Faculty of Information Technology, UAEU, Al-Ain, P.O. Box. 17551, UAE; e-mail: ... to say a necessity. The course outline in most educational systems gener- ..... long which was less than 1 ms before the attack started. Consequently, this ...
International Journal of Computers and Applications, Vol. 33, No. 2, 2011
IMPLEMENTATION OF AN EFFECTIVE AND SECURE BIOMETRICS-BASED STUDENT ATTENDANCE SYSTEM Zouheir Trabelsi∗ and Khaled Shuaib∗
mind, both disciplinary and motivating measures for improving students’ attendance become very desirable, not to say a necessity. The course outline in most educational systems generally includes an attendance policy that outlines the consequences of missing classes. Several of these policies include disciplinary actions ranging from simple warnings, to failing a component in the class all the way to failing the class. Moreover, very often the assessment/evaluation attributes a significant weight (typically up to 10%) for attendance (generally combined with participation in the classroom). In other words, frequent absentees might not be able to achieve a grade of “Excellent”. Typically, in most institutions instructors have the burden of taking students’ attendance, keeping track of it and reporting problems as they occur. Generally this is a time-consuming process and therefore a number of instructors might choose either to avoid it or do it intermittently. Thus for students who are either not aware of the educational value of attending classes or they just ignore the fact tend to have a relaxed attitude towards their attendance. As a result, it is desirable to have this policy applied in an automatic and straightforward way using a secure, user-friendly and reliable smart system. This will lead to two important realizations: (1) Instructors will have the necessary means of keeping track of attendance effortlessly and (2) students will be aware of the need to adhere to the attendance policies and will start abiding by them, thus enhancing the overall attendance. Impersonation, where a student might claim to be another one, is another serious issue that biometric e-attendance systems can resolve. In this work, this is more applicable since our implementation is conducted in an environment where it is common for female students to cover their faces for cultural or religion beliefs. During exams, a student may send another student (usually a smarter or a more senior one) with his/her ID card to take the exam for him/her, hoping to get better marks. Therefore, academic institutions should use reliable student verifications systems in conjunction with ID cards. Usually, this is done by having female inspectors check the student’s face against the picture on the ID card. However, this is a time-consuming process and requires a large number of
Abstract This paper discusses the design, implementation and evaluation of a biometric system for recording students’ attendance using both fingerprint and iris readers (e-attendance system). The system allows students to record their attendance when entering a classroom. This information is then made available to the instructors through a webbased interface application. The major impact of the e-attendance system is the noticed drop in the students’ absenteeism rate. In addition, the system provides a reliable solution to prevent any student impersonation, where a student claims to be another one either to fake attendance or to take an exam for him/her. This work demonstrates the need for an attendance tracking system that is based on multiple biometrics technologies, especially in a multi-ethnic academic environment with a large student population. Finally, additional security measures, mainly Firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) are shown to be required to achieve the needed level of protection for an efficient and reliable implementation. This is the case since biometrics readers can be vulnerable to common attacks, mainly denial of service attacks, and can be targeted by malicious students.
