CS 651 FINAL PAPER
Accuracy of Biometric Access System
By
Vincent Chepkwony
Colorado Technical University
Department of Computer Science
Denver, Colorado 80111
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Abstract
Accuracy of biometric verification system has attracted attention
recently because it is more secure than knowledge- or token-based
verification techniques. Multi-modal biometric verification can provide
even greater accuracy by combining several forms of biometrics.
However, there are problems with the availability, usability and
acceptability of the technique.
Data quality limits the accuracy of biometrics. Poor data quality is
responsible for many or even most matching errors in biometric systems
and may be the greatest weakness of some implementations. The impact
of poor data quality can be reduced in various ways, many of which
depend on effective methods of automated data quality measurement.
This paper analyzes the causes and implications of poor quality
biometric data, performance of a biometric system, prevention, and
potential remedies. Current approaches to the problem and procedural
error have been described and criticized. Finally, a methodology for the
measurement of the accuracy of biometric system with not-symmetric
matching function is proposed and discussed.
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Introduction
Biometrics are automated methods of recognizing a person based on a
physiological or behavioral characteristic. Examples of human traits
used for biometric recognition include fingerprints, speech, face, retina,
iris, handwritten signature, hand geometry, and wrist veins.
The word "automated" is necessary in the definition because we want to avoid the
inclusion of very common, but significantly less reliable, methods of identification such
as a photograph. We want to ensure that our identification is precise and accurate. In
addition to automation, there must be three other components: there must be a mechanism
to scan and capture an image of the characteristic being observed; there must be some
processing of the image; and, there must be an interface with an application. (Ronald J.
Hays, January 1996)
The purpose of this paper is to present an overview of biometric
systems, and discuss the justifications for its implementation and the
dangers inherent in them.
Because biometric technologies, their application, and their working
environment are all in their infancy, the research on which this paper is
based has relied heavily on case studies, literature search, primarily in
the popular and trade press, and interviews with leading figures in the
field.
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Biometric Access System Architecture
Verification/Authentication Mode/Stage Architecture (Bojan Cukic, 2005)
Require new acquisition of
biometric
Biometric
Data Collection
Transmission
Additional image preprocessing,
adaptive extraction/representation
Signal Processing,
Feature Extraction,
Representation
No
Quality
Sufficient?
Yes
Generate Template
Approx 512 bytes of
data per template
Database
Yes
Author: Vincent Chepkwony
Template Match
Decision
Confidence?
No
2 - 26
Created on: August 14, 2007
CS 651 FINAL PAPER
Enrollment Mode/Stage Architecture
Require new acquisition of
biometric
Biometric
Data Collection
Transmission
Additional image preprocessing,
adaptive extraction or
representation
Signal Processing,
Feature Extraction,
Representation
No
Quality
Sufficient?
Yes
Approx 512 bytes of
data per template
Database
Generate Template
25
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Overview of Biometric Accuracy
Biometric accuracy is measured in two ways; the rate of false
acceptance (Type 1) and the rate of false rejects (Type 2) .Every
biometric technique has a different method of assigning a score to the
biometric match; a threshold value is defined which determines when a
match is declared. Scores above the threshold value are designated as a
"Hit" and scores below the threshold are designated as "No-Hit."
A Type 2 error occurs if a true match does not generate a score above
the threshold. A Type 1 error is made when an impostor generates a
match score above the threshold. If the Type 1 and Type 2 error rates
are plotted as a function of threshold value, they will form curves which
intersect at a given threshold value. (Thomas Ruggles, July 10th 2002)
The point of intersection is called the crossover accuracy of the system.
In general, as the value of the crossover accuracy increases the inherent
accuracy of the biometric increases. It is my opinion that the crossover
accuracy should be a very nearly linear function of data size per record.
For example, given the high crossover accuracy for Retinal Scan, I
would expect that the data size of a Retina Scan would be much higher
that either Iris Scan or Fingerprints. (Zdenek Riha, 2000)
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Biometric Technologies
There are many biometric technologies to suit different types of applications. To
choose the right biometric to be highly fit for the particular situation, one has to navigate
through some complex vendor products and keep an eye on future developments in
technology and standards. Here comes a list of biometrics:
Fingerprints - A fingerprint looks at the patterns found on a fingertip. There are
a variety of approaches to fingerprint verification, such as traditional police method,
using pattern-matching devices, and things like moire fringe patterns and ultrasonics.
