BIOMETRICS

ABSTRACT:

A wide variety of systems require reliable personal recognition schemes to either

confirm or determine the identity of an individual requesting their services. The purpose
of such schemes is to ensure that the rendered services are accessed only by a legitimate
user, and not anyone else. Examples of such applications include secure access to
buildings, computer systems, laptops, cellular phones and ATMs. In the absence of
robust personal recognition schemes, these systems are vulnerable to the wiles of an
impostor. Biometric recognition, or simply biometrics, refers to the automatic
recognition of individuals based on their physiological and/or behavioral characteristics.
By using biometrics it is possible to confirm or establish an individual’s identity based
on “who she is”, rather than by “what she possesses” (e.g., an ID card) or “what she
remembers” (e.g., a password).
In this paper, we give a brief overview of the field of biometrics and summarize some of
its types, applications, limitations .This paper also throws light on one of the efficient
types of biometrics “THE IRIS RECOGNITION” as a case study. It helps us to
understand what it means and how do we do.

INTRODUCTION:

Biometrics is used to identify people based on their biological traits. This growing
technological field has deep implications because proving identity is becoming an
integral part of our daily lives. Humans have used body characteristics such as face,
voice, gait, etc. for thousands of years to recognize each other. Although biometrics
emerged from its extensive use in law enforcement to identify criminals (e.g., illegal
aliens, security clearance for employees for sensitive jobs, fatherhood determination,
forensics, positive identification of convicts and prisoners), it is being increasingly used
today to establish person recognition in a large number of civilian applications.
Any human physiological and/or behavioral characteristic can be used as a biometric
characteristic as long as it satisfies the following requirements:
· Universality describes how common a biometric is found in each individual.
· Uniqueness is how well the biometric separates one individual from another.
· Permanence measures how well a biometric resists aging.
· Collectability explains how easy it is to acquire a biometric for measurement.
· Performance indicates the accuracy, speed, and robustness of the system capturing the
biometric.
· Acceptability indicates the degree of approval of a technology by the public in everyday
life.
· Circumvention is how easy it is to fool the authentication system.

A practical biometric system should meet the specified recognition accuracy, speed, and
resource requirements, be harmless to the users, be accepted by the intended
population, and be sufficiently robust to various fraudulent methods and attacks to the
system.

Biometric Systems:

A biometric system is essentially a pattern recognition system that operates by acquiring

biometric data from an individual, extracting a feature set from the acquired data, and
comparing this feature set against the template set in the database. Depending on the
application context, a biometric system may operate either in verification mode or
identification mode:
· In the verification mode, the system validates a person’s identity by comparing the
captured biometric data with her own biometric template(s) stored in system database.
In such a system, an individual who desires to be recognized claims an identity, usually
via a PIN (Personal Identification Number), a user name, a smart card, etc., and the
system conducts a one-to one comparison to determine whether the claim is true or not
(e.g., “Does this biometric data belong to Bob?”). Identity verification is typically used
for positive recognition, where the aim is to prevent multiple people from using the
same identity.
· In the identification mode, the system recognizes an individual by searching the
templates of all the users in the database for a match. Therefore, the system conducts a
one-to-many comparison to establish an individual’s identity (or fails if the subject is
not enrolled in the system database) without the subject having to claim an identity
(e.g., “Whose biometric data is this?”). Identification is a critical component in negative
recognition applications where the system establishes whether the person is who she
(implicitly or explicitly) denies to be. The purpose of negative recognition is to prevent a
single person from using multiple identities. Identification may also be used in positive
recognition for convenience (the user is not required to claim an identity). While
traditional methods of personal recognition such as passwords, PINs, keys, and tokens
may work for positive recognition, negative recognition can only be established through
biometrics.

Designing:

A biometric system is designed using the following four main modules

1. Sensor module, which captures the biometric data of an individual. An example is a
fingerprint sensor that images the ridge and valley structure of a user’s finger.

