Bluetooth Enabled Person Identifiction System

Sarathraj completed BE (Computer Science and Engg ) under Anna University .This project is his final year academic project and also his own idea  .This project is done and implemented him alone .

Bluetooth Security

              Security is most important when communicating without wires. If your device is discoverable, anyone in the vicinity can do a device discovery and find your Bluetooth device. They may determine which services your device is offering and try to connect to them. Another problem is eavesdropping, which can be done very easily when communicating without wires. In order to handle these threats, the Bluetooth specification defines a security model based on three components: authentication, encryption and authorization. In addition, three security modes are defined, enforcing different levels of security. A security manager is used to handle the security transactions in the Bluetooth system.

Security modes are part of the GAP (Generic Access Profile) profile. All qualified Bluetooth devices must have an implementation of the GAP profile; hence all Bluetooth devices will have implemented a security mode. The OEM must decide which security mode to support when implementing the GAP profile on a Bluetooth device. On more powerful devices such as a laptop computer, the user may have the option to select the desired security mode. The ability to select security modes is available in e.g. the Bluetooth software accompanying 3COM USB Bluetooth devices. The GAP defines three security modes:

• Mode 1: No security
• Mode 2: Service level enforced security
• Mode 3: Link level enforced security

                           In Mode 1, devices will never initiate any security procedure. Support for authentication is optional. This security mode is not seen in many devices at the time of writing, it was probably used in early Bluetooth devices.

                          In Mode 2, is the security mode used for the majority of Bluetooth devices. Security is enforced at the service level, hence the service decides whether security is required or not. Note that in Mode 2 security procedures are initiated by the higher Bluetooth layers after the Bluetooth link is created by the lower layers.  Bluetooth enables developers to create services and decide if a service should require security. 

             In Mode 3, security procedures are initiated during the setup of a Bluetooth link. If security measures fail, the link setup will fail. Observe that security procedures are initiated by the lower layers of the Bluetooth stack in security mode 3.Application developers have no influence on the security settings when setting up a Bluetooth link. Security mode 3 is useful for Bluetooth devices which have factory  settings and is not configurable by the user, e.g. Bluetooth headsets.

Bonding is the procedure of a Bluetooth device authenticating another Bluetooth device, and is dependent on a shared authentication key. If the devices do not share an authentication key, a new key must be created before the bonding process can complete. Generation of the authentication key is called pairing. 

The pairing process involves generation of an initialization key and an authentication key, followed by mutual authentication. The initialization key is based on user input, a random number and the Bluetooth address of one of the devices. The user input is referred to as a Personal Identification Number (PIN) or passkey and may be up to 128-bits long. The passkey is the shared secret between the two devices.

          The authentication key is based on random numbers and Bluetooth addresses from both devices. The initialization key is used for encryption when exchanging data to create the authentication key, and is there after discarded. When the pairing process is completed, the devices have authenticated each other. Both devices share the same authentication key, often called a combination key since both devices have contributed to the creation of the key. When two devices have completed the pairing process they may store the authentication key for future use.

         The devices are then paired and may authenticate each other through the bonding process without the use of a passkey. Devices will stay paired until one device requests a new pairing process, or the authentication key is deleted on either of the devices. Storing the authentication key is useful for devices frequently connecting to each other, such as a laptop computer frequently connecting to the dial-up networking service on a cell phone. The bonding procedure can then complete without user input and the user is relieved of figuring out a new passkey every time he or she wants to connect to the Internet.

When two devices have authenticated each other encryption may be requested for the Bluetooth link by either of the devices. Before encryption can begin, the devices must negotiate encryption mode and key-size for the encryption key. There are three encryption modes:

• No encryption
• Encrypt both point-to-point and broadcast packets
• Only encrypt point-to-point packets

When only two devices are connected, the point-to-point packets encryption mode is a natural choice. The no encryption mode will only be selected if either of the devices do not support encryption. When encryption has been requested and both devices support encryption, the size of the encryption key is negotiated. The master device will then suggest its largest supported key-length. The slave device may then accept or reject this key-length. If the slave accepts, all is well and encryption may be started. If the slave rejects, the master can suggest a shorter key-length or decide to terminate the connection. This procedure is repeated until the devices agree on a key length or the master decides to terminate the link. Key-lengths from 8-128 bits are supported for encryption keys.

Authorization is the process of giving a remote Bluetooth device permission to access a particular service. In order to be authorized the remote device must first be authenticated through the bonding process. Access may then be granted on a temporary or a permanent basis. The trust attribute is related to authorization, linking authorization permissions to a particular device. 

Bluetooth service and the authorization process will complete successfully without user interaction. This means that the previously mentioned user with the laptop computer and cell phone may completely avoid user interaction with the cell phone when connecting to the Internet. By marking the laptop computer as a trusted device on the cell phone, the laptop computer may be authorized automatically when connecting to the dial-up networking service on the cellphone.

In order to keep track of trusted devices and the different levels of authorization for different services, security information needs to be stored in security databases. Two databases are used, one for devices and one for services. Several layers need access to these security databases.     

The security manager allows uniform access to the security databases for all layers and is responsible for entering and extracting information from the security databases. Hence, all exchange of information from the different layers and the security databases goes through the security manager. Applications and protocols must register with the security manager in order to use security features.

 Other important tasks handled by the security manager are to query the user for a passkey during the pairing process and query the user for an authorization response when a remote device tries to connect to a service that requires authorization. The security manager must also provide an user interface to configure security settings on the device.

Current Scenario For Identification System
     There are several identification systems in usage such as ID cards, fingerprint identification & card reader. These are mainly exposed to outside world for their handling. ID cards include the personal details, with the help of this person can easily identified. In the case of fingerprint identification  is accurate  up to some extend .The other type of identification system such as card reader also help in many ways to identify users .The present system provides , only a limited identification.