This seems to be a very good choice for in-house systems. (Anil Jain, 2004)
Hand geometry - This involves analyzing and measuring the shape of the hand.
It might be suitable where there are more users or where user access the system
infrequently. Accuracy can be very high if desired and flexible performance tuning and
configuration can accommodate a wide range of applications. Retina - A retina-based
biometric involves analyzing the layer of blood vessels situated at the back of the eye.
This technique involves using a low intensity light source through an optical coupler to
scan the unique patterns of the retina. Retinal scanning can be quite accurate but does
require the user to look into a receptacle and focus on a given point. (Arun Ross)
Iris - An iris-based biometric involves analyzing features found in the colored
ring of tissue that surrounds the pupil. This uses a fairly conventional camera element and
requires no close contact between the user and the reader. Further, it has the potential for
higher than average template-matching performance. (Paul Rosenzweig, June 21st 2004)
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Applications of Biometric Access Systems
Biometric access control systems consist of a reader or scanning device, software that
converts the gathered information into digital form and a database that stores the
information for comparison with previous records.
These readers, or scanning devices, can scan for a fingerprint, hand geometry, signature,
retina, facial recognition, voice print, vascular pattern and even DNA. This technology
can be used for a number of applications including time and attendance reporting,
building access control, verification of signatures, point-of-sale identity verification,
process control security and cellular phone security. (Bashar Masad, September 2006)
Verification is a simple process for users. A PIN number for example is entered into a
keypad, a magnetic stripe/barcode card is swiped or a proximity card is used to touch the
biometric reader. As a result, the reader pulls up a template taken of the person’s
biometric data at the time of enrollment. If the resulting template matches the stored
template, the person is verified. (Vaclav Matyas 2000)
Although this can be considerably more convenient than current access methods such as
passwords and cards, many think of the technology as confined to heightened security
applications. It is true that biometrics are used to check employees coming into almost
every airport and to guard almost every nuclear plant. These access systems are also the
mode of entry at embassies around the world. However, the majority of implementations
are used in common, everyday locales including hair salons and restaurants.
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Design Challenges and Accuracy of Biometrics Access Systems
The main goal of any access control system is to keep some people out and allow others
to get in. Although this sounds simple, some key factors must be considered early on
when designing a biometric application. These include user acceptance, throughput,
accuracy, encryption and identity theft aversion.
User acceptance of the access control device is one of the most critical factors in the
success of a biometric-based implementation. In order to prevent improper use, which
can cause access errors, the device should not cause discomfort or concern and must be
easy to use. (Rahul Shah, Ingersoll Rand Security Technologies,2006)
Throughput, which is application-dependent, is the total time required to use the device.
The elapsed time from presentation to identity verification is known as verification time.
Most readers can verify identity within one second. (Bill Spense, May 20th 2006)
However, when considering the use of biometrics for access control, the total time it
takes a person to use the reader must be considered. This includes the time it takes to
enter the ID number and the time required to get into the right position for scanning. The
total time required for each person varies.
Accuracy is vital to the acceptance of the biometric type chosen. If it does not accurately
read the person’s biometric input, the system will no longer be used for access control
because of its inaccuracies. Letting the wrong people in or denying access to the correct
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
people poses serious problems. The two errors a unit can make are false acceptance and
false rejection. (Paul Bleicher, Biometric Comes of Age, December, 2005)
System designers set this numeric score to accommodate the system’s desired level of
accuracy, which is measured by the False Accept Rate (FAR) and False Rejection Rate
(FRR).
The FAR is the probability that an unauthorized user will be allowed to pass for someone
else. This error rate must be low enough to present a real deterrent for a given
application. In today’s biometric access control systems, FAR ranges from .0001% to
0.1%. In comparison, the biometric hand geometry reader used on the front entry area of
60% of U.S. nuclear power plants has a FAR of 0.1 %.( Lantronix-september, 2006)
False Rejection Rate is just as crucial as FAR. The FRRs quoted for currently available
systems vary from .00066% to 1.0%. A low FRR is important because this type of error
can occur with almost every use of the access control device. (Recognition Systems Inc.)
When constructing an accuracy test, one of the first questions to consider is "How many
samples must be used in order to be sure that the final, overall test result represents the
'True' accuracy of the system? This is also referred to as the “true mean accuracy” of the
system." (Bio-tech Inc, 2005)
On one hand, testing is expensive in terms of money, time, and resources and the test
must be rigorous enough to yield a very close approximation of the inherent matching
capabilities of the biometric system in question.
