HOA 725
Biometrics
Pearl Brewer, Ph.D.
Definition of
Biometrics
Automated identification based on physiological or behavioral
characteristics
 Examples









Application:


Fingerprints
Hand geometry
Vein Check
Facial recognition
Signature
Iris or retinal scan
voice recognition
Keystroke dynamics
Secure identification and personal verification solutions
Uses:

Federal, state and local governments, in the military, and in
commercial applications
Important
Considerations
Hardware
 Security level
 Integration with applications or operating
systems,
 User acceptance.

Hand-based
Biometrics
Fingerprint
Hand
Vein
Identification
Geometry
Check
Fingerprint
Identification
Matching the
characteristics of a
fingerprint on file to
the one presented to
the system.
 Reliability depends
on how many
“points” you match.

Fingerprint
Technology


sub-dermal fingerprint readers read below the user's
surface layer of (dead) skin down to the live subdermal layer where an individual's true fingerprint
resides. It works by bouncing electromagnetic waves,
similar to radio waves, off the live tissue and blood
flow underneath a persons skin.
These reflections are recorded to build up a picture of
the fingerprint, which is matched against the persons
known fingerprint recorded earlier.
Fingerprint
Technology Uses

Door Locks

Access Control
Computer work
stations
 Time Clocks
 In room safes
 Payment Systems

Combo Systems
 Combining
two security methods
increases validity.

Such as
a card and fingerprints
 Pin number and fingerprints

Advantages &
Limitations
 Inexpensive,
cost range from $100 to
$2000
 Convenient, you always have it with you!
 False acceptance and rejection is
estimated at around 0.0001% and less
than 1% respectively
 However others say they can be
defeated
Can they be
defeated?
 It
depends on the technology used:
Technology that simply reads the surface or
does not use electromagnetic can be defeated.
 But of course you have to get the fingerprint!!


In this case a combination method is best
Hand Geometry

Recognition Systems'
biometric HandReaders
simultaneously analyze
more than 31,000 points
and instantaneously
records more than 90
separate measurements
of an individual's handincluding length, width,
thickness and surface
area-to verify that the
person using the device
is really who he or she
claims to be.
How Hand
Geometry Works




The user places the
palm of his hand on a
metal surface which has
guidance pegs on it.
the device can reads
the hand attributes.
The device then checks
its database for
verification of the user.
The process usually
takes less than 5
seconds.
Uses of Hand
Geometry
 Time
and Attendance
 Access control
 Identify Verification
Advantages




Easy for users to work the system - requiring nothing
more than placing one's hand on the device.
It has no public attitude problems as it is associated
most commonly with authorized access.
The amount of data required to uniquely identify a
user in a system is the smallest by far, allowing it to
be used with SmartCards easily.
It is also quite resistant to attempts to fool the system.
The time and energy required to emulate a person's
hand is generally too much to be worth the effort
Limitations
 Proprietary
hardware cost
 Required size of hardware
 Injuries to hands can cause difficulty in
using the reader effectively,
 Some question its accuracy in general.
Vein Check
 Veincheck
 The
Veincheck principle is a noninvasive, computerized comparison of
subcutaneous blood vessel structures
(the veins) in the back of a hand to
verify the identity of individuals for
access control or card-holder ID.
How Vein Check
Works
Measures the shape and size of veins in the
back of the hand (or front of the wrist).
 The vein pattern is best defined when the skin
on the back of the hand is taut - when the fist
is clenched.
 The skeleton of the hand then holds the vein
"tree" rigid.
 The vein "tree" pattern is picked up by a video
camera, and converted by a computer into a
vector pattern or into a string of numbers.
 This pattern of the vein "tree" is sufficiently
idiosyncratic to function as a personal bar

Advantages and
Limitations

Advantages






Non-harmful, near infrared lighting is employed.
Non-invasive, socially
acceptable alternative to
fingerprinting and retinal
scanning
Fast, easy-to-use, and
discreet
Very low false reject rate
Compact reference
pattern (400 bits)
Not easily replicated

Cost
Facial
Recognition

Facial recognition
systems are built on
computer programs
that analyze images
of human faces for
the purpose of
identifying them. The
programs take a
facial image,
How Facial Recognition Works

Measure characteristics such as



the distance between the eyes,
the length of the nose, and
the angle of the jaw,
create a unique file called a "template."
 Using templates, the software then
compares that image with another
image and produces a score that
measures how similar the images are to
each other.

Uses of Facial
Recognition
Access
control
ID
verification
Advantages
Accurate
Cost-effective
Familiar
Non-invasive
Uses legacy data
Does not require user participation
Limitations


It can be impossible to match images when
there are differences in lighting, camera, or
camera angle,
Some say there are high rates of both "false
positives" (wrongly matching innocent people
with photos in the database) and "false
negatives" (not catching people even when
their photo is in the database).
Limitations


Some systems are easily tripped up by
changes in hairstyle, facial hair, or body
weight, by simple disguises, and by the effects
of aging.
The technology works best under tightly
controlled conditions, when the subject is
starting directly into the camera under bright
lights -
How Voice
Recognition Works

compares a prerecorded voice
message with the
current user.

Can be a data-base
system or a stand
alone device
Voice Recognition
Credit Card


The card would have
a button on it and
when pressed it
would say "Please
say your password".
Compares voice to
data file store
remotely (via the
internet)
Uses of Voice
Recognition Technology
Access Control
 Computer work
stations
 Time Clocks

Advantages &
Limitations

perfect for telecommunication applications, most of the
modern personal computers already possess the necessary
hardware to utilize the applications.


The error rate for this type of biometric ranges between
two and five percent,

Some drawbacks to this technology are that voiceprints
can vary over the course of the day, and ones health, such
as a cold or laryngitis, can affect verification of the user by
the system.
Biometrics and
the eye
Two
types
 Retinal Scan
 Iris Scan
Retinal Scan
Technology

Retinal scanning
analyses the layer of
blood vessels at the
back of the eye.
Scanning involves using
a low-intensity light
source and an optical
coupler and can read
the patterns at a great
level of accuracy.
How Retinal Scan
Works
The user looks through a small opening in the
device at a small green light.
 The user must keep their head still and eye
focused on the light for several seconds
 During which time the device will verify his
identity. This process takes about 10 to 15
seconds total.

Advantages &
Limitations

Advantages



Most Accurate Biometric
System
Unlike other forms of
biometrics, there is
continuity of the retinal
pattern throughout life
Difficulty in fooling such a
device also make it a
great long-term, highsecurity option.

Limitations



Cost
Stigma of people
believing that it can
harm their eye
User must remove
glasses
How Iris Scans
Work
 Involves
analyzing features found in the
colored ring of tissue that surrounds the
pupil.
Advantages
Less intrusive of the eye-related biometrics,
 Uses a fairly conventional camera element
and requires no close contact between the
user and the reader.
 higher than average template-matching
performance.
 Iris biometrics work with glasses in place and
is one of the few devices that can work well in
identification mode.

Limitations
 Ease
of use and system integration
have not traditionally been strong points
with iris scanning devices
 Cost
Signature
verification
 Using
and individuals signature to
identify them.
How Signature
Verification Works

Takes into account






the shape
the stroke
speed
pen pressure, and
timing information while the person is creating the
signature.
Actual signature recognition is carried out by
writing on a pressure sensitive pad with a pen
or stylus.
Advantages and
Limitatiions



No matter how good a
forger may be, they will
be unable to duplicate
exactly all these
parameters.
A signature is relatively
stable over time
Acceptance of this
method is very high.

Cost
Keystroke
Dynamics
 Measures
your typing rhythms
 Refers to an authentication method that
analyzes the way a user types at a
terminal by monitoring keyboard input
1,000 times per second
 A behavioral biometric authentication
method
How Keystroke
Dynamics Works
The users type the same word (or words),
such as their usual user name and password
set, a number of times.
 The key parameters are




"flight time", the amount of time that a user spends
"reaching" for a certain key and
"dwell time", the amount of time a user spends
pressing one key. The advantage in the computer
environment is that neither enrollment nor
verification detracts from the regular workflow.
Advantages and
Limitations

Advantage

In the computer
environment is that
neither enrollment
nor verification
detracts from the
regular workflow.

Limitations
Discussion
 How
do you feel about Biometric
Systems?
 Are
there ssecurity issues?