Biometrics Technology Review 2008

Rebecca Heyer

Land Operations Division Defence Science and Technology Organisation

DSTO-GD-0538

ABSTRACT Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. In recent years automated biometric systems, such as facial, fingerprint and iris recognition systems, have been developed to facilitate a range of functions. These functions can be broadly categorised as verification or identification, and include, for instance, physical and logical access control, management of major plant and machinery, weapons control, identity management, surveillance operations, and personnel management. This paper is an updated version of the Biometrics Technology Review 2002 published in 2003 by Blackburn et al. It provides an overview of the basic elements of biometrics; a detailed examination of current and future biometric technologies; discusses the many different applications of biometrics; and highlights the issues associated with using such technology.

RELEASE LIMITATION

Approved for public release

Published by Land Operations Division DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh South Australia 5111 Australia Telephone: (08) 8259 5555 Fax: (08) 8259 6567 © Commonwealth of Australia 2008 AR 014-200 Submitted: August 2007 Published: May 2008 APPROVED FOR PUBLIC RELEASE

Biometrics Technology Review 2008

Executive Summary Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. The history of biometrics, like most other technologies, has followed a familiar route beginning with an initial build-up of excessive optimism followed by a trough of scepticism as the limitations of the technologies became apparent. Realistic expectations, combined with a plethora of research and development, are now seeing many biometric systems, such as facial, fingerprint, iris and hand geometry, reach the levels of success originally touted. With annual global biometrics revenues projected to grow from $2.1 billion in 2006 to $5.7 billion in 2010 and inspection of patent databases uncovering a range of new and exciting applications, biometrics truly appear to be living up to the tag applied to it by the MIT Technology Review in 2001 as one of the ‘top ten emerging technologies that will change the world’. In recent years automated biometric systems have been developed to facilitate a range of functions broadly categorised as verification or identification functions. Such automated systems offer advantages over current strategies including the elimination of fatigue effects associated with human performance and adding the possibility of measuring features (e.g. iris pattern) that cannot be readily sensed by humans. Biometrics have been successfully applied across a range of procedures and processes to enhance security including physical and logical access control, management of major plant and machinery, weapons control, identity management, and personnel management. Automated biometric systems need to be seen as an adjunct to existing systems, adding to techniques already used, and organisations contemplating the adoption of biometric technology need to understand that there are a range of issues that should be addressed. Privacy and security concerns, the vulnerability of biometric systems to attack, the importance of usability and user acceptance, training and education and a range of integration and support requirements all need to be addressed. This paper is an updated version of the Biometrics Technology Review 2002 paper published in 2003 by Blackburn et al*. After an introduction, and in line with its predecessor, the paper provides an overview of the basic elements of biometrics (Section 2); a detailed examination of current and future biometric technologies (Section 3); discusses the many different applications of biometrics (Section 4); and highlights the current issues associated with using such technology (Section 5).

* Blackburn T, Butavicius M, Graves I, Hemming D, Ivancevic V, Johnson R, Kaine R, McLindin B, Meaney K, Smith B and Sunde J 2003, Biometrics technology review 2002, DSTO-GD-0359

Contents

1. INTRODUCTION ............................................................................................................... 1

2. BIOMETRICS BASICS....................................................................................................... 2 2.1 Components of a biometric system ....................................................................... 2 2.2 Pattern recognition ................................................................................................... 3 2.3 Error rates ................................................................................................................... 4 2.4 Biometric applications ............................................................................................. 5

2.4.1 Verification ................................................................................................. 6 2.4.2 Identification .............................................................................................. 6

3. BIOMETRIC TECHNOLOGIES AND APPLICATIONS............................................ 6 3.1 Fingerprint ................................................................................................................. 7 3.2 Face ............................................................................................................................ 10 3.3 Iris .............................................................................................................................. 13 3.4 Speaker Recognition .............................................................................................. 14 3.5 Hand Geometry....................................................................................................... 15 3.6 Signature................................................................................................................... 16 3.7 Retina ........................................................................................................................ 17 3.8 Deoxyribonucleic acid ........................................................................................... 18 3.9 Odour ........................................................................................................................ 18 3.10 Ear .............................................................................................................................. 19 3.11 Veins.......................................................................................................................... 19 3.12 Fingernail bed.......................................................................................................... 19 3.13 Skin............................................................................................................................ 20 3.14 Physiometrics........................................................................................................... 20 3.15 Thermogram............................................................................................................. 21 3.16 Gait ............................................................................................................................ 22 3.17 Work pattern analysis ............................................................................................ 22 3.18 Lips ............................................................................................................................ 22 3.19 Footprints ................................................................................................................. 23 3.20 Dynamic grip recognition ..................................................................................... 23 3.21 Tongue ...................................................................................................................... 23 3.22 Comparison of technologies ................................................................................. 24 3.23 Parameters to guide the selection of biometrics ............................................... 26 3.24 Current directions................................................................................................... 28

3.24.1 Multimodal biometrics ........................................................................... 28 3.24.2 Form Factors............................................................................................. 29 3.24.3 Biometrics and smart cards.................................................................... 30

3.25 Future directions ..................................................................................................... 33

4. BIOMETRIC APPLICATIONS....................................................................................... 33 4.1 Physical access control ........................................................................................... 33 4.2 Logical access control and protection of IT systems ........................................ 34 4.3 Personnel management.......................................................................................... 34 4.4 Identity management ............................................................................................. 35 4.5 Weapons or other sensitive technologies control ............................................. 37 4.6 Management of major plant ................................................................................. 37 4.7 Communications (verification of electronic identification) ........................... 38 4.8 Counter-terrorism, counter-insurgency or stand-off recognition operations38

4.9 Forensic identification ........................................................................................... 39

5. ISSUES ...................................................................................................................... 40 5.1 Security concerns - biometric vulnerabilities.................................................... 40

5.1.1 Addressing biometric vulnerabilities ................................................... 42 5.2 Usability and user acceptance .............................................................................. 44 5.3 Health concerns....................................................................................................... 46 5.4 Privacy issues........................................................................................................... 47 5.5 Integration and support requirements................................................................ 49

5.5.1 Education and training ........................................................................... 50 5.6 Evaluation requirements ....................................................................................... 51 5.7 Interoperability issues ........................................................................................... 51

6. CONCLUSION .................................................................................................................. 52

7. REFERENCES..................................................................................................................... 53

Figures Figure 1: The technical components of a generic biometric system.................................... 3 Figure 2: Detection error trade-off: FMR vs. FNMR (reproduced from Mansfield et al, 2001)....................................................................................................................................................... 5 Figure 3: Minutiae ...................................................................................................................... 8 Figure 4: Optical fingerprint sensor......................................................................................... 8 Figure 5: Capacitance fingerprint sensor and output ........................................................... 9 Figure 6: Ultrasound fingerprint sensor ................................................................................. 9 Figure 7: Thermal fingerprint sensor....................................................................................... 9 Figure 8: 3D fingerprint image ............................................................................................... 10 Figure 9: Face measurements.................................................................................................. 10 Figure 10: 3D face images........................................................................................................ 11 Figure 11: Decreasing error rates for face recognition technology 1993-2006 ................. 13 Figure 12: Collage of irises ...................................................................................................... 13 Figure 13: Desktop iris scanning ............................................................................................ 14 Figure 14: Speaker recognition headset and microphone .................................................. 15 Figure 15: Hand geometry sensor for access control........................................................... 16 Figure 16: Signature verification ............................................................................................ 16 Figure 17: The eye..................................................................................................................... 17 Figure 18: Scanning area of the retina ................................................................................... 17 Figure 19: Retina scan of Iraqi Army recruit ........................................................................ 18 Figure 20: A DNA molecule.................................................................................................... 18 Figure 21: Schematic diagram of an electronic nose............................................................ 18 Figure 22: Ear biometric .......................................................................................................... 19 Figure 23: Vein scanner ........................................................................................................... 19 Figure 24: Fingernail bed scanner .......................................................................................... 20 Figure 25: Brainwaves depicted in an electrocephalogram trace ...................................... 20 Figure 26: Identification by analysis of physiometric variation ........................................ 21 Figure 27: Facial thermogram................................................................................................. 21 Figure 28: Gait as a biometric ................................................................................................. 22 Figure 29: Lips as a biometric ................................................................................................. 22 Figure 30: Dynamic grip recognition sensors on a handgun ............................................. 23 Figure 31: Different shapes and surface textures of the tongue ........................................ 24 Figure 32: Biometric/fingerprint mouse............................................................................... 30 Figure 33: Biometric/fingerprint mobile phone .................................................................. 30 Figure 34: Sensor-on-card system .......................................................................................... 31 Figure 35: Match-on-card system........................................................................................... 31 Figure 36: Template-on-card system ..................................................................................... 32 Figure 37: Qantas aircrew member using a Smart Gate terminal ..................................... 35 Figure 38: Fingerprint scanner at a sporting arena in Amsterdam ................................... 36 Figure 39: Face recognition at a distance (50-300m)............................................................ 39 Figure 40: Biometric threat vectors (reproduced from Roberts, 2007).............................. 42

Tables Table 1: Classification of biometrics (adapted from Bolle et al, 2004) ................................ 7 Table 2: Benefits and disadvantages of fingerprint, face, iris, speaker/voice and hand biometrics (reproduced from www.dell.com) ..................................................................... 25 Table 3: Comparison of Biometric Technologies ................................................................. 25 Table 4: Parameters to guide selection of biometrics (from Sanderson & Erbetta, 2000)26 Table 5: Parameters to guide selection of face, fingerprint and iris biometrics in the Defence environment............................................................................................................... 27 Table 6: Factors that impact on biometric system usability and performance ................ 45 Table 7: BioPrivacy Application Impact Framework .......................................................... 48

Glossary ADF Australian Defence Force AGIMO Australian Government Information Management Office ATM Automatic Teller Machine BAT Biometric Automated Toolset BISA Biometric Identification System for Access (US) CAC Common Access Card (US) CCD Charge Coupled Device CCTV Closed Circuit Television CESG Communications-Electronics Security Group (UK) DBIDS Defense Biometric Identification System (US) DET Detection Error Tradeoff (curve) DGR Dynamic Grip Recognition DNA Deoxyribonucleic Acid DoD Department of Defense (US) DSBTF Defense Science Board Task Force (US) EEG Electrocephalogram FBI Federal Bureau of Investigation FMR False Match Rate FNMR False Non Match Rate FP Fingerprint FRVT Face Recognition Vendor Test FTA Failure to Acquire FTE Failure to Enrol FVC Fingerprint Verification Competition HUMINT Human Intelligence IBG International Biometric Group ICAO International Civil Aviation Organization ICE Iris Challenge Evaluation INPASS Immigration and Naturalization Service Passenger Accelerated

Service System (US) IT Information Technology MIT Massachusetts Institute of Technology MoD Ministry of Defence NIST National Institute of Standards and Technology (US) PIV Personal Identity Verification (US) ROC Receiver Operator Characteristic (curve) TWIC Transport Workers Identity Credential (US) UK United Kingdom UKBWG United Kingdom Biometrics Working Group US United States

