bio metrics & cryptography

8/8/2019 Bio Metrics & Cryptography

1/33

Cryptography

& Biometric

Identification


2/33

Biometrics refers to the automatic identification of a person based

on his/her physiological or behavioral characteristics. This method

of identification is preferred over traditional methods involvingpasswords and PIN numbers for various reasons: (i) the person to

be identified is required to be physically present at the point-of-

identification; (ii) identification based on biometric techniques

obviates the need to remember a password or carry a token. With

the increased use of computers as vehicles of informationtechnology, it is necessary to restrict access to sensitive/personal

data. By replacing PINs, biometric techniques can potentially

prevent unauthorized access to or fraudulent use of ATMs, cellular

phones, smart cards, desktop PCs, workstations, and computernetworks.


3/33

PINs and passwords may be forgotten, and token based methods of

identification like passports and driver's licenses may be forged,

stolen, or lost. Thus biometric based systems of identification are

receiving considerable interest. Various types of biometric systems

are being used for real-time identification, the most popular are

based on face, iris and fingerprint matching. However, there areother biometric systems that utilize retinal scan, speech, signatures

and hand geometry.


4/33

A biometric system is essentially a pattern recognition systemwhich makes a personal identification by determining the

authenticity of a specific physiological or behavioral

characteristic possessed by the user. An important issue in

designing a practical system is to determine how an individual is

identified. Depending on the context, a biometric system can be

either a verification (authentication) system or an identification

system.


5/33

Verification vs Identification:

There are two different ways to resolve a person's identity:verification and identification. Verification (Am I whom I claim I

am?) involves confirming or denying a person's claimed identity.

In identification, one has to establish a person's identity (Who am

I? ). Each one of these approaches has its own complexities and

could probably be solved best by a certain biometric system.


6/33

Applications:

Biometrics is a rapidly evolving technology which has been widely used

in forensics such as criminal identification and prison security. Recent

advancements in biometric sensors and matching algorithms have led to

the deployment of biometric authentication in a large number of civilian

applications. Biometrics can be used to prevent unauthorized access to

ATMs, cellular phones, smart cards, desktop PCs, workstations, andcomputer networks. It can be used during transactions conducted via

telephone and Internet (electronic commerce and electronic banking). In

automobiles, biometrics can replace keys with key-less entry and key-

less ignition. Due to increased security threats, many countries have

started using biometrics for border control and national ID cards.


7/33

ATM


8/33

BenGurion Airport - Hand Geometry


9/33


10/33

Fingerprint Matching:

Among all the biometric techniques, fingerprint-based

identification is the oldest method which has been successfully

used in numerous applications. Everyone is known to have

unique, immutable fingerprints. A fingerprint is made of a series

of ridges and furrows on the surface of the finger. The uniqueness

of a fingerprint can be determined by the pattern of ridges andfurrows as well as the minutiae points. Minutiae points are local

ridge characteristics that occur at either a ridge bifurcation or a

ridge ending.


11/33

Fingerprint matching techniques can be placed into two categories:

minutae-based and correlation based. Minutiae-based techniques

first find minutiae points and then map their relative placement onthe finger. However, there are some difficulties when using this

approach. It is difficult to extract the minutiae points accurately

when the fingerprint is of low quality. Also this method does not

take into account the global pattern of ridges and furrows. The

correlation-based method is able to overcome some of thedifficulties of the minutiae-based approach. However, it has some

of its own shortcomings. Correlation-based techniques require the

precise location of a registration point and are affected by image

translation and rotation.


12/33

Fingerprint Matching:


13/33

Fingerprint Classification:

Large volumes of fingerprints are collected and stored everyday

in a wide range of applications including forensics, access

control, and driver license registration. An automatic recognition

of people based on fingerprints requires that the input fingerprint

be matched with a large number of fingerprints in a database (FBI

database contains approximately 70 million fingerprints!). Toreduce the search time and computational complexity, it is

desirable to classify these fingerprints in an accurate and

consistent manner so that the input fingerprint is required to be

matched only with a subset of the fingerprints in the database.