Key Words E-attendance, iris recognition, fingerprint recognition, biometric system
1. Introduction Successful education requires appropriate resources to achieve its projected goals and noble mission. For this purpose, among others, adequate physical space, updated facilities and equipments and talented administrators are important resources to be made available in combination with a well-designed curriculum. However, it is the instructor who remains the most important resource that the learner is dependent on to acquire the desired education and to develop the targeted skills. Therefore, attending a class and making use of this valuable resource is very important to the learning process. Bearing this reality in ∗
Faculty of Information Technology, UAEU, Al-Ain, P.O. Box 17551, UAE; e-mail: {trabelsi, k.shuaib}@uaeu.ac.ae Recommended by Prof. S. Salleh (DOI: 10.2316/Journal.202.2011.2.202-2928)
144
[3–6]. Yet there is not one single biometrics technology that would be ideal for all applications. Each technology has its own benefits and weaknesses [7]. Nowadays, fingerprint and iris technologies are widely used [8] because they are fast, reliable, stable, cost effective, and provide excellent identification accuracy rates. Extensive research has determined that the human iris is not subject to effects of aging and it remains unchanged in structure and appearance from the time it is developed until a few minutes after death [9]. They are also extremely difficult to imitate [10]. Fingerprints are static and do not change with age, so an individual will have the same fingerprint from infancy to adulthood. The pattern changes size, but not shape, as the person grows. Generally, the pattern of ridges may only be altered incidentally due to body injuries, burns, or disease [11]. Voice technology is well developed but the enrolment process requires longer time, and it relies on the behaviour of the subject rather than the physical characteristics of the speech. Therefore, it is prone to inaccuracy. In addition, it can be affected by environmental factors such as a background noise. Voice recognition can have high false acceptance rate especially when the subject’s speech changes. In face recognition, difficulties arise from the fact that the face is a changeable social organ displaying a variety of expressions, as well as being an active three-dimensional (3D) object whose image varies with viewing angle, pose, illumination, accoutrements and age [12, 13]. In addition, the recognition techniques take longer and require high processing power. Hand geometry recognition systems are widely implemented for their ease of use, public acceptance and integration capabilities [14]. Hand geometry carries some challenges. Hand size and geometry change greatly over time. Weather, temperature and medical conditions, such as pregnancy, affect hand size. Thus we always need to update the records for hand geometry. Most of the hand geometry readers also require physical contact with the scanning device and that needs to be kept clean creating a hygiene issue. Physical contact is also valid for fingerprint. However, since the size of a finger is much less than the one of a hand, fingerprint readers create less important hygiene issue than hand geometry readers. These challenges make hand geometry unsuitable for applications with a large population. Retinal recognition is very reliable and stable means of biometric identification. However it is considered invasive and expensive. Its widespread use is held back by public acceptance [15]. Biometric signature recognition systems scan automatically a person’s signature and match it electronically against a library of known signatures. Biometric signature recognition systems measure and analyse the physical activity of signing, such as the stroke order, the pressure applied and the speed. Some systems may also compare visual images of signatures, but the core of a signature biometric system is behavioural, i.e., how it is signed rather than visual, i.e., the image of the signature. The major weakness of biometric signature systems is that people may
female inspectors to be available for these exams, which in some cases is not doable. To address the above two issues, we propose the use of a biometric system based on fingerprint recognition, iris recognition or a combination of both to verify students’ identities. The system will require each student to first register and supply a sample of the biometric (fingerprint or iris scan). Then during classes or exams, each student will have to be scanned and the sample is compared with the stored sample for proper authentication. In addition, the gathered data will be organized and stored on a webbased system where instructors can access and use such information to manage the attendance in their classes. As a result, our implementation automates the process for the instructors making it easier for them to enforce policies, and for the students to respect such policies. In addition, this will provide an easy and quick method to verify students’ identities (even with covered faces) during exams. Work done related to academic attendance and monitoring problems has been extensive. Several software developers offer solutions to keep track of students’ attendance. However, such systems require manual entry of data by instructors and therefore the problem remains unsolved. Kawaguchi et al. [1] proposed a system that takes automatically the attendance of students using face recognition. They proposed a method for estimating the attendance precisely using all the results of face recognition obtained by continuous observation. Nawaz et al. [2] developed an attendance monitoring system using fingerprint readers. The system is very simple and relies on a single biometric technology which can render the system unusable for students with injured fingers. The system is unsuitable for a multi-ethnic environment, such as an academic one, and does not provide an effective solution to the impersonation problem. The remainder of this paper is organized as follows. In Section 2 we discuss the proposed e-attendance system. While in Section 3 we present the e-attendance system’s web interface. Section 4 discusses the performed evaluation of the proposed system using class experiments and students’ surveys. Section 5 discusses the security of the e-attendance system. Finally, the paper is concluded in Section 6. 2. E-Attendance System In this section we discuss the design of the e-attendance system which allows students to record their attendances using fingerprint and iris readers. The system offers instructors the means to track students’ absence using a user-friendly web interface and to obtain additional information about the present students, such as the time of their arrivals to class. The system also allows instructors to verify the true identity of the students when necessary. 2.1 Biometric Technologies Selection The most common types of biometrics technologies are fingerprint, iris, voice, hand geometry and face recognition 145
students with injured fingers to record their attendance using the iris readers. An effective e-attendance system should provide a combination of two biometrics technologies to enhance its availability and user acceptance. This will effectively deprive students from having any excuses not to record their attendances, as with the case of systems that are based on single biometrics technology.
