bio metrics based authentication systems

8/4/2019 Bio Metrics Based Authentication Systems

1/36

INTRODUCTION

Reliable user authentication is becoming an increasingly important task in the

Web-enabled world. The consequences of an insecure authentication system in a

corporate or enterprise environment can be catastrophic, and may include loss of

confidential information, denial of service, and compromised data integrity. The value of

reliable user authentication is not limited to just computer or network access. Many other

applications in everyday life also require user authentication, such as banking, e-

commerce, and physical access control to computer resources, and could benefit from

enhanced security.

The prevailing techniques of user authentication, which involve the use of either

passwords and user IDs (identifiers), or identification cards and PINs (personal

identification numbers), suffer from several limitations. Passwords and PINs can be

illicitly acquired by direct covert observation. Once an intruder acquires the user ID and

the password, the intruder has total access to the users resources. In addition, there is no

way to positively link the usage of the system or service to the actual user, that is, there is

no protection against repudiation by the user ID owner. For example, when a user ID and

password is shared with a colleague there is no way for the system to know who the

actual user is. A similar situation arises when a transaction involving a credit cardnumber is conducted on the Web. Even though the data are sent over the Web using

secure encryption methods, current systems are not capable of assuring that the rightful

owner of the credit card initiated the transaction. In the modern distributed systems

environment, the traditional authentication policy based on a simple combination of user

ID and password has become inadequate. Fortunately, automated biometrics in general,

and fingerprint technology in particular, can provide a much more accurate and reliable

user authentication method. Biometrics is a rapidly advancing field that is concerned with

identifying a person based on his or her physiological or behavioral characteristics.

Examples of automated biometrics include fingerprint, face, iris, and speech recognition.

User authentication methods can be broadly classified into three categories as shown in

Table 1.1. Because a biometric property is an intrinsic property

1


2/36

Method Examples Properties

What you know? User ID

PasswordPIN

Shared

Many passwords easy to guessForgotten

What you have? Cards

Badges

Keys

Shared

Can be duplicated

Lost or stolen

What you know and what you

have?

ATM card + PIN Shared

PIN a weak link(Writing the PIN on the card)

Something unique about the user FingerprintFace

Iris

Voice print

Not possible to shareRepudiation unlikely

Forging difficult

Cannot be lost or stolen

Table 1.1 Existing User Authentication Techniques

of an individual, it is difficult to surreptitiously duplicate and nearly impossible to share.

Additionally, a biometric property of an individual can be lost only in case of serious

accident.

Biometric readings, which range from several hundred bytes to over a megabyte,

have the advantage that their information content is usually higher than that of a

password or a pass phrase. Simply extending the length of passwords to get equivalent bit

strength presents significant usability problems. It is nearly impossible to remember a 2K

phrase, and it would take an annoyingly long time to type such a phrase (especially

without errors). Fortunately, automated biometrics can provide the security advantages

of long passwords while retaining the speed and characteristic simplicity of short

passwords.

Even though automated biometrics can help alleviate the problems associated

with the existing methods of user authentication, hackers will still find there are weak

points in the system, vulnerable to attack. Password systems are prone to brute force

dictionary attacks. Biometric systems, on the other hand, require substantially more effort

for mounting such an attack. Yet there are several new types of attacks possible in the

biometrics domain. This may not apply if biometrics is used as a supervised

2


3/36

authentication tool. But in remote, unattended applications, such as Web-based e-

commerce applications, hackers may have the opportunity and enough time to make

several attempts, or even physically violate the integrity of a remote client, before

detection.

A problem with biometric authentication systems arises when the data associated

with a biometric feature has been compromised. For authentication systems based on

physical tokens such as keys and badges, a compromised token can be easily canceled

and the user can be assigned a new token. Similarly, user IDs and passwords can be

changed as often as required. Yet, the user only has a limited number of biometric

features (one face, ten fingers, two eyes). If the biometric data are compromised, the user

may quickly run out of biometric features to be used for authentication.

3


4/36

What is Biometrics?

Biometric technologies are defined as automated methods of identifying or

authenticating the identity of a living person based on unique physiological or behavioral

characteristics. Biometrics can provide very secure and convenient authentication for an

individual since they cannot be stolen or forgotten and are very difficult to forge.

A physiological characteristic is a relatively stable physical characteristic, such as

an individuals fingerprint, hand geometry, iris pattern, or blood vessel pattern on

the back of the eye. This type of biometric measurement is usually unchanging

and unalterable without significant duress to the individual.

A behavioral characteristic is more a reflection of an individuals psychological

makeup. A signature is the most common behavioral biometric used for

identification. Because most behavioral characteristics vary over time, an

identification system using these must allow updates to enrolled biometric

references.

4


5/36

Biometric System Components and Process

3.1 Components

Three major components are usually present in a biometric system:

A mechanism to scan and capture a digital or analog image of a living persons

biometric characteristic.

Software for storing, processing and comparing the image.

An interface with the applications system that will use the result to confirm an

individuals identity.

3.2 Process

Two different stages are involved in the biometric system process

Enrollment and Verification.

3.2.1 Enrollment.

As shown in Figure 3.1, the biometric image of the individual is captured during

the enrollment process (e.g., using a sensor for fingerprint, microphone for voice

verification, camera for face recognition, scanner for eye scan). The unique

characteristics are then extracted from the biometric image to create the users biometric

template. This biometric template is stored in a database or on a machine-readable ID

card for later use during an identity verification process.

