ITU-T Workshop on Security
Trends of Biometrics Technology
Standardization
14 May 2002
Naohisa Komatsu
Waseda University, Japan
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
1
Authentication process
user
user
authentication
terminal
authentication
terminal
cryptosystem
network
system
Knowledge-based : Threat of forgetting
e.g. password
Possession-based : Threat of loss
e.g. card
Individual characteristics : No threat of forgetting or loss
e.g. fingerprint, voice, handwriting
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
2
Parameters for User Authentication
knowledge
password
......
threat of
forgetting
possessions
key，ID card
......
Individual characteristics
physiological
behavioral
characteristics characteristics
fingerprint，face handwriting，voice
hand，eye ...... keystroke ......
threat of
loss
change through time passing
?
stored data = input data
stored data → personal features
a.
＝?
input data → personal features
?
b.
stored data = input data
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
3
Characteristics of Biometrics
(OMRON Corp.)
Distance between system
number and user
high
10-4%
0.01%
0.1%
1%
0
ideal
0.5ｍ
Iris
Retina
Each biometrics has its own merits or
Pattern of vein demerits.
There are no ideal biometrics.
0.01m
0
Fingerprint
Face
0
0
Hand geometry
0
Finger geometry
Signature
0.1m
１～３ｍ
Voice
low
low
acceptability
high
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
4
The Standardization of
Biometrics Technologies




Why standardization is necessary?
Data format (CBEFF) and Application
Program Interface (BioAPI)
Security requirements (X9.84)
Accuracy test (Best Practice)
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
5
Needs of Standards

To accelerate fair competition by clarifying
vulnerability and countermeasures.



To reduce the cost of system development



Accuracy test
Standards for applying biometrics
Application program interface
Data format
For effective development through common
framework for biometric system.


Common Criteria
Privacy guideline
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
6
Goal of BioAPI & CBEFF


Data interoperabity：CBEFF
Program interoperability：BioAPI
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
7
Purpose of BioAPI

Purpose


Interoperability and development cost reduction
of biometric authentication systems.
Providing a high-level generic biometric
authentication model


Authentication/Identification, Server/Client
Scope


Any form of biometric technology
Enrollment,authentication,identification,database
interface
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
8
History of BioAPI

NIST merged HA-API, BAPI and BioAPI.
1997
1998
1999
2000
2001～
I/O Software joined
BioAPI consortium
BAPI
1.0
Former
BioAPI
DRAFT
HA-API
HA-API
1.0
2.0
BioAPI
BioAPI
Specification
Ver.1.0
Specification
Ver.1.1
BioAPI
Reference
Implementation
Ver1.0 Beta
BioAPI
Reference
Implementation
Ver1.1
NIST:National Institute of Standards and Technologies
HA-API: Human Authentication API
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
9
Outline of BioAPI

Structure
Application
API
API：Application Program Interface
Middleware mediates between API & SPI
・Reference implementation for windows
is available
BioAPI Framework
SPI
SPI
SPI
SPI：Service Provider Interface
BSP
BSP
BSP
BSP：Biometrics Service Provider
Biometric function provided by
technology vendors
Device
Device
Device
Biometric Device
fingerprint scanner, camera, etc...
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
10
Outline of CBEFF

Purpose



Interoperability between different systems.
Accommodation to any biometric technology.
History

Sponsor


Developing organization


CBEFF Technical Development Team
Cooperating with


NIST ITL，Biometrics Consortium
BioAPI Consortium，X9.F4 Working Group，IBIA，TeleTrustT
Publication


NISTIR6529 “Common Biometric Exchange File Format”
(NIST, January 3, 2001)
http://www.nist.gov/cbeff
NIST ITL：Information Technology Laboratory
IBIA：International Biometric Industrial Association
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
11
CBEFF Data Structure


Includes three blocks
SBH （Standard Biometric Header）


Header of CBEFF file
BSMB（Biometric Specific Memory Block）


Contains the biometric data
Vendors can place any biometric data directly into this block


Biometric information, template, original header, etc...
SB（Signature Block）


Contains signature or MAC for integrity
Optional
SBH
BSMB
SB
（Standard Biometric Header） （Biometric Specific Memory Block） （Signature Block）
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
12
Relation Among Standardizations