not always sign in a consistent manner [16]. To make a decision regarding which biometric technologies would be suitable to implement the e-attendance system, a list of requirements were identified and later translated into specifications for the desired solution. Criteria cited in the specification document which were used for evaluating the different biometrics options are accuracy of the technology, user acceptance, ease of use, vulnerability of the technology, variability with age and environment, safe and non-invasive technology (disease control), commercial availability, ease of deployment, and the costs of implementation and operation. Based on the above discussion, the following biometrics technologies have been excluded: • Face recognition technology is unsuitable for student attendance tracking systems because in our implementation some female students may cover their faces for cultural or religion reasons. In addition, compared to other biometrics technologies, mainly fingerprint and iris, the enrolment process requires longer time and the detection rate is low. • Hand geometry recognition technology is unsuitable for student attendance tracking systems because it has a hygiene issue and is not suitable for applications with large populations. • Voice recognition technology is not suitable for student attendance tracking systems because: ◦ It is prone to inaccuracy as it relies on the behaviour of the subject rather than the physical characteristics of the speech. ◦ It can be affected by environmental factors such as background noise. ◦ The enrolment process requires longer time. Fingerprint and iris recognition are the well-suited technologies for student attendance tracking systems, especially in multi-ethnics academic environment. An earlier study illustrated that there is no one universal “best” biometrics system yet, rather a combination of two or more biometrics may offer a more practical and available system [6]. A student attendance tracking system that is based on a single biometric technology may give students the excuse not to record their attendance, and consequently the availability of the whole system may become questionable. For example, let us assume that a biometrics system allows students to record their attendance using solely their fingerprints. Hence, students with injured fingers (or claiming to have injured fingers or hands) or with fingers covered with henna, a kind of traditional temporary tattoo (in the Middle East women use henna to decorate their hands and feet), are not able to record their attendance. Similarly, a system that uses only iris recognition technology is not also practical because some students will feel reluctant or unable to scan their iris. This can happen when the students have covered and/or sick eyes, or not comfortable with an invasive technology. In addition, iris recognition is very difficult to perform at a distance larger than few feet and therefore requires cooperation from the students to hold their heads still momentarily for the scan to take place. In conclusion, a system, that offers for example both fingerprint and iris readers, would still allow
2.2 System’s Architecture The design of the e-attendance system is based on the client/server architecture. A web application serves as an interface between the users and the service provided by the system. Figure 1 shows the general architecture of the proposed system which includes mainly the biometrics server, the biometrics database, the lectures’ schedule database, and the fingerprint and iris readers. The server and the biometrics readers are communicating over a local area network (LAN).
Figure 1. E-attendance system architecture. Two types of biometrics readers are used to recognize students, namely Panasonic Iris reader BM-ET330 [17] and Nitgen Fingerprint reader NAC 3000 [18]. The biometric readers are installed in classrooms and connected to the LAN as shown in Fig. 1. Before a lecture starts, students can use either the fingerprint or iris readers to record their attendances. Then, the biometrics data is sent to a server. The server stores the collected biometrics data in a database. After the students’ registration, instructors can login through the web interface to track students’ absence. 2.3 Enrolment Phase Enrolment is the process whereby a user’s initial biometric samples are collected, assessed, processed and stored for ongoing use in a biometric system. Enrolment is the most important process at which the biometric system first “gets to know” the person who is later to be identified. The more and the better information the system gets (training data), the higher the accuracy for recognition will be. Students have to provide their fingerprints and iris data once when they join the university. The iris enrolment phase consists of capturing iris images of both a student’s 146
eyes and generating iris data from the iris images. For the fingerprint data, a student has to place his/her finger on a plate for the print to be electronically read. The minutiae are then extracted to become the fingerprint data. The server stores the enrolled iris and fingerprints data of the students in a database as shown in Fig. 2.
Figure 3. A screenshot for an instructor’s login.
Figure 2. Iris and fingerprint enrolment.
Figure 4. A screenshot of the date/time selection.
