sra111 22 biometrics

Principles of Information Security, 2nd edition 1

Authentication Four general ways in which authentication is carried out:

What a supplicant knows: user ID, password, pass phrases, PIN

What a supplicant has: ATM cards, smart cards, tokens

Who a supplicant is: fingerprints, hand topography, hand geometry, retinal, iris

What a supplicant produces: voice and signature pattern recognition


Common Biometric Process Flow


Common Biometric Process Flow A sensor is required to acquire the biometric data that will then be

processed by a processor. The processing involves enhancing the data, removing noise and

segmenting out the crucial data. From such conditioned data, the unique features are then extracted and a template is then generated to represent the biometric data.

Verification: If the matching is made against a claimed identity, the matching process will be a one to one comparison between the generated template and the stored reference template.

Another possible mode of matching is to compare the generated template against a list of reference templates of legitimate users. Such a process involves one to many comparisons and the matching process is called an Identification process.


Face A face image can be acquired using a normal camera such

as an off-the-shelf desktop camera. As such, it is the most natural biometric for identity

authentication. Two main approaches are used to perform face recognition, namely holistic or global approach and feature-based approach

Face Recognition Commercial Lenovo

http://youtube.com/watch?v=H2a0KYtG97E


Face Feature-based approach rely on the identification of certain fiducial

points on the face which are less susceptible to alteration, including the points at the eyes, the side of the nose and the mouth, the points surrounding one's cheekbones etc.

The locations of these points are used to compute the geometrical relationships between the points. The regions surrounding the points can be analyzed locally as well. Results from all the local processing at the fiducial points are then combined to obtain the overall face recognition.

Since detection of feature points precedes the analysis, such a system is robust to position variations in the image.

However, automatic detection of the fiducial points is not accurate and consistent enough to yield a high accuracy rate for the face recognition.


Face Holistic approach processes the entire face image simultaneously

without attempting to localise the individual points. This approach has some variants in the type of technology used, such as statistical analysis, neural networks or transformations.

The famous examples for statistical analysis are the eigenface technique and local feature analysis while for neural network is the elastic bunch graph matching technique.

The advantage of holistic approach is that it utilizes the face as a whole and does not destroy any information by exclusively processing only certain fiducial points. This generally yields more accurate recognition results.

However, such technique is sensitive to variations in position and scale, and thus requires large training data sets.


Face


Fingerprint Fingerprint is the oldest method of identity authentication

and has been used since 1896 for criminal identification. The fingertips have corrugated skin with line like ridges flowing from one side of the finger to another. The flow of the ridges is non-continuous and forms a pattern.

The discontinuity in the ridge flow give rise to feature points, called minutiae, while the pattern of flow give rise to classification pattern such as arches, whorls and loops. These are the basis of fingerprint recognition.


Fingerprint Fee By FingerPrint - Fox News http://www.youtube.com/watch?v=frnYEJK8XMA


Fingerprint In general, fingerprint recognition can achieve good accuracy

sufficient for both verification and identification. It is low cost and compact and is getting popular as consumer products.

However, not everyone has fingerprints that can be recognised. The sensor is also not able to capture acceptable quality fingerprint

images for people with very wet and very dry skin. In addition, the sensor needs to be maintained properly in order to get consistent performance.

The Spring 2002 international developer survey conducted by Evans Data recently has concluded that fingerprints have the most potential in terms of user authentication.


Finger Fingerprint Biometric Disaster http://www.youtube.com/watch?v=LA4Xx5Noxyo


Hand Geometry The hand image is obtained using a camera looking from

the top when the user placed his or her hand at a specified surface. The hand can be aligned using pegs or reference marks.

Two views are usually taken in a single image, the top view and the side view.

The side view is usually taken by the top camera as well using a side mirror.

From the hand image, the fingers are located and the length, width, thickness, curvatures and their relative geometry measured.


Hand Geometry The hand geometry template size can be very small. It has

acceptable accuracy for verification but not sufficient for identification.

The major advantage is that most people can use it and as such, the acceptance rate is good.

However, the system is rather bulky and may have problems with aging and health condition such as arthritis.

Fujitsu palm reader.