The standardizations are progressing to
convergence on BioAPI and CBEFF


BioAPI Specification ver.1.1（2001/3）
“CBEFF” NISTIR6529（2001/1）
BAPI
BioAPI
merged into
HA-API
adoption
ANSI X9.84
adoption
CBEFF
ISO7816-11
ANSI X9.84：
Operating requirements for biometrics
considering adoption
authentication systems for the financial industry
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
13
Outline of X9.84



Approved in March, 2001 by committee on
Financial Services, X9 and subcommittee on
Information Security, X9F.
A standard of biometric data management and
security for financial biometric system.
X9.84 specifies


Security requirements of enrollment,
verification/identification, storage, termination,etc...
Template format compatible with CBEFF
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
14
Requirements of X9.84
Common requirements of data management
in enrollment, verification/identification,
storage, termination, etc...



To maintain the integrity of biometric data and
verification results
To mutually authenticate between sender and
receiver component of biometric data and
verification results.
To ensure the confidentiality of the biometric data
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
15
Initial Enrollment for Example
Enrollment Model
Data
Collection
Signal
Processiong
Storage
Matching
Mechanism and procedure shall be in place to




Authorization to perform the enrollment process
Authentication of the enrollee
Maintain integrity and authenticity of templates
Meet level 2 physical security requirement in a controlled environment
and level 3 in an uncontrolled environment.
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
16
Outline of “Best Practice”

Purpose


Scope


To provide the best method for the accuracy test of biometric system in
real world
Any biomerics and application
Features


Experimental evaluation
Three test methods depending on the aim of evaluation




Definition of experimental condition


Technology evaluation: algorithm
Scenario evaluation: Specific system assumed by an evaluator
Operational evaluation: Running system
How to select subjects, to collect biometric data, to match them…
Representation of performance



ROC curve for accuracy
Failure to enroll and acquire for usability
Detailed report for repeatability
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
17
The Standardization of Biometrics
Technologies in Japan


Position of INSTAC/AIM/JBAA
Activities of JBAA




Operating Requirements Decision Guideline
Vulnerability of Biometrics Technologies
Biometrics and PKI
Biometrics and Privacy
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
18
Standardization Activities in Japan
1996 1997 1998
1999
2000
ECOM WG6
△V0.5
△Evaluation criteria for
biometrics authentication V1.0
2001
2002以降
Accuracy Test
JIS-TR
JIS-TR△
△
IPA Project △ Accuracy Test Guideline
△ ORD Guideline
1994
CC V1.0
JBAA
BDPP,X9.84
1995
BS7799
ECOM：Electronic Commerce Promotion Council of Japan
JBAA：Japan Biometric Authentication Association
IPA：Information-technology Promotion Agency,Japan
CC：Common Criteria
INSTAC：Information Technology Research and Standardization Center
BS7799：British Standard7799
JIS：Japanese Industrial Standard
BDPP：Biometric Devices Protection Profile
ORD: Operating Requirements Decision
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
19
Position of INSTAC,AIM,JBAA
ASIA Committee
Bio WG
Taiwan
Bio WG
Malaysia
BEAM: Biometrics EnAbled Mobile Commerce
BEAM Consortium
SIngapore
Asia Biometrics
Joint Meeting Korea Biometrics
Association(KBA)
JBAA
AIMJ
ISO/IEC
SC17/SC27
INSTAC/JSA
（International）
Standardization
Biometrics
Consortium
Biometrics
Working Group
EU/USA Committee
INSTAC/JSA : Information Technology Research and Standardization
Center / Japanese Standards Association
AIM : Automatic Identification Manufactures Association, Japan
JBAA: Japan Biometric Authentication Association
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
20
How to Expand Biometrics Market?
- Based on different methods and
data for accuracy test
- Publication of the best results
(1) Accuracy？（Technology）
(2) Cost effectiveness？（Business）
(3) User acceptability？（Social）
- Few examples
- Indefinite requirements for
security, convenience, etc.
Standardization of
accuracy test is
important.
IPA/Hitachi Project ’99
（16 companies）
Image processing →
Security technology
Solution for market
creation is necessary.
IPA: Information-Technology Promotion Agency,Japan
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
21
Outline of Complete Activities
(1) ECOM Personal Authentication WG


