Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Aerospace Engineering

Biometrics - University of Wisconsin

advertisement 
Biometrics
Kayla Burke
Department of Computer Science
University of Wisconsin – Platteville
Platteville, WI 53818
burkeka@uwplatt.edu
Abstract
Biometrics and the study of human characteristics or behavior have become an essential topic of
research in the field of computer science in order to create a more secure working and digital
environment. The numerous forms of biometrics have provided various opportunities in today’s
scientific society. The abilities of biometrics range from a small iris scan to recognizing how a
human walks. The field opens up numerous opportunities for those studying the field of
computer science and software engineering. However, even considering the benefits of
biometrics, the financial costs and concerns about privacy seem to hinder the application of the
software and hardware.
Issues with Authentication
Authentication asks two questions: Who is the user? Is the user really who he says he is? [2] In
today’s world, almost everyone has been exposed to some type of authentication.
The most common type of authentication would be the use of passwords or personal
identification numbers (more commonly known as PINs). Passwords and PINs are used
everywhere in today’s technology, such as logging into a personal computer or email system.
Because passwords and PINs are commonly used to protect important or confidential material,
many systems have policies that must be followed when creating a password. However, even
with these even with specific guidelines and policies to ensure password strength, they are still
very vulnerable. Users may not understand the importance of password security which has been
proved by various studies and surveys. According to a BBC News article from 2004, “More than
70% of people would reveal their computer password in exchange for a bar of chocolate.” The
article states that the majority of passwords created include information that is simple to reveal
from the user such as family names, sports teams, or pet names. [3] Along with this issue, many
users apply the same password for multiple sensitive accounts. This causes obvious problems
when easily hacked passwords are used for accounts that hold private information such as an
online bank account. Finally, users may not be aware of a stolen password or PIN for a length of
time after the theft occurs. These are only a few of the security issues involving passwords.
2
Cards and tokens can be used as another form of authentication. Because cards are a physical
form of authentication, only one person can use the card at a time. This does not mean that other
people cannot use it, but if the rightful owner allows another user to use the card, the owner
cannot gain access to the card protected information or secured area. In some ways, cards are
safer than passwords. Cards and tokens do not require any memorization, which is more
convenient for the user. Tokens automatically generate a code that the user will use to enter into
the authentication device or system which means that the token will be different each time.
Some systems use the current date and time to generate a token while others use an internal
counter. Another advantage of using a physical device is that the user will be able to tell
immediately if the device was stolen. However, similar to passwords, authentication devices and
computers will not have a way to tell if a card used is from its rightful owner or not. [1]
Biometrics is one more form of authentication whose measurements strive to resolve the issues
that occur with passwords, PINs, cards, or tokens. One can think of passwords as what users
know while cards and tokens are what users have. Biometrics authentication is what the users
physically are. [1]
Biometrics
The literal translation of biometrics is “life measurement.” A definition of biometrics, as it
applies to computer science, is automated methods of authentication based on physical or
behavioral characteristics of an individual. [1] Human beings use biometrics to identify each
other every day. Humans are able to recognize faces, voices, or behavioral characteristics of
other humans that they have met or known for a period of time. Besides facial and voice
recognition, there are many other forms of biometric measurement including fingerprinting, iris
and retina scanning, signature recognition, gait recognition, and facial and palm thermogram
recognition. [4] This essay will briefly discuss these different forms of biometric measurements
and then examine fingerprinting more closely.
Why use Biometrics?
