BIOMETRICS

Biometrics is automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are; face, fingerprint, hand geometry, iris, retinal, signature, and voice. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.

 Biometric-based authentication applications include workstation, network, and domain access, single signon, application logon, data protection, remote access to resources, transaction security and Web security. Trust in these electronic transactions is essential to the healthy growth of the global economy. Utilized alone or integrated with other technologies such as smart cards, encryption keys and digital signatures, biometrics are set to pervade nearly all aspects of the economy and our daily lives. Utilizing biometrics for personal authentication is becoming convenient and considerably more accurate than current methods (such as the utilization of passwords or PINs). This is because biometrics links the event to a particular individual (a password or token may be used by someone other than the authorized user), is convenient (nothing to carry or remember), accurate (it provides for positive authentication), can provide an audit trail and is becoming socially acceptable and inexpensive.

 The term "biometrics" is derived from the Greek words bio (life) and metric (to measure). Biometrics is becoming an interesting topic now in regards to computer and network security, however the ideas of biometrics have been around for many years. Possibly the first known example of biometrics in practice was a form of finger printing being used in China in the 14th century, as reported by explorer Joao de Barros. He wrote that the Chinese merchants were stamping children's palm prints and footprints on paper with ink to distinguish the young children from one another. This is one of the earliest known cases of biometrics in use and is still being used today.

 In the 1890s, an anthropologist named Alphonse Bertillion sought to fix the problem of identifying convicted criminals and turned biometrics into a distinct field of study. He developed 'Bertillonage', a method of bodily measurement whichgot named after him. The problem with identifying repeated offenders was that the criminals often gave different aliases each time they were arrested. Bertillion realized that even if names changed, even if a person cut his hair or put on weight, certain elements of the body remained fixed, such as the size of the skull or the length of their fingers. Police authorities throughout the world used his system, until it quickly faded when it was discovered that some people shared the same measurements and based on the measurements alone, two people could get treated as one. After this, the police used finger printing, which was developed by Richard Edward Henry of Scotland Yard, instead. Essentially reverting to the same methods used by the Chinese for years.

Face: Recognition analyzes facial characteristics. It requires a digital camera to develop a facial image of the user for authentication. This technique has attracted considerable interest, although many people don't completely understand its capabilities. Some vendors have made extravagant claims which are very difficult, if not impossible, to substantiatein practice for facial recognition devices. Because facial scanning needs an extra peripheral not customarily included with basic PCs, it is more of a niche market for network authentication. However, the casino industry has capitalized on this technology to create a facial database of scam artists for quick detection by security personnel.

Fingerprint : looks at the patterns found on a fingertip. There are a variety of approaches to fingerprint verification. Some emulate the traditional police method of matching minutiae; others use straight pattern-matching devices; and still others are a bit more unique, including things like moir fringe patterns and ultrasonic. Some verification approaches can detect when a live finger is presented; some cannot. Fingerprint verification may be a good choice for inhouse systems, where you can give users adequate explanation and training, and where the system operates in a controlled environment. It is not surprising that the workstation access application area seems to be based almost exclusively on fingerprints, due to the relatively low cost, small size, and ease of integration of fingerprint authentication devices.

Hand Geometry : It involves analyzing and measuring the shape of the hand. This biometric offers a good balance of performance characteristics and is relatively easy to use. It might be suitable where there are more users or where users access the system infrequently and are perhaps less disciplined in their approach to the system. Accuracy can be very high if desired and flexible performance tuning and configuration can accommodate a wide range of applications. Organizations are using hand geometry readers in various scenarios, including time and attendance recording, where they have proved extremely popular. Ease of integration into other systems and processes, coupled with ease of use, makes hand geometry an obvious first step for many biometric projects.

Iris : based biometric, on the other hand, involves analyzing features found in the colored ring of tissue that surrounds the pupil. Iris scanning, undoubtedly the less intrusive of the eye-related biometrics, uses a fairly conventional camera element and requires no close contact between the user and the reader. In addition, it has the potential for higher than average templatematching performance. Iris biometrics work with glasses in place and is one of the few devices that can work well in identification mode. Ease of use and system integration have not traditionally been strong points with iris scanning devices, but you can expect improvements in these areas as new products emerge.

Retina : based biometric involves analyzing the layer of blood vessels situated at the back of the eye. An established technology, this technique involves using a lowintensity light source through an optical coupler to scan the unique patterns of the retina. Retinal scanning can be quite accurate but does require the user to look into a receptacle and focus on a given point. This is not particularly convenient if you wear glasses or are concerned about having close contact with the reading device. For these reasons, retinal scanning is not warmly accepted by all users, even though the technology itself can work well.

Signature:

verification analyzes the way a user signs her name. Signing features such as speed, velocity, and pressure are as important as the finished signature's static shape. Signature verification enjoys a synergy with existing processes that other biometrics do not. People are used to signatures as a means of transaction-related identity verification, and most would see nothing unusual in extending this to encompass biometrics. Signature verification devices are reasonably accurate in operation and obviously lend themselves to applications where a signature is an accepted identifier. Surprisingly, relatively few significant signature applications have emerged compared with other biometric methodologies. But if your application fits, it is a technology worth considering.

Voice:

authentication is not based on voice recognition but on voice-to-print authentication, where complex technology transforms voice into text. Voice biometrics has the most potential for growth, because it requires no new hardware most PCs already contain a microphone. However, poor quality and ambient noise can affect verification. In addition, the enrollment procedure has often been more complicated than with other biometrics, leading to the perception that voice verification is not user friendly. Therefore, voice authentication software needs improvement. One day, voice may become an additive technology to finger-scan technology. Because many people see finger scanning as a higher authentication form, voice biometrics will most likely be relegated to replacing or enhancing PINs, passwords, or account names.

