An Overview of Biometrics

Access Control

An Overview of

Biometrics

2

Contents Biometric Systems

1. Introduction

2. Biometric identifiers

3. Classification of biometrics methods

4. Biometric system architecture

5. Performance evaluation

SECURITY INNOVATION ©2003

3

Contents Biometric Systems

6. Signature recognition

7. Voice recognition

8. Retinal scan

9. Iris scan

10. Face-scan and facial thermograph

11. Hand geometry


4

Personal Identification

Association of an individual with an identity:

• Verification (or authentication): confirms or denies a claimed identity.

• Identification (or recognition): establishes the identity of a subject (usually from a set of enrolled persons).


5

Personal Identification Objects

• Token-based:

“something that you have”

• Knowledge-based:

“something that you know”

• Biometrics-based:

“something that you are”


6

Biometrics

• Bio + metrics:

– The statistical measurement of biological data.

• Biometric Consortium definition:

– Automatically recognizing a person using distinguishing traits.


7

•

Application Domains (I)

Access control

– to devices

• cellular phones

• logging into a computer, laptop, or PDA

• cars

• guns

– to local services

• money from a ATM machine

• logging in to computer

• accessing data on smartcard

– to remote services

• e-commerce

• e-business


Application Domains (II)

8

• Physical access control

– to high security areas

– to public buildings or areas

• Time & attendance control

• Identification

– forensic person investigation

– social services applications, e.g. immigration or prevention of welfare fraud

– personal documents, e.g. electronic drivers license or ID card


9

Biometric Identifiers

Ideal Properties

• Universality

• Uniqueness

• Stability

• Quantitative

Considerations

• Performance

• Acceptability

• Forge resistance


10

Biometric Technologies

• Covered in ISO/IEC 27N2949:

– recognition of signatures,

– fingerprint analysis,

– speaker recognition,

– retinal scan,

– iris scan,

– face recognition,

– hand geometry.


11

Other Biometric Methods

• Found in the literature:

– vein recognition (hand),

– keystroke dynamics,

– palm print,

– gait recognition,

– ear shape.


12

Classification of Biometric

Methods

• Static:

– fingerprint

– retinal scan

– iris scan

– hand geometry

• Dynamic:

– signature recognition

– speaker recognition


13

Biometric System Architecture

• Basic modules of a biometric system:

– Data acquisition

– Feature extraction

– Matching

– Decision

– Storage


14

Biometric System Model

Data collection

Raw data

Signal processing

Extracted features matching template storage score

Application

Authentication decision decision


15

Data Acquisition Module

• Reads the biometric info from the user.

• Examples: video camera, fingerprint scanner/sensor, microphone, etc.

• All sensors in a given system must be similar to ensure recognition at any location.

• Environmental conditions may affect their performance.


16

Feature Extraction Module

• Discriminating features extracted from the raw biometric data.

• Raw data transformed into small set of bytes – storage and matching.

• Various ways of extracting the features.

• Pre-processing of raw data usually necessary.


17

Matching Module

• The core of the biometric system.

• Measures the similarity of the claimant’s sample with a reference template.

• Typical methods: distance metrics, probabilistic measures, neural networks, etc.

• The result: a number known as match score.


18

Decision Module

• Interprets the match score from the matching module.

• Typically a binary decision: yes or no.

• May require more than one submitted samples to reach a decision: 1 out of 3.

• May reject a legitimate claimant or accept an impostor.


19

Storage Module

• Maintains the templates for enrolled users.

• One or more templates for each user.

• The templates may be stored in:

– a special component in the biometric device,

– conventional computer database,

– portable memories such as smartcards.


20

Enrolment

• Capturing, processing and storing of the biometric template.

• Crucial for the system performance.

• Requirements for enrolment:

– secure enrolment procedure,

– check of template quality and “matchability”,

– binding of the biometric template to the person being enrolled.


21

Possible Decision Outcomes

• A genuine individual is accepted.

• A genuine individual is rejected (error).

• An impostor is rejected.

• An impostor is accepted (error).


22

Errors

• Balance needed between 2 types of error:

– Type I: system fails to recognize valid user (‘false non-match’ or ‘false rejection’).

– Type II: system accepts impostor (‘false match’ or

‘false acceptance’).

• Application dependent trade-off between two error types.


23

Tolerance Threshold

• Error tolerance threshold is crucial and application dependent.

• Tolerance too large gives Type II error (admit impostors).

• Tolerance too small gives Type I errors (reject legitimate users).

• Equal error rate for comparison: false nonmatch equal to false match.


24

Biometric Technologies

• Signature recognition

• Voice recognition

• Retinal scan

• Iris scan

• Face biometrics

• Hand geometry


25

Signature Recognition

• Signatures in wide use for many years.