2. Feature extraction module, in which the acquired biometric data is processed to

extract a set of salient or discriminatory features. For example, the position and
orientation of minutiae points (local ridge and valley singularities) in a fingerprint
image are extracted in the feature extraction module of a fingerprint-based biometric
system.

3. Matcher module, in which the features during recognition are compared against the
stored templates to generate matching scores. For example, in the matching module of a
fingerprint-based biometric system, the number of matching minutiae between the
input and the template fingerprint images is determined and a matching score is
reported. The matcher module also encapsulates a decision making module, in which a
user's claimed identity is confirmed (verification) or a user’s identity is established
(identification) based on the matching score.

4. System database module, which is used by the biometric system to store the biometric
templates of the enrolled users. The enrollment module is responsible for enrolling
individuals into the biometric system database. During the enrollment phase, the
biometric characteristic of an individual is first scanned by a biometric reader to
produce a digital representation (feature values) of the characteristic. The data capture
during the enrollment process may or may not be supervised by a human depending on
the application. A quality check is generally performed to ensure that the acquired
sample can be reliably processed by successive stages. In order to facilitate matching,
the input digital representation is further processed by a feature extractor to generate a
compact but expressive representation, called a template. Depending on the application,
the template may be stored in the central database of the biometric system or be
recorded on a smart card issued to the individual. Usually, multiple templates of an
individual are stored to account for variations observed in the biometric trait and the
templates in the database may be updated over time.

Types of Biometrics:

Fingerprint Recognition - Visual Biometric The use of the ridges and valleys (minutiae)
found on the surface tips of a human finger to identify an individual.

Finger Geometry Recognition - Visual/Spatial Biometric The use of 3D geometry of the

finger to determine identity.

Face Recognition - Visual Biometric The analysis of facial features or patterns for the
authentication or recognition of an individuals identity. Most face recognition systems
either use eigen faces or local feature analysis.

Eyes - Iris Recognition - Visual Biometric The use of the features found in the iris to
identify an individual.

Eyes - Retina Recognition - Visual Biometric The use of patterns of veins in the back of
the eye to accomplish recognition

Voice - Speaker Verification - Auditory Biometric The use of the voice as a method of
determining the identity of a speaker for access control.
Voice - Speaker Recognition - Auditory Biometric The determination of identity of a
speaker use the characteristics of their voice.

Hand Geometry Recognition - Visual/Spatial Biometric The use of the geometric

features of the hand such as the lengths of fingers and the width of the hand to identify
an individual.

Signature Recognition - Visual/Behavioural Biometric The authentication of an

individual by the analysis of handwriting style, in particular the signature.

Typing Recognition - Behavioural Biometric The use of the unique characteristics of a

persons typing for establishing identity.

DNA Matching - Chemical Biometric The identification of an individual using the

analysis of segments from DNA.

Ear - Visual Biometric The identification of an individual using the shape of the ear.

Odour - Olfactory Biometric The use of an individual’s odour to determine identity.

Gait – Behavioural Biometric The use of an individuals walking style or gait to

determine identity.

Applications :

There are many applications of Biometrics. Some of them are still under the area of
testing and are optional for the end users. The accuracy and effectiveness of these
systems need to be verified in the real time operation environment. Different areas
where biometrics is employed are

Aviation Security:
Biometrics has been successfully deployed at some of the world’s largest airports. The
result has been a dramatic increase in both security and productivity. The identities of
personnel with access to aircraft, baggage areas, maintenance and service areas, ticket
counters, and boarding areas are increasingly authenticated by biometrics. In addition,
the Registered Traveler Program now being tested by the U.S. Department of Homeland
Security is using biometrics to authenticate passengers, thus enabling them to speed
their transit through security checkpoints

Border Control: Authenticating the identity of travelers who want to cross international
borders is a vital means of strengthening security in the age of terror. In coming years, a
majority of nations worldwide will require their own citizens and foreign visitors to
present biometrically-enabled border-crossing documents, meaning passports or visas
or both, upon entry and exit. In the U.S., the US-VISIT program began capturing the
biometrics of foreign visitors in early 2005. US-VISIT has succeeded in identifying and
deterring potential terrorists and led to the capture of criminals sought by law
enforcement agencies.

