Joshua Grieser

General Definition
◦ Biometrics is the science and technology of
measuring and analyzing biological data

IT Definition
◦ Refers to technologies and methods for uniquely
recognizing humans based upon at least one
physical or behavioral trait

Instead of using something you have (a key)
or something you know (a password),
biometrics uses who you are to identify you

Quantitative measurements of humans for the
purpose of identification dates back to 1870s
◦ Measurement system of Alphonse Bertillon




System included skull diameter and arm and
foot length measurements
1920s: used to identify prisoners
1960s: digital signal processing techniques
lead to automating human identification
1970s: government using technologies for
fingerprint and hand geometry

Two categories of biometric identifiers
◦ Anatomical
◦ Behavioral




Different types of biometric systems
How it works
Enrollment process
Uses of biometric systems
◦ Current
◦ Future




Fingerprint
Face recognition
Iris recognition
Palm print







DNA
Voice patterns
Handwriting
Keystroke dynamics
Skin analysis
Vein patterns
Gait

Token – something a person possesses and
uses to assert a claim to identity
◦ (Password, PIN)

Tokens no longer sufficient to authenticate
identity
◦ Easy to counterfeit/steal
◦ Cannot ensure positive identification of a person
◦ Passwords forgotten and stolen


Biometric identifiers are linked to a person
More robust audit trail, documentation








Large number of civilian and government
applications
Physical access control
Welfare disbursement
International border crossing
National ID cards
Computer log-in
Safes
Home alarm systems

Seven factors used:
◦
◦
◦
◦
◦
◦
◦

Universality
Uniqueness
Permanence
Measurability
Performance
Acceptability
Circumvention
Note: No single biometric will meet all
requirements of every possible application.

Universality
◦ Means that every person using a system should
possess the trait.

Uniqueness
◦ Means the trait should be sufficiently different for
each person using the system in order to
distinguish from one another.

Permanence
◦ Relates to a trait varying over time. Trait with good
permanence will be more invariant over time, not
constantly changing.

Measurability (collectability)
◦ Relates to the ease of measuring the trait. The data
form can be processed, features extracted.

Performance
◦ Relates to accuracy, speed and robustness of the
technology used.

Acceptability
◦ Relates to how well individuals in the population
accept the technology. They are willing to have that
biometric trait captured and assessed.

Circumvention
◦ Relates to the how easy the trait is to imitate.

All systems boil down to the same three steps

Enrollment
◦ Records information about you

Storage
◦ Translates the info into a code or graph

Comparison
◦ Compares traits to the template on file


All systems also use the same three
components
Sensor
◦ Detects characteristic being used for identification

Computer
◦ Reads and stores the information

Software
◦ Performs actual comparison


In general, biometric system will scan trait
and process data by accessing a database.
Two modes
◦ Verification mode
◦ Identification mode

Biometric templates
◦ Most biometric types are converted into
mathematical representations to compare against
Stored in
reader device,
central
repository, or
portable token
Some devices
have temporary
storage





System performs one-to-one comparison
Uses specific template stored in a database
Involves confirming or denying a person’s
claimed identity
Am I who I claim I am?
To determine which template to compare
against, one of the following is used:
◦ Smart card
◦ Username
◦ ID number

System performs one-to-many comparison
◦ More difficult




Attempts to recognize a person from a list of
users in the template database
Who am I?
Successfully identifies the human if the
sample collected matches template from the
database when compared
Comparison result has to fall into preset
threshold




Enrollment - first time an individual uses the
biometric system
During enrollment, biometric information
from individual is captured and stored in the
database
In subsequent uses, the sample is collected
and compared with the information stored at
the time of enrollment
Three Blocks





Interface between system and real world
(human)
Where the system acquires all necessary data
Actual interaction with sensors
Mainly image acquisition systems
Can be different depending on desired
characteristics




All pre-processing performed
Removes artifacts from sensors to enhance
input
Normalization
Example: removing background noise




Necessary, unique features are extracted to
create the template
Critical step, correct features have to be
extracted in the optimal way
Uses vector of numbers or an image with
particular properties to create template
Discards measurements not used in creation
of template
◦ Reduce file size
◦ Protect identity of enrollee


Encrypted using strong cryptographic
algorithms to secure and protect them from
disclosure
Protects biometric templates from being
◦
◦
◦
◦


Reconstructed
Decrypted
Reverse-engineered
Manipulated in other ways
Most templates are site specific
Data is converted into code, not real life
representation of person’s traits


When performing matching phase, template
is passed to matcher that compares it with
existing templates
Estimates distance between them using
comparing algorithm
◦ (how different the two templates are)

Many different algorithms depending on
biometric type
◦ Example: Hamming distance

If accepted, it is output for specified use like
entrance in a restricted area



“distance” between two strings of equal
length (how different they are)
Measures minimum number of substitutions
required to change one string into the other
string (number of errors)
Examples
◦ “toned”  “roses” = 3
◦ 1011101  1001001 = 2
◦ 2173896  2233796 = 3


Programmed in many different languages
Used for strings, integers, characters






Oldest biometric known
Were previously captured with ink on paper
and mailed/faxed
Entire process now done in near real time
Leading toward use in applications from
biometric passports to ATMs
Ridges and furrows used as reference points
60-70 points of reference in fingerprints






Face we are born with remains identifiable
throughout our lives
Curves and contours remain relatively stable
Requires large image capture device
Most suitable at fixed locations
Least intrusive, can be scanned from a
distance
Accuracy depends on lighting conditions