• Signature generating process a trained reflex imitation difficult especially ‘in real time’.

• Automatic signature recognition measures the dynamics of the signing process.


26

Dynamic Signature Recognition

• Variety of characteristics can be used:

– angle of the pen,

– pressure of the pen,

– total signing time,

– velocity and acceleration,

– geometry.


Dynamic Signature Verification

(I)

27

Electronic pen [LCI-SmartPen]


Dynamic Signature Verification

(II)

28

Digitising tablet by

Wacom Technologies

Digitising tablet [Hesy Signature Pad by BS Biometric Systems GmbH]


29

Signature Recognition:

Advantages / Disadvantages

• Advantages:

– Resistance to forgery

– Widely accepted

– Non-intrusive

– No record of the signature

• Disadvantages:

– Signature inconsistencies

– Difficult to use

– Large templates (1K to 3K)


30

Fingerprint Recognition

• Ridge patterns on fingers uniquely identify people.

• Classification scheme devised in 1890s.

• Major features: arch, loop, whorl.

• Each fingerprint has at least one of the major features and many ‘small’ features.


Features of Fingerprints

31


32

Fingerprint Recognition (cont.)

• In a machine system, reader must minimize image rotation.

• Look for minutiae and compare.

• Minor injuries a problem.

• Automatic systems can not be defrauded by detached real fingers.


33

Fingerprint Authentication

• Basic steps for fingerprint authentication:

– Image acquisition,

– Noise reduction,

– Image enhancement,

– Feature extraction,

– Matching.


34 c e a

Fingerprint Processing b f d a) Original b) Orientation c) Binarised d) Thinned e) Minutiae f) Minutia graph


35

Fingerprint Recognition

• Sensors

– optical sensors

– ultrasound sensors

– chip-based sensors

– thermal sensors

• Integrated products

– for identification – AFIS systems

– for verification


Fingerprint Recognition:

Sensors (I)

36

Electro-optical sensor

[DELSY® CMOS sensor modul]

Optical fingerprint sensor

[Fingerprint Identification Unit

FIU-001/500 by Sony]

Capacitive sensor

[FingerTIP™ by Infineon]



Sensors (II)

37

E-Field Sensor

[FingerLoc™ by Authentec]


Thermal sensor

[FingerChip™ by ATMEL

(was: Thomson CSF)]


Integrated Systems (I)

[BioMouse™ Plus by American Biometric Company]

38

Physical Access Control System

[BioGate Tower by Bergdata]


[ID Mouse by Siemens]


Integrated Systems (II)

39

[TravelMate 740 by Compaq und Acer]


Keyboard [G 81-12000 by Cherry]

System including fingerprint sensor, smartcard reader and display by DELSY

40



• Advantages:

– Mature technology

– Easy to use/non-intrusive

– High accuracy

– Long-term stability

– Ability to enrol multiple fingers

• Disadvantages:

– Inability to enrol some users

– Affected by skin condition

– Association with forensic applications


41

Speech Recognition

• Linguistic and speaker dependent acoustic patterns.

• Speaker’s patterns reflect:

– anatomy (size and shape of mouth and throat),

– behavioral (voice pitch, speaking style).

• Heavy signal processing involved (spectral analysis, periodicity, etc)


42

Speaker Recognition Systems

• Text-dependent: predetermined set of phrases for enrolment and identification.

• Text-prompted: fixed set of words, but user prompted to avoid recorded attacks.

• Text-independent: free speech, more difficult to accomplish.


43

Speaker Recognition:

Advantages/ Disadvantages

• Advantages:

– Use of existing telephony infrastructure

– Easy to use/non-intrusive/hands free

– No negative association

• Disadvantages:

– Pre-recorded attack

– Variability of the voice

– Affected by noise

– Large template (5K to 10K)


44

Eye Biometric

• Retina:

– back inside of the eye ball.

– pattern of blood vessels used for identification

• Iris:

– colored portion of the eye surrounding the pupil.

– complex iris pattern used for identification .


45

Retinal Pattern

• Accurate biometric measure.

• Genetically independent: identical twins have different retinal pattern.

• Highly protected, internal organ of the eye.

• May change during the life of a person.


Retinal Recognition

46

Retinal recognition system [Icam 2001 by Eyedentify]


47

Retinal Scan:


• Advantages:

– High accuracy

– Long-term stability

– Fast verification

• Disadvantages:

– Difficult to use

– Intrusive

– Limited applications


48

Iris Properties

• Iris pattern possesses a high degree of randomness: extremely accurate biometric.

• Genetically independent: identical twins have different iris pattern.

• Stable throughout life.

• Highly protected, internal organ of the eye.

• Patterns can be acquired from a distance (1m).

• Patterns can be encoded into 256 bytes.