14/33

Fingerprint classification is a technique to assign a fingerprint into

one of the several pre-specified types already established in the

literature which can provide an indexing mechanism. Fingerprintclassification can be viewed as a coarse level matching of the

fingerprints. An input fingerprint is first matched at a coarse level

to one of the pre-specified types and then, at a finer level, it is

compared to the subset of the database containing that type of

fingerprints only. We have developed an algorithm to classify

fingerprints into five classes, namely, whorl, right loop, left loop,

arch, and tented arch.


15/33

The algorithm separates the number of ridges present in four

directions (0 degree, 45 degree, 90 degree, and 135 degree) by

filtering the central part of a fingerprint with a bank of Gaborfilters. This information is quantized to generate a FingerCode

which is used for classification. Our classification is based on a

two-stage classifier which uses a K-nearest neighbor classifier in

the first stage and a set of neural networks in the second stage. The

classifier is tested on 4,000 images in the NIST-4 database. For thefive-class problem, classification accuracy of 90% is achieved.


16/33

Fingerprint Image Enhancement:

A critical step in automatic fingerprint matching is to automatically

and reliably extract minutiae from the input fingerprint images.

However, the performance of a minutiae extraction algorithm reliesheavily on the quality of the input fingerprint images. In order to

ensure that the performance of an automatic fingerprint

identification/verification system will be robust with respect to the

quality of the fingerprint images, it is essential to incorporate afingerprint enhancement algorithm in the minutiae extraction

module. We have developed a fast fingerprint enhancement

algorithm, which can adaptively improve the clarity of ridge and

furrow structures of input fingerprint images based on the estimated

local ridge orientation and frequency. We have evaluated theperformance of the image enhancement algorithm using the

goodness index of the extracted minutiae and the accuracy of an

online fingerprint verification system. Experimental results show

that incorporating the enhancement algorithms improves both the

goodness index and the verification accuracy.


17/33

Hand Geometry:

This approach uses the geometric shape of the hand for

authenticating a user's identity. Authentication of identity using

hand geometry is an interesting problem. Individual hand features

are not descriptive enough for identification. However, it is

possible to devise a method by combining various individual

features to attain robust verification.


18/33

Hand Geometry vs Fingerprints:

Unlike fingerprints, the human hand isn't unique. One can use

finger length, thickness, and curvature for the purposes ofverification but not for identification. For some kinds of access

control like immigration and border control, invasive biometrics

(eg., fingerprints) may not be desirable as they infringe on

privacy. In such situations it is desirable to have a biometricsystem that is sufficient for verification. As hand geometry is not

distinctive, it is the ideal choice. Furthermore, hand geometry data

is easier to collect. With fingerprint collection good frictional skin

is required by imaging systems, and with retina-based recognition

systems, special lighting is necessary. Additionally, handgeometry can be easily combined with other biometrics, namely

fingerprint. One can envision a system where fingerprints are used

for (infrequent) identification and hand geometry is used for

(frequent) verification.


19/33

Face Retrieval:

The face retrieval problem, known as face detection, can be defined

as follows: given an arbitrary black and white, still image, find thelocation and size of every human face it contains. There are many

applications in which human face detection plays a very important

role: it represents the first step in a fully automatic face recognition

system, it can be used in image database indexing/searching by

content, in surveillance systems and in human-computer interfaces.

It also provides insight on how to approach other pattern

recognition problems involving deformable textured objects. At the

same time, it is one of the harder problems in pattern recognition.


20/33

Face Retrieval:


21/33

Integrating Faces and Fingerprints for Personal Identification :

An automatic personal identification system based solely on

fingerprints or faces is often not able to meet the systemperformance requirements. Face recognition is fast but not reliable

while fingerprint verification is reliable but inefficient in database

retrieval. We have developed a prototype biometric system which

integrates faces and fingerprints. The system overcomes the

limitations of face recognition systems as well as fingerprintverification systems. The integrated prototype system operates in

the identification mode with an admissible response time. The

identity established by the system is more reliable than the identity

established by a face recognition system. In addition, the proposed

decision fusion schema enables performance improvement by

integrating multiple cues with different confidence measures.

Experimental results demonstrate that our system performs very

well. It meets the response time as well as the accuracy

requirements.


22/33

AMultimodal Biometric System Using Fingerprint, Face, and

Speech:

A biometric system which relies only on a single biometricidentifier in making a personal identification is often not able to

meet the desired performance requirements. Identification based on

multiple biometrics represents an emerging trend. We introduce a

multimodal biometric system, which integrates face recognition,

fingerprint verification, and speaker verification in making apersonal identification. This system takes advantage of the

capabilities of each individual biometric. It can be used to

overcome some of the limitations of a single biometrics.