Iris Iris, the coloured part of the eye, is composed of a type of tissue

called trabecular meshwork which gives the appearance of layered radial lines or mesh when the iris is examined closely.

The visible mesh consists of characteristics such as striations, rings, crypts, furrows etc. giving the iris a unique pattern. The iris pattern is stable throughout the lifespan and is different for twins as well since the pattern is independent of genetic makeup.

The iris image is usually acquired using a monochrome camera with visible and near infra red light (700 - 900nm). In the processing stage, the eye is located and then the iris is segmented, leaving out the pupil and other noisy areas caused by reflection of light.


Iris


Iris Based on the efficient algorithm invented by Prof. John

Daugman of Cambridge University, England, the iris is divided into rims. For each rim, 2-D Gabor wavelets (a type of filter) are applied sequentially throughout the rim to extract the iris feature into numerical data, called the IrisCode(tm).

The algorithm is able to reveal 266 independent degrees-of-freedom of textural variation, making it a very accurate biometric. The IrisCode takes up 256 bytes of memory storage and can be efficiently matched by computing the fraction of mismatched bits relative to matched bits of two IrisCodes, called the Hamming distance


Iris Iris recognition is very accurate with very low false acceptance rate

(wrongly identifying the impostor as the genuine user) and can be applied to both verification and identification.

The identification speed is also very fast and it is relatively easy to verify whether the iris is from a living subject.

However, the cost of the system is somewhat high and not compact. It also suffers from poor lighting, reflection and possibly glasses and may not be suitable for people with cataract and young children.

In addition, some imaging system will require the user to be motionless for a while.

Eyemetric on FOX


Effectiveness of Biometrics

Biometric technologies evaluated on three basic criteria

False reject rate: the rate at which supplicants who are authentic users are denied or prevented access to authorized areas as a result of a failure in the biometric device (Type I error).

False accept rate: the rate at which supplicants who are not legitimate users are allowed access to systems or areas as a result of a failure in the biometric device (Type II error).

Crossover error rate (CER): the level at which the number of false rejections equals the false acceptances, (equal error rate). This is the most common and important overall measure of the accuracy of a biometric system.


Acceptability of Biometrics

Balance must be struck between how acceptable security system is to users and its effectiveness in maintaining security

Many biometric systems that are highly reliable and effective are considered intrusive

As a result, many information security professionals, in an effort to avoid confrontation and possible user boycott of biometric controls, don’t implement them

http://www.biometricnewsportal.com/


Biometrics Remember that all of these techniques ultimately depend on social

acceptance - excessively intrusive methods can be controversial: Airports are testing a new X-Ray scanner that can supposedly see

through clothing and reveal body features Facial recognition software - originally had high expectations but trials

have met with a high error rate Biometric E Passports [BBC] Biometric ID cards to be issued to 20 Million People Many advances are being made in the recognition of brain scan

patterns Starting this month (March 2007) 150,000 Port Workers and Truck

Drivers will be required to have an electronic Biometric ID in order to work according to this CNN report

But how reliable are they? Here is a link to a PDF from a talk about hacking Microsoft's fingerprint scanning technology.


Biometrics applications There are numerous applications for biometric systems. Most applications currently

concentrate on security related physical and logical access control. 1. Banking/Financial services such as ATMs, payment terminals, cashless payment,

automated cheque cashing etc. 2. Computer & IT Security such as Internet transactions, PC login etc. 3. Healthcare such as privacy concern, patient information control, drug control etc. 4. Immigration such as border control, frequent travelers, asylum seekers etc. 5. Law and Order such as public ID card, voting, gun control, prison, parole etc. 6. Gatekeeper/Door Access Control such as secure installations, military, hotel, building management etc. 7. Telecommunication such as telephony, mobile phone, subscription fraud, call

center, games etc. 8. Time and Attendance such as school and company attendance, 9. Welfare, including health care services and benefit payments 10.Consumer Products such as automated service machines, vault, lock-set, PDA

etc.

Video The documentary also looks at how the FBI, the Border

Patrol, police departments and schools are using biometric technologies to establish identity as well as an inside peek at an AOL division that works solely to satisfy the requests of law enforcement for information about AOL's members.

http://video.google.com/videoplay?docid=6061213358499552766

Starting from 1:30:20


sra111 22 biometrics

Documents