2.4 Recognition Phase
In some cases, for a given date, section and course, the system may not have any recorded data. This situation may be due to several reasons, namely:
The E-attendance system allows the identification of the students who may choose between the two fingerprints and iris readers. At the start of each semester and based on the lectures schedule, the biometric server distributes to the biometric readers, installed in the classrooms, the enrolled biometrics data of the appropriate students. Two databases are used, namely the lectures’ schedule database and the biometric database. The lecture’s schedule database contains all the information about each lecture, mainly the name and ID of the instructor, students’ IDs and names, lecture’s time, lecture’s date and lecture’s classroom number. The biometric database contains the enrolled students’ iris and fingerprint data. The recognition phase compares the students’ trait presented to the information in the biometrics readers. Iris readers capture the students’ iris images of both eyes, recognize students by checking the iris images with the iris data that is distributed by the server and finally indicate the recognition result. The same process is performed by the fingerprint readers.
• There was no class held for the selected date, section and course. • All students were absent on that date. • The e-attendance system did not record any information (e.g., the iris and fingerprint readers were shut down or disconnected from the LAN). In this case the system will not display any data and will ask the instructor to try again by entering different information. If the instructor inputs are valid, then the system displays the lists of present and absent students as shown in Fig. 5. The system allows also for printing, extracting and saving the displayed information. 4. E-Attendance System’s Evaluation The following aspects of biometrics system testing and evaluation have been addressed [4]: • The acceptance of the biometrics capture methods.
3. E-Attendance Web Interface
• The practicality of the biometrics capture methods. The E-attendance system uses a user-friendly web interface to allow instructors to track students’ absenteeism. The following screenshots illustrate an example of the steps performed to get the list of absentees in a lecture. First, the instructor logs in to the e-attendance website (Fig. 3). After logging in, the instructor selects a course from the list of courses assigned to him/her. Then, the instructor selects a section and the date of the lecture. The server processes the request in order to validate the provided information as shown in Fig. 4.
• The cost effectiveness of the biometrics system. • The repeatability of the biometrics scan. The proposed e-attendance system utilizes fingerprint and iris information, which are relatively fixed in humans and, therefore, virtually eliminating the need to repeat the enrolment process. The acceptance, practicality and costeffectiveness aspects of the proposed e-attendance system are discussed in the following subsections using experiments and students’ surveys. 147
Figure 5. A screenshot of the attending and absent students’ lists. 4.1 Student Fingerprint Recognition Evaluation
Enrolment
colour, henna temporarily masks the fingerprint from the sensor. Consequently, most students were not recognized by the fingerprint reader during the first and second scans. For students with thick henna layers on their fingers, the fingerprint reader failed to recognize them even after several scans. Table 1 shows the number of students who were rejected during the multiple scans done. However, most students with a thin layer of henna on their fingers were successfully recognized during the first or second scan. As the henna layer becomes thicker, students needed more than two scans to be recognized by the fingerprint reader and many of them were not recognized even after several scans (Table 1). This shows clearly that henna has a significant negative impact on the fingerprint recognition rate. This experiment demonstrates clearly the need for an attendance system that uses more than one biometrics technology. This will allow students who cannot use the fingerprint reader for a given reason (such as thick henna layer on their fingers or injured fingers) to be able to register their attendances using another available biometrics reader, an iris reader for example.
and
4.1.1 Student Fingerprint Enrolment We asked 200 students to participate in a fingerprint enrolment process. The students did not have henna or any other material on their fingers’ surfaces. The average time to enrol one student was 27 s. 4.1.2 Student Fingerprint Recognition Experiment 1 : The enrolled 200 students have been asked to scan their fingers for recognition purpose using a fingerprint reader. There was no henna or any other material on the surfaces of the students’ fingers. The average time to recognize one student was 8 s. The scanning was repeated two times and in the first scan 36 students (of the 200) were rejected by the system; however, in the second scan for the previously rejected students no one was rejected again. Experiment 2 : The objective of this experiment is to investigate the effect of henna on the recognition performance of the fingerprint readers. Hence, we asked the enrolled 200 students to put henna on their fingers’ surfaces in various designs or shapes and then scan their fingers (Fig. 6). In this case the average time to scan one student was 18 s.
4.2 Student Iris Evaluation
Enrolment
and
Recognition
4.2.1 Student Iris Enrolment We asked 200 students to participate in this iris enrolment process. In addition, we asked the students who are wearing glasses to remove them, so that all 200 students iris enrolment is done without glasses. All students were trained on how to use the iris reader prior to the enrolment process. The average enrolment time was 50 s per student. 4.2.2 Student Iris Recognition
Figure 6. Students fingers surfaces with henna during fingerprint recognition.