 Biometric devices are being used in various areas with unlimited possibilities. The original use began in the 1800s with the invention of a system for fingerprint analysis used for identifying criminals. The uses today range from building access, identification of criminals, identification of missing children, security of banking services for account information, transferring funds, balances, and online banking. After the September 11, 2001 attack, the uses seem to be endless. We will see face-scanning devices in airports and digital photos are already being used to keep better tabs of those seeking entry into the United States. Border patrol guards who detect foreigners believed to pose possible security threats can use these photos. These are only a few of the many possible uses of biometric technology.

Retina Scan The retina scan devices read through the pupil. It is one of the most reliable and accurate because it measures the patterns of the retina at over 400 points.

Iris Scan The first step of the iris scan is to locate the iris by use of a dedicated camera. The camera uses both visible and infrared light. The boundaries of the iris are located and an algorithm is then used. The algorithm takes into account the same data regardless of the size of the iris at any given time.

Facial Scan :-

A facial scan emphasizes those sections of the face, which are less susceptible to alterations, such as the upper outlines of the eye sockets, the sides of the mouth, and the areas surrounding ones cheekbones.

Voice Scan : Voice scan can be used in areas such as banking, account access, and home PC and network access. This technology uses distinctive qualities of an individuals voice, some which are behaviorally determined and others, which are physiologically determined.

Finger Scan :-

Finger scan images can be taken in three different ways. These ways are optical, silicon, and ultrasound. Optical is the oldest and most widely used method, and ultrasound is the most accurate. Finger-scan technology extracts data from the fingerprint and stores a small amount of the data derived from the fingerprints unique patterns.

Hand Scan : In the finger scan, the users place their hand palm down on the readers surface. They then align their hand with the five pegs designed to indicate the correct location of the thumb, forefinger, and middle finger. Over 90 measurements are taken of the hand and fingers with a digital camera capturing the length, width, thickness, and surface area.

 For the sake of demonstration lets select our own example biometric - the size and/or shape of the human foot. Using this particular physical trait would require: -A manner to measure the foot in a meaningful way, creating a metric or measured value. -A method or system to record the obtained measurements. -Two or more willing individuals. -Criteria for comparing the obtained measurements, to determining ownership of the biometric samples, and ultimately some form of identification or authentication in most cases. Although theoretically foot measurements could be used in a biometric system, using the human foot is probably a poor choice of a trait to choose for developing a biometric system. This is because good biometric systems tend to use traits or behaviors that rate high in several of the following criteria:

 Universality describes how commonly a biometric is found in each individual. Uniqueness is how well the biometric separates one individual from another. Permanence measures how well a biometric resists aging. Collectability explains how easy it is to acquire a biometric for measurement. Performance indicates the accuracy, speed, and robustness of the system capturing the biometric. Acceptability indicates the degree of approval of a technology by the public in everyday life. Circumvention is how easy it is to fool the authentication system.

 Depending on the system being used, identification versus verification, the terms negative or positive match may have different meanings. For example if an individual (who is really a criminal) has their biometric sample compared against a database of known criminals and there is no match; this is said to be a false nonmatch as the sample theoretically should have matched. On the other hand if an individual who is a nonauthorized user of a system had their biometric sample compared against a database of authorized users and there was a match; this is said to be a false match as the sample should have not been matched. In the aforementioned bell shaped populations, the areas of these curves that intersect encompass users that may provide false matches or false non-matches. Depending on the nature of the system and result of a comparison, these false comparisons (either false matches or false non-matches) can have different consequences.

 The balance between these two intersecting is basically the threshold of biometric system, or the level at which genuine users or impostors will or will not be accepted.This threshold line is often referred to as the Equal -Error Rate (EER), and is essentially the point in which false matches and false non-matches are equal within a system.The basics of this threshold setting will be determined by the impact of having false results in the context of what the system is being used for.

 An example of this false result problem was made clear during the use of facial recognition systems at major American sporting events in the past few years, most notably the Super Bowl. Facial recognition cameras were setup at various points inside of the sports venue and alerted on numerous individuals. Upon verifying the individuals by other means it was found that all of the alerts were false matches of law-abiding individuals who should not have caused the system to alert. In addition most likely several false non-matches occurred, where individuals the system should have detected it failed to. The consequence of this experiment was wasted resources and opportunity cost that may have been better employed elsewhere in this environment.

Advantages : Biometrics ease of use, accuracy, reliability, and flexibility are quickly making them the superior technology for authentication and identification. Biometrics is extremely accurate and is showing widespread acceptance for replacing traditional authentication mechanisms such as passwords, pins, and tokens. The ease of use in biometrics is that the systems are straightforward, and with proper training can be done by anyone with few errors. It is very difficult and time consuming to submit a fake sample. The various systems offer users flexibility by allowing you to choose the type of system that best suits the desired needs. One example is that a season pass holder at Disney can use the finger scan for verification. This measure is both convenient and a deterrent. It allows the season pass holders to circumvent long lines but keeps them from loaning their pass to a friend.

Disadvantages : One of the major disadvantages in biometrics is user perception. Most people view themselves as unique individuals. Retinal scan technology, which involves a more sensitive area of the body, is perceived as being invasive and intrusive. Finger scan technology is seen as invasive and is linked to criminality or police bookings. A second disadvantage would be if the system becomes inoperable by power failure, hardware failure, network crashes, and software problems to name a few of the possible ways in which the biometric system could become unusable. Another disadvantage currently is cost. Retina scans device cost approximately $2500, placing them at the high end of the spectrum. Hand scans device range between $1400-2000, also making them relatively costly. In time, technological advances will help to make these systems easier to manufacture, and more cost effective. Finally, we must develop standards as they relate to security and privacy. Staff members should only have access to information that they need to know to perform their jobs.