Before going to execute the system make sure that correct version of Digital Persona U are U driver (1.3 or above) is installed in the PC and the reader is correctly connected. Make sure that the database from the file fp.sql is imported in to Mysql5.0 with username as "root" and password as "root". There must be at least one file in the file details table. For connecting to remote DB in the server, make it sure that the port 3306 is open. Check the ftp directory, username and password in the db table named ftp details are valid. Before running the exe make it sure that, the finger print template is there in the "user" table of the DB. That is, the users are a registered user. If not, open the project in netbeans and call "MainGUI form" instead of "Login.form". Then go to "entollment" sub tab in "Admin" tab and create an account.

Enter Username and Password in the login form and hit "OK" button. If the username and password matches, then the user will be prompted to enter his fingerprint. Fingerprint verification take place .Here, if the finger print reader is connected, you will get the status message on the text area named status. If the reader is connected the user can place the registered finger on the sensor, and his fingerprint image will get displayed on the left side area. If the authentication is successful, it will be displayed on the status screen. Then the user can hit the close button, and he will be directed to the main user interface of the application.

Here, there are four tabs. Click the first one, i.e. "Inbox" to see the files which can be decrypted by the person logged in. To download any file listed in the table, select the file and hit the "Get File" button. Then the user will be prompted to enter his fingerprint for decrypting and downloading the file. If the fingerprint matched the, the file will be decrypted and downloaded to a folder name "Downloaded Files" in the application folder. To delete files, select the file and hit the "Delete". On clicking the second tab the user can select any type of files in the PC, then he have to enter the name in which the encrypted files should display, and select the user whose minutiae should be used to encrypt the file. After filling the fields, hit the "Upload" button. Then file will be encrypted and uploaded to the remote repository in the server.

If the person logged in is the administrator, then the Admin tab will be active, otherwise it will be disabled. There will be four sub tabs under the admin tab. i.e., in the enrollment tab, the administrator have to make the users enter the fields, and click the "Get Template" button. The user will be prompted to enter his finger print four times to generate the base template. Then close the template generator window and hit "Create Account" button at the bottom of the enrollment window. If every information given is valid, then a dialog box will appear informing the successful account creation. In the second sub tab A/c Mgt tab, there will are two tables, Users and Blocked Users. The administrator can select any user from the Users table and block him from accessing the service by hit the "Block" button. Administrator can unlock or delete any user by selecting in the Blocked Users table and hitting "Unblock" or "Delete" button. In the File Mgt tab, all files in the system will be listed the table. Administrator can select and delete any of these files .The last tab is FTP settings tab; the administrator can change the FTP settings of the remote file repository.

Another option in the main GUI is Change Password will help the user to change his password. There is an option for typing new password.

4.4 DEVELOPMENT TOOLS

Hardware Specification

FINGERPRINT READER : DIGITAL PERSONA U

CPU : PENTIUM IV

PROCESSOR : 2 GHz

TOTAL RAM : 2 GB

HARD DISK : 40 GB

Software Specification

LANGUAGE : JAVA

IDE : NET BEANS 6.9

FILESERVER : FTP://192.168.0.1

BACK END : MYSQL

OPERATING SYSTEM : WINDOWS XP

CHAPTER 5

CONCLUSION

High Secure Centralized File Server with Minutiae Encryption (BioSec) is developed to provide security for the files. The system uses the biometrics technology for the security providing medium. Generally passwords and smart cards are used for the security systems. This system uses the fingerprints for the security system. Password can be hacked by trial and error basis. But it is not possible to break the biometric based security system. The system uses two algorithms for the process. The one way hash function is used for the key build process and the DES/AES algorithm is used for the encryption/decryption process.The encrypted message content is then sent to the recipient’s side using the FTP protocol. It should be mentioned here that the recipient’s ID and his/her biometric features are not part of the sent message. The system is tested with different type of fingerprint image formats.

REFERENCES

"BIOMETRIC-BASED SECURITY SYSTEM FOR PLAINTEXT E-MAIL MESSAGES", (2009 Second International Conference on Developments in systems engineering.)

"HUMAN FACTORS OF SECURITY SYSTEMS: A BRIEF REVIEW" (Andrew Patrick, National Research Council of Canada ([email protected]) March 19, 2002 ,Version1.5)

"AN INTRODUCTION TO BIOMETRIC RECOGNITION" (Aanil k. jain, Aarun ross and Salil IEEE Transactions on Circuits and Systems for Video Technology, January 2004.)

"ASYMMETRIC CRYPTOSYSTEMS"(Brian A. Carter, Ari Kassin, and Tanja Magoc, IEEE transactions September 27, 2007")

"THE RIJNDAEL BLOCK CIPHER :AES PROPOSAL" (C. Sanchez-Avilaf & R. Sanchez-Reillot, Dpto. de Mathematical Aplicada, E.T.S.I. Telecommunication ,October 2000)