Professional Documents
Culture Documents
Nov. 2008
BIOMETRICS
BIOMETRICS
INTRODUCTION
Biometrics (ancient Greek: bios life, metron measure) refers to two very different fields of study and application. The first, which is the older and is used in biological studies, is the collection, synthesis, analysis and management of data in biology. Biometrics in reference to biological sciences, or biostatistics, has been studied since the early twentieth century. More recently and incongruously, the term's meaning has been broadened to include the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
DEFINITION
Biometrics is the science and technology of measuring and analyzing biological data. In information technology, biometrics refers to technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes. The word "biometrics" is derived from the Greek words 'bios' and metric; which means life and measurement respectively. This directly translates into "life measurement".
HISTORY
Biometric history indicates that the science did not originate at a single place. People all over the world were using the basics for mainly identifying individuals from each other. We'll explain about biometric history in brief over the next few paragraphs. Barros wrote that the Chinese merchants were stamping children's palm prints and footprints on paper with ink so as to differentiate the young children from one another. This is one of the most primitive known cases of biometrics in use and is still being used today. Biometric history in the recent past (three decades) has seen drastic advancements and the technology have moved from a single method (fingerprinting) to more than ten prudent methods. Companies involved with new methods have grown into the hundreds and continue to improve their methods as the technology available to them also advances. Prices for the hardware required continue to fall making systems more feasible for low and mid-level budgets and thus making this more adaptable in small businesses and even households. As the industry grows however, so does the public concern over privacy issues. Laws and regulations continue to be drafted and standards are beginning to be developed. While no other biometric has yet reached the breadth of use of fingerprinting, some are beginning to be used in both legal and business areas.
At Walt Disney World biometric measurements are taken from the fingers of guests to ensure that the person's ticket is used by the same person from day to day
Tokens (smartcards, etc.) aren't you and can be: o lost o stolen o duplicated (some) o forgotten Passwords aren't you and can be: o forgotten o shared o observed o broken
ADVANTAGES OF BIOMETRICS:
* Increase security - Provide a convenient and low-cost additional tier of security. * Reduce fraud by employing hard-to-forge technologies and materials. For e.g. minimize the opportunity for ID fraud, buddy punching. * Eliminate problems caused by lost IDs or forgotten passwords by using physiological attributes. For e.g. prevent unauthorized use of lost, stolen or "borrowed" ID cards. * Reduce password administration costs. * Replace hard-to-remember passwords which may be shared or observed. * Integrate a wide range of biometric solutions and technologies, customer applications and databases into a robust and scalable control solution for facility and network access * Make it possible automatically, to know WHO did WHAT, WHERE and WHEN! * Offer significant cost savings or increasing ROI in areas such as Loss Prevention or Time & Attendance. * Unequivocally link an individual to a transaction or event.
DISADVANTAGES OF BIOMETRICS:
The finger prints are affected: The finger prints of those people working in Chemical industries are often affected. Therefore these companies should not use the finger print mode of authentication.
With age voice differs: It is found that with age, the voice of a person differs. Also when the person has flu or throat infection the voice changes or if there are too much noise in the environment this method may not authenticate correctly. Therefore this method of verification is not workable all the time
Eyes get affected: For people affected with diabetes, the eyes get affected resulting in differences.
BIOMETRICALS
Biometrics is an expensive security solution Biometrics is used to identify the input sample when compared to a template, used in cases to identify specific people by certain characteristics.
Standard validation systems often use multiple inputs of samples for sufficient validation, such as particular characteristics of the sample. This intends to enhance security as multiple different samples are required such as security tags and codes and sample dimensions.
Physiological o Iris o Fingerprint (including nail) o Hand (including knuckle, palm, vascular) o Face o Voice o Retina o DNA o Even Odor, Earlobe, Sweat pore, Lips Behavioral o Signature o Keystroke o Voice o Gait
CLASSIFICATION OF BIOMETRICS:
Physiological: Are related to the shape of the body. The oldest traits that have been used for more than 100 years are fingerprints. Other examples are face recognition, hand geometry and iris recognition. Behavioral: Are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice. Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral. Other biometric strategies are being developed such as those based on gait (way of walking), retina, hand veins, finger veins, ear canal, facial thermo gram, DNA, odor and palm prints. Tree diagram showing Classification of Biometrics
Universality: each person should have the characteristic Uniqueness: is how well the biometric separates individually from another. Permanence: measures how well a biometric resists aging. Collectability: ease of acquisition for measurement. Performance: accuracy, speed, and robustness of technology used. Acceptability: degree of approval of a technology. Circumvention: ease of use of a substitute.
Biometric systems
The diagram above shows a simple block diagram of a biometric system. When such a system is networked together with telecommunications technology, biometric systems become telebiometric systems. The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves
be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability. If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area).
FUNCTIONS:
A biometric system can provide the following two functions:
Verification:
Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.
Identification:
Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.
