14th

Nov. 2008

BIOMETRICS

BIOMETRICS
INTRODUCTION
Biometrics (ancient Greek: bios life, metron measure) refers to two very different fields of study and application. The first, which is the older and is used in biological studies, is the collection, synthesis, analysis and management of data in biology. Biometrics in reference to biological sciences, or biostatistics, has been studied since the early twentieth century. More recently and incongruously, the term's meaning has been broadened to include the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.

DEFINITION
Biometrics is the science and technology of measuring and analyzing biological data. In information technology, biometrics refers to technologies that measure and analyze human body characteristics, such as fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes. The word "biometrics" is derived from the Greek words 'bios' and metric; which means life and measurement respectively. This directly translates into "life measurement".

HISTORY
Biometric history indicates that the science did not originate at a single place. People all over the world were using the basics for mainly identifying individuals from each other. We'll explain about biometric history in brief over the next few paragraphs. Barros wrote that the Chinese merchants were stamping children's palm prints and footprints on paper with ink so as to differentiate the young children from one another. This is one of the most primitive known cases of biometrics in use and is still being used today. Biometric history in the recent past (three decades) has seen drastic advancements and the technology have moved from a single method (fingerprinting) to more than ten prudent methods. Companies involved with new methods have grown into the hundreds and continue to improve their methods as the technology available to them also advances. Prices for the hardware required continue to fall making systems more feasible for low and mid-level budgets and thus making this more adaptable in small businesses and even households. As the industry grows however, so does the public concern over privacy issues. Laws and regulations continue to be drafted and standards are beginning to be developed. While no other biometric has yet reached the breadth of use of fingerprinting, some are beginning to be used in both legal and business areas.

At Walt Disney World biometric measurements are taken from the fingers of guests to ensure that the person's ticket is used by the same person from day to day

WHY USE BIOMETRICS?

Only biometrics can verify you as you

Tokens (smartcards, etc.) aren't you and can be: o lost o stolen o duplicated (some) o forgotten Passwords aren't you and can be: o forgotten o shared o observed o broken

ADVANTAGES OF BIOMETRICS:
* Increase security - Provide a convenient and low-cost additional tier of security. * Reduce fraud by employing hard-to-forge technologies and materials. For e.g. minimize the opportunity for ID fraud, buddy punching. * Eliminate problems caused by lost IDs or forgotten passwords by using physiological attributes. For e.g. prevent unauthorized use of lost, stolen or "borrowed" ID cards. * Reduce password administration costs. * Replace hard-to-remember passwords which may be shared or observed. * Integrate a wide range of biometric solutions and technologies, customer applications and databases into a robust and scalable control solution for facility and network access * Make it possible automatically, to know WHO did WHAT, WHERE and WHEN! * Offer significant cost savings or increasing ROI in areas such as Loss Prevention or Time & Attendance. * Unequivocally link an individual to a transaction or event.

DISADVANTAGES OF BIOMETRICS:

The finger prints are affected: The finger prints of those people working in Chemical industries are often affected. Therefore these companies should not use the finger print mode of authentication.

With age voice differs: It is found that with age, the voice of a person differs. Also when the person has flu or throat infection the voice changes or if there are too much noise in the environment this method may not authenticate correctly. Therefore this method of verification is not workable all the time

Eyes get affected: For people affected with diabetes, the eyes get affected resulting in differences.

BIOMETRICALS
Biometrics is an expensive security solution Biometrics is used to identify the input sample when compared to a template, used in cases to identify specific people by certain characteristics.

possession-based Using one specific "token" such as a security tag or a card

knowledge-based The use of a code or password.

Standard validation systems often use multiple inputs of samples for sufficient validation, such as particular characteristics of the sample. This intends to enhance security as multiple different samples are required such as security tags and codes and sample dimensions.