DSTO-GD-0538

1. Introduction

Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. Biometrics is not a new concept. History suggests that potters from Asia and the Middle East used their fingerprints to sign their work as long ago as 1500 BC (Down & Sands, 2004). Technology development in the area, however, is a much newer concept. The history of biometrics, like most other technologies, has followed a familiar route, beginning with an initial build up of excessive optimism followed by a trough of scepticism as the limitations of the technologies became apparent. Realistic expectations, combined with a plethora of research and development, are now seeing many biometric systems reach the levels of success originally touted (Simpson, 2007). In 2001 the MIT Technology Review named biometrics one of the ‘top ten emerging technologies that will change the world’ and in early 2006 the International Biometric Group (IBG) projected that global biometrics annual revenues would grow from $2.1 billion in 2006 to $5.7 billion in 2010. IBG expect that the United States and Asia will be the largest global markets for biometrics products and services in the coming decade (http://www.biometricgroup.com/). In recent years automated biometric systems have been developed to identify persons and verify identity. The systems offer advantages over current recognition strategies, including the elimination of fatigue effects associated with human performance and adding the possibility of measuring features (e.g. iris pattern) that cannot be readily sensed by humans. Automated biometric systems should be seen as an adjunct to existing personal identification systems, adding to techniques already used. In addition to the development of individual biometric systems, more and more research and development is being devoted to multimodal biometric systems; those that use more than one biometric or more than one measure of the same biometric, and thus increase levels of accuracy and security. In early 2005, the military components of the US Department of Defense (DoD) were surveyed to ascertain their level of current biometric usage, or intended future usage. At that time, 83 different systems were reported including those based on fingerprints (accounting for 65%), hand geometry (12%), iris (6%), multimodal systems (16%) and other, such as deoxyribonucleic acid (DNA) (1%). The biometric systems in use at the time primarily supported the areas of identity background checking, access control, and detainee processing (Kauchak, 2006). Biometric systems are socio-technical systems, comprising both the technology and a range of social subsystems (such as the users and the environment/s in which the technology operates). Biometrics can be applied to two types of problems: verification (i.e. access control) and identification. Many technologies are suitable for access control type applications, but identification applications typically result in relatively high error rates (often due to the environment) and few technologies are suitable. Despite some successful applications, biometric systems do have some limitations. Error rates still remain relatively high for some methods, even in the areas where biometric measures are thought to be unique to the person (i.e. fingerprints, iris). In these cases it is the measuring process itself that produces uncertainties (such as the smearing of a fingerprint). Biometric systems are also susceptible to attack and there remain a string of social, ethical and acceptance issues

1

DSTO-GD-0538

with their use. As such, there are many factors that need to be considered when contemplating a biometric solution including technical, privacy and human factors issues. This paper is an updated version of the Biometrics Technology Review 2002 paper published in 2003 by Blackburn et al. After an introduction, and in line with its predecessor, the paper provides an overview of the basic elements of biometrics (Section 2); a detailed examination of current and future biometric technologies and applications (Section 3); discusses the many different applications of biometrics (Section 4); and highlights the current issues associated with using such technology (Section 5).

2. Biometrics basics

2.1 Components of a biometric system

Biometric systems are socio-technical systems comprised of both technical and social subsystems. The social aspects of the system include the users and the environment/s in which the system operates. In technical terms, a biometric system consists of several components (see Figure 1):

• A data collection component which collects the biometric data. • A data storage component which stores the biometric data. • A signal processing component which processes the biometric data. • A decision component which makes decisions regarding matches between biometric

data and whether to accept or reject. • A transmission component which aids the data collection, data storage and signal

processing components in compressing and expanding files required at different stages of the process.

Within these components several key functions are performed:

• Within the data collection component, the sensor function acquires the raw biometric data or signal (such as a video, photo or fingerprint).

• Within the signal processing component, the feature extraction function extracts features to represent the signal collected by the sensor. Biometrics from known people are condensed to form compact templates that are enrolled in a database (within the data storage component) or stored on some other device such as a smart card. This process may be carried out in the operational environment or off-line.

• Biometrics are obtained from those people presenting at the operational biometric system and compressed into template form (once again, stored in the data storage component). The pattern matching function, within the signal processing component, then compares the templates from the presenting subject(s) with enrolled entries to determine if there are matches; assigning match scores in the process.

• Within the decision component, a matching function then processes the match scores and determines or verifies the identity of an individual. It is only then that action is taken to open a gate, sound an alert or otherwise respond, depending on the match score and role of the system.

2

DSTO-GD-0538

Figure 1: The technical components of a generic biometric system1

2.2 Pattern recognition

All biometric processes require the comparison of measured data from a person with known data from a database to determine if there is a match. There are two basic approaches to the comparison problem. The first is based on the step-by-step construction of the decision-making process, an algorithm, and the other is based on the use of some form of ‘learning mechanism’ in which the decision-making algorithm still exists, but may be hidden from the users, such as artificial neural networks. Whichever comparison approach is adopted, each biometric system recognition process is comprised of two phases – enrolment and operational. Enrolment, the initial phase, requires the capture of biometric data. The way the biometric is captured differs according to both the type of biometric being captured (i.e., a photo or fingerprint scan) as well as the application of the system itself (i.e., watch list versus verification). For instance, in a watch list application, enrolment often takes place without the knowledge of the person of interest; whereas in a verification application biometrics are usually sampled several times to ensure the best possible chances for matching. Each sample is then checked to ensure that it is of sufficient quality to generate a match. Data is then processed to extract the key features which enable different subjects to be separated from one another by a classifier, known as feature extraction. The result of this process is a data vector, commonly referred to as a template once it is enrolled into the database.

1 ISO/IEC 19795-1 (2006)

3

DSTO-GD-0538

Once a database of subjects is established the system can move into the operational phase. In the operational phase, an individual’s biometric data is once again captured and compared to the enrolled template. When an individual provides biometric samples in an attempt to gain access to a secured area (known as a transaction), these samples are compared with those in the enrolled template. Access can be granted, or identification verified, if the degree of match between the transaction and enrolled data are above a given threshold or decision value, which is ultimately driven by the costs associated with the range of error rates that biometric systems produce. 2.3 Error rates

Despite the automated nature of biometric systems and possible claims by proponents, all biometric systems produce errors of two general types. A false positive occurs when a person is accepted as being the person claimed, even though that is not the case. This is measured as the false match rate (FMR). Most biometric system vendors today claim a FMR of 0.0001% to 0.1%. A FMR of 0.001% means that 1 out of every 100,000 attempts by an impostor to gain access to a system will succeed, on average. The FMR in comparative test environments for fingerprint is typically 0.2%, voice 2-5% (Jain, Ross & Prabhakar, 2004), iris and face 0.1% (Phillips et al, 2007). A false negative occurs when a person is not accepted as who he/she claims to be even though he/she is that person. This is measured as the false non match rate (FNMR). Most biometric system vendors today claim a FNMR of 0.0001% to 1%. However, the FNMR in comparative test environments for fingerprint is typically 0.2%, voice 10-20% (Jain, Ross & Prabhakar, 2004), iris 1.5% and face 1% (Phillips et al, 2007). There is generally a trade-off between these two types of error, based on a decision threshold in the biometric processor. If the decision threshold is raised to reduce the FMR, the FNMR will generally increase and vice versa. In addition to the error trade-offs, errors vary between technologies based on the discrimination quality of the biometric data measured. A parametric plot of FMR against FNMR is the most useful representation allowing complete comparison of various biometrics. Linear or log scales are commonly used on the axes, and the plots are then referred to as receiver operator characteristic (ROC) or detection error tradeoff (DET) curves respectively. Other axis scaling could be more useful, for example see Parks et al (2006) which introduces scaling based on generalised hyperbolic functions. The independent parameter which varies along the plotted curves is the similarity score. Figure 2, reproduced from Mansfield et al (2001), is an FMR vs. FNMR plot comparing face, fingerprint (FP), hand, iris, vein and voice biometrics. The iris system used in the study had a pre-determined threshold and the FMR was in fact zero. There were approximately 200 subjects, mainly comprising volunteers working at the National Physics Laboratory site. The report was published in 2001 and since then it is known that some biometrics have made remarkable improvements.

4

DSTO-GD-0538

Figure 2: Detection error trade-off: FMR vs. FNMR (reproduced from Mansfield et al, 2001)

Sampling error should be considered when comparing the results from any biometric trial. At DSTO the Wilson confidence limits for proportions (see Hogg & Tanis, 2000) are routinely calculated for FMR and FNMR values. A recent development in the presentation of results is the inclusion of these confidence limits on FMR versus FNMR plots, see DSTO (2007) for examples. In trials it is common practice to obtain multiple biometric samples from each subject. Multiple samples from the same person cannot be expected to be distributed in the same way as biometric samples from multiple persons. This complicates the determination of the correct sample size to use when calculating confidence limits. In DSTO (2007) upper and lower bounds for sample size are calculated assuming complete independence or complete dependence, respectively, of samples from the same person. When planning a trial or evaluating the validity and applicability of trial results it is also important to consider the desired population scope and the sampling method. In particular, consideration should be given to how well the sample frame represents the population of interest. In biometrics this is particularly important because biometrics can vary considerably across demographic groups. The viability of a biometric system depends on more than just its error rates. Operational issues such as acceptability to the user, user skill requirements and niche requirements all must be considered. 2.4 Biometric applications

Biometric systems have two distinct applications – verification and identification.

5

DSTO-GD-0538

2.4.1 Verification

In verification applications ‘the user makes a positive claim to an identity, features derived from the submitted sample biometric measure are compared to the enrolled template for the claimed identity, and an accept or reject decision regarding the identity claim is returned’ (ISO/IEC 19795-1, 2006, p. 5). Biometric systems of this type conduct one-to-one (1:1) comparisons to determine whether the identity claimed by the individual is true. An example would be to verify that a pass holder is the authorised user. 2.4.2 Identification

In identification applications, ‘a search of the enrolled database is performed, and a candidate list of 0, 1 or more identifiers is returned’ (ISO/IEC 19795-1, 2006, p. 5). Identification tasks assume that a person is in the database. This type of system is more sophisticated as it conducts one-to-many (1:N) comparisons to establish the identity of the individual. Identification applications are very taxing for a biometric system since it must generate low FMR (to keep false alarms low) while still maintaining low FNMR (to ensure that persons of interest are identified). In addition, an identification system must generally compare each incoming biometric sample with all enrolled entries rather than with individual enrolled entries, which tends to increase the number of errors when compared to a verification application. Related to the identification is watch list. Watch list screening is the most demanding of all applications. It involves two distinct steps. The system must first detect if a person is on the watch list and, if so, correctly identify them. An example would be a system at a border crossing to search for drug couriers of known appearance. This is much more difficult than an identification or verification task, as some potential persons of interest may not be in the database and current systems present a number of possible matches for the human operator to then consider.

3. Biometric technologies and applications

There are many biometric technologies in use today and a range of biometrics that are still in the early stages of development. Biometrics are either based on a physiological characteristic of the person or a behavioural characteristic. Table 1 (adapted from Bolle, Connell, Pankanti, Ratha & Senior, 2004) summarises a range of biometrics and classifies them according to whether they are physiologically or behaviourally based, and whether they are common (i.e., currently in use across a range of environments), still in limited use or under development, or still in the research realm (i.e., haven’t yet been applied in any environment outside of research).

6

DSTO-GD-0538

Table 1: Classification of biometrics (adapted from Bolle et al, 2004) Biometrics Physiological Behavioural Common Limited Research

Fingerprint Facial Hand Geometry Iris Speaker Signature DNA Ear Odour Retina Veins Dynamic grip* Skin Gait Lips* Work pattern Fingernail bed Thermogram Physiometrics Footprint* Tongue

*Lip, dynamic grip and footprint biometrics are so diverse that they fit into both the physiological and behavioural categories

While the following review focuses on the six most popular biometrics in the market today – fingerprint, facial, iris, speaker recognition, signature verification and hand geometry, a brief summary of other biometric technologies is also provided. The review concludes with a cross-comparison of the common biometric technologies. 3.1 Fingerprint

Fingerprint recognition is currently the leading biometric technology, comprising around 32% of the total market, and looks set to remain there for some time to come. This is due mainly to the range of environments in which fingerprint systems can be deployed, the years of development that the systems have undergone, and the many companies involved in the technology's manufacture and development. IBG estimates that fingerprint revenues will grow from $198 million in 2003 to $1.493 billion in 2008 (http://www.biometricgroup.com/). Fingerprint recognition systems are a proven technology and have been shown to be capable of very high levels of accuracy. Their sensors and processors are low cost and easy to use and the reduced size and power requirements of fingerprint systems, along with their resistance to environmental changes such as background lighting and temperature, enable the systems to be deployed in a range of logical and physical access environments. Modern fingerprint acquisition devices are quite small (often less than 1.5 cm x 1.5 cm and very thin) and are capable of acquiring and processing images (Roberts, 2006). Fingerprint

7

DSTO-GD-0538

systems are being used daily to enable users to access networks and PCs, enter restricted areas, operate plant, and to authorise transactions.