Gaming: The gaming industry has a particular interest in establishing and ensuring
identities by the use of biometrics. In casino cash rooms and other operations centers,
only individuals whose identities have been examined and verified can be admitted.
With millions of dollars potentially at stake, impersonators are not welcome. On casino
floors, cheaters who may be caught once and tossed out can be identified biometrically
and their records circulated to other casinos, thus discouraging them from trying to
defraud one casino after another.

Health Care: Biometrics can be a matter of life and death in health care. Biometrics can
establish personal identity from the moment patients enter the care of a physician or
medical facility, and that identity can be transmitted accurately and securely throughout
the health care system. Biometrics are used to ensure that only authorized medical
personnel can access sensitive hospital facilities, such as nurseries and operating rooms,
to see to it that prescribed medications are delivered to the proper patients, and to
safeguard the privacy of patients’ medical records by assuring that only authorized
personnel can view them.
Immigration: Just as biometrics are being deployed to authenticate the identity of
temporary visitors to the U.S. and other countries, biometrics are also being used to
verify the identity of immigrants. Biometrics are being collected as part of the routine
background investigation of applicants for immigration and asylum in order to insure
that individuals are who they claim to be.

IT Security: Biometrics play a key role in ensuring that IT devices, from computers to
cell phones, respond only to authorized users. Biometrically-enabled devices can verify
and authorize one or more users without the need for easily stolen or forgotten
passwords. Institutions that employ from five to 50 thousand employees, whether
working on site or at remote locations, can secure their IT networks through a variety of
biometric technologies.
Personal Identity: Entering facilities and conducting transactions of all sorts, from
attending a professional football game to cashing a check, increasingly depend on
establishing identity quickly and accurately. Biometrics increasingly help guarantee
personal identity, through enrolled user programs, biometrically-enabled documents
and smart cards, personal-authentication devices, cell phones and other digital
equipment, and scanners placed at fixed points of service.

Physical Access: A common use of biometrics is to control physical access to sensitive

buildings and sites. Many different biometric technologies are used alone or in
combination to ensure that only authorized persons gain entry to secured facilities.
Unlike passwords that can be stolen or forgotten, or photo IDs that can be forged,
biometrics are reliable and virtually foolproof.

Police & Public Safety: Most people don't realize that biometrics have been an important
police and security tool for over 150 years. The fingerprint was recognized early as a
unique biometric, and has been central to criminal identification and identity
verification. In the past, however, fingerprints had to be captured with ink on paper in
central booking stations, sent by mail, courier or fax to repositories to be analyzed by
experts, a process that takes hours or days. Now fingerprints have been joined by other
biometrics, and new technologies allow biometrics to be captured in the field, for
example by police on the beat. These data may be transmitted and compared instantly to
vast databases, allowing the cop on the beat to identify an deadbeat dad, escaped felon,
or international terrorist.

Voter Registration: Establishing the identity of registered voters is vital to help deter
voter fraud and thus increase confidence that elections can’t be stolen. Biometrics can
play a key role in authenticating the identity of voters at the registration booth, at
polling places, and not least in online voting, where no good means of authenticating
identity exists apart from biometrics.

