Biometrics Technology Review 2008

Rebecca Heyer
Land Operations Division Defence Science and Technology Organisation DSTO-GD-0538 ABSTRACT
Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. In recent years automated biometric systems, such as facial, fingerprint and iris recognition systems, have been developed to facilitate a range of functions. These functions can be broadly categorised as verification or identification, and include, for instance, physical and logical access control, management of major plant and machinery, weapons control, identity management, surveillance operations, and personnel management. This paper is an updated version of the Biometrics Technology Review 2002 published in 2003 by Blackburn et al. It provides an overview of the basic elements of biometrics; a detailed examination of current and future biometric technologies; discusses the many different applications of biometrics; and highlights the issues associated with using such technology.

RELEASE LIMITATION Approved for public release

Published by Land Operations Division DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh South Australia 5111 Australia Telephone: (08) 8259 5555 Fax: (08) 8259 6567 © Commonwealth of Australia 2008 AR 014-200 Submitted: August 2007 Published: May 2008

APPROVED FOR PUBLIC RELEASE

Biometrics Technology Review 2008

Executive Summary
Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. The history of biometrics, like most other technologies, has followed a familiar route beginning with an initial build-up of excessive optimism followed by a trough of scepticism as the limitations of the technologies became apparent. Realistic expectations, combined with a plethora of research and development, are now seeing many biometric systems, such as facial, fingerprint, iris and hand geometry, reach the levels of success originally touted. With annual global biometrics revenues projected to grow from $2.1 billion in 2006 to $5.7 billion in 2010 and inspection of patent databases uncovering a range of new and exciting applications, biometrics truly appear to be living up to the tag applied to it by the MIT Technology Review in 2001 as one of the ‘top ten emerging technologies that will change the world’. In recent years automated biometric systems have been developed to facilitate a range of functions broadly categorised as verification or identification functions. Such automated systems offer advantages over current strategies including the elimination of fatigue effects associated with human performance and adding the possibility of measuring features (e.g. iris pattern) that cannot be readily sensed by humans. Biometrics have been successfully applied across a range of procedures and processes to enhance security including physical and logical access control, management of major plant and machinery, weapons control, identity management, and personnel management. Automated biometric systems need to be seen as an adjunct to existing systems, adding to techniques already used, and organisations contemplating the adoption of biometric technology need to understand that there are a range of issues that should be addressed. Privacy and security concerns, the vulnerability of biometric systems to attack, the importance of usability and user acceptance, training and education and a range of integration and support requirements all need to be addressed. This paper is an updated version of the Biometrics Technology Review 2002 paper published in 2003 by Blackburn et al * . After an introduction, and in line with its predecessor, the paper provides an overview of the basic elements of biometrics (Section 2); a detailed examination of current and future biometric technologies (Section 3); discusses the many different applications of biometrics (Section 4); and highlights the current issues associated with using such technology (Section 5).

* Blackburn T, Butavicius M, Graves I, Hemming D, Ivancevic V, Johnson R, Kaine R, McLindin B, Meaney K, Smith B and Sunde J 2003, Biometrics technology review 2002, DSTO-GD-0359

........................................................................................................................ 18 3..................................................................................................................................................................................12 Fingernail bed................................................. 14 3................24........19 Footprints ..........................................................3 Biometrics and smart cards............... 34 4............1 Physical access control ................................................................................... 23 3............................. 6 3......... 4 2.................................................................................................................................................4 Identity management ....................................... counter-insurgency or stand-off recognition operations38 ...5 Hand Geometry................................................. 22 3....................................7 Communications (verification of electronic identification) .......................................................................23 Parameters to guide the selection of biometrics ...............21 Tongue .......................................................................................6 Management of major plant ........................... 28 3............................................... 29 3.................................................. BIOMETRICS BASICS................................................ 16 3............................ 20 3..... 6 2.......................8 Counter-terrorism....................................... 34 4... 23 3.................................................................17 Work pattern analysis ................................................................................................................... 33 4...................................Contents 1....................... 2 2.............................................. 10 3..10 Ear .........4 Biometric applications ... 2 2......................................................................1 Verification ............................................................................................................................................ 30 3............................................................................ 21 3.......................................................................................................................................................................................................................................................................................................................................................................6 Signature..............................4............................................................................................................ 33 4...............3 Iris ..........7 Retina ....24............................ 38 4.............................................................................................................................20 Dynamic grip recognition .................................................................16 Gait ................................. 37 4........................ 3 2........5 Weapons or other sensitive technologies control ................3 Personnel management.................................................................22 Comparison of technologies ........................11 Veins.............................. 1 2.........2 Identification ..............................................................1 Fingerprint ........... 24 3..............4 Speaker Recognition ....................................... 15 3.........................................................1 Multimodal biometrics .......................................................... 26 3...... 7 3............................ 18 3..........................9 Odour .18 Lips ................................................................ 17 3.............................. 13 3................................. 19 3............ 19 3........................................................... 33 4........... 5 2....8 Deoxyribonucleic acid .....................................2 Logical access control and protection of IT systems ...................... 35 4..................... 19 3................................................................................................................................................ BIOMETRIC TECHNOLOGIES AND APPLICATIONS.................... 23 3................................................................15 Thermogram.. INTRODUCTION ...2 Pattern recognition .................3 Error rates .............. BIOMETRIC APPLICATIONS ....... 37 4.............24 Current directions ........................... 20 3....................................................................................25 Future directions ............................................................................................................................................................................13 Skin.4.......24.......................................................................... 22 3..2 Face ........................14 Physiometrics.................. 6 3............ 28 3................................ 22 3.........1 Components of a biometric system ..............................................................................................................................................................2 Form Factors..........................

....................................1 Addressing biometric vulnerabilities .................................................................................. 53 ................................. 52 7........................... 47 5.............1 Security concerns ......... 46 5................7 Interoperability issues .....................................3 Health concerns .............................................. 51 6............1.............................................................................5 Integration and support requirements......................................4....................................................................................biometric vulnerabilities.................. 49 5............................. 44 5........................................................... 50 5..................................................................................................9 Forensic identification .......................................................................... 51 5....... 42 5.........1 Education and training ................. 40 5..........5............................................. 39 5.............................................................................................................. ISSUES ......... REFERENCES........................................................................................6 Evaluation requirements ....................2 Usability and user acceptance .......... 40 5.............. CONCLUSION ................................4 Privacy issues......

......................................................................... 19 Figure 24: Fingernail bed scanner ........................................................... 15 Figure 15: Hand geometry sensor for access control.... 30 Figure 34: Sensor-on-card system ............................ 19 Figure 23: Vein scanner ...................... 17 Figure 18: Scanning area of the retina ........................................................................................................................................................................ 10 Figure 9: Face measurements................................................................... 10 Figure 10: 3D face images.............................................................................................................................................................................................................................................................................. 24 Figure 32: Biometric/fingerprint mouse......... 2007).............................. 23 Figure 31: Different shapes and surface textures of the tongue ....................................................................................... 16 Figure 16: Signature verification ......................................................... 32 Figure 37: Qantas aircrew member using a Smart Gate terminal ................................................................................................................................................................................................................................................................. 22 Figure 29: Lips as a biometric ............................................................................................................................................................................................................... 13 Figure 13: Desktop iris scanning .......................................................... 39 Figure 40: Biometric threat vectors (reproduced from Roberts........................................................... 35 Figure 38: Fingerprint scanner at a sporting arena in Amsterdam .................................................. 42 .............................................................................. 20 Figure 26: Identification by analysis of physiometric variation . 21 Figure 27: Facial thermogram...... 30 Figure 33: Biometric/fingerprint mobile phone ...................Figures Figure 1: The technical components of a generic biometric system............................... 21 Figure 28: Gait as a biometric ................... 14 Figure 14: Speaker recognition headset and microphone ......................................... 8 Figure 4: Optical fingerprint sensor....................................................... FNMR (reproduced from Mansfield et al......... 31 Figure 36: Template-on-card system ................... 3 Figure 2: Detection error trade-off: FMR vs...................................................................... 9 Figure 6: Ultrasound fingerprint sensor .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 18 Figure 22: Ear biometric .... 16 Figure 17: The eye..................... 13 Figure 12: Collage of irises .................................... 2001) ........................................................................................... 5 Figure 3: Minutiae . 31 Figure 35: Match-on-card system.................... 17 Figure 19: Retina scan of Iraqi Army recruit ...................................................... 9 Figure 7: Thermal fingerprint sensor.................................................................................................... 8 Figure 5: Capacitance fingerprint sensor and output ...................... 18 Figure 21: Schematic diagram of an electronic nose........ 22 Figure 30: Dynamic grip recognition sensors on a handgun ..................................................................................................... 18 Figure 20: A DNA molecule................... 11 Figure 11: Decreasing error rates for face recognition technology 1993-2006 .............................................................................................................. 20 Figure 25: Brainwaves depicted in an electrocephalogram trace ............................. 36 Figure 39: Face recognition at a distance (50-300m) ..................................................................... 9 Figure 8: 3D fingerprint image ..........................................................

7 Table 2: Benefits and disadvantages of fingerprint........ speaker/voice and hand biometrics (reproduced from www................................ 2004) ............... 2000)26 Table 5: Parameters to guide selection of face................................................ 45 Table 7: BioPrivacy Application Impact Framework .................................... 27 Table 6: Factors that impact on biometric system usability and performance ..................................................Tables Table 1: Classification of biometrics (adapted from Bolle et al............................. face... fingerprint and iris biometrics in the Defence environment.......................com) ..............dell... 25 Table 3: Comparison of Biometric Technologies ...................................... 25 Table 4: Parameters to guide selection of biometrics (from Sanderson & Erbetta.......................................... iris................ 48 ...

Glossary ADF AGIMO ATM BAT BISA CAC CCD CCTV CESG DBIDS DET DGR DNA DoD DSBTF EEG FBI FMR FNMR FP FRVT FTA FTE FVC HUMINT IBG ICAO ICE INPASS IT MIT MoD NIST PIV ROC TWIC UK UKBWG US Australian Defence Force Australian Government Information Management Office Automatic Teller Machine Biometric Automated Toolset Biometric Identification System for Access (US) Common Access Card (US) Charge Coupled Device Closed Circuit Television Communications-Electronics Security Group (UK) Defense Biometric Identification System (US) Detection Error Tradeoff (curve) Dynamic Grip Recognition Deoxyribonucleic Acid Department of Defense (US) Defense Science Board Task Force (US) Electrocephalogram Federal Bureau of Investigation False Match Rate False Non Match Rate Fingerprint Face Recognition Vendor Test Failure to Acquire Failure to Enrol Fingerprint Verification Competition Human Intelligence International Biometric Group International Civil Aviation Organization Iris Challenge Evaluation Immigration and Naturalization Service Passenger Accelerated Service System (US) Information Technology Massachusetts Institute of Technology Ministry of Defence National Institute of Standards and Technology (US) Personal Identity Verification (US) Receiver Operator Characteristic (curve) Transport Workers Identity Credential (US) United Kingdom United Kingdom Biometrics Working Group United States .

g. 83 different systems were reported including those based on fingerprints (accounting for 65%). hand geometry (12%). like most other technologies. access control. and thus increase levels of accuracy and security. Despite some successful applications. Error rates still remain relatively high for some methods. Biometrics can be applied to two types of problems: verification (i. History suggests that potters from Asia and the Middle East used their fingerprints to sign their work as long ago as 1500 BC (Down & Sands. more and more research and development is being devoted to multimodal biometric systems. are now seeing many biometric systems reach the levels of success originally touted (Simpson. multimodal systems (16%) and other. combined with a plethora of research and development. biometric systems do have some limitations. including the elimination of fatigue effects associated with human performance and adding the possibility of measuring features (e. is a much newer concept. Many technologies are suitable for access control type applications.DSTO-GD-0538 1.7 billion in 2010. Biometrics is not a new concept. actions or behavioural characteristics that distinguish between individuals. such as deoxyribonucleic acid (DNA) (1%). comprising both the technology and a range of social subsystems (such as the users and the environment/s in which the technology operates).com/). In these cases it is the measuring process itself that produces uncertainties (such as the smearing of a fingerprint). Realistic expectations. iris pattern) that cannot be readily sensed by humans. 2006). 2007). iris (6%). IBG expect that the United States and Asia will be the largest global markets for biometrics products and services in the coming decade (http://www. even in the areas where biometric measures are thought to be unique to the person (i. Introduction Biometrics is the measurement of personal physical features. ethical and acceptance issues 1 . Biometric systems are socio-technical systems.biometricgroup. In addition to the development of individual biometric systems.e. however. Biometric systems are also susceptible to attack and there remain a string of social. Technology development in the area. and detainee processing (Kauchak. The history of biometrics.1 billion in 2006 to $5. In early 2005. The biometric systems in use at the time primarily supported the areas of identity background checking. In recent years automated biometric systems have been developed to identify persons and verify identity. In 2001 the MIT Technology Review named biometrics one of the ‘top ten emerging technologies that will change the world’ and in early 2006 the International Biometric Group (IBG) projected that global biometrics annual revenues would grow from $2. those that use more than one biometric or more than one measure of the same biometric. the military components of the US Department of Defense (DoD) were surveyed to ascertain their level of current biometric usage. has followed a familiar route. Automated biometric systems should be seen as an adjunct to existing personal identification systems. adding to techniques already used.e. iris). 2004). access control) and identification. or intended future usage. The systems offer advantages over current recognition strategies. beginning with an initial build up of excessive optimism followed by a trough of scepticism as the limitations of the technologies became apparent. but identification applications typically result in relatively high error rates (often due to the environment) and few technologies are suitable. At that time. fingerprints.

It is only then that action is taken to open a gate. discusses the many different applications of biometrics (Section 4). sound an alert or otherwise respond. A data storage component which stores the biometric data. Biometrics are obtained from those people presenting at the operational biometric system and compressed into template form (once again. there are many factors that need to be considered when contemplating a biometric solution including technical. assigning match scores in the process. depending on the match score and role of the system. As such. Within the signal processing component. and in line with its predecessor. then compares the templates from the presenting subject(s) with enrolled entries to determine if there are matches.1 Components of a biometric system Biometric systems are socio-technical systems comprised of both technical and social subsystems. Biometrics basics 2. This paper is an updated version of the Biometrics Technology Review 2002 paper published in 2003 by Blackburn et al. the paper provides an overview of the basic elements of biometrics (Section 2). the feature extraction function extracts features to represent the signal collected by the sensor. 2. A transmission component which aids the data collection. and highlights the current issues associated with using such technology (Section 5). The social aspects of the system include the users and the environment/s in which the system operates. Within these components several key functions are performed: • • Within the data collection component.DSTO-GD-0538 with their use. This process may be carried out in the operational environment or off-line. After an introduction. within the signal processing component. Biometrics from known people are condensed to form compact templates that are enrolled in a database (within the data storage component) or stored on some other device such as a smart card. a biometric system consists of several components (see Figure 1): • • • • • A data collection component which collects the biometric data. • • 2 . In technical terms. the sensor function acquires the raw biometric data or signal (such as a video. a detailed examination of current and future biometric technologies and applications (Section 3). Within the decision component. data storage and signal processing components in compressing and expanding files required at different stages of the process. The pattern matching function. A signal processing component which processes the biometric data. stored in the data storage component). privacy and human factors issues. photo or fingerprint). A decision component which makes decisions regarding matches between biometric data and whether to accept or reject. a matching function then processes the match scores and determines or verifies the identity of an individual.

1 ISO/IEC 19795-1 (2006) 3 . whereas in a verification application biometrics are usually sampled several times to ensure the best possible chances for matching. the initial phase. but may be hidden from the users. For instance.2 Pattern recognition All biometric processes require the comparison of measured data from a person with known data from a database to determine if there is a match. commonly referred to as a template once it is enrolled into the database.e. a photo or fingerprint scan) as well as the application of the system itself (i. Whichever comparison approach is adopted. such as artificial neural networks.. Enrolment. The result of this process is a data vector. Data is then processed to extract the key features which enable different subjects to be separated from one another by a classifier. enrolment often takes place without the knowledge of the person of interest. each biometric system recognition process is comprised of two phases – enrolment and operational. and the other is based on the use of some form of ‘learning mechanism’ in which the decision-making algorithm still exists. watch list versus verification). The first is based on the step-by-step construction of the decision-making process. known as feature extraction. There are two basic approaches to the comparison problem. Each sample is then checked to ensure that it is of sufficient quality to generate a match. requires the capture of biometric data. in a watch list application. an algorithm.e..DSTO-GD-0538 Figure 1: The technical components of a generic biometric system 1 2. The way the biometric is captured differs according to both the type of biometric being captured (i.