Figure 3: Minutiae2

Fingerprint identification is based on the analysis of the ridge patterns on the tips of fingers. Sensors generate images of the ridges and these are scanned for structural features (called minutiae) such as branches or terminations.

The relative positions and types of the minutiae form a description of the fingerprint that can be matched against other fingerprints. Approximately 80% of biometric vendors utilise these minutiae in some fashion, but some choose to use pattern matching that extrapolates data from a particular series of ridges on the fingerprint (Roberts, 2006). This series of ridges used in enrolment is the basis of comparison, and verification requires that a segment of the same area be found and compared. Once a high-quality image is captured, there are a several steps required to convert its distinctive features into a compact template. This process, known as feature extraction, is at the core of fingerprint technology. Each vendor of fingerprint systems has a proprietary feature extraction mechanism; the vendors guard these unique algorithms very closely. Multiple sensor types are currently available to scan fingerprints including optical, capacitance, ultrasound and thermal.

Figure 4: Optical fingerprint sensor3

Optical sensors are the most proven fingerprint sensors over time. They are fairly inexpensive, are resistant to temperature fluctuations, and can provide fingerprint images up to 500 dpi resolution. Issues with optical sensors include that they must be of sufficient size to capture a quality image, that latent (or leftover) prints can degrade images to the point that image capture is severely hampered, and that the sensors themselves often degrade with age.

Capacitance sensors were introduced in the late 1990s and have gained popularity since that time. In these sensor types, the capacitance sensor acts as one plate of a capacitor, the finger the other. An 8-bit gray scale digital image, more detailed than an image captured by an optical scanner, is generated from the capacitance between the plate and the finger. While it would appear that the coating applied to the capacitance sensors would be more

2 www.factsfinder.com/fingerprinting.htm 3 http://computer.howstuffworks.com

8

DSTO-GD-0538

durable than those of optical sensors, this has yet to be tested across the range of conditions in which the sensor could be deployed (Roberts, 2006).

Figure 5: Capacitance fingerprint sensor and output4

Ultrasound sensors are still in their infancy and not yet widely used, however, they have great potential to lead the fingerprint technologies market due to their reported high accuracy. Ultrasound sensors transmit acoustic waves that measure the impedance of the finger, the sensor platen and the air. Beside their reported high accuracy, ultrasound sensors have the advantage that they can penetrate dirt and other contamination on the finger and platen, one of the major drawbacks of other fingerprint technology.

Figure 6: Ultrasound fingerprint sensor5

Figure 7: Thermal fingerprint sensor6

Thermal sensors measure temperature changes in the ridge-valley structure of the finger as it is swiped over the scanner. These temperature changes produce an image of the fingerprint. While the image is not as rich as the gray scale images produced by other sensor types, thermal sensing has the advantage that it is able to overcome the dry and wet skin issues that can plague other sensors (Bolle et al, 2004).

Work is currently underway into the use of 3D scanners that use touchless technology and very high contrast multi-camera imaging of the finger (Chen et al, 2006).

4 www.ntt-tec.jp 5 http://perso.orange.fr 6 www.britestone.com.hk

9

DSTO-GD-0538

Figure 8: 3D fingerprint image7

3D fingerprint scanners create more accurate minutiae and pattern matching and more reliable, higher speed database indexing schemes. In addition to 3D images, most 3D systems also output 2D fingerprint data that is compatible with legacy fingerprint databases to ensure interoperability is maintained. The advantage of 3D systems is their ability to overcome the smudging and distortion issues inherent in touch based systems (Simmons, 2005).The major drawback of many fingerprint recognition systems is the contact nature of many of the sensors. Because of this touch sensing, the pattern being sensed is often distorted at acquisition and can make matching difficult. Other major drawbacks of fingerprint sensing include the inability of the sensing process to accommodate dirt and other environmental contamination and the apparent inability of a few users to record reliable fingerprints (due to injury or age). Research has shown that certain ethnic and demographic groups have lower quality fingerprints and are more difficult to enrol, including the elderly, manual labourers, and some Asian populations (Roberts, 2006). 3.2 Face

Figure 9: Face measurements8

Facial recognition is based on the measurement of the positions of distinctive features of the face - including the upper outlines of the eye sockets, the areas surrounding the cheekbones, the sides of the mouth, and the location of the nose and eyes - to perform verification and identification.

Facial recognition technology is the second most popular biometric technology after fingerprint and is expected to grow rapidly during this decade, particularly in the area of surveillance systems. IBG estimates that global facial recognition revenues will grow from $50 million in 2003 to $800 million in 2008, accounting for 17% of the biometrics market (http://www.biometricgroup.com/). Facial recognition technology is being used widely

7 www.send2press.com 8 www.idwarehouse.co.uk

10

DSTO-GD-0538

in large-scale identification applications (i.e. passport systems), surveillance applications and in law enforcement. It has not yet been successfully applied to desktop verification. The most common input sensors are 2D video or digital cameras, although 3D systems are becoming more commonplace. 2D images are generated using analog or digital camera, scanned documents or video sequence. The more recent facial recognition systems are based on skin or skull geometry and require 3D images to achieve this.

Figure 10: 3D face images9

There are three main types of 3D facial recognition systems available on the market today. The first type, stereo acquisition, uses two or more cameras to take simultaneous snapshots of a subject and then uses this information to calculate depth information and reference points. Stereo acquisition is relatively low cost and easy to use. The second type, structural light, projects a light pattern onto the face of a subject and uses a standard camera to record the information, which is then used to calculate depth information and reference points. Structural light is the fastest of the 3D facial systems. The third type uses a laser sensor to capture a 3D image of a subject’s face. Although improving all the time, laser sensors are expensive and slower than the other options (Akarun, Gokberk & Salah, 2005). Recent research has found that a multimodal or fusion approach of using 2D and 3D facial recognition systems in combination with one another performs significantly better than using either alone (Tao, van Rootseler, Veldhuis, Gehlen & Weber, 2007; Chang, Bowyer & Flynn, 2005). Other systems have used near infrared and facial thermograms with varying results. The performance of facial recognition systems is closely tied to the quality of the images captured by the various sensors, and images from near infrared and facial thermograms still have a way to go. Vendors currently use four methods to identity or verify subjects using facial recognition – eigenfaces, feature analysis, neural networks and automatic face processing (Woodward, Horn, Gatune & Thomas, 2003). 9 www.a4vision.com/ and http://www-users.cs.york.ac.uk

11

DSTO-GD-0538

Feature analysis is currently the most widely used facial recognition technology. Specific features are extracted from many different regions of the face and these features (both their type and arrangement) are used for identification and verification. Although, like most facial recognition systems, feature analysis works best with front-on images, one of its distinct advantages is its ability to deal with changes in appearance or the angles at which a face is presented. Eigenface utilises 2D gray scale images which represent distinctive characteristics of the face. Once a user has enrolled, their eigenface is mapped to a series of coefficients. In verification mode (i.e. for access control) a user’s live template is compared against the enrolled template and in identification mode (i.e. for surveillance) the template is compared to many in a pre-existing database to determine coefficient variation. The degree of coefficient variance determines acceptance or rejection. Eigenface is best suited to well-lit environments and when using front-on image capture. Neural network mapping utilises a matching algorithm to determine whether features from an enrolment/reference and verification/live face are similar or different. Neural networking technology uses as many features of the face as possible to ascertain whether there is a match or not. A false match prompts the algorithm to modify the weights it gives to certain features of the face to double check that the false match is the correct decision to make. Automatic face processing uses distance and distance ratios between the distinctive features of the face (such as the distance between eyes) for matching purposes. Although automatic face processing is a more simple technology and is best suited to front-on image capture situations, it has been shown to be ineffective in dimly lit environments. Of the leading three biometric technologies, face is the only viable tool for surveillance or watch list functions. Facial recognition systems are able to capture faces of people in public areas and images from some distance away, suggesting that no physical contact is required. Thus the system’s covert capability and capacity to be used in coordination with existing national security databases and surveillance cameras or closed circuit television (CCTV) systems make it a valuable biometric tool (Woodward, Horn, Gatune & Thomas, 2003). The performance of facial recognition technology has improved dramatically over the past 14 years, with error rates dropping dramatically over this time (see Figure 11). This increase in performance has been attributed to the development of the recognition technology, higher resolution imagery and improved picture quality due to greater consistency in lighting. Note that in Figure 11, FRR (false reject rate) equates to FNMR and FAR (false accept rate) equates to FMR.

12

DSTO-GD-0538

Figure 11: Decreasing error rates for facial recognition technology 1993-200610

In terms of user acceptance, facial recognition is generally widely acceptable since human beings are already familiar with this process and the sensors (i.e. cameras) are well understood and unobtrusive (Woodward, Horn, Gatune & Thomas, 2003). 3.3 Iris

Iris recognition systems are based on visible qualities of the iris (such as the trabecular meshwork, rings, furrows and the corona).

Figure 12: Collage of irises11

Iris structure is practically unique and may be sensed via regular and or/infrared light. The first step in acquisition of an iris image is to position the camera the required distance from the eye. Once the camera has situated the eye it narrows in (from right to left to avoid the eyelids) to locate the outer edge of the iris. The unique visible characteristics of the iris are converted into a template and stored for future matching.

10 Phillips et al (2007) 11 www.cl.cam.ac.uk

13

DSTO-GD-0538

Figure 13: Desktop iris scanning12

Iris recognition technologies are used primarily in high security environments and account for around 8% of the entire biometric market. IBG estimates that their use will increase markedly, with revenues set to increase from $36 million in 2003 to $366 million in 2008 (http://www.biometricgroup.com/). Competition in the development of iris recognition software had been stifled by a company called Iridian Technologies, who held patents for iris recognition since the 1980s. These patents expired in 2005 and development of iris recognition algorithms has flourished since (Phillips et al, 2007). The claimed error rates for iris systems are exceedingly low. Iris Challenge Evaluation 2006 (ICE2006) reported an FNMR of 0.09 for an FMR of 0.001 (Phillips et al, 2007). Iris technology appears to be very well suited to a range of verification applications, particularly high security applications where low error rates are essential. The technology does not lend itself to some identification activities because it requires a co-operative enrolment process. Users must stay still while the iris image is being captured and many users take some time to become accustomed to this aspect of iris recognition systems. For this reason reported user satisfaction with systems that are used infrequently has been poor (Bourlai et al, 2006). 3.4 Speaker Recognition

Speaker recognition is based on the analysis of the temporal and spectral characteristics of a voice when articulating a set of words (either text dependent/known set, or text independent or unknown). Speaker recognition is often confused with speech recognition which translates what a user is saying, but does not verify it. The technology can utilise any audio capture devices (such as mobile and land-line telephones and a range of microphones). During enrolment users are prompted to either repeat a phrase or set of numbers of approximately 1 to 1.5 seconds in length, several times. The temporal and spectral characteristics are stored and a live voice recording is analysed for the same features.