Figure 3.1 Schematic of an Enrollment Process

5


6/36

3.2.2 Verification.

Figure 3.2 illustrates the identity verification process. The biometric image is

again captured. The unique characteristics are extracted from the biometric image to

create the users live biometric template. This new template is then compared with the

template previously stored and a numeric matching score is generated, based on the

percentage of duplication between the live and stored template. System designers

determine the threshold value for this identity verification score based upon the security

requirements of the system.

Figure 3.2 Schematic of a verification process

Secure identification systems use biometrics for two basic purposes: to

identify or authenticate individuals.

Identification (1-to-many comparison) verifies if the individual exists within a known

population. Identification confirms that the individual is not enrolled with another

6


7/36

identity and is not on a predetermined list of prohibited persons. Identification will

typically need a secured database containing a list of all applying individuals and their

biometrics. The biometric for the individual being considered for enrollment would be

compared against all stored biometrics. For many applications, an identification process

is used only at the time of enrollment to verify that the individual is not already enrolled.

Authentication (1-to-1 comparison) confirms that the credential belongs to the individual

presenting it. In this case, the device that performs the authentication must have access

only to the individuals enrolled biometric template, which may be stored locally or

centrally.

3.3 Biometric Accuracy

A key factor in the selection of the appropriate biometric technology is its

accuracy. Biometric accuracy is the systems ability of separating legitimate matches

from imposters. When the live biometric template is compared to the stored biometric

template, a matching score is used to confirm or deny the identity of the user. System

designers set this numeric score to accommodate the desired level of accuracy for the

system, as measured by the False Acceptance Rate (FAR) and False Rejection Rate

(FRR).

False Rejection Rate (FRR) refers to the statistical probability that the biometric

system is not able to verify the legitimate claimed identity of an enrolled person, or fails

to identify an enrolled person.

False Acceptance Rate (FAR) refers to the statistical probability of False Acceptance

or incorrect verification. In the most common context, both False Rejection and FalseAcceptance represent a security hazard.

7


8/36

Figure3.3 Error trade-off in a biometric system

If a mismatching pair of fingerprints is accepted as a match, it is called a false

accept. On the other hand, if a matching pair of fingerprints is rejected by the system, it is

called a false reject. The error rates are a function of the threshold as shown in Figure 3.3.

Often the interplay between the two errors is presented by plotting FAR against FRR with

the decision threshold as the free variable. This plot is called the ROC (Receiver

Operating Characteristic) curve. The two errors are complementary in the sense that if

one makes an effort to lower one of the errors by varying the threshold, the other error

rate automatically increases. In a biometric authentication system, the relative falseaccept and false reject rates can be set by choosing a particular operating point (i.e., a

detection threshold). Very low (close to zero) error rates for both errors (FAR and FRR)

at the same time are not possible. By setting a high threshold, the FAR error can be close

to zero, and similarly by setting a significantly low threshold, the FRR rate can be close

to zero. A meaningful operating point for the threshold is decided based on the

application requirements, and the FAR versus FRR error rates at that operating point may

be quite different. To provide high security, biometric systems operate at a low FAR

instead of the commonly recommended equal error rate (EER) operating point where

FAR=FRR.

8


9/36

Selecting A Biometric Technology

The selection of the appropriate biometric technology will depend on a number of

application-specific factors, including the environment in which the identity verification

process is carried out, the user profile, requirements for verification accuracy and

throughput, the overall system cost and capabilities, and cultural issues that could affect

user acceptance. Table 4.1 shows a comparison of different biometric technologies, with

their performance rated against several metrics.

Characteri

stics

Finger-

print

Hand

Geometry

Retina Iris Face Signature Voice

Ease of

Use

High High Low Mediu

m

Medium High High

Error

Incidence

Dryness,

dirt, age

Hand

Injury,age

Glasses Lightin

g

Lighting,

age,lasses,

hair

Changing

Signatures

Noise,

colds

Accuracy High High Very

High

Very

High

High High High

User

Acceptanc

e

Medium Medium Medium Mediu

m

Medium High High

Long

Term

Stability

High Medium High High Medium Medium Medium

Table 4.1 Comparisons of Biometric Technologies

9


10/36

Fingerprint Authentication

Fingerprints are a distinctive feature and remain invariant over the lifetime of a

subject, except for cuts and bruises. As the first step in the authentication process, a

fingerprint impression is acquired, typically using an inkless scanner. Several such

scanning technologies are available. Figure 5A shows a fingerprint obtained with a

scanner using an optical sensor. A typical scanner digitizes the fingerprint impression at

500 dots per inch (dpi) with 256 gray levels per pixel. The digital image of the fingerprint

includes several unique features in terms of ridge bifurcations and ridge endings,

collectively referred to as minutiae.

Figure 5.1 Fingerprint recognition; (A) Input Image, (B) Features

The next step is to locate these features in the fingerprint image, as shown in

Figure 5B, using an automatic feature extraction algorithm. Each feature is commonly

represented by its location (x,y) and the ridge direction at that location (). However, due

to sensor noise and other variability in the imaging process, the feature extraction stage

10


11/36

may miss some minutiae and may generate spurious minutiae. Further, due to the

elasticity of the human skin, the relationship between minutiae may be randomly

distorted from one impression to the next. In the final stage, the matcher subsystem

attempts to arrive at a degree of similarity between the two sets of features after

compensating for the rotation, translation, and scale. This similarity is often expressed as

a score. Based on this score, a final decision of match or no-match is made. A decision

threshold is first selected. If the score is below the threshold, the fingerprints are

determined not to match; if the score is above the threshold, a correct match is declared.