Experiment 1 : The enrolled 200 students have been asked to scan their eyes for recognition purpose using iris readers without any glasses. The average time to recognize a student was 20 s. Only 4 students among 200 were rejected during the first scan, and then they were recognized during the second scan. Experiment 2 : The objective of this experiment is to investigate the effect of light reflection on the recognition
The recognition time has increased considerably compared to that when the students did not have henna on their fingers. This increase is due to the fact that the henna covers the surface of finger with dark colours. A fingerprint is made of a number of ridges and valleys on the surface. The ridges form the so-called minutia points. Depending on the thickness of the henna layer and its 148
Table 1 Numbers of Students Rejected by the Fingerprint Reader Number of Students Already Enrolled = 200 Number of students rejected Number of students rejected Number of students rejected during the during the 1st scan during the 2nd scan 3rd, 4th, 5th, 6th, and 7th scan 140 among 200
84 among 140
84 among 84
performance of the iris readers, mainly when the students are wearing glasses. In addition, this experiment will allow optimizing the selection of the locations in the classrooms where the iris readers should be installed for a better iris recognition performance. Hence, the enrolled 200 students were asked to wear glasses and then scan their eyes. A spot light has been directed to the students’ eyes as shown in Fig. 7. As a result, the average recognition time per student increased to 25 s.
Figure 8. The effect of light reflection on biometrics pattern (Left image: eyes without glasses and Right image: eyes with glasses) (Image taken using Panasonic Iris reader BM-ET330). main parameters that would affect the optimal number of readers required per classroom. Recognition time : The average time required by the fingerprint reader to recognize one student is about 8 s. However, it is about 20 s when using an iris reader, which is more than double the time for the fingerprint reader. This is the same situation for the enrolment process, where fingerprint readers are much faster than iris readers. Cost effectiveness : Iris readers are more expensive than fingerprint readers [7]. For example, the price of the Nitgen Fingerprint reader NAC 3000 is about US$1,500. However, the price of the Panasonic Iris reader BM-ET330 is almost four times as much. Ease of use and practicability : For the purpose of identifying which reader is easier for the students to use, we conducted a survey among 200 students. The survey includes the following questions, with the results shown in Table 2: 1. I do not mind having my fingerprint taken for the purpose of class attendance. 2. I do not mind having my iris scan taken for the purpose of class attendance. 3. Fingerprint scan is easier and more practical than iris scan for class attendance. This student’s survey shows clearly that more than 90% of the students prefer the use of fingerprint readers, while less than 10% prefer iris readers. Iris scanning is considered among some students as an intrusive technology. Based on the above results, it is clear that the number of fingerprint readers should predominate the number of iris readers for an e-attendance system and these numbers can be estimated. Based on the results of Table 2, one can assume that at least 90% of students are expected to use fingerprint readers, and the remaining 10% of the students are expected to use iris readers. Given the results of experiment 1 in Section 4.1, the average fingerprint recognition time of one student is about 8 s (t1). However, the results of experiment 1 in Section 4.2 indicated that
Figure 7. Iris scanning with spot light directed at the eyes with glasses. Twenty four students among the 200 were rejected during the first scan, and then 8 students among the 24 remaining students were rejected again during the second scan. However, the 8 rejected students were successfully recognized during the third scan. This experiment demonstrates clearly that the light reflection has some effect on the recognition performance of the iris reader. Generally, the recognition time increases when the students wear glasses and in the presence of a spot light directed towards the eyes. This is due to the fact that a strong light distracts some of the image characteristics which make it harder to compare to the original image. Therefore, the lighting conditions may affect considerably the captured images. Figure 8 shows that the glasses and the light may both produce light reflection on the student’s eyes so that the biometrics pattern is altered. Consequently, the iris reader may not be able to recognize the students from the first scan and may require several other scan attempts. Consequently, for better performance, it is recommended not to install iris readers around strong light spots, and students remove their glasses during the iris enrolment and recognition processes. 4.3 The Number of Iris and Fingerprint Readers Required Per Classroom The recognition time, the cost effectiveness and the ease of use and practicability of the biometrics readers are the 149
Table 2 The Results of the Survey Question Number Strongly Agree Agree Neutral Disagree Strongly Disagree 1
78%
2
13%
3%
15%
3
90%
2%
6% 11%
2%
74%
6%
Table 3 Average Recognition Time for a Given Number of Students Number of Number of Fingerprint Number of Iris Average Recognition Students (N ) Readers (F ) Readers (I) Time (A) 25