12 www.eyenetwatch.com

14

DSTO-GD-0538

Figure 14: Speaker recognition headset and microphone13

Speaker recognition systems currently command around 5% of the total biometric market. IBG estimate that revenues from voice recognition systems will increase from $23 million in 2003 to $225 million in 2008, in line with the demand for the systems in telephony-based environments (http://www.biometricgroup.com/). It is the only biometric technique that could be used to verify the identity of someone using a voice communication link, although it is not a strong solution when speech is being introduced as a new process. Its strength lies in the field of telephony and the cost savings made in reducing staff numbers in call centres. Although speaker recognition systems have caused frustration among users they are not considered invasive and for this reason are seen as preferable to some other biometrics (Bolle et al, 2004). Speaker recognition systems produce relatively low to medium error rates (particularly FNMR), but are dependent on the quality of the data channel (communication link) used to transmit the voice. For this reason it is preferable that the same device used for enrolment is also used for verification. Speaker recognition systems may also be affected by the quality of the voice itself (i.e. if the user is congested or is in a particularly noisy environment). 3.5 Hand Geometry

Hand geometry sensors measure the dimensions of fingers and the hand to generate descriptive templates. The sensing process is user friendly, which is the reason for their relatively widespread usage in the areas of access control and time and attendance monitoring. Hand geometry systems are currently in use in places of employment, educational institutions and even at Disney theme parks for verification of season pass holders. One of the most successful applications of hand geometry technology has been the United States’ Immigration and Naturalisation Service Passenger Accelerated Service System (INPASS), which enables frequent travellers to by-pass long immigration lines at several international airports through the United States and Canada (Wasem et al, 2004). Although IBG estimates that hand geometry revenues are expected to grow to $154 million in 2008, the range of applications in which they are used is limited and hence the technology will command less and less of the total biometric revenues (around 3% of the total market). In terms of sensors, hand geometry is captured using a charge coupled device (CCD) digital camera. Users place their hand onto the reader’s surface, aligning it with several 13 www.vocollect.com

15

DSTO-GD-0538

pegs designed to keep the hand in place. The CCD digital camera then takes upwards of 100 measurements, which are converted to a template for storage and matching purposes when verification is required.

Figure 15: Hand geometry sensor for access control14

Hand geometry is a relatively accurate technology, user perceptions of the technology are favourable and a wide range of users can use it with ease (Bolle et al, 2004). The technology is at the more expensive end of the biometric spectrum, has not progressed much in recent times, and its size may preclude it from being used in many access control environments. Due to the fact that it is not uncommon to find similarities between hands, hand geometry systems are restricted to verification programs only (i.e. are not suitable for identification programs). 3.6 Signature

Signature verification systems use the distinctive behavioural features of a signature (such as speed, pressure and stroke order) to verify the identity of the user, as opposed to a simple physical crosscheck of one signature and another. Signature verification systems currently account for around 2% of the biometric market. As the demand for signing contracts, agreements and other documents electronically increases, signature verification systems should grow. Indeed, IBG estimates that global revenue for signature verification systems will increase from $9 million in 2003 to about $107 million in 2008.

Figure 16: Signature verification15

14 www.datafoundry.com15 http://economictimes.indiatimes.com

16

DSTO-GD-0538

Signature verification systems work in conjunction with signature capture systems (such as specialised tablets and styluses). Once captured, the signature is transmitted to a computer for template generation and matching, where a decision is made whether to accept or deny its authenticity. Signature verification systems have been found to have relatively low FMR, can easily leverage off of other systems, and, as they are less invasive than some other biometrics, user acceptance is high (Bolle et al, 2004). On the converse, signature verification systems do not deal well with individuals who do not sign their names consistently. In addition, illness or injury as well as the difference between signing on paper with a pen versus on a tablet with a stylus may also affect the consistency of the signature and FNMR. 3.7 Retina

The retina is a sensory tissue of the eye that consists of millions of photoreceptors which gather light rays and transform them into electrical impulses which then travel through the optic nerve into the brain to be converted into images. In the 1930s it was discovered that every retina possesses a unique blood vessel pattern and, for this reason, photographs of the blood vessel patterns of the retina could be used as a means of identification (Simon & Goldstein, 1935).

Figure 17: The eye16 Figure 18: Scanning area of the retina17

Retina biometric systems use a light source projected into the eye to scan the vein pattern of the retina. The error rates are claimed to be very low, but retinal scanning is a relatively expensive and intrusive process that could only be considered for high security applications with willing users (Bolle et al, 2004). For these reasons, retina biometrics have tended to be used by large government departments or organisations with willing participants requiring access to highly secure material or environments.

16http://ravidas.net17 http://ravidas.net

17

DSTO-GD-0538

Figure 19: Retina scan of Iraqi Army recruit18

3.8 Deoxyribonucleic acid

Figure 20: A DNA molecule

Deoxyribonucleic acid (DNA) is perhaps the most accurate of all biometrics, but has thus far been restricted to forensic applications. DNA contains genetic identity information and, as such, is a rich source of information about a person’s health as well as their identity. For this reason there are privacy concerns with the use of DNA. Verification of identity using DNA is also inherently slow (a sample can take days to weeks to verify) and there are issues with its uniqueness, as identical twins will have the same DNA (Bolle et al, 2004).

3.9 Odour

Chemical odour has come to the fore due to recent advances in chemical analysis. Electronic noses (e-noses) have been developed that can measure a spectrum of different chemicals.

Figure 21: Schematic diagram of an electronic nose19

The technology is still far from deployable, however, with a raft of issues such as the impact of deodorant and perfumes and different health issues still to be addressed (Korotkaya, 2003).

18 http://www.defensetech.org19 Korotkaya (2003)

18

DSTO-GD-0538

3.10 Ear

Figure 22: Ear biometric20

Ear anatomy has recently been studied as a potential addition to the range of automated biometrics. Researchers have used thermograms and images of the ear for identification purposes. While the use of ear anatomy has not been found to be successful on its own, when coupled with facial recognition it has been shown to markedly increase performance (Victor, Bower & Sarkar, 2002).

3.11 Veins

Veins have also been recognised as a unique characteristic that can be applied as a biometric for verification. Veins are developed before birth and remain highly stable throughout life, even differing between twins. Vascular pattern recognition systems identify a person by using the patterns of veins on their finger, back of the hand, or palm (although almost any body part with visible veins could be used). A camera captures the vein pattern with a focus on the shape and location of the vein structure. Venous pattern recognition is particularly popular in Japan, and is currently in use in selected banks and ATMs throughout the country (Khan, 2006).

Figure 23: Vein scanner21

3.12 Fingernail bed

Fingernail bed biometrics use scanners to capture the distinctive identifying characteristics of the nail bed, such as ridges and valleys. Like iris patterns and fingerprints, these ridges and valleys are thought to be unique to each individual (Bolle et al, 2004).

20 www.mit.bme.hu21 www.dex.co.za

19

DSTO-GD-0538

Figure 24: Fingernail bed scanner22

3.13 Skin

The reflectance spectrum of skin and its ability to provide information about the highly person-dependent distribution of certain light sensitive chemicals, has lead to an increasing amount of research into skin biometrics. The focus thus far, has been on skin biometrics being used with fingerprints to provide liveness detection and to prevent spoof attacks (Bolle et al, 2004). 3.14 Physiometrics

The study of physiometrics (biological indicators) for use in biometrics has been prompted by the need to enhance the reliability and robustness of verification and identification systems (Damousis, Tzovaras & Bekiaris, 2008). Such research has included investigations into the utility of brainwaves as a biometric (Figure 25). The research assumes that brainwaves, like iris and fingerprint patterns, are unique and this uniqueness could be exploited in the security realm. Instead of passwords, people would instead use ‘pass thoughts’ based on electrocephalogram (EEG) patterns to access a system or restricted area (Ortiz Jnr, 2007; Riera, Soria-frisch, Caparrini, Cester & Ruffini, 2008).

Figure 25: Brainwaves depicted in an electrocephalogram trace23

A quick search of patents databases uncovers several patents for the development of biometrics using various kinds of physiometrics such as heart rate variability or cardiovascular function (Wiederhold, Israel, Meyer & Irvine, 2003, see Figure 26) as well as acoustic body scanning for both verification and identification (Koenig, 2002).

22 www.perso.orange.fr23 http://neurocog.psy.tufts.edu

20

DSTO-GD-0538

Figure 26: Identification by analysis of physiometric variation24

Thus far such systems have required the attachment of monitors or have required close proximity to a sensor (Greneker, 2006). Future research is aimed at eliminating the need for monitors and the work ongoing in micro and nano-sensor development area (Damousis, Tzovaras & Bekiaris, 2008) coupled with the lessons learned from non-contact lie detection systems (Greneker & Geisheimer, 2001) may be of value here. 3.15 Thermogram

Thermograms are also beginning to gain popularity, particularly in the face and hand recognition area. Thermograms are pictures of the body showing areas from which heat is emanating. Such pictures are thought to be unique to individuals, although research is ongoing (Jain, Ross & Prabhakar, 2004).

Figure 27: Facial thermogram25

24 Wiederhold, Israel, Meyer & Irvine (2003) 25 www.perso.orange.fr

21

DSTO-GD-0538

3.16 Gait

Figure 28: Gait as a biometric26

Gait refers to the unique combination of motions by which people walk. An analysis of temporal and frequency components of motion from a radar sensor may be used to identify people walking at a distance. The primary use would appear to be in covert surveillance applications and intelligence gathering, where the ability to recognise people at standoff ranges would be valuable. The technology is still in its infancy with relatively high error rates at present (Nixon & Carter, 2004).

3.17 Work pattern analysis

Work pattern analysis is based on the individual idiosyncrasies unique to each person carrying out a task. For example, the speed of typing, along with types and occurrences of errors may be used to identify the user of a keyboard (key stroke analysis). Work pattern analysis is carried out completely in the background and is not in any way obtrusive or threatening to the user (Bolle et al, 2004). 3.18 Lips

The potential of lips as a biometric was discovered during research into speech and facial recognition. It involves the capture of video footage of a subject’s lip motion during speech. Specific features of the lips during speech are then extracted and used as a comparison for future verification.

Figure 29: Lips as a biometric27

Rather than a standalone biometric, it looks likely that lip motion would be used in conjunction with other biometrics (such as facial recognition) (Cetingul, Yemez, Evzin, & Tekalp, 2004). Researchers have also looked at lip shape as a possible identifying feature (Gomez, Traviesco, Briceno & Ferrer, 2002).

26 www.perso.orange.fr27 www.perso.orange.fr

22

DSTO-GD-0538

3.19 Footprints

Research has also been devoted to the use of footprints. Most commonly used in the forensic/crime science analysis field, work has recently been devoted to developing technologies to capture and analyse footprint biometrics for identification and verification. The aim is to capture directional and positional information of the feet, such as the Euclidean distance between the feet and other geometric information. Pressure distribution of the feet has also been investigated (Nakajima, Mizukami, Tanaka, & Tamura, 2000). 3.20 Dynamic grip recognition

Much research has occurred in the US into the smart guns concept that uses dynamic grip recognition (DGR) to enable a firearm to fire. DGR works through pressure sensors embedded into a firearm’s grip (see Figure 30).

Figure 30: Dynamic grip recognition sensors on a handgun28

When a user holds a gun their grip is like a password; the system can either match and accept it (enabling the user to fire) or reject it (Chang et al, 2005). Other smart gun related research is looking at the use of fingerprints, in addition to handgrip recognition, as a method of user verification (Bolle et al, 2004). 3.21 Tongue

Researchers in Hong Kong have recently begun investigating the utility of using tongue prints for verification and identification (Zhang, Liu, Yan & Shi, 2007). They argue that the tongue is unique in terms of both its shape and surface texture (see Figure 31). Using sample images of tongue-prints of 134 people, these researchers obtained a 93.3% recognition rate.