Classification of some biometric traits: Types of Biometrics

Physiological o Iris o Fingerprint (including nail) o Hand (including knuckle, palm, vascular) o Face o Voice o Retina o DNA o Even Odor, Earlobe, Sweat pore, Lips Behavioral o Signature o Keystroke o Voice o Gait

CLASSIFICATION OF BIOMETRICS:

Physiological: Are related to the shape of the body. The oldest traits that have been used for more than 100 years are fingerprints. Other examples are face recognition, hand geometry and iris recognition. Behavioral: Are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice. Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral. Other biometric strategies are being developed such as those based on gait (way of walking), retina, hand veins, finger veins, ear canal, facial thermo gram, DNA, odor and palm prints. Tree diagram showing Classification of Biometrics

COMPARISON OF VARIOUSBIOMETRIC TECHNOLOGIES:

It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:

Universality: each person should have the characteristic Uniqueness: is how well the biometric separates individually from another. Permanence: measures how well a biometric resists aging. Collectability: ease of acquisition for measurement. Performance: accuracy, speed, and robustness of technology used. Acceptability: degree of approval of a technology. Circumvention: ease of use of a substitute.

Biometric systems

The basic block diagram of a biometric system

The diagram above shows a simple block diagram of a biometric system. When such a system is networked together with telecommunications technology, biometric systems become telebiometric systems. The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves

be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability. If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area).

FUNCTIONS:
A biometric system can provide the following two functions:

Verification:

Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.

Identification:

Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.

BIOMETRIC DEVICES
1) Biometric Door Locks - Where your fingerprint is the key!
Biometric door locks marks the advent biometrics into people's everyday life. With biometric door handles available at large, biometrics is now a household thing. Biometric doorknobs are now being increasingly used in villas, condos, offices and even server rooms. Fingerprint door locks are very easy to install and can be fitted easily like any other lock. Each lock has a biometric scanner which scans the individual fingerprints. Once registered all users of the lock can easily access the premises whenever they want without any trouble. Fingerprint records can be added and deleted on the fly, so in case you have a shared residence, you can easily add any new fingerprints and even delete the obsolete ones. With biometric door locks, Your fingerprint is the key. They replace keyed locking mechanisms with a fingerprint sensor that actually recognizes who is and who is not authorized to enter.

2) Voice Verification:

Voice Verification Technology... Voice verification is conceptually similar to fingerprinting. It is common knowledge that each persons fingerprints have unique characteristics that can be used to distinguish one person from another. It has also been proven that each person can be identified by the unique features of his or her vocal characteristics and speaking patterns. Biometric voice verification is the process of comparing a voice sample with a stored, digital voice model, or voiceprint, for the purpose of verifying identity. A voiceprint is a digital representation of some of the unique characteristics of a callers voice, including physiological characteristics of the nasal passages and vocal chords, as well as the

frequency, cadence and duration of the vocal pattern. A voiceprint is not a recording or sound file it cannot be played back into a voice biometrics system by an imposter.

3) Retinal scan:
A biometric identifier known as a retinal scan is used to map the unique patterns of a person's retina. The blood vessels within the retina absorb light more readily than the surrounding tissue and are easily identified with appropriate lighting. A retinal scan is performed by casting an undetectable ray of low-energy infrared light into a persons eye as they look through the scanner's eyepiece. This beam of light outlines a circular path on the retina. Because retinal blood vessels are more sensitive to light than the rest of the eye, the amount of reflection fluctuates. The results of the scan are converted to computer code and stored in a database

Retinal scanners are typically used for authentication and identification purposes. Retinal scanning has been utilized by several government agencies including the FBI, CIA, and NASA. However, in recent years, retinal scanning has become more commercially

popular. Retinal scanning has been used in prisons, for ATM identity verification and the prevention of welfare fraud. Retinal scanning also has medical applications. Communicable illnesses such as AIDS, syphilis, malaria, chicken pox and Lyme disease as well as hereditary diseases like leukemia, lymphoma, and sickle cell anemia impact the eyes. Pregnancy also affects the eyes. Likewise, indications of chronic health conditions such as congestive heart failure, atherosclerosis, and cholesterol issues first appear in the eyes.

Pros and Cons of Retinal Scan:

Advantages

Low occurrence of false positives Extremely low (almost 0%) false negative rates Highly reliable because no two people have the same retinal pattern Speedy results: Identity of the subject is verified very quickly

Disadvantages

Measurement accuracy can be affected by a disease such as cataracts Measurement accuracy can also be affected by severe astigmatism Scanning procedure is perceived by some as invasive Not very user friendly Subject being scanned must be close to the camera optics High equipment costs

IBM security specialist Cindy Dalton tests a retina-scanning system in Washington, D.C., that will help companies safeguard their complexes and employees. (Bob Goldberg, Associated Press)

4) Iris recognition:
Per Iris recognition is a method of biometric authentication that uses pattern recognition techniques based on high-resolution images of the irides of an individual's eyes.