Often the score is simply a count of the number of the minutiae that are in

correspondence. In a number of countries, 12 to 16 correspondences (performed by a

human expert) are considered legally binding evidence of identity.

The operational issues in an automated fingerprint identification system (AFIS)

are somewhat different from those in a more traditional password-based system. First,

there is a system performance issue known as the fail to enroll rate to be considered.

Some people have very faint fingerprints, or no fingers at all, which makes the system

unusable for them. A related issue is a Reject option in the system based on input

image quality. A poor quality input is not accepted by the system during enrollment and

authentication. Note that non-cooperative users, improper usage, dirt on the finger can

cause poor quality inputs, or bad input scanners. This has no analog in a password

system. Then there is the fact that in a biometric system the matching decision is not

clear-cut. A password system always provides a correct responseif the passwords

match, it grants access but otherwise refuses access. However, in a biometric system, the

overall accuracy depends on the quality of input and enrollment data along with the basic

characteristics of the underlying feature extraction and matching algorithm.

11


12/36

5.1 FEATURES OF A FINGERPRINT

A fingerprint is composed of valley and ridge lines. They follow a pattern. The

general shape of this pattern may be classified according to 5 classes. The second set of

features of a fingerprint are cores and deltas. The core is located by a square while the

delta is located by a triangle as shown in figure 5.2.

Figure 5.2 shows core by squares and delta by a triangle

The AFIS allows a classification using more than one criteria versus a search

based only on a single fingerprint pattern, reducing the number of fingerprints inspected.

The pattern classification divides all fingerprint templates into five sets. Interestingly, the

distribution of fingerprints in these 5 classes is not homogeneous among all people:

Left loop class represents 34% of the total

number of fingerprints

Right loop class represents 31% of the total


Whorl class represents 27 % of the total number

of fingerprints

Arch class represents 4% of the total number

of fingerprints

12


13/36

Figure 5.3 Fingers can then be sorted in the pattern classifications after computing the

core and the delta:

Tented arch class represents 3% of the total


Less than 1% for unusable fingerprints (scar,

illness of the skin, etc)

5.2 HOW DOES FINGERPRINT IDENTIFICATION WORK?

The first step in fingerprint identification is collecting the fingerprint, named

enrollment. In this step, the applicant acquires the reference fingerprint for later

authentication. The reference fingerprint is called the template of the fingerprint.

Most often in order to ensure that a good template is obtained, the fingerprint needs to be

captured more than once. Twice is most common but at times an additional capture may

be requested. After the capture of the template, it can be stored in a database, on a token

with 2D barcode, or in a smart card.

At this point, the applicant is registered and the next stage is to compare the

fingerprint with the template to the fingerprint read by the sensor. After reading the

fingerprint, the authentication system extracts the minutiae in the same way as it did

during the enrollment process. Since the fingerprint is never captured in the same

13


14/36

position, the verification algorithm must perform rotation and translation of the captured

fingerprint in order to adjust the fingerprint minutiae with the template minutiae.

The matching process calculates a score of the probability of a successful

fingerprint read. Once every minutia is processed, a total score is computed and

compared to a threshold score, which leads to the decision of a fingerprint hit or no

hit.

5.3 Components Of a Fingerprint System

There are two ways a matching algorithm can be implemented, using either

identification matching or authentication matching. In identification matching, one

fingerprint is compared to many fingerprints using an Automated Fingerprint

Identification System (AFIS) that is comprised of several computers and a database

storage system. In authentication matching, where there is a one to one fingerprint

comparison, there needs to be only one fingerprint terminal and a token loaded that

contains the fingerprint template. The matching could be done on token, in the terminal

or in both the terminal and token.

5.3.1 The Sensors

Electronic fingerprint sensors are manufactured in different ways using

capacitive, optical, thermal, or pressure sensitive (resistive) technology. These different

types of sensors are able to produce an image of the fingerprint when the ridge is darkerthan the valley. The most common sensors currently on the market are capacitive and

optical sensors. Optical sensors provide the best image quality but are expensive and can

be fooled by some fake fingers. Sensors based on capacitive technology provide a

balance of image quality and cost although, some fake fingers can also fool this

14


15/36

technology. However, the most common fake fingers made of silicon cannot fool a

capacitive sensor because the fake finger does not possess electrical properties.

Figure 5.4 Components of a fingerprint system

15


16/36

Iris Authentication

Iris recognition leverages the unique features of the human iris to provide an

unmatched identification technology. So accurate are the algorithms used in iris

recognition that the entire planet could be enrolled in an iris database with only a small

chance of false acceptance or false rejection. The technology also addresses the FTE

(Failure To Enroll) problems, which lessen the effectiveness of other biometrics. The

tremendous accuracy of iris recognition allows it, in many ways, to stand apart from other

biometric technologies. All iris recognition technology is based on research and patents

held by Dr. John Daugman.