28 www.weaponsblog.org

23

DSTO-GD-0538

Figure 31: Different shapes and surface textures of the tongue29

The tongue has other advantages in that it is well protected from the environment and difficult to forge, but health and hygiene issues will prove challenging. Further research is required before the technology could be commercialised. 3.22 Comparison of technologies

Table 2, reproduced from the Dell Corporation website30, summarises five of the main biometrics on the market today in terms of their benefits and disadvantages.

29 Zhang, Liu, Yan & Shi 2007 30 www.dell.com

24

DSTO-GD-0538

Table 2: Benefits and disadvantages of fingerprint, face, iris, speaker/voice and hand biometrics (reproduced from www.dell.com)

A quick-look comparison of all of the biometric technologies is provided in Table 3. The biometric technologies have been compared on the following six criteria: uniqueness, or how well the biometric separates one user from another; permanence, or how well a biometric resists ageing; collectability, or how easy the biometric is to acquire; performance, or how accurate, fast and robust the system is; acceptability of the biometric by the public; and circumvention, or how easy it is to fool the system. The higher the rating, on the low to high scale, the better the technology rates.

Table 3: Comparison of Biometric Technologies31

Biometric Uniqueness Permanence Collectability Performance Acceptability Resistance to Circumvention

Fingerprint High High Medium High Medium Medium Facial Medium Medium High Medium High Medium Iris High High Medium High Low High Speaker Low Low Medium Low High Medium Hand Medium Medium High Medium Medium Medium Signature Low Low Medium Low High Medium DNA High High Low Low Low Medium Ear Unknown* Unknown* Medium Unknown* Unknown* Unknown* Odour Unknown* Unknown* Unknown* Unknown* Unknown* Unknown* Retina High High Low Medium Medium Medium Veins High High Medium Medium Unknown* Unknown* Dynamic grip Medium Medium Low Medium Unknown* Unknown* Skin Medium Medium Medium Unknown* Unknown* Unknown*

31 Based on Simpson (2007)

25

DSTO-GD-0538

Biometric Uniqueness Permanence Collectability Performance Acceptability Resistance to Circumvention

Gait Unknown* Unknown* Medium Unknown* Unknown* Unknown* Lips Unknown* Unknown* High Unknown* Unknown* Unknown* Work pattern Medium Low Medium Medium Unknown* Low Fingernail bed Unknown* Low Medium Unknown* Unknown* Unknown* Thermogram Unknown* Low Low Unknown* Unknown* Unknown* Physiometrics Unknown* Unknown* Low Unknown* Unknown* Unknown* Footprint Unknown* Low Medium Unknown* Unknown* Unknown* Tongue Unknown* Medium Low Unknown* Unknown* Unknown*

* More research is required 3.23 Parameters to guide the selection of biometrics

Sanderson and Erbetta (2000) have extensively studied the application of biometrics, specifically in the military environment for the British Ministry of Defence (MoD). Table 4 summarises the parameters that they recommend must be taken into consideration when selecting biometric technology. Although tailored towards the military environment, these parameters could be used across a range of scenarios.

Table 4: Parameters to guide selection of biometrics (from Sanderson & Erbetta, 2000)

Parameter Explanation Accuracy Is the system accurate in terms of low error rates? Environment Is the technology fully deployable? Ergonomics/user friendly Is the system user friendly? Stability and Uniqueness Is the feature being measured unique and stable over time? Security Is the system secure? Could it be easily tampered with or

spoofed? Safety Is the system safe to use? Does it present any dangers to the

user? Speed of enrolment and recognition

How long does it take to enrol a subject? How long does verification take?

Non-intrusiveness Is the technology intrusive to use? Convenience Is the system convenient to use? Is the system convenient to

integrate with other systems or processes? Cost How much does the technology cost? Size of stored template How big is the stored template? Operational limitations What are the limitations of the technology in the deployed

environment? (i.e. how well does the technology cope if the user is wearing protective clothing?)

Requirement What is the system required to do? Can it perform both identification and verification tasks?

Credible scientific research Is there credible scientific research to support the technology?

Human acceptance Is the technology acceptable to users? Besides application in the fixed strategic environment, biometrics will inevitably need to be applied in a range of operational environments (particularly in the military and law enforcement fields). Consideration of the above parameters should take into account the

26

DSTO-GD-0538

requirements of the different environments, particularly the challenges of these operational environments. Table 5 summarises the results of research in both the operational/deployed and other environments and rates fingerprint, facial, and iris technologies against the parameters defined by Sanderson and Erbetta (2000). Data to populate this table has been obtained from a variety of sources including Sanderson & Erbetta(2000); Bolle, et al (2004); Jain, Ross and Prabhakar (2004); http://www.biometricgroup.com/; and the various vendor competitions – Fingerprint Verification Competition (FVC) http://bias.csr.unibo.it/fvc2006, the Face Recognition Vendor Test (FRVT) www.frvt.org and the Iris Challenge Evaluation (ICE) www.iris.nist.gov/ICE.

Table 5: Parameters to guide selection of facial, fingerprint and iris biometrics in the Defence environment

Parameter Fingerprint Face Iris Accuracy Very accurate Accurate, although not as

good as iris or fingerprint Most accurate of all commercially available biometrics (second only to DNA)

Environment Can be used across a range of environments, but contaminated environments may cause issues

Can be used across a range of environments, but susceptible to poor lighting and different backgrounds

Can be used across a range of environments

Ergonomics/user friendly

Once user is familiar, easy to use Easy to use Once user is familiar, easy to use

Stability and Uniqueness

Stability may be affected by injury, environment and age. Probability of two people possessing the same fingerprint is 1 in 1080

Likely to change (e.g. with age, and health status), due to similarity in face shapes, uniqueness is questionable

Stable, probability of two people having the same iris is 1 in 1078

Security Susceptible to spoofing, low probability of success in high security systems.

Susceptible to spoofing, medium probability of success.

Spoofing is possible, but low probability of success in high security systems.

Safety May be some hygiene issues with sensors that require contact, otherwise safe to use

Safe to use Safe to use

Speed of enrolment and recognition

Enrolment < 30 sec, verification < 1 sec, identification proportional to size of database

Enrolment < 35 sec, verification < 1 sec, identification proportional to size of database

Enrolment < 1 minute, verification < 2 sec, identification 1-2 sec based on database of 100,000 irises

Non-intrusiveness

Needs user cooperation Unobtrusive Needs user cooperation

Convenience Range of different sensor sizes, fixed and free

Range of different camera sizes, fixed and free

Range of different sensor sizes, fixed and free

Cost Low - Medium, varies according to sensor

Low, varies according to sensor

Low - Medium, varies according to sensor

Size of stored template

Varies according to sensor, approx 250 bytes

Varies according to sensor, approx 1300 bytes

Varies according to sensor, approx 512 bytes

Operational limitations

Unsuitable for use with protective clothing, damaged or soiled hands, but has been shown to work successfully in a variety of environments

Poorly or excessively lit environments may pose problems, backgrounds may also impact on picture quality

Possibly effected by the use of protective eye wear, although some studies have shown it to work through them

27

DSTO-GD-0538

Parameter Fingerprint Face Iris Requirement Works well in watch list and

verification applications Works well in surveillance, watch list and verification applications

Does not work well in surveillance or watch list applications as user cooperation is required

Credible scientific research

Plethora of research, Fingerprint Verification Competition (FVC) multi-vendor testing

Plethora of research, Face Recognition Vendor Test (FRVT) multi-vendor testing

Plethora of research, Iris Challenge Evaluation (ICE) multi-vendor testing

Human acceptance

Some issues with acceptance exist due to the association with criminality

Most accepted of all biometrics

Questionable, more research required

3.24 Current directions

There are several current trends in biometrics that are worthy of discussion. They include the rise of multimodal or fusion biometrics, the wide range of form factors now available, and the combination of biometrics and smart cards. 3.24.1 Multimodal biometrics

The previous sections provided a summary of the main classes of biometrics. It should be noted that not all of the above systems are used in isolation. It is currently more commonplace to see multiple biometrics used in systems (such as fingerprints combined with photographs). Such systems are referred to as multimodal (Ross & Jain, 2004). The way biometric technologies are combined (the fusion strategy) can vary according to the systems concerned. Systems can be fused at the decision level (i.e. feature extraction and matching is done completely independently of each other, the individual decisions of each system are then combined), matching score level (i.e. feature extraction and matching is done completely independently of each other, the matching scores are combined to arrive at a single decision), or the feature extraction level (i.e. the features extracted from each system are combined into a single feature vector and used as a basis for matching and decision making). Multimodal biometric systems generally require more sensors, more data, and can, therefore, take longer to verify. In addition, as they are comprised of single biometric systems, they are also liable to suffer the shortcomings of those systems (Ko, 2005). Advantages of using multimodal biometrics include that they are more reliable if one of the biometrics is damaged (i.e. if a fingerprint is degraded due to age or injury, the other biometric can be used for verification) so they improve population coverage and enhance verification performance (Khan, 2003). Research has found that while the security advantages of multimodal systems are clear, the performance gains achieved have been smaller than expected due to accuracy of the individual systems themselves (Snelick, Uludag, Mink, Indovina & Jain, 2005). Recent studies by the University of Canberra’s National Centre for Biometric Studies, have found that combining text dependent and independent voice recognition technologies to be very successful in terms of performance (Summerfield, 2006). A recent example of a multimodal biometric system used for military purposes is the Biometric Automated Toolset (BAT), which uses iris recognition and fingerprint scanning.

28

DSTO-GD-0538

The US military has used BAT in Afghanistan, Cuba and Iraq to populate HUMINT databases that are shared with the Federal Bureau of Investigation. Interest in the application of multimodal systems is increasing. The US DoD, for instance, is particularly interested in the use of multimodal biometrics to provide the highest levels of accuracy and probability of identification and verification, as well as to increase the security of their applications (Kauchak, 2006). The goal of multimodal biometrics is to reduce one or more of the FMR, FNMR, failure to enrol rates, or susceptibility to attack (Ko, 2005) and research has demonstrated that multimodal biometric systems are more accurate and more resistant to failure (Simpson, 2007). NIST recently established the Multiple Biometric Grand Challenge (MBGC)32. The aim of MBGC is to ‘investigate, test and improve performance of face and iris recognition technology in both still and video imagery through a series of challenge problems and evaluation’ (Phillips 2008, p. 2). The three main challenges for 2008’s MBGC are: • Iris and Face Recognition from Portal Video. The goal is to develop algorithms that

recognise people from nIR image sequences and high definition video sequences, acquired while the person of interest walks through a portal.

• Iris and Face Recognition from Controlled Images. The goal is to improve performance on iris and face imagery using real-world high and low resolutions frontal face images and still and video iris sequences.

• Still and Video Face. The goal is to advance recognition from unconstrained outdoor video sequences and still images.

The results of the MBGC will be available in mid-2009 and it is envisaged that MBGC will be a regular event that will investigate the utility of other multimodal systems in the future. 3.24.2 Form Factors

Biometric sensors can be embedded into an acquisition device and the manner in which this is done is known as the form factor (see Figure 32 and Figure 33 for two examples). Sensors can be embedded in a device in a number of ways – on the side, protruding, on top, recessed; the choice of which will obviously depend on the biometric concerned and other ergonomic considerations. The range of device types that users can interact with includes desktop peripherals, embedded desktop solutions, embedded physical access solutions, and embedded wireless handheld solutions, although there is a trade-off between sensor size and performance (Narayanaswami, 2005). Decreasing the sensor too much can impact negatively on performance and increase costs.