Not to be confused with another less prevalent ocular-based technology, retina scanning, and iris recognition uses camera technology, with subtle infrared illumination reducing specular reflection from the convex cornea, to create images of the detail-rich, intricate structures of the iris. Converted into digital templates, these images provide mathematical representations of the iris that yield unambiguous positive identification of an individual. Iris recognition efficacy is rarely impeded by glasses or contact lenses. Iris technology has the smallest outlier (those who cannot use/enroll) group of all biometric technologies. The only biometric authentication technology designed for use in a one-to many search environment, a key advantage of iris recognition is its stability, or template longevity as, barring trauma, a single enrollment can last a lifetime.

Iris scanners use pattern recognition techniques based on images of the irides of an individual's eyes.

An Iris Scan model 2100 iris scanner

A U.S. Marine Corps Sergeant uses an iris scanner to positively identify a member of the Baghdadi city council prior to a meeting with local tribal figureheads, sheiks, community leaders and U.S. service members.

5) SIGNATURE VERIFICATION:
Signature verification is the process used to recognize an individuals hand-written signature. Dynamic signature verification technology uses the behavioral biometrics of a hand written signature to confirm the identity of a computer user. This is done by analyzing the shape, speed, stroke, pen pressure and timing information during the act of signing. Natural and intuitive, the technology is easy to explain and trust. As a replacement for a password or a PIN number, dynamic signature verification is a biometric technology that is used to positively identify a person from their handwritten signature. There is an important distinction between simple signature comparisons and dynamic signature verification. Both can be computerized, but a simple comparison only takes into account what the signature looks like. Dynamic signature verification takes into account how the signature was made. With dynamic signature verification it is not the shape or look of the signature that is meaningful; it is the changes in speed, pressure and timing that occur during the act of signing. Only the original signer can recreate the changes in timing and X, Y, and Z (pressure).

Tablet PC signature verification

6) PALM VEIN BIO METRICS SYSTEM:

The pattern of blood veins is unique to every individual, even among identical twins. Palms have a broad and complicated vascular pattern and thus contain a wealth of differentiating features for personal identification. Furthermore, it will not vary during the person's lifetime. It is a very secure method of authentication because this blood vein pattern lies under the skin. This makes it almost impossible for others to read or copy.
Palm vein biometric systems

Principles

of

palm

vein

biometrics

An individual's vein pattern image is captured by radiating his/her hand with nearinfrared rays. The reflection method illuminates the palm using an infrared ray and captures the light given off by the region after diffusion through the palm. The deoxidized hemoglobin in the in the vein vessels absorbs the infrared ray, thereby reducing the reflection rate and causing the veins to appear as a black pattern. This vein pattern is then verified against a preregistered pattern to authenticate the individual. As veins are internal in the body and have a wealth of differentiating features, attempts to forge an identity are extremely difficult, thereby enabling a high level of security. In

addition, the sensor of the palm vein device can only recognize the pattern if the deoxidized hemoglobin is actively flowing within the individual's veins. This system is not dangerous; a near infrared is a component of sunlight: there is no more exposure when scanning the hand than by walking outside in the sun.

FUJITSU PALM VEIN MOUSE 1

Benefits of palm vein biometric systems:

Difficult to forge Contactless, hygienic and non-invasive Highly accurate Capable of 1:1 and 1:many matching

7) DNA BIOMETRICS:
Humans have 23 pairs of chromosomes containing their DNA blueprint. One member of each chromosomal pair comes from their mother; the other comes from their father. Every cell in a human body contains a copy of this DNA. The large majority of DNA does not differ from person to person, but 0.10 percent of a person's entire genome would be unique to each individual. This represents 3 million base pairs of DNA. Genes make up 5 percent of the human genome. The other 95 percent are non-coding sequences, (which used to be called junk DNA). In non-coding regions there are identical repeat sequences of DNA, which can be repeated anywhere from one to 30 times in a row. These regions are called variable number tandem repeats (VNTRs). The number of tandem repeats at specific places (called loci) on chromosomes varies between individuals. For any given VNTR loci in an individual's DNA, there will be a certain number of repeats. The higher numbers of loci are analyzed, the smaller the probability to find two unrelated individuals with the same DNA profile.