6.1 The Iris

Iris recognition is based on visible (via regular and/or infrared light) qualities of

the iris. A primary visible characteristic is the trabecular meshwork (permanently formed

by the 8th month of gestation), a tissue that gives the appearance of dividing the iris in a

radial fashion. Other visible characteristics include rings, furrows, freckles, and the

corona, to cite only the more familiar. Expressed simply, iris recognition technology

converts these visible characteristics into a 512 byte IrisCode(tm), a template stored for

future verification attempts. 512 bytes is a fairly compact size for a biometric template,

but the quantity of information derived from the iris is massive. From the iris' 11mm

diameter, Dr. Daugman's algorithms provide 3.4 bits of data per square mm. This density

of information is such that each iris can be said to have 266 unique "spots", as opposed to

13-60 for traditional biometric technologies. This '266' measurement is cited in all iris

recognition literature; after allowing for the algorithm's correlative functions and for

characteristics inherent to most human eyes, Dr. Daugman concludes that 173

"independent binary degrees-of-freedom" can be extracted from his algorithm an

exceptionally large number for a biometric.

16


17/36

6.2 The Algorithm

The first step is location of the iris by a dedicated camera no more than 3 feet

from the eye. After the camera situates the eye, the algorithm narrows in from the rightand left of the iris to locate its outer edge. This horizontal approach accounts for

obstruction caused by the eyelids. It simultaneously locates the inner edge of the iris (at

the pupil), excluding the lower 90 degrees because of inherent moisture and lighting

issues.

The monochrome camera uses both visible and infrared light, the latter of which

is located in the 700-900 nm range (this is in the lower range of IR; the American

Academy of Ophthalmology uses similar ranges in their studies of macular cysts). Upon

location of the iris, as seen above, an algorithm uses 2-D Gabor wavelets to filter and

map segments of the iris into hundreds of vectors (known here as phasors).

Understanding in detail the 2-D Gabor phasor encoders requires a degree in advanced

mathematics, but they can be summarized as follows. The wavelets of various sizes

assign values drawn from the orientation and spatial frequency of select areas, bluntly

referred to as the "what" of the sub-image, along with the position of these areas, bluntly

referred to as the "where." The "what" and "where" are used to form the IrisCode. Not the

entire iris is used: a portion of the top, as well as 45 degree of the bottom, is unused to

account for eyelids and camera-light reflections (see below). Essential to the

understanding of the technology is that it provides exceptional detail, well beyond what

any pictorial or point-based representation could provide (some filters actually span as

much as 70degree of the iris). Remember also that for future identification, the database

will not be comparing images of irises, but rather hexadecimal representations of data

returned by wavelet filtering and mapping.

17


18/36

6.3 Accuracy

The Iris Code constructed from these complex measurements provides such a

tremendous wealth of data that iris recognition offers levels of accuracy orders of

magnitude higher than other biometrics. Some statistical representations of the accuracy

follow:

The odds of two different irises returning a 75% match (i.e. having a Hamming

Distance of 0.25): 1 in 1016

Equal Error Rate (the point at which the likelihood of a false accept and false

reject are the same): 1 in 1.2 million

The odds of 2 different irises returning identical Iris Codes: 1 in 1052

Other numerical derivations demonstrate the unique robustness of these

algorithms. A person's right and left eyes have a statistically insignificant increase in

similarity: 0.00048 on a 0.5 mean. This serves to demonstrate the hypothesis that iris

shape and characteristics are phenotypic - not entirely determined by genetic structure.

The algorithm can also account for occlusion (blocking) of the iris: even if 2/3 of the iris

were completely obscured, accurate measure of the remaining third would result in an

equal error rate of 1 in 100,000.

Iris recognition can also account for those ongoing changes to the eye and iris,

which are defining aspects of living tissue. The pupil's expansion and contraction, a

constant process separate from its response to light, skews and stretches the iris. The

algorithm accounts for such alteration after having located the boundaries of the iris. Dr.

Daugman draws the analogy to a "homogenous rubber sheet" which, despite its

distortion, retains certain consistent qualities. Regardless of the size of the iris at any

given time, the algorithm draws on the same amount of data, and its resultant IrisCode isstored as a 512-byte template. A question asked of all biometrics is their ability to

determine fraudulent samples. Iris recognition can account for this in several ways: the

detection of papillary (pupil) changes; reflections from the cornea; detection of contact

lenses atop the cornea; and use of infrared illumination to determine the state of the

sample eye tissue.

18


19/36

6.4 An example-Verieye

Neurotechnologia, Ltd. offers VeriEye, the system for person identification using

the eye iris image taken by a video camera. VeriEye implements new eye iris recognition

technology and are based on our original method of feature set definition. VeriEye isavailable in the form of software development kit (SDK), and can be easily integrated

into a customer's access control or identification/verification system.

6.4.1 VeriEye SDK includes:

1. VeriEye dynamic link library for Windows (DLL file).

2. C source code of the example program using VeriEye DLL).

3. Software description.

4. Description of eye illumination and positioning equipment for iris scan

6.4.2 VeriEye technical specifications

False rejection rate < 3 %

False acceptance rate < 0.0001 %

Recognition time 0.7 s

Size of one record in the database About 2 Kb

Database size Unlimited

6.4.3 Requirements to the image quality

1. The size of iris in the scanned image must be between 200x200 and 640x480 pixels,

image resolution 200 dpi.

2. The image should be free of the bulb reflections in the iris area. However, it maycontain small reflections in the pupil area.

3. The scanned slip must contain at least 30 % of the iris area not damaged by reflections,

shadows or eyelashes.

4. During the eye scanning head tilt must be less than 14 degrees with respect to vertical

axis.