32 http://face.nist.gov/mbgc/

29

DSTO-GD-0538

Figure 32: Biometric/fingerprint mouse33 Figure 33: Biometric/fingerprint mobile phone34

The type of application being deployed and the environment in which it is being applied will ultimately drive the form factor. 3.24.3 Biometrics and smart cards

Smart cards have the ability to store large amounts of data, carry out their own card functions and interact with a range of devices, such as the smart card reader. Combining biometrics with smart cards provides users with trusted credentials for a wide range of applications including access to facilities and secure networks. Such a multi-factored method of verification is particularly well suited to high security environments. If a smart card storing a biometric is lost or stolen, the card will be useless to anyone other than the owner of the biometric. There are several options available for combining a smart card with biometrics, each with their own advantages and disadvantages. These are discussed in more detail below. Sensor-on-card systems (see Figure 34), enable capture of the biometric (through the embedded sensor), encryption and protection of the stored information, and the execution of a matching algorithm (Bella, Bistarelli & Martinelli, 2003). The advantages of this approach are that the bearer of the card has control of their own biometric template at all times and the sensor resides on the card, which facilitates portability. The disadvantages, however, include that the addition of the sensor can make the card bulky and expensive, and the quality of the biometric captured is questionable. Sony was one of the few companies engaged in developing such a smart card product in the late 1990s, but due to increasing costs and size issues interest slowed. There is a resurgence in this technology however, with a company in Austria currently developing paper thin fingerprint sensors to be embedded into smart credit cards (Bullis, 2006) and another company in the US currently marketing fingerprint sensor embedded cards for access control (www.biometricassociates.com).

33 www.germes-online.com34 www.casio.co.jp/

30

DSTO-GD-0538

Figure 34: Sensor-on-card system35

Match-on-card systems (see Figure 35) enable encryption and protection of the stored information, and the execution of a matching algorithm (Bella, Bistarelli & Martinelli, 2003). The bearer of the card has control of their own biometric template at all times, as opposed to other match-on systems that release the biometric template to another device (either directly or over a network) to perform the matching function. In its most common application, fingerprints and their associated matching algorithm are stored on a smart card without compromising security. Fingerprint systems of this type have been studied and found to be more robust in terms of their security against attack (Martinez-Diaz et al, 2006). A recent pilot program in Texas for 30,000 Medicaid members used match-on-cards to overcome security and privacy concerns, as well as potential litigation issues, that may come with storing large amounts of biometric information in a database (Piazza, 2005). However, while the algorithms behind such smartcards can overcome some critical privacy and security concerns, there is very little publicly available independent data on their actual performance in comparison with traditional systems.

Figure 35: Match-on-card system36

At the conclusion of the Fingerprint Verification Competition in 2006 (FVC 2006)37 interested researchers were invited to help develop an evaluation protocol for smart cards using fingerprints, specifically the match-on-card system. It is hoped that once an appropriate methodology is developed, data collected at FVC2006 can be used to evaluate the performance of such systems. Match-on-card systems are more expensive than the traditional template-on-card systems as they require smart cards with embedded microprocessor and operating systems to run the match application.

35 www.fidelica.com36 www.fidelica.com37 http://bias.csr.unibo.it/fvc2006/

31

DSTO-GD-0538

Template-on-card systems (see Figure 36) are the most common combination of biometrics and smart cards currently available in the market (Bella, Bistarelli & Martinelli, 2003). While this option enables encryption and protection of the stored biometric information, it provides no protection when the template is released to another device (either directly or over a network) to perform the matching function. This is the main disadvantage of this option and raises a series of privacy and security issues. Several researchers are, however, currently trying to overcome these security and privacy issues by using the embedded cryptographic modules of the card to perform the match (Bella, Bistarelli and Martinelli, 2003). The main advantage of this system is the research and development behind it, proven performance, and its low cost in comparison with match-on-card and sensor-on-card systems (this is because small operating systems and onboard applications are generally sufficient for template-on-card systems to function).

Figure 36: Template-on-card system38

There are many examples of smart cards and biometrics in practice around the world today, both within and outside of the Defence environment. In the US DoD, for instance, there are several biometric enabled smart cards currently in use for access control and identity management. They include the Common Access Card (CAC), which uses face and fingerprint, the Defense Biometric Identification System (DBIDS), which uses face, fingerprint and/or hand geometry, and the Biometric Identification System for Access (BISA), which uses face, fingerprint and iris. The Personal Identity Verification (PIV) card is a new identity card for US Federal employees. The PIV uses face and fingerprint biometrics for both access control and identity management (collecting all ten fingerprints at enrolment to send to the FBI for background checking) (Hamilton, 2007). The US transportation sector has recently introduced the Transport Workers Identity Credential (TWIC), which uses fingerprint and face for access control and identity management. The Italian MoD has introduced an identity card that utilises face, signature and fingerprint with the option of adding further biometrics as required, such as iris. Perhaps the largest project combining smart cards and biometrics is the Ration Card System in India, which combines a smart card with identification information and an iris biometric. The card has been distributed to some 80 million people across the country in a bid to better manage rationing and reduce fraud (Ryan, 2007).

38 www.fidelica.com

32

DSTO-GD-0538

3.25 Future directions

In terms of future directions for biometrics, a search of the US patents database for patents registered since the year 2000 mentioning the term biometric in the title or abstract yields 399 different patents. Included among them are patents for improving pre-existing biometrics (such as the use of holographic images or fingerprint scar recognition to improve fingerprint recognition) and those proposing new biometric measures and technologies (such as the use of physiometrics (e.g. heart rate variability or cardiovascular function) or acoustic body scanning for both verification and identification).

4. Biometric applications

Biometrics can be applied to a range of functions broadly categorised as verification, identification or watch list functions. The following sections provide a little more detail on the vast range of applications of biometrics. 4.1 Physical access control

People require varying degrees of access to certain buildings, facilities and/or resources. Intruders may try to gain access for the purposes of espionage or sabotage. Photo or other passes/smart cards can be used to manage access by authorised persons and to keep out intruders, but the possession of a pass or smart card alone does not guarantee that the holder is the person authorised to use the pass. For instance, photo passes could be modified to allow gate access by unauthorised persons. In addition, lost passes compromise security and add to administrative workload, and the failure of casual users to surrender passes when no longer required could cause security problems. Biometric systems could alleviate some of the problems with existing processes, but it should be highlighted that biometric systems only distinguish between people and, with the exception of some facial recognition systems, they do not have mechanisms to identify that there is someone present who should be subjected to an identification process. Thus, biometric systems may be most useful where access is supervised by humans to prevent people from bypassing the biometric device, or where access is physically restricted until biometric identification has been completed. This could include gates where a guard maintains a general surveillance of the gate area or an automated gate/doorway which only allows people through one at a time. In these circumstances, a biometric system could be considered if it improved security, added an ability to track access by authorised users, and reduced costs. Other limitations of using biometrics for access control include:

• the security of the biometric information (should it be stored on a database or on a smart card?, security and privacy issues arise with each);

• environmental issues and their impact on the functioning of sensors (e.g., the deployed environment presents a series of challenges to biometric sensor functioning);

• usability issues (e.g., failure to acquire a usable fingerprint due to degradation with age or injury); and

33

DSTO-GD-0538

• spoofing and other system vulnerabilities (e.g., a user attempts to use a moulded fingerprint overlay to gain access to a system).

4.2 Logical access control and protection of IT systems

IT systems have two main vulnerabilities. First, the main server areas and communication links are physically at risk, and second, unauthorised users may access the data on a network via unsecured software. These two types of vulnerability may be reduced using biometric technologies. In the case of the physical security of server hardware, technologies such as facial recognition, fingerprint and iris scanning are appropriate. Information access control on computer systems is currently implemented by a combination of physical access control for terminals, hierarchical access control in operating systems that restrict a user to software that he/she is authorised to use, and logon identification with unique (and regularly changing) passwords. Physical access to terminals could also be regulated using biometric technologies such as fingerprint and iris. System access could be controlled using biometrics. Logon verification can be accomplished via individual fingerprint sensors on the keyboard, facial recognition or iris recognition via a video camera or speaker recognition via microphone input. Logon access could also be used to ensure that the user was granted only the appropriate level of access. For instance, many banks in Japan have installed biometric systems at their ATMs to combat identity fraud, most using iris, finger or hand vein sensors (Celent, 2006). This process removes the need for passwords, along with the maintenance overheads and associated security issues. Continuing access could be controlled requiring the user to input their biometric (e.g. face or fingerprint) at regular intervals throughout a session (known as challenge and response). Once again, there are several limitations of using biometrics for control of access to IT systems, including the security of the stored data (i.e., can the database be compromised?); environmental concerns when used in the deployed environment (e.g. gritty fingerprints are hard to read and verify); usability and user acceptance issues (i.e., high FNMR due to poor fingerprint quality may negatively impact on usability); and the impact of spoofing and other system vulnerabilities (i.e., the system could be compromised by the use of a substitute biometric, such as a picture of a face or iris). 4.3 Personnel management

Biometrics are also relevant in the personnel management area, particularly for the management of personnel identities, safety systems, payroll and leave. For instance, the US transportation sector recently introduced the Transport Workers Identity Credential or TWIC, which uses fingerprint and face for access control and identity management. The system not only provides companies with identification assurance for employees (through interfacing with FBI databases) but is also intended to be used in maintaining safety throughout the sector through monitoring driving times, accidents and other infringements. In 2006, the US military deployed a new system to Iraq, the Biometric Identification System for Access (BISA). Given the complexity of the operation in Iraq, many foreign nationals are required to work on US bases. An improved security system was required to ensure that the identity of all foreign nationals could be assured. The BISA delivers this capability. It involves the collection of facial, fingerprint and iris data from

34

DSTO-GD-0538

employees and placing this and other identification data on a smart card, which is then used for a range of personnel management and physical access functions. Limitations of using biometrics for personnel management include the security of the stored data (i.e., can the database be compromised?); usability and user acceptance issues (i.e., will staff be willing to accept the change, will staff trust the organisation to only use the biometric information for the intended purpose?); and the impact of system vulnerabilities (i.e., if the system was to fail, what contingencies are in place?). 4.4 Identity management

In terms of identity management there are a range of applications for biometrics in the travel and tourism, crowd management, welfare management, and education sectors, in addition to detainee management, for instance. In the travel and tourism sector, biometrics are now playing a key role in identity management. The International Civil Aviation Organisation (ICAO) sets international standards in the industry and have recommended facial recognition as the primary biometric with iris and fingerprint as backup (but not compulsory). In Australia, border processing is being automated by use of the SmartGate system (see Figure 37). SmartGate acquires a live image of a subject’s face and uses facial recognition technology to match the image with the digitised image stored in the subject’s ePassport. If there is a successful match, the subject is cleared to proceed through the Customs control point. If there is not a successful match they would be referred to a Customs Officer for processing in the traditional, manual way. Other biometrics are also being used in the travel and tourism sector. The United States’ Immigration and Naturalisation Service Passenger Accelerated Service System (INPASS), for instance, uses hand geometry biometrics to enable frequent travellers to by-pass long immigration lines at several international airports through the United States and Canada (Wasem et al, 2004).

Figure 37: Qantas aircrew member using a Smart Gate terminal39

Biometrics also have application in the crowd management area. In January 2007, for instance, officials at a sporting arena in Amsterdam trialled the use of fingerprint scanners

39 www.customs.gov.au

35

DSTO-GD-0538

to exclude known trouble makers from major football games (see Figure 38). Similar systems were also trialled during the 2006 World Cup in Germany.