Biometric measurements are a convenient, strong form of authentication. Since the user does not
have to carry a device or remember any passwords, biometric authentication is convenient for the
user. Biometrics are strong because the authentication cannot be forgotten, stolen, or easily
replicated. Because of these advantages, many corporations have adopted biometrics as their
form of authentication. Here are some examples of biometric applications within the government
and military programs:




Social Services – to prevent citizens from acquiring additional funds
Trusted Traveler Credentials – for the security screening of passengers in civil aviation
National Identity – to identify the citizens of a country
Access Control – such as allowing certain people to use a secure computer system
3

Other various military programs [1]
Types of Biometrics
Hand Geometry
Hand geometry is based on a number of measurements of the hand including the shape of the
hand, width of the palm, and the length and width of the fingers. There are various types of hand
geometry scanners. One type only scans the palm of the hand. Another type examines the entire
hand by providing small pegs for the user to place his fingers next to. These pegs ensure that the
fingers are in the same position for each scan. Hand geometry is used quite commonly and is
known to be fairly accurate. [6] There are a few limitations when it comes to hand geometry,
however. Jewelry can cause problems if it is not worn on the hand consistently. Dexterity can
also become a problem. Also, if the user is not able to open their hand wide, they will not be
able to use the scanners. [4]
Facial Recognition
Faces carry the characteristics that humans most commonly use to identify one another. For
example, when passing another being, humans will look at the passerby’s face and will be able to
identify them or not depending if they have seen the face before. It is for this reason that
technology has tried to use the same idea in the field of biometrics. There are multiple forms of
facial recognition measurements but the most popular is the location and shape of facial
attributes. In order for the technology to be efficient, it should be able to recognize when a face is
in the image at all, locate the face when it exists, and be able to recognize the face from multiple
angles. [4] Similar problems to hand geometry occur in facial recognition. If the user alters their
facial features because of cosmetic surgery or injury, they will need to be reintroduced to the
system. The same problem occurs if the user adds temporary features to their face such as
glasses or jewelry. Some facial recognition is susceptible to replication spoofing. A person who
looks similar to a registered user may be able to gain access to the protected material.
Voice Recognition
Because voices are not as unique and can be easily imitated, voice recognition is not as widely
used as other forms of biometrics. However a voice is another human characteristic that is used
to identify each other. A person’s voice is created using various oral and nasal airways. User’s
airway sizes vary which causes the voice to sound differently from another’s. [1] Voice
recognition faces many challenges. Some of these challenges include the voice changing due to
aging or sicknesses and background noise. Voice recognition is most commonly used in
telephone applications. [4]
4
Iris Scanning
The iris is the colored part of the eye surrounding the pupil. The retina is comprised of the veins
behind the eyeball. (See Appendix C for a visual representation of an eyeball) [1] Irises, like
fingerprints, are unique to each individual and hold a lot of features that can be used in
identification. Because of this reason, iris scans seem to be a promising form of biometric
measurement for large scale systems. As more users are added, individual irises are able to be
matched. It is also easy to distinguish fake irises from authentic which resolves it issue of
possible iris replication that occurs in many other forms of biometric authentication. Iris
scanning hardware tends to be expensive which causes it to be used less frequently.
Retinal Scanning
Retinal scanning is known to be the most secure form of biometric authentication because it is
close to impossible to change or replicate another human’s retina. To get an initial read of the
retina, the eye must be physically contacted by the equipment and moved in specific patterns.
Users have been known to reject this process due to the uncomfortable effort that it requires.
Retina scanning hardware, which is similar to iris scanning hardware, is financially costly.
These are a few of the factors as to why retinal scans are not as widely accepted as other forms of
biometric authentication. [1]
Facial and Palm Thermogram Recognition
A thermogram is the pattern of heat that is emitted from the skin, in this case the palm of the
hand. [1] These patterns of heat are created by the infrared energy being produced from the
subject. [11] The data gathering process is as simple as taking a photo of the area to be measured.