19


20/36

Voice Authentication

7.1 Introduction

The speaker-specific characteristics of speech are due to differences in

physiological and behavioral aspects of the speech production system in humans. The

main physiological aspect of the human speech production system is the vocal tract

shape. The vocal tract is generally considered as the speech production organ above the

vocal folds, which consists of the following: (i) laryngeal pharynx (beneath the

epiglottis), (ii) oral pharynx (behind the tongue, between the epiglottis and velum), (iii)

oral cavity (forward of the velum and bounded by the lips, tongue, and palate), (iv) nasal

pharynx (above the velum, rear end of nasal cavity), and (v) nasal cavity (above the

palate and extending from the pharynx to the nostrils).

7.2 Pattern Matching

The pattern matching process involves the comparison of a given set of input

feature vectors against the speaker model for the claimed identity and computing amatching score. For the Hidden Markov models discussed above, the matching score is

the probability that the model generated a given set of feature vectors.

20


21/36

Retina Authentication

Retina scan is an exceptionally accurate biometric technology having been

established as an effective solution for every demanding authentication scenarios.

Biometrics the automated measurement of a physiological or behavioral aspect of

the human body for authentification or identification is a rapidly growing industry.

Biometric solutions are used successfully in fields as varied as e-commerce, network

access. Biometrics ease of use, accuracy, reliability, and flexibility are quickly

establishing them as the premier authentification.

An established technology where the unique patterns of the retina are scanned by

a low intensity light source via an optical coupler. Retinal scanning has proved to be quite

accurate in use but does require user to look in to a receptacle and focus on a given point.

This is not particularly convenient if you are a spectacle wearer or have some intimate

contact with the reading device. For these reasons retinal scanning has a few user

acceptance problems although the technology itself can work well.

21


22/36

Face Authentication

Face recognition is one of the newest technologies. Specialized recognition

software coupled with video camera allows these systems to recognize peoples faces.

There are various methods by which facial scan technology recognize peoples. All share

some commonalities, such as emphasizing those sections of the face which are less

susceptible to alteration, including the upper outlines of the eye sockets, the areas

surrounding ones cheekbones, and the sides of the mouth. Most technologies are

resistant to moderate changes in hairstyle, as they do not utilize areas of the face located

near the hairline. All of the primary technologies are designed to be robust enough to

conduct enough to conduct 1- tomany searches, that is to locate a single face out of a

data base of thousands of faces.

Facial scan Process Flow-Sample capture, Feature extraction, template comparison, and

matching define the process flow of facial scan technology. The following applies to

one to one verification. The sample capture will generally consist of a 20-30 second

enrollment process whereby several pictures are taken of ones face. Ideally the series of

pictures incorporate slightly different angles and facial expressions, to allow for more

accurate searches. After enrollment distinctive features are extracted, resulting in the

creation of a template. The templates are much smaller than the image from which it is

drawn.

Authentification follows the same protocol. The user claims an identity such as a

login name or a PIN, stands or sits in front of the camera for a few seconds, and is either

verified or rejected. This comparison is based on the similarity of the newly created

live template against the template or templates on file. The degree of similarityrequired for verification also known as the threshold can be adjusted for different

personnel, PCs, time of day and other factors One variant of this process is the use of

facial scan technology in forensics. Biometric templates taken from static photographs of

known criminals are stored in large databases. These records are searched, 1-to-many, to

determine if the detainee is using an alias when being booked.

22


23/36

Combining Biometrics with Smart Cards

Smart cards are widely acknowledged as one of the most secure and reliable

forms of electronic identification. To provide the highest degree of confidence in identity

verification, biometric technology is considered to be essential in a secure identification

system design. This section summarizes the key benefits of a secure ID system that

combines smart cards and biometrics.

10.1 Enhanced Privacy

Using smart cards significantly enhances privacy in biometric ID systems. The

smart card provides the individual with a personal database, a personal firewall and a

personal terminal. It secures personal information on the card, allowing the individual to

control access to that information and removing the need for central database access

during identity verification.

10.2 A Personal Database.

How and where an ID system keeps personal information about its members is an

important privacy consideration, affecting a systems real and perceived privacy

behavior. Most ID systems store personal information for all system members in a central

database. This centralization leads many to be concerned that their personal information

is less protected, or at a minimum, more vulnerable to compromise. Smart cards store and

safeguard personal information on the individuals card.

The use of smart card IDs can promote confidence in an ID system by offering

each member a unique secure, portable and personal database, separating their

information from other members data. With a smart card ID the cardholder maintains

physical possession of private information. This enhances the trust relationship with thesystem, as the cardholder now shares in the decision of who is allowed to use their

personal information for identity verification and in the responsibility to protect it. The

smart card personal database is portable and can be used in a variety of devices and

networks. An ID system can take advantage of this portability by using closed local

networks or standalone devices to carry out different identification tasks, rather than

23


24/36

relying on a centralized system. By enabling local identity verification, smart card based

secure ID systems can help alleviate concerns that the system is centrally tracking ID

older activities.

Unlike other ID card technologies that act as simple data containers, smart cards

are unique in acting more like data servers, where data is not directly accessed but must

be requested from the server (in this case the smart cards microprocessor). When used in

combination with biometrics, a smart card ID becomes even more personal and private. A

biometric provides a strong and unique binding between the cardholder and the personal

database on the card, identifying the cardholder as the rightful owner of this card. The

biometric cannot be borrowed, lost, or stolen like a PIN or password, and so strengthens

the authentication of an individuals identity.