Figure 38: Fingerprint scanner at a sporting arena in Amsterdam40

Biometrics are also being used in welfare management. The Ration Card System in India combines a smart card with identification information and an iris biometric. The card has been distributed to some 80 million people across the country in a bid to better manage rationing and reduce fraud in the country’s welfare system (Ryan, 2007). In the education sector, biometrics are being tied to school identity cards in a bid to reduce crime and fraud in schools. Fingerprints and handprints are the most commonly used biometrics in schools to manage student identity. Acceptance of biometrics in the education sector has been mixed, with many civil libertarian groups banding with parents and students to force institutions to offer alternative security arrangements to biometrics, for those that protest (Deubel, 2007). The need to manage detainees of any kind is crucial and biometrics have come to the fore in providing identity assurance in this area. Biometrics, in particular face, fingerprint and iris, have been used by the military to manage prisoners of war and refugees, and to track persons of interest (Krane, 2003). Biometrics have been particularly useful in this area to overcome language and literacy barriers. Biometrics, specifically fingerprints, are also being used in the correctional system to track inmates when they move within or between different facilities (Miles & Cohn, 2006). There are several limitations of using biometrics for identity management, including:

• acceptability, ethical and cultural issues (i.e., have users been adequately educated, do they find the system acceptable, is the system accessible and usable by all?);

• the security of the biometric information (i.e, should it be stored on a database or on a smart card?, security and privacy issues arise with each);

• cost and maintenance issues (i.e., how will the system be funded, what maintenance will be required, how will biometrics change with age/how often will new biometrics be required?); and

40 http://www.engadget.com

36

DSTO-GD-0538

• spoofing and other system vulnerabilities (e.g., a user attempts to use a moulded fingerprint overlay to gain access to a system).

4.5 Weapons or other sensitive technologies control

Some forms of weapon systems have strategic as well as tactical implications and are subject to strict control measures to ensure that they cannot be used without proper authorisation, or by accident. Biometric identification would offer an additional safeguard in identifying valid persons to operate these systems. There may also be occasions where weapon systems require a high degree of training in order for them to be used safely and without risk to friendly forces. Biometrics could be used as an additional identifier of persons authorised to use such weapon systems. In cases requiring extreme security, iris recognition would appear to be the most suitable technology, due to the exceptionally low error rates claimed for the technology. High quality fingerprints may also be suitable. The United States Navy have recently integrated a fingerprint scanner into a prototype Advanced Tomahawk Weapons Control System with pleasing results (Wilson & Shank, 2003). Face, hand, voice or fingerprint recognition could be considered for applications requiring lower security levels. In some circumstances, it may be feared that conventional arms could fall into enemy hands and be used against friendly forces. In those circumstances, it may be possible to include a biometric verification into the activation process to ensure that enemy forces could not use such systems. Much research has occurred in the US into the smart guns concept that uses either dynamic grip recognition (Chang et al, 2005) or fingerprint or iris scans (Bolle et al, 2004) to authorise a user to fire. The value of biometrics in this type of application would need to be balanced against the need for weapons to be available to other friendly forces in an emergency. Any technology used in this type of application would need to be quick acting and robust, with error rates a secondary consideration to positive function (i.e., there would be a trade-off between FMR and FNMR, with a need to minimise FNMR). Limitations include the impact of environmental conditions on the system’s ability operate effectively (i.e. the use of certain protective clothing may impact on the ability of a sensor to capture a biometric of adequate quality to be able to verify a user); and the impact of spoofing and other system vulnerabilities (e.g. increasing the FMR (through decreasing the FNMR) may make the system easier to attack). 4.6 Management of major plant

Major plant, such as machinery or vehicles, must be operated and maintained by appropriately qualified personnel. Biometric identity verification could be used to ensure that this occurs and that there is traceability in the event of equipment failure. Transport companies currently use work patterns to ensure that only qualified drivers use their trucks (Bolle et al, 2004) and the US military has trialled biometrics for access control to vehicles (Woodward et al, 2001). In addition, voice, face or fingerprint recognition could be relatively easily incorporated in to the computers used in plant maintenance to ensure that the identities of qualified maintenance personnel can be verified. As with other applications, there are limitations here, including the security of the stored data (i.e., can the database containing biometric information be compromised?); environmental concerns when used in the deployed environment (e.g. protective clothing

37

DSTO-GD-0538

may impact on the ability of the sensor to capture an adequate biometric); usability and user acceptance issues (e.g., high FNMR due to issues with protective clothing may negatively impact on usability); and the impact of spoofing and other system vulnerabilities (i.e., the system could be compromised by an attack which denies service to all users which would have a major domino effect on related business). 4.7 Communications (verification of electronic identification)

Secure communications are essential to many sectors of society (such as the military, law enforcement or financial sectors), for relaying information, orders and other time critical information. Information may be transferred by a variety of channels and protocols, such as voice, image or data formats. In all cases, there is a need to ensure that the data originated from a trusted source and is valid. This could be accomplished in a number of ways. First, written information could be validated by recognition of handwritten signatures, as is currently done by humans. The advantage of an automated system is that it may be more reliable than a human. Second, data and images, including electronic messages, could be validated by including a biometric measure of the person who originated the message. This could be checked against stored biometrics of people in authority for validation of the authenticity of the message. Suitable biometrics would include fingerprint, face, iris, or voice, or combinations of these (multimodal option). Biometric verification in this application would be quick and accurate, but such a system would be dependent on the security of stored biometric templates at the receiver. Third, information transmitted over audio links could be verified by incorporating speaker recognition software at the receiver with a gallery of known templates of authorised persons. As with other forms of biometric verification, there are a series of limitations such as the security of stored data at the receiver (could it be compromised and what would be the impact?); the impact of environmental conditions on the system’s ability operate effectively (e.g., particularly noisy environments can wreak havoc on a speaker recognition system to function efficiently); and the impact of spoofing and other system vulnerabilities (e.g. a damaged sensor could render the whole system useless). 4.8 Counter-terrorism, counter-insurgency or stand-off recognition operations

Biometrics are now providing an added ability to identify persons of interest, particularly at border crossings, or near vulnerable facilities. In addition, movement of such persons of interest can be tracked by monitoring biometrics used for other purposes, such as those used for banking or travel. In stand-off recognition operations, biometric technologies could enable the identification of persons of interest at a distance (e.g., using facial recognition software and a pre-prepared database of images of these persons of interest). Imaging is the most appropriate sensing technology for stand-off operations and the biometrics that may be applied include face, gait, ear, thermogram and iris. Of these, face and iris systems (close-range, with cooperative users) are well developed with known error rates, but the others are still in varying phases of development (Bolle, Connell, Pankanti, Ratha & Senior 2004). Speaker (or voice) recognition is another technology that

38

DSTO-GD-0538

is applicable, particularly at a distance. Like face, it is well developed with known error rates, but most research and development has occurred in support of verification, as opposed to identification. Other emerging biometrics, such as footprints, lips, odour and physiometrics (biological signals), show some potential, although development of these modalities is still in its infancy.

Figure 39: Facial recognition at a distance (50-300 m)41

There are several limitations of using biometrics for support to such operations including:

• limitations in the type of biometrics that can be used (i.e., for surveillance and watch list type operations, facial and voice recognition technology are the only tried and tested technologies currently available to use; it is difficult to enrol many persons of interest in the more intrusive biometric technologies such as iris);

• challenges of the deployed environment (e.g., many facial recognition systems still have difficulty with poor lighting; the need to carry more kit); and

• the impact of spoofing and other system vulnerabilities (e.g., the system could be compromised by the use of a substitute biometric, such as a picture of a face or iris).

4.9 Forensic identification

It is often necessary to identify individuals after a crime, accident or military action. Biometrics have been providing this type of identification for centuries. DNA and fingerprint analysis can be used to identify both offenders and victims and this information can be stored on databases and used for later applications, as is the case with the FBI’s database. As with the other applications, the use of biometrics for forensic identification has limitations including the time required to analyse DNA samples and the challenges of crime and accident scene biometric collection. 41 Yao et al (2006)

39

DSTO-GD-0538

5. Issues

Like any technology, the use of biometrics carries with it some risks and issues. The following sections discuss the vulnerabilities of biometrics and ways to mitigate against these vulnerabilities, as well as a range of other issues such as: usability and user acceptance; health concerns; privacy issues; policy impacts; and integration and interoperability issues. 5.1 Security concerns - biometric vulnerabilities

Biometric systems, like any technology, may be subject to attempts to bypass them. When developing biometric systems, manufacturers are required to establish fault tolerance limits, but there is a trade-off in doing this. If a manufacturer sets a low fault tolerance limit then the security of the system is increased, but the system generally becomes a little less user friendly. On the converse, if the manufacturer wants to make a system very user friendly, the security aspects of the system generally suffer as a consequence. While biometric technology is becoming more and more secure, its vulnerability to attack needs to be determined in any system application (Jain, Ross & Uludag, 2005). Attacks on biometric systems include zero effort, minimal effort and group. Zero effort attacks are those in which an intruder makes no effort to maximise the chance of success. In such attacks, an intruder may find (or steal) a smart card with a biometric and attempt to gain access to a system using their own biometric on the off chance that they will be successful. Minimal effort attacks are like zero effort attacks accept that the intruder steals or gains access to a smart card belonging to someone with similar biometric characteristics to them (i.e. similar hand size or facial features). In organised attacks, a group of intruders uses a range of resources and combined effort to gain access to a system. A number of vulnerabilities and possible areas of attack exist in biometric systems including: Mimic. A user attempts to copy the biometric of a true user. Someone attempting to ‘sound like’ someone else by modifying his or her voice pitch and annunciation would be an example, as would the use of a facial disguise to confuse a facial recognition system.

Substitution or fake biometric. A user attempts to use a substitute input to the sensor. Examples include a person using a moulded fingerprint overlay with someone else’s pattern embossed on it, or use of digital face images or digitised latent fingerprints.

Synthesised features. A fake data stream is injected into the system as in the so-called hill climbing attack (Jain et al, 2005) that iteratively changes the false data to achieve better match scores.

Look alike. A person attempts to capitalise on a similarity in biometrics. Identical twins may be able to confuse a facial recognition system in this way.

40

DSTO-GD-0538

Sensor damage. A malicious user attempts to damage a sensor to prevent it functioning. A fingerprint system could be confused by a greasy imprint to either cease functioning or function erratically, possibly providing unwarranted access.

Database/communication corruption. Many biometric systems rely on a database as the primary source of reliable information. The operation of such a system could be severely compromised if an unauthorised user gained access to the database or the associated data links in order to falsify database information or corrupt it.

Avoidance. The physical security surrounding a biometric device may allow a user to bypass the system (e.g. by jumping a gate). Biometric systems suffer just as much from this type of problem as other security systems.

Disruption. Some biometric systems rely on remote sensing, and these systems would be vulnerable to disruption of the sensing process. Examples would be to introduce smoke or irregular lighting into a region where a facial recognition system was operating, or excessive background noise in the vicinity of a voice recognition system.

False enrolment. If someone enrols in the system using fake identification to begin with, the biometric system has become compromised.

Reuse of residual data. Some biometric systems retain the last few biometric records in their local memory. This could be compromised and the data reused to gain access.

Replay attack. In this case, biometric data is captured, modified and replayed to the system to gain access.

System overrides. Various aspects of the biometric system could be modified. The feature extraction module, for instance, could be interfered with to modify or manipulate data for processing. The parameters of the system (such as the error rates) could also be manipulated to severely impact on system quality and effectiveness.

Denial of service. This is where the system becomes overwhelmed and therefore denies requests for access (due to a power loss or physical damage, for example). Roberts (2007) has defined the areas in a biometric system that can be attacked (some of which are described above) as threat vectors. These are summarised in Figure 40.