However, the hardware used to capture these images is very expensive so they have not been
widely adopted. [1] The fact that a thermogram can change easily due to blushing, lying, or even
environmental conditions is another major drawback to this form of biometric. [10]
Signature Recognition
Signature recognition looks at two main measurements: the way the signature is written and the
final signature. When examining how the signature is written the systems seeks out points where
the writing tool is pressed down harder and the speed of the writing. The system also identifies
unique qualities of the handwriting such has how the T’s are crossed or how I’s are dotted. The
data is gathered by allowing the user to write on an electronic writing space similar to the
hardware used to sign after making a financial transaction. Because signatures change quite often
and they are easily forged, they are not usually used in biometric systems. [1][4]
Gait Recognition
5
Gait recognition is another form of biometric measurement, but it is not commonly used. A
person’s gate can change with age, change in weight, and even injury. However, gait recognition
can be sufficient enough for low security systems. Gait recognition systems can be very costly
due to the hardware needed to record and analyze the gate of the subject. [1]
Keystroke Recognition
Keystroke recognition is attractive because it does not require additional hardware to use. The
technique is done entirely by software so it can be applied to any system that accepts keyboard
inputs. To gather the data, the user is asked to type their authentication information (usually a
username and password) multiple times in a row. Three measurements are taken from the user’s
keystrokes: the amount of time between each keystroke, dwell time, and flight time. Dwell time
the amount of time each individual key his pressed down. Flight time is the amount of time in
between pressing the same key twice. For example, if the word “coffee” was being typed, the
flight time would be the amount of time in between the pressing of the two f’s or e’s. The
averages of these measurements are calculated too and used in the creation the template to be
used in the matching process. [1] [9]
Fingerprint Recognition
As mentioned earlier, fingerprinting was used as a very basic form of identification dating back
to 2000-1000 B.C. Clay tablets that were thought to be ancient contracts showed fingerprints at
the bottom of the slab indicating a signature of sorts. This proves to be one of the very few uses
of fingerprinting. Sir Francis Galton was the first to begin researching and studying
fingerprinting as he was attempting to discover a way to determine genetic history and hereditary
traits during the late 1880s. He was the first to discover that fingerprints are unique to each
individual and that they remain the same thorough out a human being’s lifetime. He calculated
the odds of finding two identical prints to being 1 in 64 billion. [12]
During 1892, an Argentine police officer named Juan Vucetice created the first physical
fingerprint files based on Galton’s research. His collection of files came to be known as the
Vucetice system. The system migrated into the United States around 1903 where it was first
used by the criminal justice systems of New York and the Federal Bureau of Prisons. A few
years later, the United States army began researching and looking into improvements to the
system. In 1924, the identification division of the FBI was established and in 1946, they had
processed over 100 million fingerprint cards. This number doubled by 1971. At this point in
time, the fingerprint cards were organized in a way that is similar to today’s library cataloging
system. As the need to search through these cards increased, so did the need for more efficient
and convenient methods of organizing the cards. It was not until the 1990s that the first
computerized system known as the Automated Fingerprint Identification system (AFIS) was
created. This system finally allowed for fast searches through the cards. By 1999, the last of the
fingerprint cards had been transitioned into the computer system. [12]
6
Fingerprint recognition uses the unique features of the user’s fingerprints, known as minutia, to
identify the user from others. These minutiae are the ridges and valleys on the surface of a
fingertip. Looking at a fingerprint, ridges appear as dark lines and valleys are the lines where
light was able to shine through. These ridges and valleys also create other distinct patterns
within a fingerprint. A few of these minutiae are known as bifurcations, deltas, ridge endings,
and islands. A bifurcation is where one ridge splits into two different ridges. Delta is the point
in a bifurcation where the two ridges split. A ridge ending is where a ridge ends. Finally, an
island is where a ridge creates a circular shape in the fingerprint. (See Appendix A) The most
commonly used characteristics in a fingerprint are the ridge endings and the bifurcations. [1]
Another feature of fingerprints that are used in fingerprint recognition is the pattern of the print.
There are seven common fingerprint print patterns: arch, tentarch, loop, double loop, pocked
loop, whorl, and mixed. See Appendix B for visuals of these different patterns. These are the
seven fingerprint patterns that are used in the Federal Bureau of Investigation recognition
system. [14]
Because each person’s fingerprints are unique, the matching accuracy is very high. Even
identical twins have different fingerprints. [5] Although there are many benefits of
fingerprinting, there are still some issues with using fingerprints to protect systems. The number
one issue is replication and spoofing the system. There are multiple ways that culprits have been
able to fool fingerprint scanners. Many use prosthetic fingers (or “gummy fingers”) and even
Play-Doh to replicate a fingerprint. Another way the scanners have been fooled is when the
perpetrator breathes on the scanner which reactivates the previous fingerprint. One way that this
can be prevented is by performing liveness tests as the biometric is being entered. Liveness tests
are tests that attempt to prove that the user or the biometric is a not artificial. A few ways these
tests have been performed is by detecting warmth or a pulse in the finger. [1]
The Biometric Process
There are three main steps in the biometric process: acquiring data, processing the raw data, and
a decision process. Each step uses various algorithms and equations to calculate the needed data
and accuracy. Fingerprint recognition will be used as the biometric example in this investigation
of the three steps. [1]
Acquiring Data
The first step of the biometric process is where the physical characteristic being used for
identification is presented to the system. This step is usually known as enrollment. Multiple
samples of the fingerprint are taken in which a template will be made from in the next step. The
calculated average of these samples is assigned an enrollment score. Whether the score is good
enough or not depends on the minimum accepted level (or threshold) that is needed is
determined by the system owner.