In the operational phase. or identification verified. FNMR plot comparing face. iris 1. There were approximately 200 subjects. Linear or log scales are commonly used on the axes. The iris system used in the study had a pre-determined threshold and the FMR was in fact zero. Most biometric system vendors today claim a FMR of 0. A parametric plot of FMR against FNMR is the most useful representation allowing complete comparison of various biometrics. voice 2-5% (Jain. vein and voice biometrics. 2004). A false negative occurs when a person is not accepted as who he/she claims to be even though he/she is that person.2%. iris and face 0. Most biometric system vendors today claim a FNMR of 0. the FNMR will generally increase and vice versa.0001% to 1%. This is measured as the false match rate (FMR).DSTO-GD-0538 Once a database of subjects is established the system can move into the operational phase. If the decision threshold is raised to reduce the FMR. and the plots are then referred to as receiver operator characteristic (ROC) or detection error tradeoff (DET) curves respectively.1% (Phillips et al. Access can be granted. The independent parameter which varies along the plotted curves is the similarity score. 2. 2007). 2007). is an FMR vs. errors vary between technologies based on the discrimination quality of the biometric data measured.5% and face 1% (Phillips et al. based on a decision threshold in the biometric processor. 2004). When an individual provides biometric samples in an attempt to gain access to a secured area (known as a transaction). reproduced from Mansfield et al (2001). In addition to the error trade-offs. for example see Parks et al (2006) which introduces scaling based on generalised hyperbolic functions. There is generally a trade-off between these two types of error.1%. Figure 2. fingerprint (FP). The FMR in comparative test environments for fingerprint is typically 0. if the degree of match between the transaction and enrolled data are above a given threshold or decision value. which is ultimately driven by the costs associated with the range of error rates that biometric systems produce.3 Error rates Despite the automated nature of biometric systems and possible claims by proponents. This is measured as the false non match rate (FNMR). 4 .001% means that 1 out of every 100. Other axis scaling could be more useful. A false positive occurs when a person is accepted as being the person claimed. an individual’s biometric data is once again captured and compared to the enrolled template. these samples are compared with those in the enrolled template. voice 10-20% (Jain.0001% to 0. the FNMR in comparative test environments for fingerprint is typically 0. on average. all biometric systems produce errors of two general types. mainly comprising volunteers working at the National Physics Laboratory site. Ross & Prabhakar. iris. The report was published in 2001 and since then it is known that some biometrics have made remarkable improvements. However. hand. Ross & Prabhakar.2%. even though that is not the case. A FMR of 0.000 attempts by an impostor to gain access to a system will succeed.

5 . The viability of a biometric system depends on more than just its error rates. In trials it is common practice to obtain multiple biometric samples from each subject. At DSTO the Wilson confidence limits for proportions (see Hogg & Tanis. This complicates the determination of the correct sample size to use when calculating confidence limits.4 Biometric applications Biometric systems have two distinct applications – verification and identification. When planning a trial or evaluating the validity and applicability of trial results it is also important to consider the desired population scope and the sampling method. Operational issues such as acceptability to the user. 2. 2001) Sampling error should be considered when comparing the results from any biometric trial. see DSTO (2007) for examples. In DSTO (2007) upper and lower bounds for sample size are calculated assuming complete independence or complete dependence. respectively. Multiple samples from the same person cannot be expected to be distributed in the same way as biometric samples from multiple persons. user skill requirements and niche requirements all must be considered.DSTO-GD-0538 Figure 2: Detection error trade-off: FMR vs. 2000) are routinely calculated for FMR and FNMR values. In biometrics this is particularly important because biometrics can vary considerably across demographic groups. of samples from the same person. In particular. FNMR (reproduced from Mansfield et al. A recent development in the presentation of results is the inclusion of these confidence limits on FMR versus FNMR plots. consideration should be given to how well the sample frame represents the population of interest.

or still in the research realm (i. 6 . as some potential persons of interest may not be in the database and current systems present a number of possible matches for the human operator to then consider.DSTO-GD-0538 2. 5). p.e. In addition.. Identification applications are very taxing for a biometric system since it must generate low FMR (to keep false alarms low) while still maintaining low FNMR (to ensure that persons of interest are identified). Biometric technologies and applications There are many biometric technologies in use today and a range of biometrics that are still in the early stages of development. 2004) summarises a range of biometrics and classifies them according to whether they are physiologically or behaviourally based.1 Verification In verification applications ‘the user makes a positive claim to an identity. Ratha & Senior. if so. Related to the identification is watch list. 2. It involves two distinct steps. an identification system must generally compare each incoming biometric sample with all enrolled entries rather than with individual enrolled entries. 1 or more identifiers is returned’ (ISO/IEC 19795-1.4. Table 1 (adapted from Bolle.2 Identification In identification applications. Biometrics are either based on a physiological characteristic of the person or a behavioural characteristic. features derived from the submitted sample biometric measure are compared to the enrolled template for the claimed identity. An example would be to verify that a pass holder is the authorised user. p. currently in use across a range of environments). 2006. Biometric systems of this type conduct one-to-one (1:1) comparisons to determine whether the identity claimed by the individual is true. 3. correctly identify them. This type of system is more sophisticated as it conducts one-to-many (1:N) comparisons to establish the identity of the individual. still in limited use or under development. Identification tasks assume that a person is in the database. An example would be a system at a border crossing to search for drug couriers of known appearance. and a candidate list of 0. and whether they are common (i. Watch list screening is the most demanding of all applications. Connell. The system must first detect if a person is on the watch list and. Pankanti.4. This is much more difficult than an identification or verification task. 2006. which tends to increase the number of errors when compared to a verification application. haven’t yet been applied in any environment outside of research). and an accept or reject decision regarding the identity claim is returned’ (ISO/IEC 19795-1..e. 5). ‘a search of the enrolled database is performed.

enable the systems to be deployed in a range of logical and physical access environments.1 Fingerprint Fingerprint recognition is currently the leading biometric technology. 2004) Biometrics Fingerprint Facial Hand Geometry Iris Speaker Signature DNA Ear Odour Retina Veins Dynamic grip* Skin Gait Lips* Work pattern Fingernail bed Thermogram Physiometrics Footprint* Tongue *Lip. dynamic grip and footprint biometrics are so diverse that they fit into both the physiological and behavioural categories Physiological Behavioural Common Limited Research While the following review focuses on the six most popular biometrics in the market today – fingerprint.com/).493 billion in 2008 (http://www. comprising around 32% of the total market.DSTO-GD-0538 Table 1: Classification of biometrics (adapted from Bolle et al. The review concludes with a cross-comparison of the common biometric technologies. iris. Fingerprint recognition systems are a proven technology and have been shown to be capable of very high levels of accuracy.5 cm x 1. the years of development that the systems have undergone. IBG estimates that fingerprint revenues will grow from $198 million in 2003 to $1. and looks set to remain there for some time to come. signature verification and hand geometry.5 cm and very thin) and are capable of acquiring and processing images (Roberts. 3. This is due mainly to the range of environments in which fingerprint systems can be deployed.biometricgroup. Fingerprint 7 . along with their resistance to environmental changes such as background lighting and temperature. and the many companies involved in the technology's manufacture and development. speaker recognition. 2006). a brief summary of other biometric technologies is also provided. facial. Their sensors and processors are low cost and easy to use and the reduced size and power requirements of fingerprint systems. Modern fingerprint acquisition devices are quite small (often less than 1.

Figure 4: Optical fingerprint sensor 3 Capacitance sensors were introduced in the late 1990s and have gained popularity since that time. known as feature extraction.factsfinder.com 8 . This process. and that the sensors themselves often degrade with age. This series of ridges used in enrolment is the basis of comparison. and can provide fingerprint images up to 500 dpi resolution. Once a high-quality image is captured. Sensors generate images of the ridges and these are scanned for structural features (called minutiae) such as branches or terminations. Fingerprint identification is based on the analysis of the ridge patterns on the tips of fingers. the capacitance sensor acts as one plate of a capacitor. but some choose to use pattern matching that extrapolates data from a particular series of ridges on the fingerprint (Roberts. 2006). capacitance.howstuffworks. Figure 3: Minutiae 2 The relative positions and types of the minutiae form a description of the fingerprint that can be matched against other fingerprints. Approximately 80% of biometric vendors utilise these minutiae in some fashion.htm http://computer. ultrasound and thermal. Multiple sensor types are currently available to scan fingerprints including optical. While it would appear that the coating applied to the capacitance sensors would be more 2 3 www. there are a several steps required to convert its distinctive features into a compact template. In these sensor types. Issues with optical sensors include that they must be of sufficient size to capture a quality image. that latent (or leftover) prints can degrade images to the point that image capture is severely hampered. and to authorise transactions. Optical sensors are the most proven fingerprint sensors over time. enter restricted areas. An 8-bit gray scale digital image. They are fairly inexpensive. the finger the other. more detailed than an image captured by an optical scanner. Each vendor of fingerprint systems has a proprietary feature extraction mechanism. is generated from the capacitance between the plate and the finger. are resistant to temperature fluctuations. operate plant.DSTO-GD-0538 systems are being used daily to enable users to access networks and PCs. the vendors guard these unique algorithms very closely.com/fingerprinting. and verification requires that a segment of the same area be found and compared. is at the core of fingerprint technology.

These temperature changes produce an image of the fingerprint.britestone. they have great potential to lead the fingerprint technologies market due to their reported high accuracy. While the image is not as rich as the gray scale images produced by other sensor types. thermal sensing has the advantage that it is able to overcome the dry and wet skin issues that can plague other sensors (Bolle et al.hk 4 5 9 . Figure 7: Thermal fingerprint sensor 6 Work is currently underway into the use of 3D scanners that use touchless technology and very high contrast multi-camera imaging of the finger (Chen et al. ultrasound sensors have the advantage that they can penetrate dirt and other contamination on the finger and platen.DSTO-GD-0538 durable than those of optical sensors. Ultrasound sensors transmit acoustic waves that measure the impedance of the finger. one of the major drawbacks of other fingerprint technology. Beside their reported high accuracy. the sensor platen and the air. 2006). however. this has yet to be tested across the range of conditions in which the sensor could be deployed (Roberts. Figure 5: Capacitance fingerprint sensor and output 4 Ultrasound sensors are still in their infancy and not yet widely used.com.fr 6 www. www.orange.ntt-tec. 2006). 2004). Figure 6: Ultrasound fingerprint sensor 5 Thermal sensors measure temperature changes in the ridge-valley structure of the finger as it is swiped over the scanner.jp http://perso.

Research has shown that certain ethnic and demographic groups have lower quality fingerprints and are more difficult to enrol. the pattern being sensed is often distorted at acquisition and can make matching difficult. higher speed database indexing schemes.to perform verification and identification. Because of this touch sensing.com/). particularly in the area of surveillance systems. accounting for 17% of the biometrics market (http://www.send2press.idwarehouse. most 3D systems also output 2D fingerprint data that is compatible with legacy fingerprint databases to ensure interoperability is maintained.com www.2 Face Facial recognition is based on the measurement of the positions of distinctive features of the face . Other major drawbacks of fingerprint sensing include the inability of the sensing process to accommodate dirt and other environmental contamination and the apparent inability of a few users to record reliable fingerprints (due to injury or age). including the elderly. the areas surrounding the cheekbones. In addition to 3D images. Figure 9: Face measurements 8 Facial recognition technology is the second most popular biometric technology after fingerprint and is expected to grow rapidly during this decade. Facial recognition technology is being used widely 7 8 www.co.including the upper outlines of the eye sockets.biometricgroup. 3.uk 10 . IBG estimates that global facial recognition revenues will grow from $50 million in 2003 to $800 million in 2008. manual labourers. the sides of the mouth.The major drawback of many fingerprint recognition systems is the contact nature of many of the sensors.DSTO-GD-0538 Figure 8: 3D fingerprint image 7 3D fingerprint scanners create more accurate minutiae and pattern matching and more reliable. The advantage of 3D systems is their ability to overcome the smudging and distortion issues inherent in touch based systems (Simmons. and some Asian populations (Roberts. 2005). 2006). and the location of the nose and eyes .

and images from near infrared and facial thermograms still have a way to go. van Rootseler. Horn.com/ and http://www-users. scanned documents or video sequence. laser sensors are expensive and slower than the other options (Akarun.DSTO-GD-0538 in large-scale identification applications (i. Chang. The performance of facial recognition systems is closely tied to the quality of the images captured by the various sensors. 2005). It has not yet been successfully applied to desktop verification. Although improving all the time. surveillance applications and in law enforcement.cs. Veldhuis. The more recent facial recognition systems are based on skin or skull geometry and require 3D images to achieve this.e. projects a light pattern onto the face of a subject and uses a standard camera to record the information. Other systems have used near infrared and facial thermograms with varying results. The third type uses a laser sensor to capture a 3D image of a subject’s face. Recent research has found that a multimodal or fusion approach of using 2D and 3D facial recognition systems in combination with one another performs significantly better than using either alone (Tao. Bowyer & Flynn. Gokberk & Salah. Gehlen & Weber. The most common input sensors are 2D video or digital cameras. feature analysis. which is then used to calculate depth information and reference points. 2003). Stereo acquisition is relatively low cost and easy to use. 2005).a4vision. 2007. neural networks and automatic face processing (Woodward. stereo acquisition. The first type. although 3D systems are becoming more commonplace.york. passport systems). structural light. The second type. Gatune & Thomas. uses two or more cameras to take simultaneous snapshots of a subject and then uses this information to calculate depth information and reference points. 9 www. Structural light is the fastest of the 3D facial systems. Figure 10: 3D face images 9 There are three main types of 3D facial recognition systems available on the market today.ac. Vendors currently use four methods to identity or verify subjects using facial recognition – eigenfaces. 2D images are generated using analog or digital camera.uk 11 .

Of the leading three biometric technologies. Specific features are extracted from many different regions of the face and these features (both their type and arrangement) are used for identification and verification. Although automatic face processing is a more simple technology and is best suited to front-on image capture situations. Note that in Figure 11. 12 . it has been shown to be ineffective in dimly lit environments. Eigenface utilises 2D gray scale images which represent distinctive characteristics of the face. Facial recognition systems are able to capture faces of people in public areas and images from some distance away. In verification mode (i. Although. face is the only viable tool for surveillance or watch list functions. Neural network mapping utilises a matching algorithm to determine whether features from an enrolment/reference and verification/live face are similar or different. like most facial recognition systems. 2003). for access control) a user’s live template is compared against the enrolled template and in identification mode (i. their eigenface is mapped to a series of coefficients. Eigenface is best suited to well-lit environments and when using front-on image capture. one of its distinct advantages is its ability to deal with changes in appearance or the angles at which a face is presented. Thus the system’s covert capability and capacity to be used in coordination with existing national security databases and surveillance cameras or closed circuit television (CCTV) systems make it a valuable biometric tool (Woodward. The degree of coefficient variance determines acceptance or rejection. feature analysis works best with front-on images.e. A false match prompts the algorithm to modify the weights it gives to certain features of the face to double check that the false match is the correct decision to make. for surveillance) the template is compared to many in a pre-existing database to determine coefficient variation. This increase in performance has been attributed to the development of the recognition technology. higher resolution imagery and improved picture quality due to greater consistency in lighting. FRR (false reject rate) equates to FNMR and FAR (false accept rate) equates to FMR. Once a user has enrolled. The performance of facial recognition technology has improved dramatically over the past 14 years. with error rates dropping dramatically over this time (see Figure 11). Horn. Automatic face processing uses distance and distance ratios between the distinctive features of the face (such as the distance between eyes) for matching purposes.e.DSTO-GD-0538 Feature analysis is currently the most widely used facial recognition technology. Neural networking technology uses as many features of the face as possible to ascertain whether there is a match or not. suggesting that no physical contact is required. Gatune & Thomas.

cl.ac. The first step in acquisition of an iris image is to position the camera the required distance from the eye. Horn.cam.e. 2003). Gatune & Thomas. Once the camera has situated the eye it narrows in (from right to left to avoid the eyelids) to locate the outer edge of the iris. The unique visible characteristics of the iris are converted into a template and stored for future matching. 10 11 Phillips et al (2007) www. furrows and the corona).uk 13 . Figure 12: Collage of irises 11 Iris structure is practically unique and may be sensed via regular and or/infrared light. cameras) are well understood and unobtrusive (Woodward.3 Iris Iris recognition systems are based on visible qualities of the iris (such as the trabecular meshwork.DSTO-GD-0538 Figure 11: Decreasing error rates for facial recognition technology 1993-2006 10 In terms of user acceptance. facial recognition is generally widely acceptable since human beings are already familiar with this process and the sensors (i. 3. rings.