10.3 A Personal Firewall.

In smart card based ID systems, the card is not just a data repository but also an

intelligent guardian a personal firewall for the cardholders information. When

information is requested from the ID card, a smart card can verify that the requestor is

authorized to perform such an inquiry. A smart card ID also has the ability to behave

differently based who is checking the ID. For example, most individuals will cooperate

with a uniformed officer who requests to see an ID. But is this officer a valid officer?

And what portion of the personal information is he or she authorized to see? With a smart

card ID, the card would authenticate the officer through a portable card reader and release

only the information that is relevant to the officers responsibilities. The same ID card

could be used to prove legal age when purchasing from a bar. In this case, the smart card

ID would just confirm age, but not divulge any other personal information. Once personal

information is released, it is very hard to control what happens to the information,

including how it might be used. It is an important privacy consideration for individuals to

clearly understand when and to whom personal information is released by an ID system.

The release of personal information is hard to control when carried out by a centralized

database somewhere on a network, without the information owners knowledge or

consent. A smart card based ID system gives the cardholder control over who can access

24


25/36

personal information stored on the card. A biometric further enhances this control,

ensuring that only the rightful cardholder can authorize access to personal information.

10.4 Enhanced Security

Biometric technologies are used with smart cards for ID system applications

specifically due to their ability to identify people with minimal ambiguity. A biometric

based ID allows for the verification of who you claim to be(information about the

cardholder printed or stored in the card) based on who you are (the biometric

information stored in the smart card), instead of, or possibly in addition to, checking

what you know (such as a PIN). As shown in Figure 10.1, this increases the security of

the overall ID system and improves the accuracy, speed, and control of cardholder

authentication.

Figure 10.1 Impact of Smart Cards and Biometrics on Security

As the importance of accurate identification grows, new technologies are being

added to ID systems to improve their security.

25


26/36

Cancelable Biometrics

Deploying biometrics in a mass market, like credit card authorization or bank

ATM access, raises additional concerns beyond the security of the transactions. One such

concern is the publics perception of a possible invasion of privacy. In addition to

personal information such as name and date of birth, the user is asked to surrender images

of body parts, such as fingers, face, and iris. These images, or other such biometric

signals, are stored in digital form in various databases. This raises the concern of possible

sharing of data among law enforcement agencies, or commercial enterprises.

Figure 11.1 Authentication process based on cancelable biometrics

26


27/36

The public is concerned about the ever-growing body of information that is being

collected about individuals in our society. The data collected encompass many

applications and include medical records and biometric data. A related concern is the

coordination and sharing of data from various databases. In relation to biometric data, the

public is, rightfully or not, worried about data collected by private companies being

matched against databases used by law enforcement agencies. Fingerprint images, for

example, can be matched against the FBI or INS (Immigration and Naturalization

Service) databases with ominous consequences.

These concerns are aggravated by the fact that a persons biometric data are given

and cannot be changed. One of the properties that make biometrics so attractive for

authentication purposestheir invariance over timeis also one of its liabilities. When a

credit card number is compromised, the issuing bank can just assign the customer a new

credit card number. When the biometric data are compromised, replacement is not

possible. In order to alleviate this problem, we introduce the concept of cancelable

biometrics. It consists of an intentional, repeatable distortion of a biometric signal based

on a chosen transform. The biometric signal is distorted in the same fashion at each

presentation, for enrollment and for every authentication. With this approach, every

instance of enrollment can use a different transform thus rendering cross matching

impossible. Furthermore, if one variant of the transformed biometric data is

compromised, then the transform function can simply be changed to create a new variant

(transformed representation) for reenrollment as, essentially, a new person. In general,

the distortion transforms are selected to be noninvertible. So even if the transform

function is known and the resulting transformed biometric data are known, the original

(undistorted) biometrics cannot be recovered.

The techniques presented here for transforming biometric signals differ from

simple compression using signal or image processing techniques. While compression of

the signal causes it to lose some of its spatial domain characteristics, it strives to preserve

the overall geometry. That is, two points in a biometric signal before compression are

27


28/36

likely to remain at comparable distance when decompressed. This is usually not the case

with our distortion transforms. Our technique also differs from encryption. The purpose

of encryption is to allow a legitimate party to regenerate the original signal. In contrast,

distortion transforms permanently obscure the signal in a noninvertible manner.

When employing cancelable biometrics, there are several places where the

transform, its parameters, and identification templates could be stored. This leads to a

possible distributed process model as shown in Figure 11.1. The merchant is where the

primary interaction starts in our model. Based on the customer ID, the relevant transform

is first pulled from one of the transform databases and applied to the biometrics. The

resulting distorted biometrics is then sent for authentication to the authorization server.

Once the users identity has been confirmed, the transaction is finally passed on to the

relevant commercial institution for processing. Note that an individual user may be

subscribed to multiple services, such as e-commerce merchants or banks. The

authentication for each transaction might be performed either by the service provider

itself, or by an independent third party. Similarly, the distortion transform might be

managed either by the authenticator or by still another independent agency. Alternatively,

for the best privacy the transform might remain solely in the possession of the user,

stored, say, on a smart card. If the card is lost or stolen, the stolen transform applied to

another persons biometrics will have very little impact. However, if the transform is

applied to a stored original biometrics signal of the genuine user, it will match against the

stored template of the person. Hence liveness detection techniques should be added to

prevent such misuse.

28


29/36

Vulnerable Points of a Biometric System

A generic biometric system can be cast in the framework of a pattern recognition

system. The stages of such a generic system are shown in Figure 12.1.