Preliminary experimental results demonstrate that the identityestablished by such an integrated system is more reliable than the

identity established by a face recognition system, a fingerprint

verification system, and a speaker verification system.


23/33


24/33

Cryptography


25/33

Cryptography is the science of writing in secret code and is an

ancient art; the first documented use of cryptography in writing

dates back to circa 1900 B.C. when an Egyptian scribe used non-standard hieroglyphs in an inscription. Some experts argue that

cryptography appeared spontaneously sometime after writing was

invented, with applications ranging from diplomatic missives to

war-time battle plans. It is no surprise, then, that new forms of

cryptography came soon after the widespread development of

computer communications. In data and telecommunications,

cryptography is necessary when communicating over any

untrusted medium, which includes just about any network,

particularly the Internet.


26/33

Within the context of any application-to-application

communication, there are some specific security requirements,

including:

y Authentication: The process of proving one's identity. (The

primary forms of host-to-host authentication on the Internet today

are name-based or address-based, both of which are notoriously

weak.)

y Privacy/confidentiality: Ensuring that no one can read the

message except the intended receiver.

y Integrity: Assuring the receiver that the received message

has not been altered in any way from the original.

Non-repudiation:A mechanism to prove that the sender really sent

this message.


27/33

Cryptography, then, not only protects data from theft or alteration,

but can also be used for user authentication. There are, in general,

three types of cryptographic schemes typically used to accomplish

these goals: secret key (or symmetric) cryptography, public-key

(or asymmetric) cryptography, and hash functions, each of which

is described below. In all cases, the initial unencrypted data isreferred to asplaintext. It is encrypted into ciphertext, which will

in turn (usually) be decrypted into usable plaintext.


28/33

TYPES OF CRYPTOGRAPHIC ALGORITHMS

There are several ways of classifying cryptographic algorithms.

For purposes of this paper, they will be categorized based on thenumber of keys that are employed for encryption and decryption,

and further defined by their application and use. The three types

of algorithms that will be discussed are (Figure 1):

y Secret Key Cryptography (SKC): Uses a single key forboth encryption and decryption

y Public Key Cryptography (PKC): Uses one key for

encryption and another for decryption

y Hash Functions: Uses a mathematical transformation to

irreversibly "encrypt" information


29/33


30/33

Secret Key Cryptography

With secret key cryptography, a single key is used for both

encryption and decryption. As shown in Figure 1A, the sender usesthe key (or some set of rules) to encrypt the plaintext and sends the

ciphertext to the receiver. The receiver applies the same key (or

ruleset) to decrypt the message and recover the plaintext. Because

a single key is used for both functions, secret key cryptography isalso called symmetric encryption.

With this form of cryptography, it is obvious that the key must be

known to both the sender and the receiver; that, in fact, is the

secret. The biggest difficulty with this approach, of course, is the

distribution of the key.


31/33

Secret key cryptography schemes are generally categorized asbeing eitherstream ciphers orblock ciphers. Stream ciphers

operate on a single bit (byte or computer word) at a time and

implement some form of feedback mechanism so that the key is

constantly changing. A block cipher is so-called because the

scheme encrypts one block of data at a time using the same key on

each block. In general, the same plaintext block will always

encrypt to the same ciphertext when using the same key in a block

cipher whereas the same plaintext will encrypt to different

ciphertext in a stream cipher.


32/33

Stream ciphers come in several flavors but two are worth

mentioning here. Self-synchronizingstream ciphers calculate

each bit in the keystream as a function of the previous nbits in

the keystream. It is termed "self-synchronizing" because the

decryption process can stay synchronized with the encryption

process merely by knowing how far into the n-bit keystream it is.

One problem is error propagation; a garbled bit in transmission

will result in n garbled bits at the receiving side. Synchronousstream ciphers generate the keystream in a fashion independent

of the message stream but by using the same keystream

generation function at sender and receiver. While stream ciphers

do not propagate transmission errors, they are, by their nature,

periodic so that the keystream will eventually repeat.


33/33

bio metrics & cryptography

Documents