For this reason reported user satisfaction with systems that are used infrequently has been poor (Bourlai et al. with revenues set to increase from $36 million in 2003 to $366 million in 2008 (http://www. particularly high security applications where low error rates are essential. Users must stay still while the iris image is being captured and many users take some time to become accustomed to this aspect of iris recognition systems. Iris Challenge Evaluation 2006 (ICE2006) reported an FNMR of 0. 2007). 12 www.DSTO-GD-0538 Figure 13: Desktop iris scanning 12 Iris recognition technologies are used primarily in high security environments and account for around 8% of the entire biometric market. 3. The technology can utilise any audio capture devices (such as mobile and land-line telephones and a range of microphones).com 14 . The temporal and spectral characteristics are stored and a live voice recording is analysed for the same features.001 (Phillips et al. IBG estimates that their use will increase markedly. The technology does not lend itself to some identification activities because it requires a co-operative enrolment process. 2007). several times. but does not verify it.eyenetwatch. Competition in the development of iris recognition software had been stifled by a company called Iridian Technologies.4 Speaker Recognition Speaker recognition is based on the analysis of the temporal and spectral characteristics of a voice when articulating a set of words (either text dependent/known set. Speaker recognition is often confused with speech recognition which translates what a user is saying. 2006).biometricgroup. These patents expired in 2005 and development of iris recognition algorithms has flourished since (Phillips et al. or text independent or unknown).com/).5 seconds in length.09 for an FMR of 0. The claimed error rates for iris systems are exceedingly low. who held patents for iris recognition since the 1980s. During enrolment users are prompted to either repeat a phrase or set of numbers of approximately 1 to 1. Iris technology appears to be very well suited to a range of verification applications.

which is the reason for their relatively widespread usage in the areas of access control and time and attendance monitoring.com/). In terms of sensors. Users place their hand onto the reader’s surface. Although speaker recognition systems have caused frustration among users they are not considered invasive and for this reason are seen as preferable to some other biometrics (Bolle et al. The sensing process is user friendly. the range of applications in which they are used is limited and hence the technology will command less and less of the total biometric revenues (around 3% of the total market).DSTO-GD-0538 Figure 14: Speaker recognition headset and microphone 13 Speaker recognition systems currently command around 5% of the total biometric market. Although IBG estimates that hand geometry revenues are expected to grow to $154 million in 2008. IBG estimate that revenues from voice recognition systems will increase from $23 million in 2003 to $225 million in 2008. if the user is congested or is in a particularly noisy environment). Its strength lies in the field of telephony and the cost savings made in reducing staff numbers in call centres.e. but are dependent on the quality of the data channel (communication link) used to transmit the voice. Speaker recognition systems may also be affected by the quality of the voice itself (i. educational institutions and even at Disney theme parks for verification of season pass holders. Hand geometry systems are currently in use in places of employment. Speaker recognition systems produce relatively low to medium error rates (particularly FNMR).vocollect. 3.biometricgroup.5 Hand Geometry Hand geometry sensors measure the dimensions of fingers and the hand to generate descriptive templates. It is the only biometric technique that could be used to verify the identity of someone using a voice communication link. although it is not a strong solution when speech is being introduced as a new process. hand geometry is captured using a charge coupled device (CCD) digital camera. in line with the demand for the systems in telephony-based environments (http://www. aligning it with several 13 www.com 15 . For this reason it is preferable that the same device used for enrolment is also used for verification. 2004). 2004). which enables frequent travellers to by-pass long immigration lines at several international airports through the United States and Canada (Wasem et al. One of the most successful applications of hand geometry technology has been the United States’ Immigration and Naturalisation Service Passenger Accelerated Service System (INPASS).

agreements and other documents electronically increases.datafoundry. has not progressed much in recent times. as opposed to a simple physical crosscheck of one signature and another. Indeed.com 16 . Signature verification systems currently account for around 2% of the biometric market. The technology is at the more expensive end of the biometric spectrum.e. Figure 16: Signature verification 15 14 15 www.6 Signature Signature verification systems use the distinctive behavioural features of a signature (such as speed. 2004). Due to the fact that it is not uncommon to find similarities between hands. and its size may preclude it from being used in many access control environments.indiatimes. which are converted to a template for storage and matching purposes when verification is required. signature verification systems should grow. are not suitable for identification programs).DSTO-GD-0538 pegs designed to keep the hand in place. hand geometry systems are restricted to verification programs only (i. The CCD digital camera then takes upwards of 100 measurements. 3. user perceptions of the technology are favourable and a wide range of users can use it with ease (Bolle et al.com http://economictimes. pressure and stroke order) to verify the identity of the user. IBG estimates that global revenue for signature verification systems will increase from $9 million in 2003 to about $107 million in 2008. As the demand for signing contracts. Figure 15: Hand geometry sensor for access control 14 Hand geometry is a relatively accurate technology.

signature verification systems do not deal well with individuals who do not sign their names consistently. retina biometrics have tended to be used by large government departments or organisations with willing participants requiring access to highly secure material or environments. For these reasons. can easily leverage off of other systems. 1935).DSTO-GD-0538 Signature verification systems work in conjunction with signature capture systems (such as specialised tablets and styluses).7 Retina The retina is a sensory tissue of the eye that consists of millions of photoreceptors which gather light rays and transform them into electrical impulses which then travel through the optic nerve into the brain to be converted into images. for this reason. Figure 17: The eye 16 Figure 18: Scanning area of the retina 17 Retina biometric systems use a light source projected into the eye to scan the vein pattern of the retina. illness or injury as well as the difference between signing on paper with a pen versus on a tablet with a stylus may also affect the consistency of the signature and FNMR. 2004). and. In addition. Once captured. as they are less invasive than some other biometrics. but retinal scanning is a relatively expensive and intrusive process that could only be considered for high security applications with willing users (Bolle et al. the signature is transmitted to a computer for template generation and matching. The error rates are claimed to be very low. user acceptance is high (Bolle et al. photographs of the blood vessel patterns of the retina could be used as a means of identification (Simon & Goldstein. where a decision is made whether to accept or deny its authenticity. Signature verification systems have been found to have relatively low FMR. In the 1930s it was discovered that every retina possesses a unique blood vessel pattern and.net 17 http://ravidas.net 17 . 2004). 16http://ravidas. On the converse. 3.

defensetech. but has thus far been restricted to forensic applications. Electronic noses (e-noses) have been developed that can measure a spectrum of different chemicals. http://www. Figure 21: Schematic diagram of an electronic nose 19 The technology is still far from deployable. with a raft of issues such as the impact of deodorant and perfumes and different health issues still to be addressed (Korotkaya. For this reason there are privacy concerns with the use of DNA. DNA contains genetic identity information and.org Korotkaya (2003) 18 19 18 . is a rich source of information about a person’s health as well as their identity.9 Odour Chemical odour has come to the fore due to recent advances in chemical analysis. Verification of identity using DNA is also inherently slow (a sample can take days to weeks to verify) and there are issues with its uniqueness. Figure 20: A DNA molecule 3. as identical twins will have the same DNA (Bolle et al. however. 2004). 2003). as such.DSTO-GD-0538 Figure 19: Retina scan of Iraqi Army recruit 18 3.8 Deoxyribonucleic acid Deoxyribonucleic acid (DNA) is perhaps the most accurate of all biometrics.

or palm (although almost any body part with visible veins could be used). 2006). 2002).za 19 . when coupled with facial recognition it has been shown to markedly increase performance (Victor. Researchers have used thermograms and images of the ear for identification purposes.bme. Figure 23: Vein scanner 21 3.hu www. such as ridges and valleys. back of the hand.11 Veins Veins have also been recognised as a unique characteristic that can be applied as a biometric for verification.mit. While the use of ear anatomy has not been found to be successful on its own. Veins are developed before birth and remain highly stable throughout life. Bower & Sarkar.dex.12 Fingernail bed Fingernail bed biometrics use scanners to capture the distinctive identifying characteristics of the nail bed. Venous pattern recognition is particularly popular in Japan. A camera captures the vein pattern with a focus on the shape and location of the vein structure. Vascular pattern recognition systems identify a person by using the patterns of veins on their finger. 20 21 www. Like iris patterns and fingerprints.10 Ear Ear anatomy has recently been studied as a potential addition to the range of automated biometrics. these ridges and valleys are thought to be unique to each individual (Bolle et al.co. and is currently in use in selected banks and ATMs throughout the country (Khan. Figure 22: Ear biometric 20 3. 2004). even differing between twins.DSTO-GD-0538 3.

13 Skin The reflectance spectrum of skin and its ability to provide information about the highly person-dependent distribution of certain light sensitive chemicals. 2008). Soria-frisch. The focus thus far. people would instead use ‘pass thoughts’ based on electrocephalogram (EEG) patterns to access a system or restricted area (Ortiz Jnr. Instead of passwords.DSTO-GD-0538 Figure 24: Fingernail bed scanner 22 3. 2002).fr http://neurocog. Tzovaras & Bekiaris.psy. 2008). Riera. see Figure 26) as well as acoustic body scanning for both verification and identification (Koenig. Caparrini. has been on skin biometrics being used with fingerprints to provide liveness detection and to prevent spoof attacks (Bolle et al. Figure 25: Brainwaves depicted in an electrocephalogram trace 23 A quick search of patents databases uncovers several patents for the development of biometrics using various kinds of physiometrics such as heart rate variability or cardiovascular function (Wiederhold. The research assumes that brainwaves. 2003. Israel. Meyer & Irvine. Such research has included investigations into the utility of brainwaves as a biometric (Figure 25).perso. has lead to an increasing amount of research into skin biometrics. 3. 2007.tufts.orange.edu 20 . like iris and fingerprint patterns. 22 23 www. 2004). Cester & Ruffini.14 Physiometrics The study of physiometrics (biological indicators) for use in biometrics has been prompted by the need to enhance the reliability and robustness of verification and identification systems (Damousis. are unique and this uniqueness could be exploited in the security realm.

orange. Future research is aimed at eliminating the need for monitors and the work ongoing in micro and nano-sensor development area (Damousis. 2006). Meyer & Irvine (2003) www. Thermograms are pictures of the body showing areas from which heat is emanating. Such pictures are thought to be unique to individuals. Ross & Prabhakar. Figure 27: Facial thermogram 25 24 25 Wiederhold. particularly in the face and hand recognition area. 2004).perso. 2008) coupled with the lessons learned from non-contact lie detection systems (Greneker & Geisheimer. although research is ongoing (Jain.DSTO-GD-0538 Figure 26: Identification by analysis of physiometric variation 24 Thus far such systems have required the attachment of monitors or have required close proximity to a sensor (Greneker.fr 21 . 2001) may be of value here.15 Thermogram Thermograms are also beginning to gain popularity. Israel. Tzovaras & Bekiaris. 3.

perso.18 Lips The potential of lips as a biometric was discovered during research into speech and facial recognition.orange. 2002).DSTO-GD-0538 3. it looks likely that lip motion would be used in conjunction with other biometrics (such as facial recognition) (Cetingul. 3. Work pattern analysis is carried out completely in the background and is not in any way obtrusive or threatening to the user (Bolle et al.16 Gait Gait refers to the unique combination of motions by which people walk.perso. Yemez. Briceno & Ferrer.fr 22 . Figure 29: Lips as a biometric 27 Rather than a standalone biometric. where the ability to recognise people at standoff ranges would be valuable. It involves the capture of video footage of a subject’s lip motion during speech. The technology is still in its infancy with relatively high error rates at present (Nixon & Carter.fr www. 2004). Researchers have also looked at lip shape as a possible identifying feature (Gomez. 2004). the speed of typing. 26 27 www. For example. The primary use would appear to be in covert surveillance applications and intelligence gathering. & Tekalp. An analysis of temporal and frequency components of motion from a radar sensor may be used to identify people walking at a distance. Figure 28: Gait as a biometric 26 3.orange. along with types and occurrences of errors may be used to identify the user of a keyboard (key stroke analysis). Traviesco.17 Work pattern analysis Work pattern analysis is based on the individual idiosyncrasies unique to each person carrying out a task. Evzin. Specific features of the lips during speech are then extracted and used as a comparison for future verification. 2004).

3. 2004). Other smart gun related research is looking at the use of fingerprints.org 23 . 28 www. 2007). Using sample images of tongue-prints of 134 people.20 Dynamic grip recognition Much research has occurred in the US into the smart guns concept that uses dynamic grip recognition (DGR) to enable a firearm to fire.weaponsblog. these researchers obtained a 93. Tanaka.3% recognition rate. such as the Euclidean distance between the feet and other geometric information. DGR works through pressure sensors embedded into a firearm’s grip (see Figure 30). They argue that the tongue is unique in terms of both its shape and surface texture (see Figure 31). Mizukami. Most commonly used in the forensic/crime science analysis field.19 Footprints Research has also been devoted to the use of footprints. Figure 30: Dynamic grip recognition sensors on a handgun 28 When a user holds a gun their grip is like a password. 2005). Pressure distribution of the feet has also been investigated (Nakajima. Yan & Shi. as a method of user verification (Bolle et al.DSTO-GD-0538 3. Liu. The aim is to capture directional and positional information of the feet. the system can either match and accept it (enabling the user to fire) or reject it (Chang et al. in addition to handgrip recognition.21 Tongue Researchers in Hong Kong have recently begun investigating the utility of using tongue prints for verification and identification (Zhang. 2000). & Tamura. work has recently been devoted to developing technologies to capture and analyse footprint biometrics for identification and verification. 3.

Yan & Shi 2007 www. Further research is required before the technology could be commercialised.DSTO-GD-0538 Figure 31: Different shapes and surface textures of the tongue 29 The tongue has other advantages in that it is well protected from the environment and difficult to forge.dell. 3. 29 30 Zhang. reproduced from the Dell Corporation website 30 .com 24 . but health and hygiene issues will prove challenging. Liu. summarises five of the main biometrics on the market today in terms of their benefits and disadvantages.22 Comparison of technologies Table 2.

iris. or how well the biometric separates one user from another. permanence. speaker/voice and hand biometrics (reproduced from www. on the low to high scale. The biometric technologies have been compared on the following six criteria: uniqueness. face. or how well a biometric resists ageing. or how easy the biometric is to acquire.com) A quick-look comparison of all of the biometric technologies is provided in Table 3. Table 3: Comparison of Biometric Technologies 31 Biometric Fingerprint Facial Iris Speaker Hand Signature DNA Ear Odour Retina Veins Dynamic grip Skin 31 Uniqueness High Medium High Low Medium Low High Unknown* Unknown* High High Medium Medium Permanence High Medium High Low Medium Low High Unknown* Unknown* High High Medium Medium Collectability Medium High Medium Medium High Medium Low Medium Unknown* Low Medium Low Medium Performance High Medium High Low Medium Low Low Unknown* Unknown* Medium Medium Medium Unknown* Acceptability Medium High Low High Medium High Low Unknown* Unknown* Medium Unknown* Unknown* Unknown* Resistance to Circumvention Medium Medium High Medium Medium Medium Medium Unknown* Unknown* Medium Unknown* Unknown* Unknown* Based on Simpson (2007) 25 . fast and robust the system is. performance. and circumvention.DSTO-GD-0538 Table 2: Benefits and disadvantages of fingerprint. or how easy it is to fool the system. or how accurate. acceptability of the biometric by the public.dell. the better the technology rates. The higher the rating. collectability.

Table 4: Parameters to guide selection of biometrics (from Sanderson & Erbetta. these parameters could be used across a range of scenarios. Table 4 summarises the parameters that they recommend must be taken into consideration when selecting biometric technology.e.23 Parameters to guide the selection of biometrics Sanderson and Erbetta (2000) have extensively studied the application of biometrics.DSTO-GD-0538 Biometric Gait Lips Work pattern Fingernail bed Thermogram Physiometrics Footprint Tongue Uniqueness Unknown* Unknown* Medium Unknown* Unknown* Unknown* Unknown* Unknown* Permanence Unknown* Unknown* Low Low Low Unknown* Low Medium Collectability Medium High Medium Medium Low Low Medium Low Performance Unknown* Unknown* Medium Unknown* Unknown* Unknown* Unknown* Unknown* Acceptability Unknown* Unknown* Unknown* Unknown* Unknown* Unknown* Unknown* Unknown* Resistance to Circumvention Unknown* Unknown* Low Unknown* Unknown* Unknown* Unknown* Unknown* * More research is required 3. specifically in the military environment for the British Ministry of Defence (MoD). 2000) Parameter Accuracy Environment Ergonomics/user friendly Stability and Uniqueness Security Safety Speed of enrolment and recognition Non-intrusiveness Convenience Cost Size of stored template Operational limitations Explanation Is the system accurate in terms of low error rates? Is the technology fully deployable? Is the system user friendly? Is the feature being measured unique and stable over time? Is the system secure? Could it be easily tampered with or spoofed? Is the system safe to use? Does it present any dangers to the user? How long does it take to enrol a subject? How long does verification take? Is the technology intrusive to use? Is the system convenient to use? Is the system convenient to integrate with other systems or processes? How much does the technology cost? How big is the stored template? What are the limitations of the technology in the deployed environment? (i. biometrics will inevitably need to be applied in a range of operational environments (particularly in the military and law enforcement fields). Consideration of the above parameters should take into account the 26 . Although tailored towards the military environment. how well does the technology cope if the user is wearing protective clothing?) What is the system required to do? Can it perform both identification and verification tasks? Is there credible scientific research to support the technology? Is the technology acceptable to users? Requirement Credible scientific research Human acceptance Besides application in the fixed strategic environment.

easy to use Stable. and iris technologies against the parameters defined by Sanderson and Erbetta (2000). damaged or soiled hands. probability of two people having the same iris is 1 in 1078 Security Safety Spoofing is possible. easy to use Stability may be affected by injury. but low probability of success in high security systems. although some studies have shown it to work through them 27 . and health status). Table 5: Parameters to guide selection of facial. et al (2004). May be some hygiene issues with sensors that require contact.csr. varies according to sensor Varies according to sensor. Safe to use Speed of enrolment and recognition Nonintrusiveness Convenience Cost Size of stored template Operational limitations Enrolment < 35 sec. low probability of success in high security systems.DSTO-GD-0538 requirements of the different environments. Probability of two people possessing the same fingerprint is 1 in 1080 Susceptible to spoofing. environment and age. http://www. fixed and free Low . Table 5 summarises the results of research in both the operational/deployed and other environments and rates fingerprint. Bolle.000 irises Needs user cooperation Range of different sensor sizes.com/. backgrounds may also impact on picture quality Enrolment < 1 minute.nist. fingerprint and iris biometrics in the Defence environment Parameter Accuracy Fingerprint Very accurate Face Accurate. identification proportional to size of database Unobtrusive Range of different camera sizes.Medium. identification 1-2 sec based on database of 100. identification proportional to size of database Needs user cooperation Range of different sensor sizes. approx 512 bytes Possibly effected by the use of protective eye wear. particularly the challenges of these operational environments. verification < 1 sec. varies according to sensor Varies according to sensor.unibo. fixed and free Low .biometricgroup. approx 1300 bytes Poorly or excessively lit environments may pose problems. Data to populate this table has been obtained from a variety of sources including Sanderson & Erbetta(2000). verification < 1 sec. verification < 2 sec. with age. uniqueness is questionable Susceptible to spoofing. and the various vendor competitions – Fingerprint Verification Competition (FVC) http://bias.gov/ICE. fixed and free Low. the Face Recognition Vendor Test (FRVT) www. although not as good as iris or fingerprint Iris Most accurate of all commercially available biometrics (second only to DNA) Can be used across a range of environments Environment Can be used across a range of environments.Medium.org and the Iris Challenge Evaluation (ICE) www. but contaminated environments may cause issues Once user is familiar. otherwise safe to use Enrolment < 30 sec. due to similarity in face shapes.frvt.iris. varies according to sensor Varies according to sensor. but susceptible to poor lighting and different backgrounds Easy to use Likely to change (e. Jain. approx 250 bytes Unsuitable for use with protective clothing. facial. medium probability of success. Safe to use Once user is familiar.g. Ross and Prabhakar (2004). but has been shown to work successfully in a variety of environments Ergonomics/user friendly Stability and Uniqueness Can be used across a range of environments.it/fvc2006.

Iris Challenge Evaluation (ICE) multi-vendor testing Questionable.24. and can. 2003). the other biometric can be used for verification) so they improve population coverage and enhance verification performance (Khan. more research required Credible scientific research Human acceptance Plethora of research. therefore. Advantages of using multimodal biometrics include that they are more reliable if one of the biometrics is damaged (i. the matching scores are combined to arrive at a single decision).DSTO-GD-0538 Parameter Requirement Fingerprint Works well in watch list and verification applications Face Works well in surveillance. matching score level (i. they are also liable to suffer the shortcomings of those systems (Ko. It is currently more commonplace to see multiple biometrics used in systems (such as fingerprints combined with photographs). the wide range of form factors now available. 2004). A recent example of a multimodal biometric system used for military purposes is the Biometric Automated Toolset (BAT). which uses iris recognition and fingerprint scanning. Mink.e. the performance gains achieved have been smaller than expected due to accuracy of the individual systems themselves (Snelick.24 Current directions There are several current trends in biometrics that are worthy of discussion. the individual decisions of each system are then combined). The way biometric technologies are combined (the fusion strategy) can vary according to the systems concerned.e. Research has found that while the security advantages of multimodal systems are clear. or the feature extraction level (i. 2006). 28 .e. watch list and verification applications Plethora of research. Face Recognition Vendor Test (FRVT) multi-vendor testing Most accepted of all biometrics Iris Does not work well in surveillance or watch list applications as user cooperation is required Plethora of research. if a fingerprint is degraded due to age or injury. 2005). feature extraction and matching is done completely independently of each other. Multimodal biometric systems generally require more sensors. Such systems are referred to as multimodal (Ross & Jain. 3. the features extracted from each system are combined into a single feature vector and used as a basis for matching and decision making). Indovina & Jain. Fingerprint Verification Competition (FVC) multi-vendor testing Some issues with acceptance exist due to the association with criminality 3. It should be noted that not all of the above systems are used in isolation. more data. Uludag. In addition. They include the rise of multimodal or fusion biometrics. Systems can be fused at the decision level (i.e. feature extraction and matching is done completely independently of each other. take longer to verify. and the combination of biometrics and smart cards. as they are comprised of single biometric systems.1 Multimodal biometrics The previous sections provided a summary of the main classes of biometrics. 2005). have found that combining text dependent and independent voice recognition technologies to be very successful in terms of performance (Summerfield. Recent studies by the University of Canberra’s National Centre for Biometric Studies.

The goal is to develop algorithms that recognise people from nIR image sequences and high definition video sequences. as well as to increase the security of their applications (Kauchak. is particularly interested in the use of multimodal biometrics to provide the highest levels of accuracy and probability of identification and verification. p. 2006).DSTO-GD-0538 The US military has used BAT in Afghanistan. Sensors can be embedded in a device in a number of ways – on the side.24. The US DoD.nist. Still and Video Face. 2005) and research has demonstrated that multimodal biometric systems are more accurate and more resistant to failure (Simpson. • • The results of the MBGC will be available in mid-2009 and it is envisaged that MBGC will be a regular event that will investigate the utility of other multimodal systems in the future. for instance. Decreasing the sensor too much can impact negatively on performance and increase costs. protruding. the choice of which will obviously depend on the biometric concerned and other ergonomic considerations. The range of device types that users can interact with includes desktop peripherals. acquired while the person of interest walks through a portal.2 Form Factors Biometric sensors can be embedded into an acquisition device and the manner in which this is done is known as the form factor (see Figure 32 and Figure 33 for two examples). FNMR. recessed. although there is a trade-off between sensor size and performance (Narayanaswami. The goal is to advance recognition from unconstrained outdoor video sequences and still images. The aim of MBGC is to ‘investigate.gov/mbgc/ 29 . 3. The goal of multimodal biometrics is to reduce one or more of the FMR. embedded physical access solutions. 2007). Interest in the application of multimodal systems is increasing. or susceptibility to attack (Ko. test and improve performance of face and iris recognition technology in both still and video imagery through a series of challenge problems and evaluation’ (Phillips 2008. 2005). 32 http://face. failure to enrol rates. The three main challenges for 2008’s MBGC are: • Iris and Face Recognition from Portal Video. embedded desktop solutions. Iris and Face Recognition from Controlled Images. on top. and embedded wireless handheld solutions. Cuba and Iraq to populate HUMINT databases that are shared with the Federal Bureau of Investigation. NIST recently established the Multiple Biometric Grand Challenge (MBGC) 32 . The goal is to improve performance on iris and face imagery using real-world high and low resolutions frontal face images and still and video iris sequences. 2).

Sony was one of the few companies engaged in developing such a smart card product in the late 1990s.germes-online.3 Biometrics and smart cards Smart cards have the ability to store large amounts of data. Such a multi-factored method of verification is particularly well suited to high security environments. the card will be useless to anyone other than the owner of the biometric.co.24. The advantages of this approach are that the bearer of the card has control of their own biometric template at all times and the sensor resides on the card. If a smart card storing a biometric is lost or stolen. and the execution of a matching algorithm (Bella. encryption and protection of the stored information. which facilitates portability.biometricassociates. 33 34 www. such as the smart card reader.com). Bistarelli & Martinelli. These are discussed in more detail below.casio. 3. but due to increasing costs and size issues interest slowed. and the quality of the biometric captured is questionable. There are several options available for combining a smart card with biometrics. 2003). carry out their own card functions and interact with a range of devices. each with their own advantages and disadvantages. The disadvantages.jp/ 30 . 2006) and another company in the US currently marketing fingerprint sensor embedded cards for access control (www. with a company in Austria currently developing paper thin fingerprint sensors to be embedded into smart credit cards (Bullis.com www. Sensor-on-card systems (see Figure 34). include that the addition of the sensor can make the card bulky and expensive. enable capture of the biometric (through the embedded sensor). however.DSTO-GD-0538 Figure 32: Biometric/fingerprint mouse 33 Figure 33: Biometric/fingerprint mobile phone 34 The type of application being deployed and the environment in which it is being applied will ultimately drive the form factor. There is a resurgence in this technology however. Combining biometrics with smart cards provides users with trusted credentials for a wide range of applications including access to facilities and secure networks.

com 37 http://bias.DSTO-GD-0538 Figure 34: Sensor-on-card system 35 Match-on-card systems (see Figure 35) enable encryption and protection of the stored information. that may come with storing large amounts of biometric information in a database (Piazza. 2003).csr. However.fidelica. 2005).com www. A recent pilot program in Texas for 30. while the algorithms behind such smartcards can overcome some critical privacy and security concerns. Figure 35: Match-on-card system 36 At the conclusion of the Fingerprint Verification Competition in 2006 (FVC 2006) 37 interested researchers were invited to help develop an evaluation protocol for smart cards using fingerprints. there is very little publicly available independent data on their actual performance in comparison with traditional systems. as opposed to other match-on systems that release the biometric template to another device (either directly or over a network) to perform the matching function.000 Medicaid members used match-on-cards to overcome security and privacy concerns. Fingerprint systems of this type have been studied and found to be more robust in terms of their security against attack (Martinez-Diaz et al. In its most common application.it/fvc2006/ 35 36 31 . Bistarelli & Martinelli.unibo. specifically the match-on-card system. fingerprints and their associated matching algorithm are stored on a smart card without compromising security. data collected at FVC2006 can be used to evaluate the performance of such systems. and the execution of a matching algorithm (Bella. Match-on-card systems are more expensive than the traditional template-on-card systems as they require smart cards with embedded microprocessor and operating systems to run the match application. 2006).fidelica. www. The bearer of the card has control of their own biometric template at all times. It is hoped that once an appropriate methodology is developed. as well as potential litigation issues.

signature and fingerprint with the option of adding further biometrics as required.DSTO-GD-0538 Template-on-card systems (see Figure 36) are the most common combination of biometrics and smart cards currently available in the market (Bella. They include the Common Access Card (CAC). which uses face. fingerprint and iris.com 32 . 38 www. proven performance. The US transportation sector has recently introduced the Transport Workers Identity Credential (TWIC). the Defense Biometric Identification System (DBIDS). it provides no protection when the template is released to another device (either directly or over a network) to perform the matching function. While this option enables encryption and protection of the stored biometric information.fidelica. Perhaps the largest project combining smart cards and biometrics is the Ration Card System in India. there are several biometric enabled smart cards currently in use for access control and identity management. Figure 36: Template-on-card system 38 There are many examples of smart cards and biometrics in practice around the world today. which uses fingerprint and face for access control and identity management. 2003). The main advantage of this system is the research and development behind it. The PIV uses face and fingerprint biometrics for both access control and identity management (collecting all ten fingerprints at enrolment to send to the FBI for background checking) (Hamilton. The Italian MoD has introduced an identity card that utilises face. such as iris. which uses face and fingerprint. The Personal Identity Verification (PIV) card is a new identity card for US Federal employees. however. and the Biometric Identification System for Access (BISA). for instance. The card has been distributed to some 80 million people across the country in a bid to better manage rationing and reduce fraud (Ryan. In the US DoD. Several researchers are. and its low cost in comparison with match-on-card and sensor-on-card systems (this is because small operating systems and onboard applications are generally sufficient for template-on-card systems to function). This is the main disadvantage of this option and raises a series of privacy and security issues. fingerprint and/or hand geometry. which uses face. currently trying to overcome these security and privacy issues by using the embedded cryptographic modules of the card to perform the match (Bella. 2003). Bistarelli and Martinelli. Bistarelli & Martinelli. 2007). which combines a smart card with identification information and an iris biometric. 2007). both within and outside of the Defence environment.