Figure 12.1 Possible attack points in a generic biometrics-based system

The first stage involves biometric signal acquisition from the user (e.g., the

inkless fingerprint scan). The acquired signal typically varies significantly from

presentation to presentation; hence, pure pixel-based matching techniques do not work

reliably. For this reason, the second signal processing stage attempts to construct a more

invariant representation of this basic input signal (e.g., in terms of fingerprint minutiae).

The invariant representation is often a spatial domain characteristic or a transform

(frequency) domain characteristic, depending on the particular biometric.

During enrollment of a subject in a biometric authentication system, an invariant

template is stored in a database that represents the particular individual. To authenticate

the user against a given ID, the corresponding template is retrieved from the database and

matched against the template derived from a newly acquired input signal. The matcher

29


30/36

arrives at a decision based on the closeness of these two templates while taking into

account geometry, lighting, and other signal acquisition variables. Note that password-

based authentication systems can also be set in this framework. The keyboard becomes

the input device. The password encrypted can be viewed as the feature extractor and the

comparator as the matcher. The template database is equivalent to the encrypted

password database.

There are eight places in the generic biometric system of Figure 12.1 where

attacks may occur. The numbers in Figure 12.1 correspond to the items in the following

list.

1. Presenting fake biometrics at the sensor: In this mode of attack, a possible

reproduction of the biometric feature is presented as input to the system. Examples

include a fake finger, a copy of a signature, or a facemask.

2. Resubmitting previously stored digitized biometrics signals: In this mode of attack,

a recorded signal is replayed to the system, bypassing the sensor. Examples include the

presentation of an old copy of a fingerprint image or the presentation of a previously

recorded audio signal.

3. Overriding the feature extraction process: The feature extractor is attacked using a

Trojan horse, so that it produces feature sets preselected by the intruder.

4. Tampering with the biometric feature representation: The features extracted from

the input signal are replaced with a different, fraudulent feature set (assuming the

representation method is known). Often the two stages of feature extraction and matcher

are inseparable and this mode of attack is extremely difficult. However, if minutiae are

transmitted to a remote matcher (say, over the Internet) this threat is very real. One could

snoop on the TCP/IP (Transmission Control Protocol/Internet Protocol) stack and alter

certain packets.

5. Corrupting the matcher: The matcher is attacked and corrupted so that it produces

preselected match scores.

6. Tampering with stored templates: The database of stored templates could be either

local or remote. The data might be distributed over several servers. Here the attacker

could try to modify one or more templates in the database, which could result either in

authorizing a fraudulent individual or denying service to the persons associated with the

30


31/36

corrupted template. A smart card-based authentication system, where the template is

stored in the smart card and presented to the authentication system, is particularly

vulnerable to this type of attack.

7. Attacking the channel between the stored templates and the matcher: The stored

templates are sent to the matcher through a communication channel. The data traveling

through this channel could be intercepted and modified.

8. Overriding the final decision: If the final match decision can be overridden by the

hacker, then the authentication system has been disabled. Even if the actual pattern

recognition framework has excellent performance characteristics, it has been rendered

useless by the simple exercise of overriding the match result.

There exist several security techniques to thwart attacks at these various points.

For instance, finger conductivity or fingerprint pulse at the sensor can stop simple attacks

at point 1. Encrypted communication channels can eliminate at least remote attacks at

point 4. However, even if the hacker cannot penetrate the feature extraction module, the

system is still vulnerable. The simplest way to stop attacks at points 5, 6, and 7 is to have

the matcher and the database reside at a secure location. Of course, even this cannot

prevent attacks in which there is collusion. Use of cryptography prevents attacks at point

8. It is observed that the threats outlined in Figure 12.1 are quite similar to the threats to

password-based authentication systems. For instance, all the channel attacks are similar.

One difference is that there is no fake password equivalent to the fake biometric attack

at point 1 (although, perhaps if the password was in some standard dictionary it could be

deemed fake). Furthermore, in a password- or token-based authentication system, no

attempt is made to thwart replay attacks (since there is no expected variation of the

signal from one presentation to another). However, in an automated biometric-based

authentication system, one can check the liveness of the entity originating the input

signal.

31


32/36

Applications

There are many concerning potential biometric applications, some popular

examples being;

13.1 ATM MACHINE USE.

Most of the leading banks have been experimenting with biometrics of ATM

machines use and as general means of combining card fraud. Surprisingly, these

experiments have rarely consisted of carefully integrated devices into a common process,

as could be achieved with certain biometric devices. Previous comments in this paper

concerning user psychology come to mind here one wonder why we have not seen a more

professional and carefully considered implementation from this sector. The banks will of

course have a view concerning the level of fraud and cost of combating it via technology

solutions such as biometrics. They will also express concern about potentially alienating

customers with such as approach. However, it still surprises many in the biometric

industry that the banks and financial institutions have so far failed to embrace this

technology with any enthusiasm.

13.2 WORKSTATION AND NETWORK ACCESS

For a long time this was an area often discussed but rarely implemented until

recent developments saw the unit price of biometric devices fall dramatically as well as

several designs aimed squarely at this application. In addition, with household names

such as Sony, Compaq, KeyTronics, Samsung and others entering the market, these

devices appear almost as a standard computer peripheral. Many are viewing this as the

application, which will provide critical mass for biometric industry and create the

transition between sci-fi device to regular systems component, thus raising publicawareness and lowering resistance to the use of biometrics in general.