April/1996～March/1998
Examine the scheme of the test and evaluation and the
personal authentication model using biometrics
(www.ecom.or.jp)
(2) IPA/Hitachi National Project


January/1999～December/1999
Examine the standards scheme of accuracy test and
operation requirements sponsored by IPA(MITI)
(www.sdl.hitachi.co.jp/ipa_biotest/ipa/english.htm)
ECOM: Electronic Commerce Promotion Council of Japan
MITI: The ministry of International Trade and Industry
IPA: Information-technologies Promotion Agency of Japan
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
22
Outline of Current Activities
Standardization activities are done in two organizations
(1) Biometrics WG of INSTAC/JSA
“Make a Standardization of test and evaluation of biometrics
device and system in Electronic Commerce application”
(2) Biometrics WG of AIM
“Enlighten the biometrics technology and research the
biometrics market”
(3) Biometrics WG of JBAA
Discussion about implementation of “Biometric Authentication
Authority” which provides network type biometric identification
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
23
Biometrics WG of INSTAC/JSA
Purpose
The standardization of the biometrics authentication
technologies is done in Electric Commerce application
Members of WG
Chairman : N. Komatsu(Waseda Univ.)
Members : METI, Animo*, Casio, Fujitsu, Hitachi*, KDDI,
Matsushita, MELCO, NEC, NTT-data* , OKI, Sony, Toshiba, etc.
* : Working Group leader
Contents of activities
(1) Draft Japanese Industrial Standards of Test and Evaluation
(Physical and behavioral characteristics)
(2)Liaison with ISO/IEC JTC1/SC17
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
24
Purpose of The Project
guide for Design
Guidelines for
requirements decision
Requirements
decision
Vendors
Evaluation method
Proposal
Users
Guidelines for
accuracy test
Valuation basis
Creation of real-based biometric market
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
25
Policy of Accuracy Test
(1) Objective evaluation for multiform products,
various evaluators “viewpoints” and individual
tests
(2) Common basis with Europe and America
・Japanese accuracy test could be accepted
・Refer to proposals of NBTC about mathematical basis
(3) Focus on fingerprint based authentication systems
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
26
Classification of Functional Structures
Authentication system
Verification Device
Fingerprint
capture
Fingerprint
Fingerprint
Matcher
Distance
Parameters
Decision
function
Verification Device
Fingerprint capture
Fingerprint Matcher
Output distance
Fingerprint Matcher
Image enhancement
Feature extraction
Templates
Matching functions
Output distance
Authentication system
Verification Device
Decision function
Output result
Result
(True/False)
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
27
Definition of Test Items
Fingerprint
Collection
Verification
Accuracy
Calculation
Defined Items
Guidelines for accuracy tests
Accuracy Test Software
Test process
start
・Collection environment
・Number of fingers
・Number of fingerprints
・Experimental subjects
・Training to input finger
・Combination of genuine
・Combination of imposter
・Calculation methods
・Result description
・ROC Curve
・Availability Rate
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
28
Results Description

FMR & FNMR as ROC curve



Calculated at each threshold or parameters
Described by a logarithmic ROC curve
Availability rate

Rate of persons who can use the product
Frequency
Imposter
hg (t)
Genuine
hi (t)
Threshold Th
FMR
FNMR
Distance （t）
Distance Distribution
False Match Rate(FMR)
0.1%
0.01%
０
0.01%
False Non-Match Rate(FNMR)
0.1%
ROC Curve
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
29
Comparison with Best Practice
Biometrics
Target
Application
Evaluation
Method
Results
Description
Accuracy Test Guideline
Fingerprint
Verification only
(1 to 1)
Best Practice
All biometrics technologies
All applications
・Verification
・（Positive） Identification
・Negative Identification
Depend on a object of evaluation
For algorithms
Technical
For devices
Scenario
For systems
Operational
・ROC(FNMR,FMR) curve
・ROC（FNMR，FMR） curve
・Accuracy Test Guideline
・Failure to acquire, Failure to enroll
・Test Specification
・Test Specification
・BinningError vs Penetration curve
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
30
Comparison with Best Practice
Item
Number of
Biometric
Information
Best Practice
Accuracy Test Guideline
expected ・As many as possible
with
Decided
accuracy
・No strict criterion
・There must be enough time
Requirements interval between collecting
for Fingerprint enrollment data and test data.
Collection
・The length of interval is not
specified.
Fingerprint data that failed to
enroll or verify are not used
Availability Rate for accuracy evaluation.
・The time interval must be longer
than general time of healing of that
body part.
（2 to 3 weeks for fingerprints）
・Fingerprint data that failed to enroll
or verify are not used for accuracy
evaluation.
・Failure to Enroll Rate
・Failure to Acquire Rate
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
31
Outline of the ORD Guideline
(1) The guidelines provide the methods to decide the
requirements for application
(2) Investigation of applications using authentication