49

Iris Recognition

• Iris code developed by John Daugman at Cambridge.

• Extremely low error rates.

• Fast processing.

• Monitoring of pupils oscillation to prevent fraud.

• Monitoring of reflections from the moist cornea of the living eye.


The Iris Code

50


Iris Recognition

System for passive iris recognition by Sensar

51

System for active iris recognition by

IrisScan


52

Iris Recognition:


• Advantages:

– High accuracy

– Long term stability

– Nearly non-intrusive

– Fast processing

• Disadvantages:

– Not exactly easy to use

– High false non-match rates

– High cost


53

Face-scan and Facial

Thermographs

• Static controlled or dynamic uncontrolled shots.

• Visible spectrum or infrared (thermographs).

• Non-invasive, hands-free, and widely accepted.

• Questionable discriminatory capability.


54

Face Recognition

• Visible spectrum: inexpensive.

• Most popular approaches:

– eigen faces,

– Local feature analysis.

• Affected by pose, expression, hairstyle, makeup, lighting, eyeglasses.

• Not a reliable biometric measure.


Face Recognition

55

Face recognition system

[TrueFace Engine by Miros]

Face recognition system

[One-to-One

™ by Biometric Access Corporation]


56

Face Recognition:


• Advantages:

– Non-intrusive

– Low cost

– Ability to operate covertly

• Disadvantages:

– Affected by appearance/environment

– High false non-match rates

– Identical twins attack

– Potential for privacy abuse


57

Facial Thermograph

• Captures the heat emission patterns derived from the blood vessels under the skin.

• Infrared camera: unaffected by external changes (even plastic surgery!) or lighting.

• Unique but accuracy questionable.

• Affected by emotional and health state.


58

Facial Thermograph:


• Advantages:

– Non-intrusive

– Stable

– Not affected by external changes

– Identical twins resistant

– Ability to operate covertly

• Disadvantages:

– High cost (infrared camera)

– New technology

– Potential for privacy abuse


59

Hand Geometry

• Features: dimensions and shape of the hand, fingers, and knuckles as well as their relative locations.

• Two images taken: one from the top and one from the side.


Hand Geometry Reading

Hand geometry reader by Recognition Systems

60

Hand geometry reader for two finger recognition by BioMet Partners


61

Hand Geometry:


• Advantages:

– Not affected by environment

– Mature technology

– Non-intrusive

– Relatively stable

• Disadvantages:

– Low accuracy

– High cost

– Relatively large readers

– Difficult to use for some users (arthritis, missing fingers or large hands)


62

Multimodal Biometric Systems

• Combination of biometric technologies

– Fingerprint and face recognition

– Face recognition and lip movement

– Fingerprint recognition and dynamic signature verification

• Increase the level of security achieved by the system

• Enlarge the user base


63

How good are biometric products?

• How can we find out, how good a biometric product is?

– Empirical tests of the product

• There have been independent tests on a series of biometric products

– in Japan

– in Germany


64

Different Threat Scenarios

1.

Regular biometric sensor using artificially generated biometric data

2.

Replay attack of eavesdropped biometric data

3.

Manipulation of stored biometric reference data


65

Japanese Test

• Tsutomu Matsumoto, a Japanese cryptographer working at Yokohama

National University

• 11 state-of-the-art fingerprint sensors

• 2 different processes to make gummy fingers

– from live finger

– from latent fingerprint

Gummy fingers fooled fingerprint sensors

80% of the time


66

Test in Germany (I)

• 11 biometric sensors

– 9 fingerprint sensors,

– 1 face recognition system, and

– 1 iris scanner

• Fingerprint sensors –

– reactivate latent fingerprints (optical and capacitive sensors)

– apply latex finger (thermal sensor)

• Face recognition system –

– down- (up-) load biometric reference data from (to) hard disk

– no or only weak life detection


Test in Germany (II)

• Iris recognition –

– picture of iris of enrolled person with cut-out pupil, where a real pupil is displayed

67

All tested biometric systems could be fooled, but the effort differed considerably


68

Choosing the Biometrics

• Does the application need identification or authentication?

• Is the collection point attended or unattended?

• Are the users used to the biometrics?

• Is the application covert or overt?


69

Choosing the Biometrics (cont.)

• Are the subjects cooperative or noncooperative?

• What are the storage requirement constraints?

• How strict are the performance requirements?

• What types of biometrics are acceptable to the users?


Conclusions

70

• Biometric technology has great potential

• There are many biometric products around, regarding the different biometric technologies

• Shortcomings of biometric systems due to

– manufacturers ignorance of security concerns

– lack of quality control

– standardisation problems

• Biometric technology is very promising

• Manufacturers have to take security concerns serious


An Overview of Biometrics

Related documents

Products

Support

An Overview of Biometrics

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib