Biometrics Stephen Schmidt Brian Miller Devin Reid What are Biometrics? Biometrics is the study of uniquely identifying humans based solely on intrinsic physical traits. Biometric technology can be used as a method of authentication, based on an individuals unique characteristics. How Biometrics Work First an individual registers with the system The information is the processed by a numerical algorithm, and entered into a database Every time a user tries to gain access to the system, or authenticate, the biometric needs to be recaptured and processed into a digital template This new Biometric template is then compared with the original template using hamming distance Hamming distance is the comparison of how similar two bit strings are Why use Biometrics? ''The password is becoming obsolete and hackable'' - Mike Miley, vice president of Science Applications International Corporation (SAIC) Convenience Different Methods perceived as more secure May actually be more secure Useful as a deterrent Passive Identification Downside of Biometrics COST Still working out the kinks Biometrics vs. Smartcards Error rate for some biometrics is still high In 5 years Biometrics will be widely used Biometric Authentication Many different Biometrics may be used for Authentication: Facial Recognition Hand Geometry Iris Scanner Speech Recognition Fingerprint Scanner DNA Analysis Facial Recognition Every face has numerous distinguishable landmarks that make up facial features, these landmarks are defined as nodal points, there are 80 nodes. These are some of the most common nodes Distance Between the eyes Width of the nose Depth of the eye sockets Shape of cheek bones Length of jaw line Hand Geometry Hand Geometry less unique than other traits, such as fingerprint or iris scans. This is why schools, and not high security areas tend to use hand geometry It provides user authentication, not user identification They operate by using a digital camera and light, a camera takes a picture of your hand and its shadow, and analyzes it to make a numerical template Iris Scanner Some people confuse iris scans with retina scans, retinal scans are an older technology that requires a bright light to illuminate a person’s retina, a sensor would take a picture of the blood vessel located in the back of the eye. Some people found this procedure invasive, and peoples retinas change as they age. Iris Scanner cont. A simple digital camera that uses both visible and nearinfrared light that takes a clear high contrast picture of a persons iris. With near-infrared light the pupil appears very-black making it easy for a computer to differentiate between the pupil and the iris. When the camera takes a picture it locates: The center of the pupil, the edge of the pupil, the edge of the iris, eyelids and eyelashes A chance of mistaking one iris code for another is 1 in 1078 It also allows for more then 200 points of reference Speech Recognition This is currently the only biometric that provides remote authentication Speech recognition captures a person’s voice, the physical characteristics of the vocal track and its harmonic and resonant frequencies. It then compared it with a stored voice print, created during an enrollment process. Fingerprint Scanner No two fingerprints are exactly alike Scanners operate in one of two ways: Taking a high resolution image of the fingerprint Capacitance Scanner, scans the finger for conductance on different locations. To compare fingerprints, the system compares specific features, rather then the entire print. Typically focus is put on point where ridgelines end or ridges spilt. Collectively these points are referred to as minutiae The scanner recognizes these features, and compares the relative positions to one another To get a match, the entire print does not need to match; just a per-specified number of matches must occur. DNA Analysis DNA is the least useful for biometric authentication, but most useful for biometric identification Examiners have to extract DNA from cells, quantify the DNA, and amplify the DNA using PMR. DNA Samples are then compared The probability of two people having the same DNA profile, is about 1 in 1 billion Comparing Biometrics Biometrics may be compared by the following: Universality describes how commonly a biometric is found in each individual. Uniqueness is how well the biometric separates one individual from another. Permanence measures how well a biometric resists aging. Collectability explains how easy it is to acquire a biometric for measurement. Performance indicates the accuracy, speed, and robustness of the system capturing the biometric. Acceptability indicates the degree of approval of a technology by the public in everyday life. Circumvention is how hard it is to fool the authentication system. Effectiveness of Biometrics The Future of Biometrics Currently biometrics only cover user authentication, and slowly provide user identification. Biometrics cannot provide user confidentiality This is because: Biometric information is too easily compromised The encryption algorithm must be private, in order to keep 3rd party users from generating your key from your biometric.