Each iris has different shapes and colors
As unique as a snowflake
Less intrusive, scanners don’t require bright
lights
Mathematical expression of iris is most
detailed of any biometric technology
Most accurate biometric
Considered one of the most secure






Approximately 250 distinctive characteristics
in an iris
All can be used as points of reference for
comparison
Odds of two people having the same pattern
are 1 in 7 billion
Comparing against database is quick and
high level of accuracy
Used in airports and other secure facilities
Most costly system






Size and shape of hands are unique to
individuals
Device scans 3-D geometry of hand and fingers
Creates mathematical picture which is compared
against a database
Readers are large, best suited for fixed point
access
Capture units withstand extreme workforce
conditions like temperature, weather
Can also verify individual’s hand even when it is
dirty





Password for voice is tone and timbre
Graph representation and compared against a
database
User has to teach the computer first by
speaking a number of phrases
Quick and efficient after the enrollment
process
Only ambient noise limits its application




Not just how you shape each letter
Analyzes act of writing
Examines pressure you use, speed and
rhythm with which you write
Records sequence in which you form letters
◦ Add dots and crosses as you go or after you finish


Systems sensors can include touch-sensitive
writing surface or pen that contains sensors
and detects angle, pressure, and direction
Translates handwriting into a graph
Pressure
Speed
Acceleration
Angle


Aim to auto-update templates
Benefits:
◦ No longer need to collect large number of biometric
samples during enrollment process
◦ No longer necessary to re-enroll/retrain the system
◦ Can significantly reduce the cost of maintaining a
biometric system

Issues:
◦ Higher false acceptance
◦ Threshold has to account for a changing template

Privacy and discrimination
◦ Possible to use data from enrollment for ways in
which the user did not consent
◦ Example: DNA recognition used to screen for
genetic diseases

Higher danger to owners
◦ Thieves can get more desperate
◦ Example: cut off a finger to get access to
fingerprint scanner

Cancelable biometrics
◦ Unlike passwords, biometrics cannot be cancelled
or reissued to a person if compromised




Some people object to biometrics for cultural
or religious reasons
Possibility of companies selling biometric
data similar to email addresses/phone
numbers
Over reliance – not foolproof, can’t forget
about common sense security practices
Accessibility – some systems can’t be adapted
for all populations (elderly/disabled people)








Australia
Brazil
Canada
Germany
India
Iraq
Italy
United States

International sharing of biometric data
◦ Countries, including US, are sharing biometric data
with other nations
◦ Positive:
 Could help combat terrorism by having access to other
countries’ data
◦ Negative:
 Easier for people in other countries to get access to
our data
 Makes it easier to tamper with

Minority Report
◦ Uses Iris scans for identification as well as POS
transactions

MythBusters
◦
◦
◦
◦

Attempted to break into commercial security door
Had fingerprint authentication
Successful with printed scan of fingerprint
Unsuccessful with gel fingerprint
Mission Impossible
◦ Voice/iris recognition






Biometrics Vulnerability Assessment Service
Proprietary of Biometrics Institute
Customer submits their system for
independent testing
Conducted in an independent laboratory
Biometric devices are sent to have their
vulnerabilities investigated, assessed, and
reported
Helps make sure your system is secure and
work out any kinks




Central source of info on biometrics-related
activities of the federal government
Sister site www.biometrics.org
Repository of public information and
opportunities for discussion
Developed to encourage collaboration and
sharing of info on biometric activities among:
◦ Government departments and agencies
◦ State, regional, and international organizations
◦ General public

Biometrics Reference
◦ General info about biometric technologies,
government programs and privacy planning

Presidential Directives
◦ PD that touch on biometrics or federal biometric
activities

NSTC Subcommittee on Biometrics and
Identity Management Room
◦ Info on the National Science & Technology Council’s
Subcommittee on Biometrics

Standards
◦ Info on federal biometric standards policy

Hospitals using scan of veins in your hand to
identify patients
◦ Easy access to medical records
◦ Eliminates paper records

Germany, supermarkets use fingerprint
biometrics to identify consumer account
information and make payments
◦ Possible use in the US

Combine heat sensors to fingerprint, hand
scanners
◦ Confirm an actual hand is interacting

Mobile Automated Fingerprint ID System
◦ Comparisons made immediately over mobile networks

US border control
◦ Digital photo of both index fingers for non residents
◦ Combat terrorism and monitor residence permits

Digital face/fingerprint images on passports
◦ Increase security/reduce processing time at borders


Enable access to secure/sensitive areas like
energy supply facilities or nuclear power stations
Opportunities for digital citizen cards
◦ e-government, e-banking, e-business

Layered systems
◦ Combines a biometric method with a keycard or PIN

Multimodal systems
◦ Combines multiple biometric methods
simultaneously to confirm identification
◦ Example: iris scanner and a voiceprint system

3-D palm print systems replace 2-D
◦ Much higher anti-counterfeit capability



Being tested at Hong Kong Polytechnic
University’s Biometrics Research Center
Uses laser scanning to construct 3-D shape
of tongue
Collected in about 2-3 seconds




Continually increasing revenues
More companies switching to biometric
security systems
Annual revenues expect $11 billion by 2017
Compound Annual
Growth Rate
http://www.youtube.com/watch?v=zH
RiWz8D8C0&list=PLA3DB8B404806A6
DD&index=4&feature=plpp_video
http://www.youtube.com/watch?v=AT
owdPuQGNY&feature=BFa&list=PLA3D
B8B404806A6DD&lf=plpp_video