1
1
3 min 50 s
25
2
1
2 min 20 s
50
2
1
4 min 40 s
50
3
1
3 min 40 s
75
3
1
5 min 30 s
75
3
2
4 min 15 s
75
4
1
4 min 45 s
100
4
1
6 min 20 s
100
5
1
5 min 44 s
100
5
2
4 min 4 s
the average iris recognition time of one student is about 20 s (t2). Therefore, t2 is about 2.5 t1. In addition, let us assume that:
4.4 Absenteeism Rate From the university attendance database, we collected the numbers of absentees of a group of 200 students belonging to six sections during three semesters (spring 2007, fall 2007 and spring 2008). The students’ attendances were taken manually during the lectures by instructors and then uploaded to the university attendance database. In fall 2008, the proposed e-attendance system was installed in several classrooms. During three semesters (fall 2008, spring 2009, and fall 2009), a similar group of 200 students recorded their attendances using fingerprint and iris readers. The proposed e-attendance system allowed the tracking of the number of absentees of the 200 students per semester. Figure 9 shows clearly that the number of absentees of the 200 students dropped significantly during the last three semesters compared to the first three semesters indicating the effectiveness of the proposed e-attendance system in reducing the tendency of students to be absent. To confirm further this result, a questionnaire was prepared and administered to the same group of students to identify their views on the effects of implementing the e-attendance system in the classrooms. The following questions were asked, with Table 4 showing the results. 1. The implementation of the automatic attendance tracking system (e-attendance) caused me to attend the class more frequently.
• N is the expected number of students in a classroom • T is the maximum tolerated time to recognize N students (we assume that N students are queuing up) • F is the number of fingerprint readers (F ≥ 1, at least one fingerprint reader should be installed per classroom) • I is the number of iris readers (I ≥ 1, at least one iris reader should be installed per classroom) The average time (A) to recognize N students is A = (0.9 ∗ N ) ∗ t1/F + (0.1 ∗ N ) ∗ t2/I Therefore, time A should not exceed the tolerated time T . By modifying the values of F and I, time A can be kept inferior or equal to T . Table 3 shows examples of average time (A) to recognize a given number of students when a given number of fingerprint and iris readers are made available. The time needed to take attendance can be kept below or around 5 min or as desired by selecting the number of readers from each kind while optimizing the cost. 150
Figure 11. The online command used to run the SYN Flood tool against the fingerprint reader. Figure 9. Numbers of abseentees over six semesters.
5. Security of the E-Attendance System The biometrics readers, the server and the biometrics database of an e-attendance system are potentially important and privileged targets for malicious students/hackers. In the early architecture stage of the proposed e-attendance system (Fig. 10), the students’ computers and the biometrics readers are connected to the same network segment. The students were able to scan the network and identify the live biometrics readers. This system architecture was unsecure since any malicious network user was able to easily attack the biometric readers and the biometric server, using mainly denial of service (DoS) attacks. These attacks can render the biometrics readers and biometrics server unusable or significantly slow them down for legitimate students and instructors. This situation increases considerably the recognition time of the biometrics readers and the response time of the biometrics server, and consequently may contribute to deteriorating the efficiency of the system. Attack example: The following experiment was conducted to investigate the tolerance of the fingerprint and iris readers against the SYN Flood attack (a kind of DoS attack). A SYN flood occurs when a host becomes so overwhelmed by SYN packets initiating incomplete connection requests, using spoofed source IP addresses, that it can no longer process legitimate connection requests. Two attacking hosts, a Nitgen Fingerprint reader and a Panasonic Iris reader, are connected to a Fast Ethernet switch. Using SYN Flood tool (available at http://www.frameip.com), the attacking hosts attacked the two biometrics readers as shown in Fig. 10. Figure 11 shows the online command used to run the SYN Flood tool against the Nitgen Fingerprint reader whose IP address was 192.168.0.12. The tool flooded the fingerprint
Figure 10. SYN Flood attack against Nitgen Fingerprint and Panasonic Iris readers. 2. I attend classes using the e-attendance system which I would otherwise skip because the instructor is boring/the material is boring/the course is difficult/the course grading policy does not include any marks for attendance. 3. I would be more likely to skip classes that do not use the e-attendance system. 4. I would be more likely to attend classes that use the e-attendance system. The above results show that more than 70% of respondents believe that an automatic attendance tracking system has significantly influenced their decision to attend classes. The major effect of using an automatic attendance tracking system is that it has a profound effect on the reasoning process of students regarding their decisions to attend classes. Therefore, the result confirms that the student absenteeism rate is expected to drop significantly in classes that use an automatic attendance tracking system.