7
The algorithms used to acquire this data are not normally published which makes examples
difficult to find. However, a thesis paper from the University of Los Angeles did show the
pseudocode and calculations used to thin the ridges of a fingerprint. (See Appendix D). The 3x3
window (also shown in Appendix D) is placed over the image of the fingerprint and the
calculations in each window are performed with the algorithm until the image is stable. [5]
Accuracy is measured by a failure to enroll rate (FTER). What determines if the enrollment fails
varies, depending on the biometric. In fingerprint recognition, the enrollment might fail if there
is debris, perspiration, or even a cut on the fingertip. Each system owner may have different
requirements for this measurement as well. This rate is calculated by dividing the number of
unsuccessful enrollments by the number of participants attempting to enroll. If the system has a
high failure to enroll rate, that means that the system will struggle to find matches when the
number of total participants increases. [1]
Raw Data Processing
The second step in the biometric process is where the data collected from the enrollment step and
a template is created for the matching process. Algorithms are used to separate the irrelevant
data from the data that will be used in the matching process. These algorithms are usually very
protected by the biometric vendors that created them. This template is created by identifying and
drawing out the unique characteristics of the fingerprint (See Figure 1). This template is referred
to as a minutia map. This step also produces a quality score and a matching score which tell how
likely that the data will be able to be matched in the future. These scores are analyzed by the
system administrator to determine if they are fit for the system. [1]
Figure 1: Raw Data Processing
Decision Process
The decision process is the final step and is where the biometric is matched and the yes or no
decision is made. There are two different levels of decision making: verification and
8
identification. [8] Verification is the simpler of the two due to the fact that it is a one-to-one
matching system where the system is only searching for one match. Verification asks the
question “Am I who I claim I am?” This is the type of decision making that is used when
protecting computer systems or secured areas. On the other hand, identification involves a oneto-many match where all of the records in the system are searched for a match. The question
“Who am I?” can be asked in this type of decision making. This type of decision making is used
more commonly in criminal justice systems where officials are attempting to identify a suspect
by searching the system for matching fingerprints that were found at the scene of the crime.
[1][2]
Accuracy of the decision process is measured using two equations. The first equation measures
the false acceptance rate (FAR). This rate is calculated by dividing the number of false
acceptances by the number of samples. This number measures the of the likelihood that the
biometric security system will incorrectly accept an access attempt by an unauthorized user. The
other equation used to measure accuracy is the false rejection rate (FRR). This rate is calculated
by dividing the number of false rejections by the number of samples. This number is the
measure of the likelihood that the biometric security system will incorrectly reject an access
attempt by an authorized user. Usually, the false acceptance rate is analyzed more than the false
rejection rate. [1][7]
Finally, there are two types of searches that can be performed during the decision process: binary
and multiple sequence. In the binary search, if a match is not found the participant is simply
denied access. In a multiple sequence search, if a match is not found, a second query is
performed. This secondary query can be done on another device or by using the same device as
the first query. [1]
Applications in Computer Science and Software Engineering
Computer science courses in biometrics are now being taught in schools around the United States
such as Purdue and the University of Notre Dame. With the knowledge base increasing, the
opportunities for those studying biometrics is also growing. Just like any other program or
computer system, updates are always needed as the technology becomes more efficient. The
algorithms that are used to find matches and to get relevant data need to be written, updated, and
tested. Biometrics also provides additional jobs to those who are interested in the infrastructure
and software to support aspects of computer science and software engineering as they all need to
be maintained. Also, there is various testing that needs to be done to all phases and portions of
the systems. According to online job sites, the average salary of an employee working with
biometrics is around $60,000 to $65,000 a year. [13]
Conclusion
Biometrics are a very promising form of authentication because it holds advantages that could
really help to improve security within businesses and other areas that need strong security. With
9
the numerous options that biometric studies have provided, it is quite possible that perhaps one
day, users will not have to remember passwords or PINs or carry access cards with them to work
each day. All a user will need to access their data is themselves. As the biometric process
continues to evolve along with the world of technology, there is no doubt that opportunities will
follow.
References
[1] Woodward, J. D., Orlans, N. M., & Higgins, P. T. (2003). Biometrics. New York: McGraw-Hill/Osborne.
