bio metrics lecture 2008 pd workshop

8/3/2019 Bio Metrics Lecture 2008 PD Workshop

1/41

1

BIOMETRICSBIOMETRICS

Presentation to 2008 AFCEA PD Workshop

CAL CLUPP BSC CISSPCAL CLUPP BSC CISSPDirector, Risk Management ConsultingDirector, Risk Management Consulting

Bell CanadaBell Canada

(613) 597(613) 597--23362336

[email protected]@bell.ca

Source: http://www.banking.com/aba/january.htm


2/41

2 Bell Restricted03 June 2008

OUTLINE

DEFINITION

BRIEF HISTORY

APPLICATIONS

HOW BIOMETRIC DEVICES WORK

TYPES OF DEVICES BIOMETRICS TESTING

EXAMPLE APPLICATIONS

AREAS OF IMPLEMENTATIONS


3/41


DEFINITION

Biometrics - (Classical Definition) Identification of

living things based on physiological and/orbehavioral characteristics

Biometrics - (ISO Definition) A measurable, physicalcharacteristic or personal behavioral trait used torecognize the identity, or verify the claimed identity,of an enrollee.

Biometric System (ISO Definition) An automatedsystem capable of: capturing a biometric sample from an end user;

extracting biometric data from that sample;

comparing the biometric data with that contained in one or

more reference templates; deciding how well they match; and

indicating whether or not an identification or verification ofidentity has been achieved.


4/41


HISTORY OF BIOMETRICS

Used since man first walked upright

We all use facial recognition on a daily basis

We use voice recognition during conversations to identify

the other party (e.g. Telephone)

Fingerprints have been used in forensics for over 100years by police investigators

Babies registered at birth using palm/foot prints

Dental records and X-rays have long been used toidentify decomposed bodies

The hand written signature is a form of behavioral

biometric identification DNA is one of the latest advances used in

identification


5/41


HISTORY (continued)

Modern technologies have made it possible tomechanically and automatically convert physical andbehavioral characteristics into digital electronic form

Early biometric systems were slow, expensive,proprietary and unreliable

They were considered as science fiction orspy toysand not likely to be used by ordinary people in dailytransactions

Today costs are coming down, speed and reliability

are increasing and biometric devices are starting tobecome part of our daily lives


6/41


BIOMETRIC APPLICATIONS

Depending on the application, biometrics can be used for

security, privacy, convenience, fraud reduction, or to deliverenhanced services. Applications include:

Physical security and access control (e.g. borders, airports)

Computer/Network logins (e.g. laptops with fingerprint sensors built in)

Business transactions (e.g. ATM withdrawals)

Credit and debit card protection Voting

Receiving government benefits (e.g. welfare, pension)

Healthcare services (e.g. patient ID)

Law enforcement (e.g. drivers licenses, vehicle registration, smart

guns, criminal identification systems)

Identification Documents (e.g. Visas, passports, SIN cards,

Military/Govt/Corporate ID cards)

Registering race horses, research animals, pets and other wildlife

Data protection (e.g. biometric tokens)


7/41



With all biometric systems there are 3 steps (i.e. datacapture, signal processing, and decision) which definethe process flow:

Data Capture

All biometrics start with a piece of raw analogue data (e.g.fingerprint, voice sample, face/hand/retina image)

Signal Processing

This raw data is digitized so that computers can process it

The computer software extracts the critical features (e.g.minutiae) and discards those elements that are irrelevant tomaking a successful comparison (i.e. creates template)

Decision The stored and live templates are compared and if they

match (i.e. within set threshold) user will be accepted


8/41


HOW DEVICES WORK (continued)

During enrollment the template is created and stored(sizes from 9Bytes to 1KByte)

Source: SCA Biometrics May 2002


9/41



During verification the first 2 steps are repeated with

the resulting representation being the live scan ortemplate.



10/41



Compare Template

The live scan is compared to the stored template.