Table 4 Questionnaire’s Results Question Strongly Disagree Neutral Agree Strongly Percentage of Students Who Number Disagree Agree Agree or Strongly Agree 1
20
12
68
100
84%
2
4
20
28
44
104
74%
3
8
24
12
64
92
78%
4
8
16
24
32
120
76%
151
6. Conclusion This paper discussed the design, implementation and evaluation of a biometrics system (e-attendance) for recording students’ attendance. The student biometrics data is collected from fingerprint and iris readers installed in classrooms, and then sent to a server over a LAN. Instructors login through a web interface and select the date and time of their lectures to track students’ absenteeism. The proposed e-attendance system offers several benefits such as instructors are free from manually recording of students’ attendance, lower absenteeism rate, preventing any students’ impersonations and provide additional information about the attendees, such as the time of their arrivals in the lecture rooms. The proposed e-attendance system has been evaluated using several experiments and students’ surveys revealing the following: The fingerprint enrolment and recognition processes take much less time and are easier and more practical than the iris processes. Most students prefer the use of fingerprint scan instead of iris scan. In addition, the need for more than one type of biometrics technology, mainly in a multi-ethnics academic environment, is necessary to counter against any obstacles that might be associated with a single recognition method. Finally, additional security solutions, mainly firewalls and IDS/IPS systems, are required to build reliable attendance tracking systems, as this work showed clearly how biometrics readers can be potential important and privileged targets for malicious students, and how they are vulnerable to common attacks, mainly DoS attacks.
Figure 12. The results of pinging the Iris reader after few seconds of the starting of the SYN Flood attack.
Figure 13. Secure architecture for the e-attendance system. reader with TCP SYN packets targeting port 80 and using spoofed random source IP addresses, preventing the reader from getting any TCP SYN-ACK reply packet from the spoofed addresses. To our surprise, just after few seconds the two biometrics readers became so overwhelmed and could not recognize any legitimate users. Figure 12 shows the results of pinging the Iris reader after few seconds of the starting of the SYN Flood attack. The figure shows clearly that there were many “Request timed out” messages which mean that there were no replies to many “Ping” request packets. Even when there were replies, the delay time was very long which was less than 1 ms before the attack started. Consequently, this experiment demonstrated clearly that the two biometrics readers could be vulnerable to the SYN Flood attack. Therefore, malicious students can use DoS attack tools to attack the biometrics readers installed in the classrooms and render them very slow or completely unable to recognize the students. To enhance the security of the proposed e-attendance system, the biometrics readers were connected to a different segment protected by a firewall and an IDS/IPS system, as shown in Fig. 13. The biometrics server was also connected to a different network segment which was as well protected by a firewall and an IDS/IPS system. Firewalls allowed the biometrics readers to communicate only with the biometrics server and prevented malicious students from communicating to the biometrics readers and servers to perform discovery activities, such as scanning and pinging. This security policy was simply implemented in both firewalls using filtering rules. The IDS/IPS system used were configured to protect the biometrics readers and the server from other common attacks and to detect any malicious activities before an attack takes place.