1 Physical access control People require varying degrees of access to certain buildings. facilities and/or resources. 4. Biometric applications Biometrics can be applied to a range of functions broadly categorised as verification. This could include gates where a guard maintains a general surveillance of the gate area or an automated gate/doorway which only allows people through one at a time. and 33 . environmental issues and their impact on the functioning of sensors (e. and the failure of casual users to surrender passes when no longer required could cause security problems.g. failure to acquire a usable fingerprint due to degradation with age or injury).g. with the exception of some facial recognition systems. usability issues (e. security and privacy issues arise with each). For instance.g. Thus. heart rate variability or cardiovascular function) or acoustic body scanning for both verification and identification). Photo or other passes/smart cards can be used to manage access by authorised persons and to keep out intruders. they do not have mechanisms to identify that there is someone present who should be subjected to an identification process. Biometric systems could alleviate some of the problems with existing processes. or where access is physically restricted until biometric identification has been completed. The following sections provide a little more detail on the vast range of applications of biometrics. lost passes compromise security and add to administrative workload. In addition. a biometric system could be considered if it improved security. Included among them are patents for improving pre-existing biometrics (such as the use of holographic images or fingerprint scar recognition to improve fingerprint recognition) and those proposing new biometric measures and technologies (such as the use of physiometrics (e. identification or watch list functions. and reduced costs.DSTO-GD-0538 3. added an ability to track access by authorised users. Other limitations of using biometrics for access control include: • • • the security of the biometric information (should it be stored on a database or on a smart card?. a search of the US patents database for patents registered since the year 2000 mentioning the term biometric in the title or abstract yields 399 different patents.. but it should be highlighted that biometric systems only distinguish between people and.. In these circumstances.25 Future directions In terms of future directions for biometrics. the deployed environment presents a series of challenges to biometric sensor functioning). biometric systems may be most useful where access is supervised by humans to prevent people from bypassing the biometric device. but the possession of a pass or smart card alone does not guarantee that the holder is the person authorised to use the pass. photo passes could be modified to allow gate access by unauthorised persons. Intruders may try to gain access for the purposes of espionage or sabotage. 4.

e. For instance. face or fingerprint) at regular intervals throughout a session (known as challenge and response). which uses fingerprint and face for access control and identity management. the main server areas and communication links are physically at risk. including the security of the stored data (i. gritty fingerprints are hard to read and verify). payroll and leave. usability and user acceptance issues (i. can the database be compromised?).. Logon verification can be accomplished via individual fingerprint sensors on the keyboard. The system not only provides companies with identification assurance for employees (through interfacing with FBI databases) but is also intended to be used in maintaining safety throughout the sector through monitoring driving times.e. Logon access could also be used to ensure that the user was granted only the appropriate level of access.g. 2006). In the case of the physical security of server hardware. the system could be compromised by the use of a substitute biometric. It involves the collection of facial. fingerprint and iris data from 34 .2 Logical access control and protection of IT systems IT systems have two main vulnerabilities. along with the maintenance overheads and associated security issues. The BISA delivers this capability. safety systems. finger or hand vein sensors (Celent. the US military deployed a new system to Iraq. accidents and other infringements. facial recognition or iris recognition via a video camera or speaker recognition via microphone input. particularly for the management of personnel identities. the US transportation sector recently introduced the Transport Workers Identity Credential or TWIC. These two types of vulnerability may be reduced using biometric technologies.. 4.3 Personnel management Biometrics are also relevant in the personnel management area. there are several limitations of using biometrics for control of access to IT systems. many banks in Japan have installed biometric systems at their ATMs to combat identity fraud. most using iris. a user attempts to use a moulded fingerprint overlay to gain access to a system). System access could be controlled using biometrics. For instance. such as a picture of a face or iris). First. many foreign nationals are required to work on US bases. the Biometric Identification System for Access (BISA). technologies such as facial recognition. high FNMR due to poor fingerprint quality may negatively impact on usability). Information access control on computer systems is currently implemented by a combination of physical access control for terminals. fingerprint and iris scanning are appropriate.. An improved security system was required to ensure that the identity of all foreign nationals could be assured. and the impact of spoofing and other system vulnerabilities (i. In 2006. Continuing access could be controlled requiring the user to input their biometric (e. 4. This process removes the need for passwords.DSTO-GD-0538 • spoofing and other system vulnerabilities (e. unauthorised users may access the data on a network via unsecured software. Once again. and second. Physical access to terminals could also be regulated using biometric technologies such as fingerprint and iris.g.e.g. environmental concerns when used in the deployed environment (e. and logon identification with unique (and regularly changing) passwords. Given the complexity of the operation in Iraq. hierarchical access control in operating systems that restrict a user to software that he/she is authorised to use..

usability and user acceptance issues (i. the subject is cleared to proceed through the Customs control point. for instance. crowd management. which is then used for a range of personnel management and physical access functions.. for instance. Figure 37: Qantas aircrew member using a Smart Gate terminal 39 Biometrics also have application in the crowd management area. for instance.gov. and education sectors. can the database be compromised?). officials at a sporting arena in Amsterdam trialled the use of fingerprint scanners 39 www. uses hand geometry biometrics to enable frequent travellers to by-pass long immigration lines at several international airports through the United States and Canada (Wasem et al. welfare management. Limitations of using biometrics for personnel management include the security of the stored data (i. will staff be willing to accept the change. If there is not a successful match they would be referred to a Customs Officer for processing in the traditional. If there is a successful match.DSTO-GD-0538 employees and placing this and other identification data on a smart card. in addition to detainee management. SmartGate acquires a live image of a subject’s face and uses facial recognition technology to match the image with the digitised image stored in the subject’s ePassport. In Australia. The United States’ Immigration and Naturalisation Service Passenger Accelerated Service System (INPASS). The International Civil Aviation Organisation (ICAO) sets international standards in the industry and have recommended facial recognition as the primary biometric with iris and fingerprint as backup (but not compulsory). what contingencies are in place?). manual way.e.e. will staff trust the organisation to only use the biometric information for the intended purpose?). In January 2007. Other biometrics are also being used in the travel and tourism sector.customs.4 Identity management In terms of identity management there are a range of applications for biometrics in the travel and tourism.e. and the impact of system vulnerabilities (i. 2004). In the travel and tourism sector.au 35 . biometrics are now playing a key role in identity management. 4.. if the system was to fail. border processing is being automated by use of the SmartGate system (see Figure 37)..

in particular face. 2003). are also being used in the correctional system to track inmates when they move within or between different facilities (Miles & Cohn. security and privacy issues arise with each). 2006). and 40 http://www.e. specifically fingerprints. and to track persons of interest (Krane. Biometrics have been particularly useful in this area to overcome language and literacy barriers. The card has been distributed to some 80 million people across the country in a bid to better manage rationing and reduce fraud in the country’s welfare system (Ryan. Similar systems were also trialled during the 2006 World Cup in Germany. including: • • • acceptability. Biometrics. should it be stored on a database or on a smart card?. with many civil libertarian groups banding with parents and students to force institutions to offer alternative security arrangements to biometrics. ethical and cultural issues (i. Biometrics. There are several limitations of using biometrics for identity management. cost and maintenance issues (i.e. have been used by the military to manage prisoners of war and refugees. for those that protest (Deubel. have users been adequately educated. fingerprint and iris. is the system accessible and usable by all?). how will the system be funded. do they find the system acceptable.DSTO-GD-0538 to exclude known trouble makers from major football games (see Figure 38). 2007). the security of the biometric information (i. The Ration Card System in India combines a smart card with identification information and an iris biometric. Acceptance of biometrics in the education sector has been mixed. how will biometrics change with age/how often will new biometrics be required?).engadget. 2007).e. what maintenance will be required.com 36 . biometrics are being tied to school identity cards in a bid to reduce crime and fraud in schools.. In the education sector. Fingerprints and handprints are the most commonly used biometrics in schools to manage student identity.. Figure 38: Fingerprint scanner at a sporting arena in Amsterdam 40 Biometrics are also being used in welfare management. The need to manage detainees of any kind is crucial and biometrics have come to the fore in providing identity assurance in this area.

Biometrics could be used as an additional identifier of persons authorised to use such weapon systems. voice. Limitations include the impact of environmental conditions on the system’s ability operate effectively (i.e. Transport companies currently use work patterns to ensure that only qualified drivers use their trucks (Bolle et al. there are limitations here. it may be possible to include a biometric verification into the activation process to ensure that enemy forces could not use such systems. In addition. In those circumstances. In cases requiring extreme security.g. iris recognition would appear to be the most suitable technology. 2003). hand..e. such as machinery or vehicles. face or fingerprint recognition could be relatively easily incorporated in to the computers used in plant maintenance to ensure that the identities of qualified maintenance personnel can be verified. environmental concerns when used in the deployed environment (e. there would be a trade-off between FMR and FNMR. Biometric identity verification could be used to ensure that this occurs and that there is traceability in the event of equipment failure. a user attempts to use a moulded fingerprint overlay to gain access to a system). including the security of the stored data (i. 2004) to authorise a user to fire. and the impact of spoofing and other system vulnerabilities (e. As with other applications. due to the exceptionally low error rates claimed for the technology. 2004) and the US military has trialled biometrics for access control to vehicles (Woodward et al. Biometric identification would offer an additional safeguard in identifying valid persons to operate these systems. with a need to minimise FNMR). The United States Navy have recently integrated a fingerprint scanner into a prototype Advanced Tomahawk Weapons Control System with pleasing results (Wilson & Shank.g. Any technology used in this type of application would need to be quick acting and robust.5 Weapons or other sensitive technologies control Some forms of weapon systems have strategic as well as tactical implications and are subject to strict control measures to ensure that they cannot be used without proper authorisation. protective clothing 37 . can the database containing biometric information be compromised?). increasing the FMR (through decreasing the FNMR) may make the system easier to attack). The value of biometrics in this type of application would need to be balanced against the need for weapons to be available to other friendly forces in an emergency. 2005) or fingerprint or iris scans (Bolle et al. with error rates a secondary consideration to positive function (i. There may also be occasions where weapon systems require a high degree of training in order for them to be used safely and without risk to friendly forces. 4. Much research has occurred in the US into the smart guns concept that uses either dynamic grip recognition (Chang et al. In some circumstances.. Face. must be operated and maintained by appropriately qualified personnel.g. voice or fingerprint recognition could be considered for applications requiring lower security levels. 4. the use of certain protective clothing may impact on the ability of a sensor to capture a biometric of adequate quality to be able to verify a user).DSTO-GD-0538 • spoofing and other system vulnerabilities (e. or by accident.e. High quality fingerprints may also be suitable.. it may be feared that conventional arms could fall into enemy hands and be used against friendly forces.6 Management of major plant Major plant. 2001).

4. Speaker (or voice) recognition is another technology that 38 . using facial recognition software and a pre-prepared database of images of these persons of interest).g. image or data formats. and the impact of spoofing and other system vulnerabilities (e. or voice. 4. movement of such persons of interest can be tracked by monitoring biometrics used for other purposes. In stand-off recognition operations. In addition. usability and user acceptance issues (e. In all cases.g. Second. or combinations of these (multimodal option). Biometric verification in this application would be quick and accurate. there is a need to ensure that the data originated from a trusted source and is valid. orders and other time critical information. written information could be validated by recognition of handwritten signatures. Pankanti.e.. as is currently done by humans. law enforcement or financial sectors). Imaging is the most appropriate sensing technology for stand-off operations and the biometrics that may be applied include face. particularly noisy environments can wreak havoc on a speaker recognition system to function efficiently). As with other forms of biometric verification. This could be accomplished in a number of ways. Of these. there are a series of limitations such as the security of stored data at the receiver (could it be compromised and what would be the impact?). This could be checked against stored biometrics of people in authority for validation of the authenticity of the message.8 Counter-terrorism. but the others are still in varying phases of development (Bolle...g. but such a system would be dependent on the security of stored biometric templates at the receiver.. such as those used for banking or travel. counter-insurgency or stand-off recognition operations Biometrics are now providing an added ability to identify persons of interest. such as voice. The advantage of an automated system is that it may be more reliable than a human.g. a damaged sensor could render the whole system useless). Information may be transferred by a variety of channels and protocols. including electronic messages. face. biometric technologies could enable the identification of persons of interest at a distance (e. could be validated by including a biometric measure of the person who originated the message. iris.DSTO-GD-0538 may impact on the ability of the sensor to capture an adequate biometric). thermogram and iris. and the impact of spoofing and other system vulnerabilities (i. Ratha & Senior 2004). Connell. First. or near vulnerable facilities. Suitable biometrics would include fingerprint. for relaying information. particularly at border crossings.7 Communications (verification of electronic identification) Secure communications are essential to many sectors of society (such as the military. gait. with cooperative users) are well developed with known error rates. ear. information transmitted over audio links could be verified by incorporating speaker recognition software at the receiver with a gallery of known templates of authorised persons. the impact of environmental conditions on the system’s ability operate effectively (e. high FNMR due to issues with protective clothing may negatively impact on usability). data and images. the system could be compromised by an attack which denies service to all users which would have a major domino effect on related business). Third. face and iris systems (close-range.

many facial recognition systems still have difficulty with poor lighting. the system could be compromised by the use of a substitute biometric. such as a picture of a face or iris). Other emerging biometrics. DNA and fingerprint analysis can be used to identify both offenders and victims and this information can be stored on databases and used for later applications. challenges of the deployed environment (e.9 Forensic identification It is often necessary to identify individuals after a crime.e.. it is difficult to enrol many persons of interest in the more intrusive biometric technologies such as iris). particularly at a distance. 41 Yao et al (2006) 39 .g.. Biometrics have been providing this type of identification for centuries. As with the other applications. show some potential. as opposed to identification. but most research and development has occurred in support of verification.g. Like face.DSTO-GD-0538 is applicable. such as footprints. accident or military action. • • 4. for surveillance and watch list type operations. Figure 39: Facial recognition at a distance (50-300 m) 41 There are several limitations of using biometrics for support to such operations including: • limitations in the type of biometrics that can be used (i. although development of these modalities is still in its infancy. facial and voice recognition technology are the only tried and tested technologies currently available to use.. as is the case with the FBI’s database. the use of biometrics for forensic identification has limitations including the time required to analyse DNA samples and the challenges of crime and accident scene biometric collection. and the impact of spoofing and other system vulnerabilities (e. odour and physiometrics (biological signals). the need to carry more kit). it is well developed with known error rates. lips.

as would the use of a facial disguise to confuse a facial recognition system. The following sections discuss the vulnerabilities of biometrics and ways to mitigate against these vulnerabilities. privacy issues. a group of intruders uses a range of resources and combined effort to gain access to a system. Issues Like any technology.1 Security concerns . Identical twins may be able to confuse a facial recognition system in this way. or use of digital face images or digitised latent fingerprints. A person attempts to capitalise on a similarity in biometrics. 5. 40 . In organised attacks. Look alike. If a manufacturer sets a low fault tolerance limit then the security of the system is increased. if the manufacturer wants to make a system very user friendly. When developing biometric systems.DSTO-GD-0538 5. 2005). but there is a trade-off in doing this. Synthesised features. like any technology.e. While biometric technology is becoming more and more secure. Examples include a person using a moulded fingerprint overlay with someone else’s pattern embossed on it. On the converse. 2005) that iteratively changes the false data to achieve better match scores. but the system generally becomes a little less user friendly. Someone attempting to ‘sound like’ someone else by modifying his or her voice pitch and annunciation would be an example.biometric vulnerabilities Biometric systems. the security aspects of the system generally suffer as a consequence. A user attempts to copy the biometric of a true user. may be subject to attempts to bypass them. Zero effort attacks are those in which an intruder makes no effort to maximise the chance of success. an intruder may find (or steal) a smart card with a biometric and attempt to gain access to a system using their own biometric on the off chance that they will be successful. policy impacts. A number of vulnerabilities and possible areas of attack exist in biometric systems including: Mimic. A fake data stream is injected into the system as in the so-called hill climbing attack (Jain et al. Substitution or fake biometric. Attacks on biometric systems include zero effort. In such attacks. A user attempts to use a substitute input to the sensor. Ross & Uludag. similar hand size or facial features). its vulnerability to attack needs to be determined in any system application (Jain. minimal effort and group. as well as a range of other issues such as: usability and user acceptance. the use of biometrics carries with it some risks and issues. manufacturers are required to establish fault tolerance limits. health concerns. and integration and interoperability issues. Minimal effort attacks are like zero effort attacks accept that the intruder steals or gains access to a smart card belonging to someone with similar biometric characteristics to them (i.

modified and replayed to the system to gain access. Examples would be to introduce smoke or irregular lighting into a region where a facial recognition system was operating. If someone enrols in the system using fake identification to begin with. Database/communication corruption.g. In this case. for example). Replay attack. possibly providing unwarranted access. Roberts (2007) has defined the areas in a biometric system that can be attacked (some of which are described above) as threat vectors. by jumping a gate). The physical security surrounding a biometric device may allow a user to bypass the system (e. A fingerprint system could be confused by a greasy imprint to either cease functioning or function erratically. 41 . Disruption. This is where the system becomes overwhelmed and therefore denies requests for access (due to a power loss or physical damage. biometric data is captured. Some biometric systems retain the last few biometric records in their local memory. Some biometric systems rely on remote sensing. These are summarised in Figure 40. False enrolment. The parameters of the system (such as the error rates) could also be manipulated to severely impact on system quality and effectiveness. The operation of such a system could be severely compromised if an unauthorised user gained access to the database or the associated data links in order to falsify database information or corrupt it.DSTO-GD-0538 Sensor damage. or excessive background noise in the vicinity of a voice recognition system. Biometric systems suffer just as much from this type of problem as other security systems. This could be compromised and the data reused to gain access. A malicious user attempts to damage a sensor to prevent it functioning. and these systems would be vulnerable to disruption of the sensing process. System overrides. Reuse of residual data. Many biometric systems rely on a database as the primary source of reliable information. Avoidance. for instance. the biometric system has become compromised. The feature extraction module. could be interfered with to modify or manipulate data for processing. Denial of service. Various aspects of the biometric system could be modified.