Decide Match

If they match within a set statistical range, it is accepted as valid



11/41



DATA

CAPTURE

SIGNAL

PROCESSING

DECISIONTEMPLATE / BIR

STORAGE

Biometric System

Controller

Signal Detection

Extract Features

Create Template*

Compare

Template

Decide Match

Decide

Acceptance

INPUT / OUTPUT INTERFACES

User Administrator Portal

BiometricSensor

QUALITY CONTROL

Present Biometric Sample

*Template = Processed Biometric Sample

The Create Template process may also include the creation of the Biometric Identification Record (BIR)

Set Threshold

Creation of BIR (Enrollment)

Grant Privileges


12/41


TYPES OF DEVICES

Physiological (i.e. physical) Characteristic Devices

Finger/thumb print readers

Hand/Finger geometry readers

Facial Verification Systems

Eye Scanners Retina Scanners

Iris Scanners

DNA Identification Systems

Voice Verification1

Note 1: Voice verification can also be considered a Behavioral Characteristic device


13/41


DEVICES (continued)

Behavioral Characteristic Devices Voice Verification1

Signature Dynamics Analysis

Keystroke Dynamics Analysis

Gait Analysis

Note 1: Voice verification can also be considered a Physiological Characteristic device


14/41


FINGER/THUMB PRINT READERS

Most widely used

Most systems rely on classifying the differencesbetween ridges and valleys in the patterns of the printand at ridge bifurcations or ridge endings (i.e.minutiae)

Produces one of the largest templates (aprox 1KByte)depending on the method used

Devices are very reliable in use but in some casesother techniques may be required

Several types (e.g. optical, capacitive, ultrasound, RF)


15/41


FINGERPRINT (continued)

Fingerprint matching techniques can be placed into two

categories: minutiae-based and correlation based. Minutiae-based techniques first find minutiae points and then map

their relative placement on the finger. However, there are some

difficulties when using this approach.

It is difficult to extract the minutiae points accurately when thefingerprint is of low quality.

Also this method does not take into account the global pattern ofridges and furrows.

More subject to wear and tear, and false minutiae.

The correlation-based method is able to overcome some of the

difficulties of the minutiae-based approach. However, it has some

of its own shortcomings. Correlation-based techniques (i.e. pattern matching) require the

precise location of a registration point and are affected by imagetranslation and rotation.

Larger templates (often 2 3 times larger than minutiae-based)


16/41



Intrusive procedure

In 1997 the stamp-sized fingerprint reader on amicrochip was introduced which has led to thepotential for many new applications (e.g. securingsmartcards)

A much smaller scrolling sensor is now availablewhich has made even more applications possibleand has addressed some of the security concernswith latent prints

Some more advanced readers can differentiate

between live and dead tissue by checking for pulse

by sensing oxygen level

by checking capacitance of the biometric sample


17/41



Print showing various types of MinutiaePrint showing various types of Minutiae


18/41



To reduce the search time and computational complexity, it is

desirable to classify fingerprints in an accurate and consistent

manner so that the input fingerprint is required to be matched

only with a subset of the fingerprints in the database.

Special algorithms have been developed to classify fingerprints

into five classes, namely, whorl, right loop, left loop, arch, and

tented arch.

Most often used in forensics, rarely in authentication systems

Source: biometrics.cse.msu.edu/info.html


19/41



Source: Various websites


20/41



Source: Protective Technologies Website

USDime


21/41


HAND/FINGER GEOMETRY READERS

The first modern biometric device was a handgeometry reader that measured finger length

These devices use a 3D or stereo camera to mapimages of the hands and/or fingers to measure size,shape and translucency

Actual sensor devices are quite large in size

Templates are typically small (approx 10 Bytes)

High acceptance rate among users


22/41


HAND/FINGER GEOMETRY (continued)

Source: Biometrics Store Website

Source: biometrics.cse.msu.edu/info.htmlSource: http://recognitionsystems.schlage.com/products/


23/41


FACIAL RECOGNITION

Considered by some as an intrusive system

Uses high resolution cameras (several types) to takepictures of the face for comparison

The four primary methods traditionally employed by

facial scan vendors to identify and verify subjectsinclude eigenfaces, feature analysis, neural network,and automatic face processing

New systems are being developed that measurethree dimensional characteristics of the face

One of the fastest growing areas in biometricindustry


24/41


FACIAL (continued)

Typical EigenfacesTypical Eigenfaces

Utilizes two dimensional,

global grayscale images

representing distinctivecharacteristics of

a facial image

Variations of eigenface are

frequently used as the basisof other face recognition

methods.