BIOMETRIC DEVICES
1) Biometric Door Locks - Where your fingerprint is the key!
Biometric door locks marks the advent biometrics into people's everyday life. With biometric door handles available at large, biometrics is now a household thing. Biometric doorknobs are now being increasingly used in villas, condos, offices and even server rooms. Fingerprint door locks are very easy to install and can be fitted easily like any other lock. Each lock has a biometric scanner which scans the individual fingerprints. Once registered all users of the lock can easily access the premises whenever they want without any trouble. Fingerprint records can be added and deleted on the fly, so in case you have a shared residence, you can easily add any new fingerprints and even delete the obsolete ones. With biometric door locks, Your fingerprint is the key. They replace keyed locking mechanisms with a fingerprint sensor that actually recognizes who is and who is not authorized to enter.
2) Voice Verification:
Voice Verification Technology... Voice verification is conceptually similar to fingerprinting. It is common knowledge that each persons fingerprints have unique characteristics that can be used to distinguish one person from another. It has also been proven that each person can be identified by the unique features of his or her vocal characteristics and speaking patterns. Biometric voice verification is the process of comparing a voice sample with a stored, digital voice model, or voiceprint, for the purpose of verifying identity. A voiceprint is a digital representation of some of the unique characteristics of a callers voice, including physiological characteristics of the nasal passages and vocal chords, as well as the
frequency, cadence and duration of the vocal pattern. A voiceprint is not a recording or sound file it cannot be played back into a voice biometrics system by an imposter.
3) Retinal scan:
A biometric identifier known as a retinal scan is used to map the unique patterns of a person's retina. The blood vessels within the retina absorb light more readily than the surrounding tissue and are easily identified with appropriate lighting. A retinal scan is performed by casting an undetectable ray of low-energy infrared light into a persons eye as they look through the scanner's eyepiece. This beam of light outlines a circular path on the retina. Because retinal blood vessels are more sensitive to light than the rest of the eye, the amount of reflection fluctuates. The results of the scan are converted to computer code and stored in a database
Retinal scanners are typically used for authentication and identification purposes. Retinal scanning has been utilized by several government agencies including the FBI, CIA, and NASA. However, in recent years, retinal scanning has become more commercially
popular. Retinal scanning has been used in prisons, for ATM identity verification and the prevention of welfare fraud. Retinal scanning also has medical applications. Communicable illnesses such as AIDS, syphilis, malaria, chicken pox and Lyme disease as well as hereditary diseases like leukemia, lymphoma, and sickle cell anemia impact the eyes. Pregnancy also affects the eyes. Likewise, indications of chronic health conditions such as congestive heart failure, atherosclerosis, and cholesterol issues first appear in the eyes.
Low occurrence of false positives Extremely low (almost 0%) false negative rates Highly reliable because no two people have the same retinal pattern Speedy results: Identity of the subject is verified very quickly
Disadvantages
Measurement accuracy can be affected by a disease such as cataracts Measurement accuracy can also be affected by severe astigmatism Scanning procedure is perceived by some as invasive Not very user friendly Subject being scanned must be close to the camera optics High equipment costs
IBM security specialist Cindy Dalton tests a retina-scanning system in Washington, D.C., that will help companies safeguard their complexes and employees. (Bob Goldberg, Associated Press)
4) Iris recognition:
Per Iris recognition is a method of biometric authentication that uses pattern recognition techniques based on high-resolution images of the irides of an individual's eyes.
Not to be confused with another less prevalent ocular-based technology, retina scanning, and iris recognition uses camera technology, with subtle infrared illumination reducing specular reflection from the convex cornea, to create images of the detail-rich, intricate structures of the iris. Converted into digital templates, these images provide mathematical representations of the iris that yield unambiguous positive identification of an individual. Iris recognition efficacy is rarely impeded by glasses or contact lenses. Iris technology has the smallest outlier (those who cannot use/enroll) group of all biometric technologies. The only biometric authentication technology designed for use in a one-to many search environment, a key advantage of iris recognition is its stability, or template longevity as, barring trauma, a single enrollment can last a lifetime.
Iris scanners use pattern recognition techniques based on images of the irides of an individual's eyes.
A U.S. Marine Corps Sergeant uses an iris scanner to positively identify a member of the Baghdadi city council prior to a meeting with local tribal figureheads, sheiks, community leaders and U.S. service members.
5) SIGNATURE VERIFICATION:
Signature verification is the process used to recognize an individuals hand-written signature. Dynamic signature verification technology uses the behavioral biometrics of a hand written signature to confirm the identity of a computer user. This is done by analyzing the shape, speed, stroke, pen pressure and timing information during the act of signing. Natural and intuitive, the technology is easy to explain and trust. As a replacement for a password or a PIN number, dynamic signature verification is a biometric technology that is used to positively identify a person from their handwritten signature. There is an important distinction between simple signature comparisons and dynamic signature verification. Both can be computerized, but a simple comparison only takes into account what the signature looks like. Dynamic signature verification takes into account how the signature was made. With dynamic signature verification it is not the shape or look of the signature that is meaningful; it is the changes in speed, pressure and timing that occur during the act of signing. Only the original signer can recreate the changes in timing and X, Y, and Z (pressure).