cryptography. The adoption of biometric systems raises a plethora of issues. Each one of these architectural options should be assessed for risks. threats and vulnerabilities. hardware integrity. and wire snooping and replay attacks on facial. challenge/response mechanisms. 5. 2002). access to template/data store.DSTO-GD-0538 Figure 40: Biometric threat vectors (reproduced from Roberts. generic spoofing – artificial attempts. randomising input biometric data. Other successful attempts to thwart the system have also been studied. template integrity. 42 .1 Addressing biometric vulnerabilities Roberts (2007) summarised a number of successful defences against the biometric vulnerabilities mentioned above including risk analysis. 2007) Biometric system vulnerability is a significant issue. Krissler & Ziegler. with considerable success. physical security. including extensive work by the Communications-Electronics Security Group (CESG) in the UK under their biometric vulnerabilities assessment program (Gordon & White. decisions regarding biometric template storage and the location of matching algorithms. multiple biometrics. in addition to other system and storage elements. easy/weak template generation. For instance. activity logging. a group of researchers in Germany tested eleven biometric systems to ascertain their vulnerability to tampering. compliance checking and policy. Many researchers have deliberately set out to tamper with a range of biometric technologies. cancellable biometrics. For instance. While none of the systems were designed for a highsecurity environment. fingerprint and iris software being considered for use in the UK government. mimicry and fakes. CESG have used these vulnerability assessments to design a series of countermeasures tailored to the various biometrics technologies being implemented. soft biometrics. all of them could be tampered with and outwitted using items commonly available in an office stationary cupboard (Thalheim. liveness detection. multimodal biometrics. CESG have simulated casual impostor/zero effort attacks.1. leads to a range of possible architectures. 2007). network hygiene.

the so called threat vectors (Roberts. at lunchtime it could request your iris for verification). The variable N represents the expected number of genuine users and intruders. represent the average costs associated with true and false matches and nonmatches for genuine users and intruders respectively. Griffin (2004) has proposed a quantitative cost/risk/threat analysis model for biometric technologies that incorporates the costs of false matches and non-matches as well as the probability of imposters or attacks. including costs of damages caused by impostors who achieve a false match. The probabilities. put their finger on the sensor). associated with a biometric system. Risk assessments can be performed using a range of preexisting risk management frameworks and standards for IT systems. In the military context a false non-match could have a large opportunity cost if a genuine user is prevented from operating a system at a critical time.g. For users who have enrolled multiple biometric samples (such as three different fingers or fingerprint and iris) the input biometric required for verification could be randomised (e. The cost coefficients. Some of the more common defence mechanisms available to overcome vulnerabilities in biometrics are summarised below. are functions of the chosen threshold. Challenge/response defence mechanisms in biometrics prompt the user (at certain time intervals or in response to a certain stimuli or absence of stimuli) to re-verify (e. 43 . If the intruder count is small the introduction of a biometric system could cost more than the damage it is trying to prevent. 2003) as well as the particular points at which a biometric system can be attacked. False non-matches could be particularly costly. and test and evaluation planning. P. By incorporating the threat of attack into the risk analysis. with the usual trade off between FMR and FNMR. compared with a baseline cost.. threat models can be used as the basis for design. There may also be fixed initial and ongoing costs associated with introducing and maintaining a biometric system. Johnson & McLindin. and the additional costs incurred by a false non-match.DSTO-GD-0538 Selection of appropriate defences to overcome the range of biometric vulnerabilities can then be aided by this risk analysis. c. cintruder . There could be a deterrent effect accompanying the introduction of a biometric system which could change the impostor count. 2007). The equations below represent a simple model of the costs. in the morning a door might request your index fingerprint. The equations could be modified to include explicit representation of time by giving rates instead of absolute values for numbers and costs.g. C system = (c FNM PFNM + c TM PTM )N genuine + (c TNM PTNM + (c FM + cintruder )PFM )N intruder + C fixed C baseline = c intruder N intruder Cost coefficients for genuine users should include opportunity costs to account for time spent interacting with the biometric system. It is important to also thoroughly understand the sophistication of the potential attackers (Graves.. The vulnerabilities of the biometric technology itself should not be the only consideration in such a risk assessment. C. for example when a hostile aircraft is fleetingly vulnerable to an air defence system. policy development.

the amount of learning or practice to achieve this level of performance is appropriate. 2003). biometric cryptosystems still have a variety of issues to be addressed before they can be faultlessly applied in an operational setting (Uludag. height. user satisfaction. They combine biometrics and cryptography. To be effective. Physical security (the management of access to biometrics systems and stored data) and activity logging (such as repeated failed access attempts) are also key defence mechanisms against spoofing and attack. combining iris with fingerprint or multiple representations of the same biometric i. 5. Like many of the defence mechanisms in development. the system does not place any undue physical or mental strain on the user. Connell. According to Shackel (1975). biometric systems also have a human component. such as the combination of a smart card with a biometric. In terms of accuracy of biometric systems. Multimodal biometrics (i. enabling all biometric matching to occur in the cryptographic domain. Cancellable biometrics slightly modify the biometric data at the feature extraction stage (Ratha. Pankanti. Chikkerur. Performance is measured in terms of effectiveness and efficiency (i. for example). and cost.e. and users are satisfied with the experience of interacting with the system.2 Usability and user acceptance In addition to the technical component. there is always a trade-off between security (minimising false matches) and 44 . Soft biometrics (such as weight. Multi-factor verification. algorithm development (to embed dynamic features into an image. Jain. age. As Martinez-Diaz et al (2006) showed. Hao. Examples of liveness detection include blinking of eye.e. biometric systems need to be usable and accepted by users (Sasse. 2004. there is always a trade-off between minimising both the number of false matches (the FMR) and false rejects or non-matches (the FNMR). 3 fingers) adds a level of complexity and further deters would-be attackers and defence against spoofing.. Usability of biometric systems is often assessed on three criteria: performance of the system. Schuckers (2002) and Sandström (2004) provide a range of examples of liveness detection. Prabhakar & Jain. Biometric cryptosystems are gaining popularity. Other work is ongoing in areas such as steganography (embedding biometric information in benign host images to enhance security). Anderson and Daugman. the speed and accuracy of both enrolment and verification). 2007). moving eye from side to side or pulse. gender and ethnicity) could also be stored on a database and used as further evidence to support verification. & Bolle. and distortion functions (that can be used to generate cancellable biometrics). Ross & Uludag (2005) have reported work ongoing in the use of cryptography to enhance the security of biometric systems. 2006).DSTO-GD-0538 Liveness detection is used to ensure that the biometric sampled is from a live person. storing a user’s biometric template and matching algorithm on a smart card can be done without compromising security and is highly resistant to attack (due to the cryptographic element). When a stored template is compromised the current (compromised) template is cancelled and replaced with a new one thereby assisting in recovery after an attack. That is. increases the level of complexity again. a system is usable if the intended users can meet a desired level of performance operating it.e.

This may be due to either procedural.. someone with injury or scarring to their fingers may not provide usable fingerprints. There are two additional error conditions specific to biometrics: failure to acquire (FTA) and failure to enrol (FTE). 42 Ashbourn (2005) 45 . from a user perspective. FTA refers to the percentage of the target population that does not possess a particular biometric or does not deliver a usable biometric sample i. Ashbourn (2005) has identified a range of reasons for FTA and FTE and these are summarised in Table 6. Patrick (2004) found the biometric systems with the highest levels of user satisfaction were those that were accompanied by training and feedback so that users could better understand the technology and use it properly.DSTO-GD-0538 usability (minimising false non matches). although this is dependent on the number of records that have to be searched to find the match (Simpson. The time taken to enrol and the time taken for the system to match a user are also key factors in usability of biometric systems. the efficiency of the biometric system). It is important to understand the impact on users and their feelings about the technology (e. face and iris) take less than 1 minute to enrol a user (fingerprint and face typically less than 30 seconds) and matching can take less than a second. 2007).g. in line with equity and diversity principles. hygiene concerns when making contact with a fingerprint scanner. social or technology issues. FNMR can have a significant impact on throughput time (i. Biometric degradation issues (such as age and environment) can greatly impact on performance. It is important. Table 6: Factors that impact on biometric system usability and performance 42 System Issues Template ageing (all systems) Demographics Age (all systems) Ethnic origin (all systems) Gender (all systems) Occupation (all systems) User Physiology Facial hair (face systems) Disability and disease (all systems) Fingernail length (hand or fingerprint systems) Eyelashes (iris systems) Fingerprint condition (fingerprint systems) Height (all systems) Iris colour intensity (iris systems) Skin tone (face or iris systems) Change in weight (face or hand systems) User Behaviour Accent or dialect (voice systems) Expression.e. particularly time taken to enrol. to show that the biometric system is inclusive of all users (or should outline how it will deal with those users who will be difficult to enrol). FTE refers to the percentage of the target population that cannot be enrolled.. and hard to understand instructions from an administrator perspective). intonation and volume (voice systems) Facial expressions (face systems) Written language (signature systems) Misspoken or misread phrases (voice systems) Movement (all systems) User Appearance Bandages (hand. Most leading biometric technologies (such as fingerprint.e. or fingerprint systems) Clothing (all systems) Contact lenses (iris systems) Cosmetics (face systems) Glasses (face or iris systems) False fingernails (hand or fingerprint systems) Hairstyle or colour (face systems) Rings (hand or fingerprint systems) User satisfaction is the subjective assessment of the performance of the system from both a user and administrator perspective. face.

that it cannot be copied or changed) and that it will only be used for its intended purpose. There are many aspects of a biometrics system that may be unacceptable to users. was a key factor in the success of their project (Riccardi. 2003).2). systems have to be safe to use and should not induce worry or stress.3 Health concerns The capture of biometric information in authentication systems involves the interaction of a user with a machine (e. chances for mistaken identity. acquisition of hardware and software) and operational related (e. enhanced security aspects and enhancing the chain of trust) and more will no doubt come to light with further evaluation. They broke costs down to deployment related (e.DSTO-GD-0538 A cost benefit analysis should also be performed to assess the user costs and benefits. 2003). 5. Griffin (2004) has developed a quantitative cost/risk/threat analysis specific for biometric systems that may be applicable. maintenance and replacement costs) (Wilson & Shank. Good education programs can help to assure users that they are at risk and a commitment to good security behaviour reiterates this (Sasse. as well as the security costs and benefits of the system. in extreme cases.g.g. p. Users need to believe that the biometric system is more convenient to use than previous systems and works correctly. Unhappy users can slow down the system. Health concerns surrounding the use of biometrics are directly related to the contact nature of some sensors (such as fingerprint 46 . The US Navy. simply looked at the costs of a verification system in general and compared the existing verification system with a biometric one. Users need to know that their biometric data is safe (i. • • A recent large scale biometrics project in the Italian MoD demonstrated how user acceptance had a wide ranging influence on some of the practical choices the project managers made and.e. a high level of false rejects or nonmatches would negatively impact on user acceptance of the system. 2005). when assessing the costs of integrating biometrics with a tactical weapons system. 2007).. To avoid negative user cost. Some of the benefits of incorporating biometrics have been discussed previously in this paper (e. According to Bolle et al (2004) three key factors contribute to user acceptance in biometric systems: • Users need to believe that there is a credible need for increased security. Peticone & Savastano. a user may be required to touch a sensor and that sensor may send some radiant energy towards that individual). User costs relate to ‘the physical and mental effort required to interact with a system’ (Sasse. sabotage the system (Sasse. cause errors or. as a consequence. time to administer.g. or the data being used for alternative purposes are of concern to some users. privacy and safety concerns. For instance. It takes the traditional cost benefit analysis a step further to incorporate risks and threats.g. economic costs and benefits. Economic costs relate to the resource expenditure and security costs relate to the impact on security of the introduction of a biometric system. User acceptance is imperative for any system to be efficient and effective (Spence. As previously discussed. 2003.. 2004). Factors such as safety of the equipment (concerns about contamination or eye damage). Users need to be able to trust that their data is held securely and used only for its intended purpose.

DSTO-GD-0538 scanners) and the possibility of those sensors being contaminated with germs from previous users.4 Privacy issues Biometric systems are by nature invasive of privacy since they make it possible for authorities to track users while they go about their lawful business (Ashbourn. ‘What may represent a real risk to the vendors and to the biometric community is casual or intentionally distorted information on medical risks from biometrics spread indiscriminately by the media’ (CESG.jfkiat. Research has shown that the health risks associated with the use of biometrics are negligible and similar to the health or contamination risks experienced in everyday life (Bolle et al. Privacy concerns can be real or imagined and a user’s perception of the invasiveness of biometrics will impact on their acceptance of the system (Sasse. In addition. and accreditation of systems will help to reassure users that the risks are minimal and in line with those experienced in everyday life. the majority of the DoD’s biometric applications. Table 7 presents a framework that the US DoD have recently recommended employing to help assess the potential privacy impact of their biometric programs (DSBTF. regular safety testing. 5. studies on the Iridian Technologies iris scan systems in use at the John F Kennedy Airport in New York found that their irradiance (the amount of energy per unit time per unit area) was way below the maximum allowed limits for the prevention of heating of the cornea and their radiance (amount of energy per unit time per unit solid angle per unit area in the direction of travel) was also way below the maximum allowed limits to prevent thermal damage to the retina (http://www. 2007). 2007). 47 . particularly those relating to identity management.htm). fall into the right hand side of the framework (i. As the Defense Science Board Task Force (DSBTF) evaluation highlighted. towards the greater risk of privacy invasiveness). some users also have concerns about the amount of radiant energy they may absorb during the capture process from some sensors. 2004).. 2005). 2003). As with health concerns. privacy concerns related to the use of biometrics continue to be a favourite topic for media hype.e.com/Iris%20Scan/Iris%20scan%20Health. For instance. Touching a biometric sensor has been likened to touching a door knob and the levels of radiant energy emitted from many sensors have been shown to not be harmful to users. A commitment to education.