Source: MIT Face Recognition Demo Page


25/41


FACIAL (continued)

Eigenface: "one's own face," a technology patented at MIT thatuses 2D global grayscale images representing distinctivecharacteristics of a facial image. Most faces can bereconstructed by combining features of 100-125 eigenfaces.During enrollment, the user's eigenface is mapped to a seriesof numbers (coefficients). Upon a 1:1 match, a "live" templateis matched against the enrolled template to obtain a coefficient

variation. This variation either accepts or rejects the user. Local Feature Analysis (LFA): also a 2D technology, though

more capable of accommodating changes in appearance orfacial aspect (e.g., smiling, frowning). LFA uses dozens offeatures from different regions of the face; incorporates the

location of these features. Relative distances and angles of the"building blocks" of the face are measured. LFA canaccommodate 25-degree angles in the horizontal plane and 15degrees in the vertical plane. LFA is a derivative of theeigenface method and was developed by Visionics, Corp.


26/41


FACIAL (continued)

Automatic Face Processing (AFP): This 2D technology uses

distances and distance ratios between eyes, nose, and cornersof mouth. Not as robust as the other technologies, but may bemore affective in dimly lit, frontal image capture situations.

Neural Networks: use algorithms that use as much of the face aspossible. These algorithms run as the human brain would in

cognition to learn about facial features. Neural networks are astep up from LFA.


27/41


FACIAL (continued)

New Volumetric-based 3D Processing Systems: Create a templateof the face that is based on tens-of-thousands of points on theface, thus forming a very high-resolution interpretation of thesubject.

A 3D laser camera takes a picture of the face and represents it within a

virtual cube.

The input starts as a digital image and does not need to beconverted

The secret to a true 3D method lies in the ability to use direct

measurements to compare individuals.

That is, rather than the traditional method of an indirect searchfor facial features on an image, these systems look at specific

points within a millimeter apart..


28/41


FACIAL (continued)

Varying light (i.e. outdoors) can affect accuracy Some systems can compensate for minor changes

such as puffiness and water retention

Smiling, frowning, etc can affect accuracy

Some systems can be confused by glasses, beards,

etc

Human faces vary dramatically over long term(aging) and short term (facial hair growth, differenthair styles, plastic surgery)

Expected high rate of acceptance as people arealready used to being photographed or monitored

Best method for identification systems (e.g. airports)


29/41


FACIAL (continued)

Source: MIT Face Recognition Demo Page

Source: biometrics.cse.msu.edu/info.html


30/41


RETINA SCANNERS

Rely on the uniqueness of the pattern of bloodvessels lining the retina

Users place their eyes a few inches from anincandescent light beam and the sensor maps thecapillary pattern by measuring reflected light

People with high blood pressure, diabetes orglaucoma may give inconsistent readings

Template aprox 35 Bytes and extremely reliable

Primary use is in high security access control


31/41


RETINA SCANNERS (continued)

CameraCamera Enrollment deviceEnrollment device

Source: Biometrics Store Website


32/41


RETINA SCANNERS (continued)

Main retina featuresMain retina features Actual photo of retinaActual photo of retina

Source: American Academy of Ophthalmology


33/41


VOICE VERIFICATION

A completely non-intrusive technique

Examines tonal wave patterns that cannot beimitated by other individuals (voice patterns ofimpersonators are different than the real voicepattern)