Principles
of
palm
vein
biometrics
An individual's vein pattern image is captured by radiating his/her hand with nearinfrared rays. The reflection method illuminates the palm using an infrared ray and captures the light given off by the region after diffusion through the palm. The deoxidized hemoglobin in the in the vein vessels absorbs the infrared ray, thereby reducing the reflection rate and causing the veins to appear as a black pattern. This vein pattern is then verified against a preregistered pattern to authenticate the individual. As veins are internal in the body and have a wealth of differentiating features, attempts to forge an identity are extremely difficult, thereby enabling a high level of security. In
addition, the sensor of the palm vein device can only recognize the pattern if the deoxidized hemoglobin is actively flowing within the individual's veins. This system is not dangerous; a near infrared is a component of sunlight: there is no more exposure when scanning the hand than by walking outside in the sun.
Difficult to forge Contactless, hygienic and non-invasive Highly accurate Capable of 1:1 and 1:many matching
7) DNA BIOMETRICS:
Humans have 23 pairs of chromosomes containing their DNA blueprint. One member of each chromosomal pair comes from their mother; the other comes from their father. Every cell in a human body contains a copy of this DNA. The large majority of DNA does not differ from person to person, but 0.10 percent of a person's entire genome would be unique to each individual. This represents 3 million base pairs of DNA. Genes make up 5 percent of the human genome. The other 95 percent are non-coding sequences, (which used to be called junk DNA). In non-coding regions there are identical repeat sequences of DNA, which can be repeated anywhere from one to 30 times in a row. These regions are called variable number tandem repeats (VNTRs). The number of tandem repeats at specific places (called loci) on chromosomes varies between individuals. For any given VNTR loci in an individual's DNA, there will be a certain number of repeats. The higher numbers of loci are analyzed, the smaller the probability to find two unrelated individuals with the same DNA profile.
DNA profiling determines the number of VNTR repeats at a number of distinctive loci, and uses it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.
DNA BIOMETRICS
Intrusive: a physical sample must be taken, while other biometric systems only use an Image or a recording
ERRORS IN BIOMETRICS
Biometric systems are susceptible to the following kinds of errors:
False Rejection Rate (FRR) or Type I Error False Acceptance Rate (FAR) or Type II Error
Performance measurement
Measurement
The probability that the system incorrectly declares a successful match between the input pattern and a or non-matching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by disallowed people.
The probability that the system incorrectly declares or failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.
In general, the matching algorithm performs a decision using some parameters (e.g. a threshold). In biometric systems the FAR and FRR can typically be traded off against each other by changing those parameters. The ROC plot is obtained by graphing the values of FAR and FRR, changing the variables implicitly. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors).
The rates at which both accept and reject errors are equal. ROC or DET plotting is used because how FAR and FRR can be changed, is shown clearly. or When quick comparison of two systems is required, the ERR is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
The percentage of data input is considered invalid and fails to input into the system. Failure to enroll failure to enroll rate FTE or FER happens when the data obtained by the sensor are considered invalid or of poor quality.
failure rate
to
capture
FTC
Within automatic systems, the probability that the system fails to detect a biometric characteristic when presented correctly.
template capacity
The maximum number of sets of data which can be input into the system.
As the sensitivity of biometric devices increases, it decreases the FAR but increases the FRR.
BIOMETRIC OBSTACLES
Different sensors (hardware producers), generating different biometrics outcomes, different outcomes cannot be encrypted compared (they will never match). It is very difficult to create standard on identical encryption paths. Biometrics standard can be obtained only if the common information is unconcealed. Currently each biometric scanner's vendor is responsible for generating his own encryption method. In order to unify the biometrics collection method(s) the Standardization procedure must force Biometrics exposure, however, exposed biometrics information present a serious threat to privacy rights.
SOCIOLOGOCAL CONCERNS
As technology advances, and time goes on, more private companies and public utilities may use biometrics for safe, accurate identification. These advances are likely to raise concerns such as:
Physical: Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.
Personal Information: There are concerns whether our personal information taken through biometric methods can be misused, e.g. by the government to determine unwanted traits in humans for global population control. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.
CANCELABLE BIOMETRICS
Physical features, such as face, fingerprint, iris, retina, hand, or behavioral features, such as signature, voice, gait, must fulfill a certain criteria to qualify for use in recognition. They must be unique, universal, acceptable, collectible and convenient to the person, in addition, to reliability at recognition, performance and circumvention. Most importantly, however, permanence is a key feature for biometrics. They must retain all the above features in particular the uniqueness unchanged, or acceptably changed, over the lifetime of the individual. On the other hand, this fundamental feature has brought biometrics to challenge a new risk. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity.
===============================================================