Verification systems (where the system performs a 1:1 check) are less likely to be invasive of privacy compared with identification systems (that perform 1:N checks). Is the deployment public or private sector? 6.htm): • • • • • Biometric systems that are overt. Customer Enrolee Personal Storage Behavioural 1.bioprivacy. Is the system used for identification or verification? 4. What type of biometric technology is being deployed? 10. Of particular concern for many users is the 43 www. In what capacity is the user interacting with the system? 7. Does the system utilize biometric templates. and used are perceived to be less invasive of privacy than covert systems. or both? Covert Mandatory Identification Indefinite Public Sector Employee. Biometric systems deployed in the public sector are viewed as more invasive of privacy due to their perceived potential for abuse and ability to be connected to other Government departments or databases. Citizen Institution Database Storage Physiological Templates Images According to the BioPrivacy Framework (www. but those designed to secure logical or physical access are unlikely to reduce personal privacy.org/bioprivacy_text. stored. Is the system optional or mandatory? 3. biometric images.org 48 .bioprivacy. Who owns the biometric information? 8. Biometrics systems that are mandatory tend to come under more suspicion or scrutiny than those that are optional simply because they are imposed on users. Where is the biometric data stored? 9. where users are aware that data is being collected. Are users aware of the system's operation? 2. Biometric systems deployed indefinitely do tend to arouse more suspicion. Is the system deployed for a fixed period of time? 5.DSTO-GD-0538 Table 7: BioPrivacy Application Impact Framework 43 Lower risk of privacy invasiveness Greater risk of privacy invasiveness Overt Optional Verification Fixed Period Private Sector Individual.

being copied. Systems that give the user complete control of the storage. even in template form. being copied. even in template form. and other technologies. Such education and policy needs to include a well-defined vision and set of objectives for the application of biometrics. biometric systems that opt for database storage of information are more liable to be abused or attacked than those that store biometric information locally (such as on a smart card). used for another purpose or stolen is enough to raise privacy concerns for many users. 2007). Employees are inevitably mandated to use biometric systems and privacy concerns include those such as function creep. The following are some of the key technical considerations that will need to be made: Template storage issues – should the biometric information (template) be stored on the smart card exclusively or in a database (in support of the chain of trust)? What are the associated security and privacy issues? 49 . scenario and operational evaluations can help to achieve this).5 Integration and support requirements It is important when embarking on any major project to understand the impact that it will have on the wider system environment: the people. Linked to the above. such as the deployed military environment (International Biometric Group. processes. Contrary to the claims of many vendors. 2007). This is particularly true when the requirement is to authenticate hundreds or thousands of users in complex environments. biometric technologies are not very adept at plug and play (Kaplan. The benefits of using biometrics over other systems must also be discussed and the policy should demonstrate how the use of biometrics is the best solution (technical. It is imperative that any introduction of biometrics is accompanied by policy. policies. changed or stolen is enough to raise the privacy concerns for many users. 2007 and UKBWG. The perceived risk of personal information. Biometric systems where institutions maintain ownership of a user’s biometric data raise a range of privacy issues. changed. very difficult to change or mask and can be collected without user compliance. use and disposal of their biometric data (such as storage solely on a smart card) are less likely to raise privacy issues. sometimes referred to as function creep. by their nature. This raises privacy concerns for users.DSTO-GD-0538 • • • • • impact that policy changes may have on the availability of their personal data. 5. The decision to retain identifiable biometric images obviously raises more privacy issues compared with the decision to store templates only. Employees need to be informed and their consent obtained when changes are made to the system or the way their biometric data may be used. Physiological biometrics are. It should be noted though that many users still do not understand the difference between a biometric image and template and this is where education is important. and education and training that cover the privacy aspects of the technology. The addition of biometrics to a verification system will require the addition of new hardware and software and possibly involve changes to pre-existing hardware. To reiterate. 2002). Although the chance of biometric templates being reverseengineered is slight. the risks should never be underestimated (Roberts. the perceived risk of personal information.

DSTO-GD-0538

Computer resources – what computer resources will be required to support sensors and matching algorithms? Maintenance – what are the maintenance requirements of the chosen biometric system? What implications do these have in terms of cost and time, and who is responsible? Contingency planning – in the event of technology breakdown what contingency plans need to be developed? If the technology fails, what backup methods could be used (e.g., use picture on card only?) Who is responsible for developing these? Upgrades – as with any technology, biometric technology will require system and sensor upgrades from time to time. What implication does this have in terms of cost and time, and who is responsible? In addition, as the algorithms underlying the biometric systems will also require upgrades, what will be the impact of such upgrades? What will be the backwards and forwards compatibility issues? Testing/evaluation/compliance testing – Who will conduct testing and evaluation of the biometric system? Who will be responsible for ongoing compliance testing on the system?

5.5.1 Education and training
Increasing user awareness through education and training has been shown to increase user acceptance of biometrics (Riccardi, Peticone & Savastano, 2005; Ashbourn, 2005). A world-wide study commissioned by Unisys Corp in 2006, found that 66% of consumers supported the use of biometrics for identity verification (which was a significant improvement on previous studies). Respondents from the US and Canada supported biometrics for identity verification more than any other region (over 70%), although the Asia Pacific region also showed good support (68%). The researchers concluded that the reason for the significant change in acceptance was the level of education ongoing in the field. Besides formal training programs, Unisys cited other methods, such as daily reminders of biometrics through posters and login messages, and articles in relevant publications, as being integral to user awareness and acceptance (Unisys, 2006). It is important to note that education and training can start before biometrics have even been implemented. Green and Romney (2005) surveyed 200 employees from the education, technology and public service sectors about their feelings towards biometrics. Responses were very negative, with security (regarding data storage and access), and privacy concerns the dominant issues. Respondents were then invited to take part in an online technology briefing about biometrics with a focus on security, safety, and privacy issues after which they were surveyed again. Significant differences were found between the initial survey and the second one, enabling the researchers to conclude that education has a positive impact on the perceptions of biometrics. Training has also been found to be a key in meeting expectations about manufacturer’s performance specifications. Wilson and Shank (2003) found that by training users (through a formal classroom briefing followed by close supervision during enrolment, to provide users with guidance) they were able to ensure they stored good quality templates and minimised error rates as a result. The media hype regarding health issues associated with the use of biometrics could also be addressed in training and education programs, as could the many privacy concerns. ‘An informed, aware user is probably one of the key factors contributing to a successful real-world deployment of biometrics’ (CESG, 2007).

50

DSTO-GD-0538

5.6 Evaluation requirements
In order to better understand the strengths and weaknesses of biometric systems, particularly their real-life performance in a variety of contexts, it is crucial that any system under consideration is subjected to a rigorous evaluation process (Phillips, Martin, Wilson, & Przybocki, 2000). Evaluations of biometric systems generally fall into three categories: Technology evaluations test the biometric systems off-line, using data that has not been seen by the algorithm developers in order to compare competing algorithms from a single technology. Scenario evaluations evaluate the biometric systems in a simulated real-world environment in order to determine overall system performance in the simulated environment. Operational evaluations employ a biometric system in a real world environment to determine if it is sufficiently mature to meet operational performance requirements (Mansfield and Wayman, 2002). In addition to these three categories of evaluation, vulnerability assessments are also essential, particularly in highly secure environments. It should be noted that such evaluations and assessments do not replace the need for ongoing compliance checking or red-teaming of the chosen biometric system (Roberts, 2007). DSTO has developed techniques for analysing the characteristics of biometric systems, for verification purposes, in operational settings, for both Defence and other Government departments. This involves consideration not only of technical factors but also the conduct of trials in the operational setting. This approach takes into account a large number of the variables (e.g., environmental factors such as lighting, human behaviour such as crowding and organisational processes) that influence the performance of biometric systems in realworld applications. In addition, DSTO have identified work process considerations and other human factors issues (such as usability) that effect the introduction of the technology (Kaine, 2003).

5.7 Interoperability issues
Any decision to adopt biometrics also needs to take into account the range of interoperability issues that such a decision presents. Interoperability issues will exist locally, nationally and internationally and involve the examination of hardware and software, data formats, and guidelines. Given the substantial growth of the biometrics market and interest in the technology, many industry standards have emerged to cover a range of biometric technologies and issues. Standards help to increase the quality and competitiveness of the market, while enabling interoperability across jurisdictions, both nationally and internationally. While the US currently has the lead on developing biometric standards, there is much work ongoing in Europe (see http://www.eubiometricforum.com), and standards are also currently being developed in Australia (led by Standards Australia and the Australian Government Information Management Office or AGIMO). In addition, Australia also has representatives commenting on the key set of international standards for the implementation of biometrics, namely ISO/IEC JTC1 SC37 (http://isotc.iso.org). Many

51

DSTO-GD-0538

other countries are developing their own standards, both on a country-wide and sector by sector basis. For instance, the US DoD is working closely with the National Institute of Standards and Technology (NIST) to ensure biometric standards are reflecting the intricacies of the military environment. It is vitally important that the biometric standards of others be taken into account to facilitate interoperability.

6. Conclusion
In recent years automated biometric systems, such as facial, fingerprint, and iris recognition systems, have been developed to facilitate a range of functions broadly categorised as verification, identification or watch list functions. Such automated systems offer advantages over current strategies, including the elimination of fatigue effects associated with human performance and adding the possibility of measuring features (e.g., iris pattern) that cannot be readily sensed by humans. Biometrics have been successfully applied across a range of procedures and processes to enhance security including physical and logical access control, management of major plant and machinery, weapons control, identity management, and personnel management. The decision to introduce biometrics should not be taken lightly. Automated biometric systems need to be seen as an adjunct to existing systems, adding to techniques already used, and organisations contemplating the adoption of biometric technology need to understand that there are a range of issues that should be addressed. Privacy and security concerns need to be addressed early and have multiple policy implications (security, identity management, and privacy policies etc.). In terms of security, the vulnerability of biometric systems to attack should be determined in any system application, and any system under consideration should be subjected to a thorough vulnerability assessment, including analyses of system vulnerability, attacker profiles, and threat vectors. The decision to adopt biometrics should also be subject to a usability and user acceptance study, and the privacy issues of introducing biometrics should be noted and addressed in relevant policy. A training and education package to accompany the introduction of biometrics should also be considered. The introduction of biometrics brings with it a range of integration and support requirements that should also be addressed, specifically those relating to interoperability. Common standards, data formats, guidelines and evaluation programs should be developed or adopted to take into account the various biometric standards and frameworks already in place. Finally, biometric systems should only be considered where they add significant operational advantages to an existing capability. The future appears lucrative for biometrics. With annual global biometrics revenues projected to grow from $2.1 billion in 2006 to $5.7 billion in 2010 and with inspection of patent databases uncovering a range of new and exciting applications, biometrics truly appear to be living up to the tag applied to them by the MIT Technology Review in 2001 as one of the ‘top ten emerging technologies that will change the world’.

52

NK & Senior. DSTO-GD-0356.DSTO-GD-0538 7.uk/site/ast/index. 53 .cesg. B & Salah. last accessed 27 March 2007. Bourlai. A. B. CESG (Communications-Electronics Security Group) 2007. Management Summary 07: Health and Safety Issues in Biometrics.es/docs/LIBE%20Biometrics%20March%2005/SocialImplicati ons_Ashbourn.jrc.technologyreview. Springer. last accessed 27 March 2007.gr/Eusipco2005/defevent/papers/cr1899. Connell.pdf. Evzin. HE. L.org/iel5/9716/30678/01421480. R. References Akarun.pdf. Kryszczuk. last accessed 27 March 2007.upf. T. http://www. Blackburn. I.ieee. D. Smith. http://www. September 4-8. B & Sunde. last accessed 27 March 2007. V. Gokberk. K 2006. Turkey. background paper for the Institute of Prospective Technological Studies. Butavicius. G. ‘Discriminative Lip Motion Features for Biometric Speaker Identification’. E & Tekalp. BioSecure: Biometrics for Secure Authentication Report. New York.it/~bista/papers/papers-download/mocviatocfinal. European Commission. http://www. J 2006.cilab. Bolle. Kittler. ‘Smart cards with built-in fingerprint scanners’. AW 2004. Ratha. http://ieeexplore. Hemming. last accessed 27 March 2007. Y. AM 2004. Bullis.unich. Biometrics to Enhance Smartcard Security. last accessed 20 July 2007. Drygajlo.edu/biosecure1/public_docs_deli/BioSecure_Deliverable_D081-2_b2. S. Yemez.com/Biztech/17040/. M. J. ‘3D Face Recognition for Biometric Applications’.pdf. Cetingul. Prodanov.cfm?menuSelected=4&subMenu=4&display Page=407. Biometric ATMs in Japan: Fighting Fraud with Vein Pattern Authentication. http://www. Ivancevic.com/PressReleases/20060329(2)/BiometricsJapan. last accessed 30 April 2007.htm. A. Johnson. http://cybersecurity. Guide to Biometrics. K. http://www. AA 2005. JH.sci. Kaine. The social implications of the wide scale implementation of biometric and related technologies.uoa. T. MIT Technology Review. F 2003. McLindin. Pankanti.arehna. Antalya. Proceedings of the 13th European Signal Processing Conference (EUSIPCO).celent. Graves.di. Bella. Bistarelli. http://www. RM. P & Richardi. J 2003. S & Martinelli. J 2005. Ashbourn. 2005. Sevilla.pdf. last accessed 27 March 2007. Biometrics Technology Review 2002. K. Proceedings of the 2004 International Conference on Image Processing (ICP). Celent 2006.pdf.gov. Meaney. DG JRC.

2005. 7. 8. Chen. Bowyer.thejournal. Sebastian. Proceedings of 31st Annual Conference of IEEE Industrial Electronics Society. pp.ieee. no. http://www. last accessed 27 March 2007. DSTO (Defence Science and Technology Organisation) 2007. http://www. Damousis. vol.org/iel5/34/30436/01401913. ‘Biometrics in K-12: The Legal Conundrum’. ‘Enhancing handgun safety with embedded signal processing and dynamic grip recognition’. 54 . March 2007. NZ_AU Presentation.DSTO-GD-0538 Chang. last accessed 12 April 2007. MP & Sands. last accessed 27 March 2007. ‘Unobtrusive Multimodal Biometric Authentication: the HUMABIO Project Concept’ Journal on Advances in Signal Processing. 2. EF 2006.pdf. T. Gomez. KI. Gordon.org/bc2006/presentations/Wed_Sep_20/BSYM/20_Chen_res earch. Chang. last accessed 27 March 2007. ‘Radar Technology for Acquiring Biological Signals’. last accessed 27 July 2007. M.isaca.org/Template. DSBTF (Defense Science Board Task Force) 2007. A. no. 10-14. Liska. http://www. DSTO Edinburgh. Down.jsp?arnumber=1049223. last accessed 27 March 2007. The Journal of Credibility Assessment and Witness Psychology. http://www. Cheng. pp.osd. 27(4). Jain. CM. last accessed 12 May 2008. J 2001 ‘Non-Contact Lie Detector using Radar Vital Signs Monitor (RVSM) Technology’. ‘Biometric Identification System by Lip Shape’. D & Shishkin. http://ieeexplore. C 2007. Challenges and Control Considerations’. Chen. D 2005.. MA 2002. CESG Biometric Programme. E. Y. Information Systems Control Journal.pdf.org/xpls/abs_all. G & Diaz-Santana. November 6-10. Deubel. 127-134.H. Traviesco. Report of the Defense Science Board Task Force on Defense Biometrics. M. Proceedings of the 36th Annual IEEE International Carnahan Conference on Security Technology.G.1155/2008/265767&e=ref. EF & Geisheimer. Journal.mil/dsb/reports/200703-Biometrics. E 2006. I.cfm.E. KW & Flynn. SmartGate Series One Factory Acceptance Testing Eragny. 16. http://ieeexplore. Cody. PJ 2005. M. T.com/articles/20494. Z. SA (RESTRICTED). B.hindawi.aspx?doi=10. vol.cfm?Section=Home&CONTENTID=21337&TEMPLA TE=/ContentManagement/ContentDisplay.pdf.acq. Parziale. E. Greneker. ‘Biometrics: An Overview of the Technology. P 2007. Greneker. http://www. IEEE Transactions on Pattern Analysis and Machine Intelligence. 619624.biometrics.ieee. Tzovaras.com/GetArticle. Briceno. IEEE Aerospace and Electronic Systems Magazine. RJ 2004. DSTO-TR-2036. ‘An Evaluation of Multimodal 2D+3D Face Biometrics’. N & White. 3D Touchless Fingerprints. France. 2008. pp. Recce. JC & Ferrer. & Bekiaris. D.

U 2005. Identix Research. last accessed 27 March 2007. Kaine. Antalya. Dominican Republic. 2006-04-01. Andersdon. Griffin. ‘The Impact of Facial Recognition Systems on Business Practices within an Operational Setting’.DSTO-GD-0538 Graves. AK. 1st Working Draft 24714. 1081-1088. pp. Prentice Hall. November 2003. ISO/IEC JTC 1/SC 37 Biometrics 2004.biometricgroup. R & McLindin.org/iel5/10436/33131/01560332. P 2004. 2004.pdf?arnumber=1560332. 2007. ‘Combining Crypto with Biometrics Effectively’. February 26 – March 1.html. R. ‘Understanding the impact of federal credentialing programs’. Hogg.ieee. 2005. http://ieeexplore. 55(9). Croatia. New York. IEEE Transactions on Circuits and Systems for Video Technology. June 16-19. pp. ‘Establishing public confidence in the security of fingerprint biometrics’. last accessed 9 May 2007. Ross. Kaplan. 2003. ‘An Introduction to Biometric Recognition’. ‘Biometric Template Security: Challenges and Solutions’. Proceedings of the 4th Australian Information Warfare and IT Security Conference. Hamilton. Systems Integration. Information Technology – Biometric performance testing and reporting.com/core_capabilities. A 2003. http://www. Jain. Part 1 – Principles and Framework. 20 March 2007. Miami. Proceedings of the 25th Conference on Information technology Interfaces ITI 2003. 2005. September. Adelaide. http://scmagazine. I. International Biometric Group 2007.com/us/news/article/644931/from-infosec-2007-effective-biometricssolutions-face-hurdles-widespread-deployment/. September 4-8. American National Standards Institute. ‘From InfoSec 2007: Effective biometric solutions still face hurdles before widespread deployment’. GW 2005. Proceedings of the 13th European Signal Processing Conference (EUSIPCO). 6th Edition. Jain. Turkey. A & Uludag. D 2007. July 7-9. Ross. 14(1). Green. ‘Problems with False Accept Rate in Operational Access Control Systems. 129-135. Hao. J 2006. F. A & Prabhakar. A. last accessed 27 March 2007. Florida. The Winter 2007 Biometrics Summit. IEEE Transactions on Computers. Proceedings of the 6th International Conference ITHET. RV & Tanis EA 2000 Probability and Statistical Inference. 55 . pp. S 2004. W 2007. Juan Dolio. & Daugman. ISO/IEC 19795-1-2006 2006. Biometrics – Technical Report on Cross Jurisdictional and Societal Aspects of Implementation of Biometric Technologies. 4-20. N & Romney. Cavtat. B 2003. SC Magazine. Predicting performance of fused biometric systems. Johnson.