32


33/36

13.3 TRAVELS AND TOURISM

There are many in this industry who have the vision of a multi application card

for travelers which, incorporating a biometric, would enable them to participate in

various frequent flyer and border controls systems as well as paying for their air ticket,

hotel rooms, hire care etc, all with one convenient token.

Technically this is eminently possible, but from a political and commercial point

of view there are many issues to resolve, not the least being who would own the card, be

responsible for administration and so on. These may not be insurmountable problems and

perhaps we may see something along these lines emerge. A notable challenge in this

respect would be packaging such an initiative in a way that would be truly attractive for

users.

13.4 INTERNET TRANSACTIONS

Many immediately of think of on line transactions as being an obvious area for

biometrics, although there are some significant issues to consider in this context.

Assuming device cost could be brought down to level whereby a biometric (and perhaps

chip card) reader could be easily incorporated into a standard build PC, we still have the

problem of authenticated enrollment and template management, although there are

several approaches one could take to that. Of course, if your credit already incorporated a

biometric this would simplify things considerably. It is interesting to note that certain

device manufactures have collaborated with key encryption providers to provide an

enhancement to their existing services. Perhaps we shall see some interesting

developments in this area in the near future.

13.5 Telephone Transactions.

No doubt many telesales and call center managers have pondered the use of

biometrics. It is an attractive possibility to consider, especially for automated processes.

However, voice verification is a difficult area of biometrics, especially if one does not

have direct control over the transducers, as indeed you wouldnt when dealing with the

general public. The variability of telephone handsets coupled to the variability of line

quality and the variability of user environments presents a significant challenge to voice

33


34/36

verification technology, and that is before you even consider the variability in

understanding among users.

The technology can work well in controlled closed loop conditions but is

extraordinarily difficult to implement on anything approaching a large scale. Designing in

the necessary error correction and fallback procedures to automated systems in a user-

friendly manner is also not a job for the faint hearted. Perhaps we shall see further

developments, which will largely overcome these problems. Certainly there is a

commercial incentive to do so and I have no doubt that much research is under way in

this respect.

13.6 Public Identity Cards.

A biometric incorporated into a multi purpose public ID cards would be useful in

a number of scenarios if one could win public support for such a scheme. Unfortunately,

in this country as in others there are huge numbers of individuals who definitely do not

want to be identified. This ensures that any such proposal would quickly become a

political hot potato and a nightmare for the minister concerned. You may consider this a

shame or a good thing, depending on your point of view. From a dispassionate

technology perspective it represents something of a lost opportunity, but this is of course

nothing new. Its interesting that certain local authorities in the UK have issued citizen

cards with which named cardholders can receive various benefits including discounts at

local stores and on certain services. These do not seem to have seriously challenged, even

though they are in effect an ID card.

34


35/36

Conclusion

The ultimate form of electronic verification of a persons identity is

biometrics; using a physical attribute of the person to make a positive

identification. People have always used the brains innate ability to recognize a

familiar face and it has long been known that a persons fingerprints can be used

for identification. The challenge has been to turn these into electronic processes

that are inexpensive and easy to use.

Banks and others who have tested biometric-based security on their

clientele, however, say consumers overwhelmingly have a pragmatic response to

the technology. Anything that saves the information-overloaded citizen from

having to remember another password or personal identification number comes as

a welcome respite.

Biometrics can address most of the security needs, but at what cost?

Surprisingly, the benefits quickly outweigh the costs. Like so many technological

developments, innovative people have found new ways to implement biometric

systems, so prices have come down dramatically in the last year or two. As prices

have come down, the interest level and the knowledge about how to effectively

utilize these systems have increased. So the investment is decreasing and the

recognizable benefits are increasing. Biometrics, when properly implemented, not

only increase security but also often are easier to use and less costly to administer

than the less secure alternatives. Biometrics cant be forgotten or left at home and

they dont have to be changed periodically like passwords.

35


36/36

References

1. R. Germain, A. Califano, and S. Colville, Fingerprint Matching Using

Transformation Parameter Clustering, IEEE Computational Science and

Engineering4, No. 4, 4249 (2004).

2. L. OGorman, Practical Systems for Personal Fingerprint Authentication,IEEE

Computer33, No. 2, 5860 (2004).

3. N. K. Ratha and R. M. Bolle, Smart Card Based Authentication, inBiometrics:Personal Identification in Networked Society, A. K. Jain, R. M. Bolle, and S.Pankanti, Editors, Kluwer Academic Press, Boston, MA (2003), pp. 369384.

4. T. Rowley, Silicon Fingerprint Readers: A Solid State Approach to Biometrics,Proceedings of the CardTech/SecureTech Conference, CardTech/SecureTech,

Bethesda, MD(2003), pp. 152159.

5. The Biometric Consortium (ND).Introduction to Biometrics December 11, 2003from URL http://www.biometrics.org/html/introduction.html.

6. B. Miller, Vital Signs of Identity,IEEE Spectrum 31, No.2, 2230 (2003).

7. B. Schneier, The Uses and Abuses of Biometrics, Communications of the ACM42, No. 8, 136 (2002).

8. W. Bender, D. Gruhl, N. Morimoto, and A. Lu, Techniques for Data Hiding,

IBM Systems Journal35, Nos. 3&4, 313336 (2003).

9. Biometric Digest -http://biometrics.cse.msu.edu

10.Biometric Consortium - http://www.biometricgroup.com

bio metrics based authentication systems

Documents