DNA profiling determines the number of VNTR repeats at a number of distinctive loci, and uses it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.

DNA BIOMETRICS

NEC portable DNA TESTER

Weaknesses of DNA biometric systems:

DNA matching is not done in real- time

Intrusive: a physical sample must be taken, while other biometric systems only use an Image or a recording

Civil liberty issues and public perception

DNA Biometric Software DNA as a Biometric Identifier

ERRORS IN BIOMETRICS
Biometric systems are susceptible to the following kinds of errors:

False Rejection Rate (FRR) or Type I Error False Acceptance Rate (FAR) or Type II Error

Performance measurement

Measurement

Shorthand Description acronym

false accept rate or FAR false match rate FMR

The probability that the system incorrectly declares a successful match between the input pattern and a or non-matching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by disallowed people.

false reject rate or FRR false non-match rate FNMR

The probability that the system incorrectly declares or failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.

receiver operating characteristic or ROC relative operating characteristic

In general, the matching algorithm performs a decision using some parameters (e.g. a threshold). In biometric systems the FAR and FRR can typically be traded off against each other by changing those parameters. The ROC plot is obtained by graphing the values of FAR and FRR, changing the variables implicitly. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors).

equal error rate or EER crossover error rate CER

The rates at which both accept and reject errors are equal. ROC or DET plotting is used because how FAR and FRR can be changed, is shown clearly. or When quick comparison of two systems is required, the ERR is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.

The percentage of data input is considered invalid and fails to input into the system. Failure to enroll failure to enroll rate FTE or FER happens when the data obtained by the sensor are considered invalid or of poor quality.

failure rate

to

capture

FTC

Within automatic systems, the probability that the system fails to detect a biometric characteristic when presented correctly.

template capacity

The maximum number of sets of data which can be input into the system.

As the sensitivity of biometric devices increases, it decreases the FAR but increases the FRR.

BIOMETRIC OBSTACLES
Different sensors (hardware producers), generating different biometrics outcomes, different outcomes cannot be encrypted compared (they will never match). It is very difficult to create standard on identical encryption paths. Biometrics standard can be obtained only if the common information is unconcealed. Currently each biometric scanner's vendor is responsible for generating his own encryption method. In order to unify the biometrics collection method(s) the Standardization procedure must force Biometrics exposure, however, exposed biometrics information present a serious threat to privacy rights.

MARKETING BIOMETRIC PRODUCTS

Despite confirmed cases of defeating commercially available biometric scanners, many companies marketing biometric products (especially consumer-level products such as readers built into keyboards) claim the products as replacements, rather than supplements, for passwords. Furthermore, regulations regarding advertising and manufacturing of biometric products are (as of 2006) largely non-existent. Consumers and other end users must rely on published test data and other research that demonstrate which products meet certain performance standards and which are likely to work best under operational conditions. Given the ease with which other security measures such passwords and access tokens may be compromised, and the relative resistance of biometrics to being defeated

SOCIOLOGOCAL CONCERNS
As technology advances, and time goes on, more private companies and public utilities may use biometrics for safe, accurate identification. These advances are likely to raise concerns such as:

Physical: Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.

Personal Information: There are concerns whether our personal information taken through biometric methods can be misused, e.g. by the government to determine unwanted traits in humans for global population control. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.

DANGER TO OWNERS OF SECURED ITEMS

When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. For example, in 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.

CANCELABLE BIOMETRICS
Physical features, such as face, fingerprint, iris, retina, hand, or behavioral features, such as signature, voice, gait, must fulfill a certain criteria to qualify for use in recognition. They must be unique, universal, acceptable, collectible and convenient to the person, in addition, to reliability at recognition, performance and circumvention. Most importantly, however, permanence is a key feature for biometrics. They must retain all the above features in particular the uniqueness unchanged, or acceptably changed, over the lifetime of the individual. On the other hand, this fundamental feature has brought biometrics to challenge a new risk. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity.

===============================================================