[2] Carter, R. (n.d.). Authentication vs. Authorization . Home | Duke University. Retrieved October 29,
2012, from http://www.duke.edu/~rob/kerberos/authvauth.html
[3] Passwords Revealed by Sweet Deal. (2004, April 20). BBC News - Home. Retrieved October 30, 2012,
from http://news.bbc.co.uk/2/hi/technology/3639679.stm
[4] Jain, A. K., Ross, A., & Prabhakar, S. (January 1). An Introdcution to Biometric Recognition. CITeR Center for Identification Technology Research. Retrieved October 29, 2012, from
http://www2.citer.wvu.edu/members/publications/files/RossBioIntro_CSVT2004.pdf
[5] Ackerman, A., & Ostrovsky, R. (n.d.). Fingerprint Recognition. UCLA Computer Science Department.
Retrieved October 31, 2012, from http://www.cs.ucla.edu/honors/UPLOADS/andrew/thesis.pdf
[6] Varchol, P., & Levicky, D. (2007, December). Using Hand Geometry in Biometric Security Systems.
Radioengineering. Retrieved October 29, 2012, from
http://www.radioeng.cz/fulltexts/2007/07_04_082_087.pdf
[7] False Acceptance Rate (FAR) & False Recognition Rate (FRR) - Bayometric Blog. (2012, June 28).
Biometric Security Devices: Access Control Systems, Fingerprint Reader & Scanner.
Retrieved November 1, 2012, from http://www.bayometric.com/blog/index.php/biometric-securitysystems/false-acceptance-rate-far-false-recognition-rate-frr/
[8] n Overview of Biometric Recognition. (n.d.). Michigan State University. Retrieved October 30, 2012,
from http://biometrics.cse.msu.edu/info.html
[9] From Passwords to Keystrokes: An Evolution in User Identification Technology. (2012, August 31).
Payza Blog. Retrieved November 1, 2012, from http:// blog.payza.com/2012/08/31/from-passwords-tokeystrokes-an-evolution-in-user-identification-technology/
[10] Ramli, A., & Adnan, W. (2011). A Study on a Robust Facial Thermogram Recognition System (FTRS).
UPM Knowledge Management Portal. Retrieved October 29, 2012, from
http://km.upm.edu.my/kmportalweb/infox/assetDetailAction.action;jsessionid=2cFVPcMSCxKh2gpxpkjz
CGfgxkrbfk5Mn28MF89ZnpJyB4PvhQ4h!796603960?execute=view&assetId=000060363&actionFlg=alllist
10
[11] Thermography. (n.d.). In Wikipedia. Retrieved November 24, 2012, from
http://en.wikipedia.org/wiki/Thermography
[12] Fingerprint America History of Fingerprints. (n.d.). Fingerprint America. Retrieved November 1,
2012, from http://www.fingerprintamerica.com/fingerprinthistory.asp
[13] Biometrics Salaries. (n.d.). Simply Hired. Retrieved November 12, 2012, from
http://www.simplyhired.com/a/salary/search/q-Biometrics
[14] Fingerprint Patterns. (n.d.). Ridges and Furrows. Retrieved October 30, 2012, from
http://ridgesandfurrows.homestead.com/fingerprint_patterns.html
11
Appendix A
Appendix B
12
Appendix C
Figure 2: Eye Anatomy (1) Lens, (2) Retina, and (3) Iris
13
Appendix D
Pseudo Code for Zhang –Suen Thinning:
Let A(P) be the number of 01 patters in the order set P2 …
P9
Let B(P) be the number of non-zero neighbors of P
Do until image is stable (i.e. no changes made)
Sub-iteration 1:
Delete P from image if:
a) 2 ≤ B(P) ≤ 6
b) A(P) = 1
c) P2 * P4 * P6 = 1
d) P4 * P6 * P8 = 1
Sub-iteration 2:
Delete P from image if:
a) and b) from above
c') P2 * P4 * P8 = 1
d') P2 * P6 * P8 = 1
Related documents
Security methods and devices, including biometrics
Security methods and devices, including biometrics
Fingerprint Identification
Fingerprint Identification
j - Boston University
j - Boston University
types of biometrics
types of biometrics
IdentaZone The cloud based Universal Identity Verification Solution
IdentaZone The cloud based Universal Identity Verification Solution
Biometrics: myths and reality
Biometrics: myths and reality
Download
advertisement