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Causes of Biometric inaccuracy
Biometric identification relies on technology that is far from proven,
and major organizational adjustments are needed to cope with it. There
are many practical problems involved in complex and largely automated
schemes, and in coping with exceptions, system outages and claims of
database error.
Systems that entail a central registry of personal identities raise much
more substantial issues. The adequacy of data protection laws in dealing
with these issues to the satisfaction of the public is in doubt. A
biometric print may, for example, be considered to be in the public
domain. Alternatively, people may find that they are required to provide
a biometric print in many unforeseen or unintended future
circumstances. (Simon G Davies, Information Technology, 1994)
Some biometric technologies are discriminatory. A nontrivial percentage of the
population cannot present suitable features to participate in certain biometric systems.
Many people have fingers that simply do not "print well." Even if people with "bad
prints" represent 1% of the population, this would mean massive inconvenience and
suspicion for that minority. (Denise Masi PhD, Biometric Consortium, 2005)
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Methods of improving Biometric Accuracy
To improve the accuracy of Biometric access system, detail
consideration must be tabled before any Biometric system is put into
use. The reason behind this is that once a fingerprint or other biometric
source has been compromised it is compromised for life, because users
can never change their fingerprints.
Therefore, in order for the biometrics to be ultra-secure and to provide
more-than-average accuracy, more then one form of biometric
identification is required. Hence the need arises for the use of
multimodal biometrics. Biometric fusion combines biometric
characteristics derived from:

One or more modalities or technologies (algorithms, sensors)

Multiple characteristics derived from samples Multiple or
repeated biometric instances

Multiple or repeated biometric instances
The main goal of multi-biometric Fusion is to identify or authenticate individuals more
effectively than when using a single matcher and the results would include: improved
accuracy, improved system robustness and fault tolerance and finally, improved system
efficiency (Bradford T. Ulery, Biometric Consortium Conference, 2005)
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Conclusion
Biometric measures of one kind or another have been used to identify people since
ancient times, with facial features, and fingerprints being the traditional methods.
Systems have been built that automate the task of recognition, using these methods and
newer ones, such as hand geometry, voiceprints, and iris patterns.
These systems have different strengths and weaknesses. In automatic operation, most
have error rates of the order of 1% (though iris recognition is better, hand geometry
slightly better, and face recognition worse). There is always a trade-off between the false
accept rate (the fraud rate) and the false reject rate (the insult rate). The statistics of error
rates are deceptively difficult.
If any biometric becomes very widely used, there is increased risk of forgery in
unattended operation: voice synthesizers, photographs of irises, fingerprint molds, and
even good old-fashioned forged signatures must all be thought of in system design.
Biometric systems use scores to express the similarity between a pattern
and a biometric template. The higher the score, the higher the similarity
is between them. As described in the previous section, access to the
system is granted only, if the score for an authorized individual or the
person that the pattern is verified against is higher then a certain
threshold. (Korves, H 2005)
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
REFERENCES
The following sources were used in the compilation of this report:
A Performance Evaluation of Biometric Identification Devices, J.
Holmes, L. Wright, R. Maxwell (Sandia National Laboratories,
SAND91-0278/UC-906, June 1997)
Biometrics: Who Goes There? J. Fenn (Gartner Group, Inc., Spring
1995).
Personal Identifier Project Executive Summary (State of California
Department of Motor Vehicles (CA DMV), 16 May 1990)
Electronics Benefits Transfer - Use of Biometrics To Deter Fraud In
The Nationwide EBT Program, GAO/OSI-95-20 (September 1995).
Carroll J.M. (1991) Confidential Information Sources, 2nd edition,
Butterworth-Heinemann, New York, 1991
Korves, H., L. Nadel, B. Ulery, and D. Masi, “Multi-biometric Fusion:
From Research to Operations”, Sigma, Mitretek Systems, summer 2005,
pp.39-48,
http://www.mitretek.org/home.nsf/Publications/SigmaSummer2005
Security Park magazine 2007.Retrieved on August 13, 2007 from:
http://www.securitypark.co.uk/article.asp?articleid=26389
Hays, Ronald http://www.biometrics.org/REPORTS/INSPASS.html
Author: Vincent Chepkwony
Created on: August 14, 2007
CS 651 FINAL PAPER
Author: Vincent Chepkwony
Created on: August 14, 2007