6 fields (Finance, Public, Medical, PD/Retail, Housing,etc.)
Hearing from 50 users
(3) Application model leads requirements on usability
(4) Risk analysis leads requirements on security
ORD: Operating Requirements Decision
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
32
Security Level Classification
Usability
Safety
Level
Criterion
（H）
（M）
・Very Highl Risk
・Relation to Social Safety
Example
・Area Control in Nuclear
Applications Power Plant
・Area Control in Mint
Bureau
・Access Control for Arms
・Area Control in Smart
Card Issuer
・Access Control of CA’s
Private Key
FAR(:ex)
Expression
FRR
0.00006％
1
( Population ) 
（ PCOR）
（L）
・High Risk
・Relation to Social Trust
・Low Risk
・No necessary Security
・Area Control in Bank
・Immigration
・Access Control of Smart
Card
・Debit/Credit Card
・Remote Banking
・Medical chart ・ＡＴＭ
・DB in Enterprise
・ＰＣ Log in
・Entrance of Apartment
・Attendance of Office
・User Tracking
・Observing
1％～0.01％
（ Permisible FAR）
（ Member）
（ PCOR）
FAR takes first priority
About １％
FRR takes first priority
Functional Requirements
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
33
Model Classification for Biometric Applications
①Access Control
Safety
Real Space
Authenticate
Protected Space
(Physical or Electronic)
Value
②Flow Control
Real Space
Electronic Space
Authenticate
e-Doc ・Signature
・Seal
Flow of Sanction
③Tracking
Real Space
Electronic Record(Log)
ID Place
Time
Authenticate
Usability
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
34
Procedure of ORD
Start
Model Classification
Functional Requirements
Specification
Threats Analysis
Occurrence Rate
Value
Evaluation
Value
Risk Analysis
Security Level Classification
Usability Requirements
Adjustment
Requirements
Safety Requirements
C
Report B
of device:
Evaluation
A
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
35
Japan Biometric Authentication Association
Object
To create the fair biometric market, JBAA
(1) Investigates problems of standardization of biometric authentication
(2) Proposes activities for standardization, promote projects for common
framework by academic, business, and governmental circles
Agenda
(1) Interoperability
・Investigation of standardization of data format and API
・Clarifying PKI model
(2) Performance
・Investigation of standardization for accuracy test
・Investigation of privacy and other compliance
(3) Assurance
・Investigation of security standardization and protection profiles
・Investigation of operating requirements decision guideline and
proposal of a draft.
・Clarifying policy for examination of vulnerability
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
36
Activities of Technology WG of JBAA
Purpose
- System integrators/users can select appropriate biometric devices
Term
- Sep 2000 - now
Members
- Hitachi, Omron, Oki, Mitsubishi, Computer Associates, Japan Telecom,
NEC, Secure Generation, Sharp, Secom, Cyber Sign, Waseda university etc.
Outline of project
(1) Research of biometric technologies
(2) Discussion about problems of service/business model
(3) Comprehensive discussion about common technical problems for
standardization
(4) Experiment to verify above problems
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
37
Privacy Consideration



Biometric information can be easily stolen and forged
→ Vulnerability
Biometrics is the ultimate privacy data
Privacy protection in X9.84 is based on HIPAA (Healthcare
Insurance Portability and Accountability Act).

Act on the prohibition of unauthorized access to computer
systems (Feb, 2000) bans dishonest acquisition and use of
identification code.
Biometrics fall under this category.
We should make a privacy guideline for biometric
authentication systems and lead system integrator and
operator to a better understanding of privacy.
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
38
Vulnerability Consideration

What’s “Vulnerability” for information systems?