References [1] Y. Kawaguchi, T. Shoji, W. Lin, K. Kakusho, & M. Minoh, Face recognition-based lecture attendance system, Proc. 3rd AEARU Workshop on Network Education, Seoul, Korea, 2005, 70–75. [2] T. Nawaz, S. Pervaiz, A. Korrani, & Azhar-Ud-Din, Development of academic attendance monitoring system using fingerprint identification, International Journal of Computer Science and Network Security, 9 (5), 2009, 164–168. [3] J.R. Vacca, Biometric Technologies and Verification Systems (Burlington, MA, USA: Butterworth-Heinemann Publisher, 2007), ISBN-10:0750679670. [4] J. Wayman, A. Jain, D. Maltoni, & D. Maio, Biometric systems: Technology, design and performance evaluation (New York, USA: Springer Publisher, 2004) ISBN-10:1852335963. [5] J. Chirillo & S. Blaul, Implementing biometric security (Hoboken, NJ, USA: Wiley Publisher, 2003) ISBN10:0764525026. [6] M. Tony, Biometric authentication in the real world, Centre for Mathematics and Scientific Computing, National Physical Laboratory, UK (online), http://www.npl.co.uk/upload/pdf/ biometrics_psrevho.pdf, 2001. [7] G.L. Dillingham, AVIATION SECURITY: Registered Traveler Program Policy and Implementation Issues, General Accounting Office, USA (online), http://www.gao.gov/new.items/ d03253.pdf, 2002. [8] A.-R. Ahmad & A.-K. Ali, Iris recognition and the challenge of homeland and border control security in UAE, Journal of Telematics and Informatics, Elsevier, 25, 2008, 117–132. [9] D. John, How iris recognition works, IEEE Transactions on Circuits and Systems for Video Technology, 14 (1), 2004, 21–30. [10] D. John, Recognizing persons by their iris patterns, Proc. 5th Chinese Conf. on Biometric Recognition, China, 2004, 5–25.
152
Khaled Shuaib received his Ph.D. degree in Electrical Engineering from the City University of New York, 1999. Since September 2002, he has been with the Faculty of Information Technology at the UAE University where he is an Associate Professor. Prior to joining the UAE University, Dr. Shuaib had several years of industrial experience in the United States as a Senior MTS at GTE Labs (Currently Verizon Tech. Center) (1997–1999) and as a Principle Performance Engineer for Lucent Tech. (1999– 2002). His work was focused on the transmission of video over IP and ATM-based networks and on the performance evaluation, design and scalability of major ISPs such as AT&T, MCI, SBC and several others. Dr. Shuaib holding two US patents and has over 45 referred publications. He also serves as a TPC on various IEEE conferences and as a reviewer for several international journals.
[11] Muslim, Fingerprint pattern recognition using distance method algorithm, Proc. of the 2nd IMT-GT Regional Conf. on Mathematics, Statistics and Their Applications, Malaysia, 2006. [12] Y. Adini, Y. Moses, & S. Ullman, Face recognition: The problem of compensating for changes in illumination direction, IEEE Transactions on Pattern Analysis and Machine Intelligence, 19 (7), 1997, 721–732. [13] P.N. Belhumeur, J.P. Hespanha, & D.J. Kriegman, Eigenfaces vs. Fisherfaces: Recognition using class-specific linear projection, IEEE Transactions on Pattern Analysis and Machine Intelligence, 19 (7), 1997, 711–720. [14] H. Geometry, National Science and Technology Council (NSTC), Subcommittee on Biometrics, USA (online), http://www.biometrics.gov/Documents/HandGeometry.pdf, 2006. [15] R. Das, Retinal recognition, biometric technology in practice, Keesing Journal of Documents & Identity, 15(22), 2007, 11–14. [16] http://www.biometricnewsportal.com/signature_biometrics. asp. [17] Panasonic Iris reader BM-ET330, Specification sheet, ftp://ftp. panasonic.com/pub/Panasonic/cctv/SpecSheets/BM-ET330. pdf. [18] Nitgen Fingerprint reader NAC 3000, Specification sheet, http://www.nitgen.com.
Biographies Zouheir Trabelsi received his Ph.D. degree in Computer Science from the Tokyo University of Technology and Agriculture, Japan. Since September 2005, he has been with the Faculty of Information Technology at the United Arab Emirates University as an Associate Professor of Information Security. Currently he is the Program Coordinator of the Information Security Track. His research interests include networking security, intrusion detection and prevention, TCP/IP covert channels, network protocol design, and biometrics. Dr. Trabelsi serves on the technical program committees of many international IEEE conferences such as GLOBECOM, WCNC, and ICC.
153