Disadvantages:

1. The main disadvantage of the present identification system doesn’t provide any extra security.
2. In the case of ID cards illegal persons can also create and use the cards.
3. In finger print identification system hackers can many a dummy finger and make use of it for identification.
4. In the case of card reading system hackers also can make unauthorized cards.

Proposed System

 This project involves a Bluetooth platform that can transfer data from client to server via radio signals. So the proposed system holds the name BLUETOOTH ENABLED PERSON IDENTIFICATION SYSTEM.

     This application aims to solve the security issues such as unauthorized user access, code hacking, duplication of ID‘s .This can also be integrated in mobile for enhancing portability. The servers used in this application are hidden from the outside world.

        The identification process begins by the transfer of authenticated data from the users [mobile] to   pc via radio signals. Only the Client device (mobile application) has the privilege to send the authenticated data to a particular device (server). The client supports the basic encryption and authentication techniques which are used while sending data from client to server for ensuring high security.  The data which is received by the server is checked for its validity by the server database simultaneously an alarm is generated for indicating the invalid data. This technique can be adapted to prohibit the unauthorized users.

            Several security features are applied such as usage of UUID (Universal Unique Identifier), specification of device address, using paired devices which provide limited access and identification is done by user code .These features will ensure security from  unauthorized user access, code hacking, duplication of ID‘s etc.

        This module performs the main operation of this application, it gets the user data from the particular file and verifies it with the server database and produces the valid message or an alarm for invalid data.

•     Initiative process 

                           In this event, it will enable the timer. The timer will check after every one second weather the data is received or not. If the data is received then read the content of the file to a string then connect the server database using OLE method and load the database to the dataset for verification. After that particular received file is deleted. If the dataset row is matched with the String then print the user is an authorized one other wise alarm will produce.

•    Terminate Process    

                         In this event, it will stop timer for shutting down the server .Here after all the connections to database, received file connections and dataset will get lost.

•    Alarm Generation process

              In this event, it works on windows multimedia file “winmm.dll” it help to play a particular wav file as alarm

              This module help to find a particular user from the server database .It also help to find users on the runtime of server.

              This module will help to print the user details to a file and also in the administrator window.
    
                 This module helps to edit user details to server database.

•     Insert users 

                          In this event we can add new users to the server database by connecting to the database using OLEDB and load the table to dataset with the help of data adapter. And add new users to the database. This will help to increase the speed of database connection

•    Remove users 

                         In this event we can delete users to the server database by connecting to the database using OLEDB and load the table to dataset with the help of data adapter. And delete users from the database. This will help to increase the speed of database connection

•   Modify users 

                         In this event we can update users to the server database by connecting to the database using OLEDB and load the table to dataset with the help of data adapter. And update users to the database. This will help to increase the speed of database connection

                       In this module we can view all users present in the server database with the help of Data Grid.

• Load Data

                  This event helps to load the users from the database by connecting to the database using OLEDB and load the table to dataset with the help of data adapter. This will help to increase the speed of database connection

• Updation

                  This event helps to update the users from the database by connecting to the database using OLEDB and load the table to dataset with the help of data adapter with in the Data Grid. This will help to increase the speed of database connection.

           This is the administrator module, this helps to enter the administrator to the server application .It contains user name and password. It will ensure Server application security.        

              In this unit, interact with the user and get the data.

• Data fetch from UI

                          In this unit it fetches the user code from the textbox and gets it in a string.

• File Creation & Write Operation

                        In this unit, a new text file is created and set the string value to file.     

           In this module send the data to the particular server based on particular Bluetooth address and UUID.

•    Device Search

            In this unit client will search a particular device based on given Bluetooth address and save it to client database.

•   Service Search based on UUID

            In this unit after completing the device search service search will complete based on particular UUID for file sending

•   Data Retrieval & storage 

     This unit fetches the data from the file and stores it to a byte and deletes that particular file.

•    Data Transfer through OBEX.

       This unit sets a transport layer connection with the server and set the file details to the header session and attaches the data to the output stream

This software is designed in such a way that addition of new modules can be done without much difficulty. The system can be changed easily depending on the changes in the concerned company. The reconstruction of the system will increase the flexibility of the system. The things mentioned above will be carried out in future. The system performs authentication of the users and ensure security of a higher level when the data is transmitted .This system also makes team management jobs faster and moves efficiently. It also save considerable human effort and time .The software helps the developers to finish the development job at a faster pave as the bug encryption and decryption process is completely automated.
“Bluetooth enabled person identification system” has developed with an eye on future development. This system is highly flexible and portable and incorporated to this system. As the project has been built with an insight in to the future modifications, enhancements can be done with out much effort.

ADVANTAGES:

1.  Highly Securable.
2.  Portable.
3.  User Friendly.
4.  Network application Security.
5.  Server not exposed to outside world.

Applications:

1) Mobile based Security System (Identification system).
2) Short Range Wireless networking with secure browsing.

Future Enhancement

Additional features can be incorporated for:

1.     Identify persons iris via mobile camera and transmitted to server.
2.     Identify persons speech system can incorporate to mobile.

Conclusion

Finally let me summarize the features of the project and give the proposal for the future work that would give continuity and would enhance the functionality of the application. With this suggestion the project will turn more robust and applicable for real world identification.

             Security is the main consideration in this project. The idea of giving maximum security to the identification system is provided to this application. The software which I developed was implemented and tested with real data and were found error free. Also it is found that the client and server side system will work successfully. The system is protected from unauthorized user access, duplication of codes etc. The future scope of this project is very important. I can explain it and so it has wide application in the field of high security areas.

(Any one interested in this topic please leave me a comment)