Analog recordings cannot reproduce accurate tonepatterns, but digital recordings may be able to do so Random question and answer techniques, and pattern

matching (i.e. comparing successive voice samples) mayhelp to prevent reply attacks based on digital voicerecordings

Most appropriate method for telephone use

People with colds & laryngitis can affect FRR although slight variations can be compensated for

Signal quality can introduce errors (e.g. bad phoneline, noise in background)


34/41


VOICE VERIFICATION (continued)

It is these well-formed, regularpatterns that are unique toevery individual. These patternsare created from the size andshape of the physical structure

of a person's vocal tract. Sinceno two vocal tracts are exactlythe same, no two signalpatterns can be the same.

A complete signal has an

overall pattern, as well as amuch finer structure, calledthe frame. This frame is theessence of voice verificationtechnology.


35/41


VOICE VERIFICATION (continued)

These unique featuresconsist of cadence,pitch, tone, harmonics,and shape of vocal tract.

The image at rightshows howcharacteristics of voiceactually involve much

more of the body thanjust the mouth.


36/41


SIGNATURE ANALYSIS

These devices quantify speed, pressure, angle-of-attack and stroke characteristics (40 plus)

A typical system will take up to 100 elements ofspeed, pressure, etc to characterize an individual

User stress can affect the accuracy of this device

Signatures tend to change over time

These types of devices are now starting to make theirway into practical everyday use


37/41


SIGNATURE ANALYSIS (continued)

Built-in sensors register the dynamics of the act of writing. These dynamics

include the 3D-forces that are applied, the speed of writing, and the angles invarious directions.

This signing pattern is unique for each individual, and thus allows for strong

authentication. It also protects against fraud since it is practically impossible to

duplicate "how" someone signs.Source: Biometrics Store Website and Smart Pen


38/41


EXAMPLE IMPLEMENTATIONS

Otay Mesa, California/Mexico border crossing

facial recognition of drivers who frequently cross border

Japanese Racing Association

uses iris scanning to identify over 10,000 race horses

Walt Disney World, Florida

seasons ticket holders gain entrance by finger geometry Coca Cola is using hand geometry to prevent

workers from buddy punchingat the time clock

Lotus employees must pass hand geometry scanbefore picking up their kids at the company daycare


39/41


IMPLEMENTATIONS (continued)

Several states use voice recognition for parolees onhome detention

US Immigration and Naturalization Service

Frequent travelers between Canada and Montana use

voice verification to access an automated border crossing

system

A leading ATM manufacturer in Tokyo, OKI ElectricIndustry Co has implemented iris scanners in ATMmachines of Japanese banks

ICAO using facial recognition as mandatory identifier

and fingerprints & iris as optional identifiers onMRTDs

Aeroplan Voice Recognition System for AccountAccess


40/41


IMPLEMENTATIONS (continued)

Terminal 3 at Pierson Airport uses hand geometry to

identify frequent travelers between US and Canada Canadian Airlines uses voice recognition to control

access at two of its hangars

Citizenship and Immigration Canada - $3.5 millionbiometric pilot project

Transport Canada and the Canadian Air TransportSecurity Authority (CATSA) new restricted areaidentification card

Facial Recognition Project at the Passport Office

Bell Canada Maintenance Technician Voice

Verification Bell Canada Client Account Access Voice Verification

(My voice is my password)


41/41


Summary

Today's powerful computers and microelectronics make biometric

identification and verification systems a reality Biometric advocates still face uphill battle to convince the skeptical

public, legislators, lawyers & security professionals that systems are

safe, reliable and worth implementing

In the aftermath of 9/11, Biometrics has seen a resurgence in

interest and is now being seriously considered by governments andother organizations as part of their solution for ensuring the identity

of individuals and protecting their assets

Biometrics by itself is not the solution, only one part of it

Biometrics has the potential to be utilized in any application where

authentication and verification is required and it is only a question oftime before we start to see these systems used in our daily lives

Use of Biometrics is not the main contributor to security and privacy

risks, only the inappropriate or inadequate implementation of it is