Saddam Loyalists’. Ortega-Garcia.cfm?DocID=1391. http://www. JA 2006.pdf.gov/netacgi/nphParser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearchbool. Special Operations Technology Online Archives. http://www.lut. M 2006. last accessed 27 March 2007. T 2005. Krane.TI. http://multimedia. 56 . Multimodal Biometrics: A more secure way against Intruders. http://www.it. M 2003. Personal identification method and apparatus using acoustic resonance analysis of body parts. Z 2003. Best Practices in Testing and reporting Performance of Biometric Devices. http://www. 4(3). last accessed 27 March 2007. last accessed 27 March 2007.&OS=TTL/. F. JL 2002. http://patft. Martinez-Diaz. Korotkaya.usdoj. J. Khan.S Military Compiles Biometric Database On Iraqi Fighters.informationweek. ‘Multimodal Biometric Identification for Large User Population Using Fingerprint.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=%22Personal+identification+method +apparatus+using+acoustic+resonance+analysis+body+parts%22. Kentucky. CA & Cohn.uk/site/ast/biometrics/media/BestPractice. J 2003. Information Week. Kuester.DSTO-GD-0538 Kauchak. Military Multi-modal Biometric System Analysis. ‘Hill-Climbing and Brute-Force Attacks on Biometric Systems: A Case Study in Match-on-Card Fingerprint Verification’. last accessed 27 March 2007.fi/kurssit/03-04/010970000/seminars/Korotkaya. University of Adelaide.ece. NPL Report CMSC 14/02. October 16-20. AJ & Wayman. last accessed 27 March 2007. N 2006.special-operations-technology. Proceedings of the 34th Applied Imagery and Pattern Recognition Workshop (AIPR05).edu/FIT03/Day-2/S11/p3.cesg.uspto. http://www. last accessed 20 July 2007. M.gov/nij/journals/253/tracking. Siguenza. 2006.html. Lexington.com/article.com/article/320. last accessed 27 March 2007. ‘A Multimodal Future’. thesis in partial fulfilment of Master of Psychology (Organisational and Human Factors). Alonso-Fernandez. Mansfield.gov. Ko. Fierrez-Aguilar.pdf.uic. ‘U. http://www. Koenig P 2002. Biometric Person Authentication: Odor.jhtml?articleID=9800069&ls=T W_051403_fea&fb=20021204_security.pdf.com/story/showArticle.findbiometrics. Miles. J. US Patent 6724689. JP 2006. last accessed 10 May 2008. I 2006. Khan. Vein Pattern Recognition – Biometrics Underneath the Skin.ojp. ‘Tracking Prisoners in Jail With Biometrics’. Proceedings of the 40th Annual IEEE International Carnahan Conference on Security Technology. Face and Iris Recognition’. NIJ Journal 253.

N. M 2007.pdf. 69(A): 541–551.edu/Publications/Reprints/LAH517. Schott. last accessed 5 April 2007. 335. ‘Generating Cancellable Fingerprint Templates’. Roederer. last accessed 27 March 2007. Proceedings of the Eighth International Conference on Document Analysis and Recognition (ICDAR'05). Nixon. pp. Computer. Multi Biometrics Grand Challenge Kick-Off Workshop. last accessed 27 March 2007.stanford. Mizukami.html. Chikkerur. ‘Biometrics for massive access control – traditional problems and innovative approaches’.nrc-cnrc. AJ. http://www. WT. last accessed 27 March 2007.securitymanagment.nist. http://face. Cytometry Part A. A. Bowyer. 47(11). 57 . ‘Form Factors for Mobile Computing and Device Symbiosis’.pdf.com/library/001697. ‘Brain-computer Interfaces: Where Human and Machine Meet’.gc. Phillips. K.org/DLs/FERET7. IEEE Transactions on Pattern Analysis and Machine Intelligence. ‘Footprint-Based Personal Recognition’. MS & Carter. http://face.gov/mbgc/mbgc_presentations. RM 2007. Narayanaswami. Tanaka. 561-572. Scruggs. PJ. Flynn. Vienna. IST-044-RWS007. Connell. ‘On Gait as a Biometric: Progress and Prospects’.DSTO-GD-0538 Nakajima. Ortiz Jnr. http://www. DR. Martin. New York. 1534-1537. M 2000. Proceedings of the 2005 IEEE Workshop on Information Assurance and Security. Austria. 29(4). JH & Bolle. FRVT2006 and ICE 2006 Large-Scale Results. JN 2004. Riccardi. Presentation.pdf. West Point. Computer. P 2005. Phillips. pp. Piazza. Phillips.frvt.nist.htm. PJ 2008. Patrick. http://herzenberg. April 18. L. Proceedings of EUSIPCO 2004.computer. Parks. ‘The Smart Cards are Coming…Really’. PJ. WA 2006 ‘A New ‘‘Logicle’’ Display Method Avoids Deceptive Effects of Logarithmic Scaling for Low Signals and Compensated Data’.ca.gov/frvt/frvt2006/FRVT2006andICE2006LargeScaleReport. CC & Sharpe. http://www.org/portal/cms_docs_computer/computer/homepage/Jan07 /COM_017-021. & Savastano. IEEE Transactions on Biomedical Engineering. KW. S. B. ‘An Introduction to Evaluating Biometric Systems’. T 2000. AS 2004. M & Moore. CL & Przybocki. Peticone.pdf. pp. PJ. last accessed 27 March 2007. Ratha. M 2005. S 2007. O’Toole. K & Tamura. last accessed 12 June 2008. Usability and Acceptability of Biometric Security Systems. Security Management Online. C 2005. International Society for Analytical Cytology. Y. http://www. Wilson. United States Military Academy.

pdf. Sanderson.ieee. Sasse. G 2008.diva-portal. ‘Biometrics: Issues and Applications’. 2008. MA 2003. pp. Biometric Technologies . Roberts.pdf. 1-8. R 2007. last accessed 27 March 2007. last accessed 27 March 2007. I & Ruffini.pdf. A 2004. vol. C 2005. http://ieeexplore. 14-25. Caparrini.cesg. Guildford. IPC Technology Press.govt. Roberts.pdf. C 2007. ‘A New Scientific Method of Identification’.citer. Austria. PhD Thesis.uk/files/file15320. Schuckers. Applied Ergonomics Handbook. Cester. 35(18). http://www.ccip. Proceedings of the 6th Annual Multimedia Systems Conference. The Winter 2007 Biometrics Summit. 2007. M. B 1975. MA 2004. last accessed 27 March 2007.DSTO-GD-0538 Riera. http://www.edu/members/publications/files/15-SSchuckers-Elsevior02.gov. Simpson.send2press. C & Goldstein. Florida. Sandström. http://www. Usability and User Acceptance of Biometrics. I 1935. JH 2000. http://www. Usability and trust in information systems.pdf. Computers and Security. M 2004 Liveness Detection in Fingerprint Recognition Systems. Soria-frisch. New York State Journal of Medicine.nz/ccippublications/ccip-reports/Biometrics%20Technologies%20-%20Fingerprints. EURASIP Journal on Advances in Signal Processing. Shackel. Sasse. Simmons. pp. ‘Multimodal Biometrics: An Overview’.Fingerprints. http://www. Authentication for Secure Environments Based on Iris Scanning Technology. TBS Announces First Touchless. Ryan. University of South Hampton. S & Erbetta. Simon. January 13. 2007.org/iel5/6829/18346/00847019. ‘Unobtrusive Biometric System Based on Electroencephalogram Analysis’. I 2007.gov. A. ‘Biometric attack vectors and defences’.org/diva/getDocument?urn_nbn_se_liu_diva-23971__fulltext.dti. Ross. SAC 2002 Spoofing and Anti-Spoofing Measures. online article for Elsevier Information Security Report on Biometrics. 3D Live-Scan Fingerprint System. ‘How to successfully design and deploy biometrics to protect identity and overcome privacy concerns’. 901-906. 58 . http://www. A. A & Jain. last accessed 27 March 2007. last accessed 27 March 2007. C 2006.uk/site/ast/biometrics/media/Usability_and_User_Acceptanc e. pp.wvu.shtml. Feb 26 – March 1. Miami. Vienna. 26(2007).com/newswire/2005-04-0405-008.pdf. Proceedings of EUSIPCO 2004.

Monke. pp. 92(6). S & Weber. Wiederhold MD. L. 948-960. R. Pankanti. Krissler. R. last accessed 27 March 2007.int/pctdb/images4/PCTPAGES/2003/012003/03000015/03000015.com/ftp/Biometrics%20Advice.ilw. last accessed 10 May 2008.org/iel5/8091/22378/01044746. Germany. Mink. Border Security: Inspections. Indovina.com/about__unisys/news_a_events/04268651.1006-security.pdf last accessed 27 July 2007.0.unisys. F 2007. Proceedings of the Workshop on Biometrics and eCards. 2007. RE.DSTO-GD-0538 Snelick. Proceedings of the ICPR. Identification by analysis of physiometric variation. Gehlen.pdf. Q.heise. S 2002. 27(3).pdf. CRS Report for Congress.de/ct/english/02/11/114/. Spence.pdf. R. http://www. S & Jain. S. Consumers Worldwide Overwhelmingly Support Biometrics for Identity Verification.3dface.org. ‘Biometric Cryptosystems: Issues and Challenges’. Vina. Wasem.wipo. Policies and Issues. van Rootseler. ‘An Evaluation of Face and Ear Biometrics’. http://www. last accessed 27 March. M & Jain. AK 2004. Thalheim.idsysgroup. University of Canberra. Bower. J. Tao. 450-455. http://www. Veldhuis. A.htm UKBWG (United Kingdom Biometrics Working Group) 2002. Use of Biometrics for Authentication and Identification: Advice on Product Selection. last accessed 27 March 2007.siaonline. Uludag. K & Sarkar. Darmstadt. Body Check: Biometric Access protection Devices and their Programs Put to the Test. Unisys 2006. United States Patent 6993378. National Centre for Biometric Studies Conference on Voice Authentication for Identity Management. Practices. J & Ziegler. http://www. http://www. C 2006. ‘Optimal Decision Fusion and Its Application on 3D Face Recognition’. Uludag. Proceedings of the IEEE. Meyer RP & Irvine JM 2003. Voice Authentication Evaluations. IEEE Transactions on Pattern Analysis and Machine Intelligence. L. 59 .ieee. http://www. U. Seghetti. B.com/immigdaily/news/2004. Israel SA. U. http://www. Lake. last accessed 27 March 2007. September 28. A 2005. Victor. ‘Large Scale Evaluation of Multimodal Biometric Authentication Using State-of-the-Art Systems’. Says Unisys Study. Biometrics in Physical Access Control: Issues. Prabhakar. S 2004. Status and Trends. B 2007. P-M 2002. J. http://ieeexplore. Summerfield.pdf. Unisys Media Release No: 0406/8651. last accessed 27 March 2007. Issue 2. pp. 2006.org/files/papers/veldhuis-CAST2007OptimalDecisionFusion.

B. JD. Proceedings of the 2003 IEEE Workshop on Information Assurance. Watkins Webb. JD. B 2003. Zhang. RAND Documented Briefing. 1174-1183. Yao. K. Houghton. Horn. pp. Y. MA. Rubenson. New York. J & Thomas. last accessed 27 March 2007. Woodward. P & Shank. J & Shi. P 2007. HA. EM.org/iel5/4341611/4341612/04341635. United States Military Academy. M 2006. Z. evaluation. D. 60 .pdf. Abidi. Kalka. Berlin: Springer. in Lecture Notes in Computer Science. Smythe. Liu. Yan. A 2003. D.DSTO-GD-0538 Wilson. ‘High magnification and long distance face recognition: database acquisition. B. last accessed 27 March 2007. P 2001. ‘Costs and Benefits of Integrating Biometrics with a Navy Tactical Weapons System’. http://ieeexplore. West Point. Schmidt.org/pubs/monograph_reports/MR1237/. Pincus. N & Abidi.rand. http://www. and enhancement’. Newton.rand. K. ‘Tongue-Print: A Novel Biometrics Pattern’. Lilly. K.org/pubs/documented_briefings/DB396/DB396. http://www.pdf?tp=&isnumber=&arnum ber=4341635. J & Steinberg. Gatune. Bradley. C.ieee. last accessed 8 July 2008. Army Biometric Applications: Identifying and Addressing Sociocultural Concerns. Larson. Biometrics A Look at Facial Recognition. ND. Proceedings of the 2006 Biometrics Symposium. Woodward. J. Schachter.

AR NUMBER 6c. fingerprint and iris recognition systems. NO. and highlights the issues associated with using such technology. identity management. It provides an overview of the basic elements of biometrics. Land Operations Division Approved for public release OVERSEAS ENQUIRIES OUTSIDE STATED LIMITATIONS SHOULD BE REFERRED THROUGH DOCUMENT EXCHANGE. FILE NUMBER AR 014-200 9. DELIBERATE ANNOUNCEMENT No Limitations 17. OF PAGES May 2008 12.dsto. DOCUMENT DATE 6a. TYPE OF REPORT 7. TASK SPONSOR 11. OF REFERENCES 2007/1101846 CCT07/029 CDS 66 14. PO BOX 1500. SECURITY CLASSIFICATION (FOR UNCLASSIFIED REPORTS THAT ARE LIMITED RELEASE USE (L) NEXT TO DOCUMENT CLASSIFICATION) Document Title Abstract 4. URL on the World Wide Web http://www. surveillance operations. management of major plant and machinery. weapons control. CORPORATE AUTHOR (U) (U) (U) Rebecca Heyer DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh South Australia 5111 Australia 6b. such as facial. and personnel management. RELEASE AUTHORITY 79 13. AUTHOR 5. TASK NUMBER General Document 10. DSTO NUMBER DSTO-GD-0538 8. DSTO RESEARCH LIBRARY THESAURUS Yes Automation Biometrics Biometric Identification Security 19.au/corporate/reports/DSTOGD-0538. TITLE 1. NO.pdf 15. actions or behavioural characteristics that distinguish between individuals. SECONDARY RELEASE STATEMENT OF THIS DOCUMENT Chief. This paper is an updated version of the Biometrics Technology Review 2002 published in 2003 by Blackburn et al. discusses the many different applications of biometrics. Page classification: UNCLASSIFIED . have been developed to facilitate a range of functions. ABSTRACT Biometrics is the measurement of personal physical features. EDINBURGH. PRIVACY MARKING/CAVEAT (OF DOCUMENT) Biometrics Technology Review 2008 3. physical and logical access control. CITATION IN OTHER DOCUMENTS 18. a detailed examination of current and future biometric technologies. These functions can be broadly categorised as verification or identification.defence.gov. In recent years automated biometric systems. and include. SA 5111 16. for instance.Page classification: UNCLASSIFIED DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION DOCUMENT CONTROL DATA 2.

Sign up to vote on this title
UsefulNot useful