Vulnerability for Biometric authentication systems is…



Characteristic of the system causes the system not to perform the
requirement designed.
The characteristics causes impersonation
The characteristics causes the impediment of the system availability
For secure biometric authentication systems



To define all of the vulnerability on the system
To define the risk of every vulnerable characteristic
To define the countermeasure of the vulnerable characteristics
Need for definition of the vulnerability of biometric systems
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
39
Examples of The Vulnerability for
Biometric Authentication Systems

Biometrics specific vulnerability





False Acceptance rate
Artificial biometric object
Hill-climbing attack
etc…
Common vulnerability for information system

Forgery or alternation of





Template data of users
Matching software
Result of the matching
Electronic Biometric data
etc…
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
40
Comparison of PKI/Biometrics Models
Client Model
Basic model
Server Model
Authentication
Authentication
Basic model
server Model
server Model
Templates are
stored in
Client
Client
BCA
BCA
Verified in
Client
Client
Application
Authentication
server
Digital
authentication
in
Application
Authentication
server
Application
Authentication
server
・Confidentiality in client
Security
Requirements ・Consistency with PKI
・Integrity of biometric info.
・ Consistency with PKI
Suitable model should be selected according to various
system requirements
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
41
Server Model （Basic Model）

PKI based authentication
→Biometrics authentication
User
Certificate
Secret key
Biometric
Data
Input
biometrics
& Sign
(1)Challenge code
(2)User signature,
Certificate &
biometrics
BCA
Certificate
Verification of
Signature &
Biometrics
CRL
User
Template
BCA
(3)Service
Client
Terminal
CA
CA
Certificate
Application
Server
Template
Database
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
42
Client Model（ Basic Model ）

Biometrics authentication
→ PKI based authentication
User
Certificate
Biometric
Data
Secret key
Biometric
Verification
& Sign
User
Template
Client
Terminal
CA
(1) Challenge code
(2) User signature &
Certificate
CA
Certificate
CRL
Signature
Verification
(3) Service
Application
Server
BCA
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
43
Biometric Authentication on Mobile Phones
BCA
－ Server Model －
Certificate
Mobile phone
Biometric
Certificate
Database
CA
③ Biometric
Base
Station
Carrier
Net
IP Network
①Challenge code
② Signature,Certificate,fingerprint data
Certificate
Application Server
CA Certificate
④Service
Biometric
Data
Signature Verification
Certificate
Secret key
Sign
Biometric Verification
UIM Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
44
Biometric Authentication Authority (Japan Telecom)
Biometric Authentication Authority
Biometric DB
Verification Engine
Biometric
Authentication
Server
⑤ Verification
④ Authentication
Request
⑥ Result
EC Sites
⑥ Result
Biometric
Data
② Authentication
Request
Client
③ Acquisition of
Biometric Data
PKI Certificate Authority
① Access
Biometrics
HandFingerprint geometry
Iris
・・・
Face
Voce
Signature
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
45
Biometrics Campus
User Authentication
COOP
User Authentication
Issuing
Machines for
Certificates
Safety Box
(Mitsubishi Corp.)
User Authentication
Vending
Machine
Parking Lot
Holder Authentication
Copy Machine
ID Card(IC)
Intra-CampusＬＡＮ
Workflow System
for office workers
Lecture Room
Authorization
Attendance
Labs／
Computer
Rooms
Library／
Dormitory
Access Control
Servers
Library
System
Authentication
Authentication
Servers
Access Control for
Intra-campus LAN
Home Campus
On-line Registration／
On-line inquiry
Internet
Mobile Campus
Cell. Phone
User Authentication
Theater／
Restaurant／
Salon
Student Discount
On-line Attendance
Ticketing Center
User Authentication
Application for Parking Lot
On-line Registration for
Certificates/ Student Discount
Satellite Campus
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
46
Study Items
■Standardization
・Operating requirement decision guideline
・Privacy consideration
・Vulnerability consideration
・Authentication model (PKI+biometrics)
・etc.
■Utilizing merits of biometrics
・Authentication without user’s consciousness
・Authentication with user’s feelings
Copyright(C) 2002, All rights reserved. SDL, Hitachi, Ltd. and Waseda University.
47