Transportation: Few sectors of the economy are as complex as transportation. Trucking,

rail travel, aviation, and shipping have begun to use biometrics to make sure that
transport employees of all kinds – especially key personnel like drivers, engineers,
pilots, and ships’ officers and seamen – are who they claim to be, and that they are
authorized to access the transport system. Truck drivers who pick up containers at
seaports, for example, are being biometrically screened to authenticate their identities
and make sure they pick up the right shipments. Biometrics are also being used to verify
that operators of heavy transportation equipment are not exceeding time limits on
working hours. Digital manifests are being linked with biometrically-identified drivers
to prevent theft and tampering. In the future, biometrics and radio frequency
identification (RFID) systems will be used together to identify, tag, and track shipments
and people throughout integrated transportation networks.

Limitations of (Unimodal) Biometric Systems

The successful installation of biometric systems in various civilian applications does not
imply that biometrics is a fully solved problem. Table 1 presents the state-of-the-art
error rates of three popular biometric traits. It is clear that there is plenty of scope for
improvement in biometrics. Researchers are not only addressing issues related to
reducing error rates, but they are also looking at ways to enhance the usability of
biometric systems. Biometric systems that operate using any single biometric
characteristic have the following limitations:

1. Noise in sensed data: The sensed data might be noisy or distorted. A fingerprint with a
scar, or a voice altered by cold are examples of noisy data. Noisy data could also be the
result of defective or improperly maintained sensors (e.g., accumulation of dirt on a
fingerprint sensor) or unfavorable ambient conditions (e.g., poor illumination of a user's
face in a face recognition system). Noisy biometric data may be incorrectly matched with
templates in the database (see Figure 1) resulting in a user being incorrectly rejected.

Table: State-of-the-art error rates associated with fingerprint, face, and voice biometric
systems.

2. Intra-class variations: The biometric data acquired from an individual during

authentication may be very different from the data that was used to generate the
template during enrollment, thereby affecting the matching process. This variation is
typically caused by a user who is incorrectly interacting with the sensor (see Figure 2),
or when sensor characteristics are modified (e.g., by changing sensors - the sensor
interoperability problem) during the verification phase. As another example, the varying
psychological makeup of an individual might result in vastly different behavioral traits
at various time instances.

Figure 2. Intra-class variation associated with an individual's face image. Due to change
in pose, an appearance-based face recognition system will not be able to match these 3
images successfully, even though they belong to the same individual.

3. Distinctiveness: While a biometric trait is expected to vary significantly across

individuals, there may be large inter-class similarities in the feature sets used to
represent these traits. This limitation restricts the discriminability provided by the
biometric trait thus, every biometric trait has some theoretical upper bound in
terms of its discrimination capability.

4. Spoof attacks: An impostor may attempt to spoof the biometric trait of a legitimate
enrolled user in order to circumvent the system. This type of attack is especially relevant
when behavioral traits such as signature and voice are used. However, physical traits are
also susceptible to spoof attacks. For example, it has been demonstrated that it is
possible (although difficult and cumbersome and requires the help of a legitimate user)
to construct artificial fingers/fingerprints in a reasonable amount of time to circumvent
a fingerprint verification system.

5. Non-universality: While every user is expected to possess the biometric trait being
acquired, in reality it is possible for a subset of the users to not possess a particular
biometric. A fingerprint biometric system, for example, may be unable to extract
features from the fingerprints of certain individuals, due to the poor quality of the ridges
(see Figure 3). Thus, there is a failure to enroll (FTE) rate associated with using a single
biometric trait. It has been empirically estimated that as much as 4% of the population
may have poor quality fingerprint ridges that are difficult to image with the currently
available fingerprint sensors and result in FTE errors.

Figure 3. An example of “failure to enroll” for fingerprints (with respect to a given

fingerprint recognition system): four different impressions of a subject's finger
exhibiting poor quality ridges due to extreme finger dryness. A given fingerprint system
(using a certain sensor and matching algorithm) might not be able to enroll this subject
since
minutiae and ridge information cannot be reliably extracted.
A practical biometric system should meet the specified recognition accuracy, speed, and
resource requirements, be harmless to the users, be accepted by the intended
population, and be sufficiently robust to various fraudulent methods and attacks to the
system.