41

DSTO-GD-0538

Figure 40: Biometric threat vectors (reproduced from Roberts, 2007)

Biometric system vulnerability is a significant issue. Many researchers have deliberately set out to tamper with a range of biometric technologies, with considerable success. For instance, a group of researchers in Germany tested eleven biometric systems to ascertain their vulnerability to tampering. While none of the systems were designed for a high-security environment, all of them could be tampered with and outwitted using items commonly available in an office stationary cupboard (Thalheim, Krissler & Ziegler, 2002). Other successful attempts to thwart the system have also been studied, including extensive work by the Communications-Electronics Security Group (CESG) in the UK under their biometric vulnerabilities assessment program (Gordon & White, 2007). CESG have simulated casual impostor/zero effort attacks, easy/weak template generation, access to template/data store, generic spoofing – artificial attempts, mimicry and fakes, and wire snooping and replay attacks on facial, fingerprint and iris software being considered for use in the UK government. CESG have used these vulnerability assessments to design a series of countermeasures tailored to the various biometrics technologies being implemented. 5.1.1 Addressing biometric vulnerabilities

Roberts (2007) summarised a number of successful defences against the biometric vulnerabilities mentioned above including risk analysis, challenge/response mechanisms, randomising input biometric data, liveness detection, multiple biometrics, multimodal biometrics, soft biometrics, cryptography, template integrity, cancellable biometrics, hardware integrity, network hygiene, physical security, activity logging, compliance checking and policy. The adoption of biometric systems raises a plethora of issues. For instance, decisions regarding biometric template storage and the location of matching algorithms, in addition to other system and storage elements, leads to a range of possible architectures. Each one of these architectural options should be assessed for risks, threats and vulnerabilities.

42

DSTO-GD-0538

Selection of appropriate defences to overcome the range of biometric vulnerabilities can then be aided by this risk analysis. Risk assessments can be performed using a range of pre-existing risk management frameworks and standards for IT systems. The vulnerabilities of the biometric technology itself should not be the only consideration in such a risk assessment. It is important to also thoroughly understand the sophistication of the potential attackers (Graves, Johnson & McLindin, 2003) as well as the particular points at which a biometric system can be attacked, the so called threat vectors (Roberts, 2007). Griffin (2004) has proposed a quantitative cost/risk/threat analysis model for biometric technologies that incorporates the costs of false matches and non-matches as well as the probability of imposters or attacks. The equations below represent a simple model of the costs, C, associated with a biometric system, including costs of damages caused by impostors who achieve a false match, , compared with a baseline cost. The cost coefficients, c, represent the average costs associated with true and false matches and non-matches for genuine users and intruders respectively. The probabilities, P, are functions of the chosen threshold, with the usual trade off between FMR and FNMR. The variable N represents the expected number of genuine users and intruders. There may also be fixed initial and ongoing costs associated with introducing and maintaining a biometric system. The equations could be modified to include explicit representation of time by giving rates instead of absolute values for numbers and costs.

intruderc

( )

( )( ) fixedintruderFMintruderFMTNMTNM

genuineTMTMFNMFNMsystem

CNPccPc

NPcPcC

+++

++=

intruderintruderbaseline NcC =

Cost coefficients for genuine users should include opportunity costs to account for time spent interacting with the biometric system, and the additional costs incurred by a false non-match. In the military context a false non-match could have a large opportunity cost if a genuine user is prevented from operating a system at a critical time, for example when a hostile aircraft is fleetingly vulnerable to an air defence system. There could be a deterrent effect accompanying the introduction of a biometric system which could change the impostor count. If the intruder count is small the introduction of a biometric system could cost more than the damage it is trying to prevent. False non-matches could be particularly costly. By incorporating the threat of attack into the risk analysis, threat models can be used as the basis for design, policy development, and test and evaluation planning. Some of the more common defence mechanisms available to overcome vulnerabilities in biometrics are summarised below. Challenge/response defence mechanisms in biometrics prompt the user (at certain time intervals or in response to a certain stimuli or absence of stimuli) to re-verify (e.g., put their finger on the sensor).

For users who have enrolled multiple biometric samples (such as three different fingers or fingerprint and iris) the input biometric required for verification could be randomised (e.g., in the morning a door might request your index fingerprint, at lunchtime it could request your iris for verification).

43

DSTO-GD-0538

Liveness detection is used to ensure that the biometric sampled is from a live person. Examples of liveness detection include blinking of eye, moving eye from side to side or pulse. Schuckers (2002) and Sandström (2004) provide a range of examples of liveness detection.

Multimodal biometrics (i.e. combining iris with fingerprint or multiple representations of the same biometric i.e. 3 fingers) adds a level of complexity and further deters would-be attackers and defence against spoofing.

Multi-factor verification, such as the combination of a smart card with a biometric, increases the level of complexity again. As Martinez-Diaz et al (2006) showed, storing a user’s biometric template and matching algorithm on a smart card can be done without compromising security and is highly resistant to attack (due to the cryptographic element).

Soft biometrics (such as weight, height, age, gender and ethnicity) could also be stored on a database and used as further evidence to support verification.

Jain, Ross & Uludag (2005) have reported work ongoing in the use of cryptography to enhance the security of biometric systems. Biometric cryptosystems are gaining popularity. They combine biometrics and cryptography, enabling all biometric matching to occur in the cryptographic domain. Like many of the defence mechanisms in development, biometric cryptosystems still have a variety of issues to be addressed before they can be faultlessly applied in an operational setting (Uludag, Pankanti, Prabhakar & Jain, 2004; Hao, Anderson and Daugman, 2006). Other work is ongoing in areas such as steganography (embedding biometric information in benign host images to enhance security); algorithm development (to embed dynamic features into an image, for example); and distortion functions (that can be used to generate cancellable biometrics).

Cancellable biometrics slightly modify the biometric data at the feature extraction stage (Ratha, Chikkerur, Connell, & Bolle, 2007). When a stored template is compromised the current (compromised) template is cancelled and replaced with a new one thereby assisting in recovery after an attack.

Physical security (the management of access to biometrics systems and stored data) and activity logging (such as repeated failed access attempts) are also key defence mechanisms against spoofing and attack. 5.2 Usability and user acceptance

In addition to the technical component, biometric systems also have a human component. To be effective, biometric systems need to be usable and accepted by users (Sasse, 2003). According to Shackel (1975), a system is usable if the intended users can meet a desired level of performance operating it, the amount of learning or practice to achieve this level of performance is appropriate, the system does not place any undue physical or mental strain on the user, and users are satisfied with the experience of interacting with the system. Usability of biometric systems is often assessed on three criteria: performance of the system, user satisfaction, and cost. Performance is measured in terms of effectiveness and efficiency (i.e., the speed and accuracy of both enrolment and verification). In terms of accuracy of biometric systems, there is always a trade-off between minimising both the number of false matches (the FMR) and false rejects or non-matches (the FNMR). That is, there is always a trade-off between security (minimising false matches) and

44

DSTO-GD-0538

usability (minimising false non matches). FNMR can have a significant impact on throughput time (i.e., the efficiency of the biometric system). The time taken to enrol and the time taken for the system to match a user are also key factors in usability of biometric systems. Most leading biometric technologies (such as fingerprint, face and iris) take less than 1 minute to enrol a user (fingerprint and face typically less than 30 seconds) and matching can take less than a second, although this is dependent on the number of records that have to be searched to find the match (Simpson, 2007). Biometric degradation issues (such as age and environment) can greatly impact on performance, particularly time taken to enrol. There are two additional error conditions specific to biometrics: failure to acquire (FTA) and failure to enrol (FTE). FTA refers to the percentage of the target population that does not possess a particular biometric or does not deliver a usable biometric sample i.e. someone with injury or scarring to their fingers may not provide usable fingerprints. FTE refers to the percentage of the target population that cannot be enrolled. This may be due to either procedural, social or technology issues. It is important, in line with equity and diversity principles, to show that the biometric system is inclusive of all users (or should outline how it will deal with those users who will be difficult to enrol). Ashbourn (2005) has identified a range of reasons for FTA and FTE and these are summarised in Table 6.

Table 6: Factors that impact on biometric system usability and performance42 System Issues Demographics User Physiology User Behaviour User Appearance Template ageing (all systems)

Age (all systems) Ethnic origin (all systems) Gender (all systems) Occupation (all systems)

Facial hair (face systems) Disability and disease (all systems) Fingernail length (hand or fingerprint systems) Eyelashes (iris systems) Fingerprint condition (fingerprint systems) Height (all systems) Iris colour intensity (iris systems) Skin tone (face or iris systems) Change in weight (face or hand systems)

Accent or dialect (voice systems) Expression, intonation and volume (voice systems) Facial expressions (face systems) Written language (signature systems) Misspoken or misread phrases (voice systems) Movement (all systems)

Bandages (hand, face, or fingerprint systems) Clothing (all systems) Contact lenses (iris systems) Cosmetics (face systems) Glasses (face or iris systems) False fingernails (hand or fingerprint systems) Hairstyle or colour (face systems) Rings (hand or fingerprint systems)

User satisfaction is the subjective assessment of the performance of the system from both a user and administrator perspective. It is important to understand the impact on users and their feelings about the technology (e.g., hygiene concerns when making contact with a fingerprint scanner, from a user perspective, and hard to understand instructions from an administrator perspective). Patrick (2004) found the biometric systems with the highest levels of user satisfaction were those that were accompanied by training and feedback so that users could better understand the technology and use it properly.

42 Ashbourn (2005)

45

DSTO-GD-0538

A cost benefit analysis should also be performed to assess the user costs and benefits, economic costs and benefits, as well as the security costs and benefits of the system. User costs relate to ‘the physical and mental effort required to interact with a system’ (Sasse, 2003, p.2). To avoid negative user cost, systems have to be safe to use and should not induce worry or stress. Economic costs relate to the resource expenditure and security costs relate to the impact on security of the introduction of a biometric system. Some of the benefits of incorporating biometrics have been discussed previously in this paper (e.g. enhanced security aspects and enhancing the chain of trust) and more will no doubt come to light with further evaluation. The US Navy, when assessing the costs of integrating biometrics with a tactical weapons system, simply looked at the costs of a verification system in general and compared the existing verification system with a biometric one. They broke costs down to deployment related (e.g. acquisition of hardware and software) and operational related (e.g. time to administer, maintenance and replacement costs) (Wilson & Shank, 2003). As previously discussed, Griffin (2004) has developed a quantitative cost/risk/threat analysis specific for biometric systems that may be applicable. It takes the traditional cost benefit analysis a step further to incorporate risks and threats. User acceptance is imperative for any system to be efficient and effective (Spence, 2007). Unhappy users can slow down the system, cause errors or, in extreme cases, sabotage the system (Sasse, 2003). There are many aspects of a biometrics system that may be unacceptable to users. Factors such as safety of the equipment (concerns about contamination or eye damage); chances for mistaken identity; privacy and safety concerns; or the data being used for alternative purposes are of concern to some users. According to Bolle et al (2004) three key factors contribute to user acceptance in biometric systems:

• Users need to believe that there is a credible need for increased security. Good education programs can help to assure users that they are at risk and a commitment to good security behaviour reiterates this (Sasse, 2004).

• Users need to believe that the biometric system is more convenient to use than previous systems and works correctly. For instance, a high level of false rejects or non-matches would negatively impact on user acceptance of the system.

• Users need to be able to trust that their data is held securely and used only for its intended purpose. Users need to know that their biometric data is safe (i.e., that it cannot be copied or changed) and that it will only be used for its intended purpose.

A recent large scale biometrics project in the Italian MoD demonstrated how user acceptance had a wide ranging influence on some of the practical choices the project managers made and, as a consequence, was a key factor in the success of their project (Riccardi, Peticone & Savastano, 2005). 5.3 Health concerns

The capture of biometric information in authentication systems involves the interaction of a user with a machine (e.g., a user may be required to touch a sensor and that sensor may send some radiant energy towards that individual). Health concerns surrounding the use of biometrics are directly related to the contact nature of some sensors (such as fingerprint

46

DSTO-GD-0538

scanners) and the possibility of those sensors being contaminated with germs from previous users. In addition, some users also have concerns about the amount of radiant energy they may absorb during the capture process from some sensors. Research has shown that the health risks associated with the use of biometrics are negligible and similar to the health or contamination risks experienced in everyday life (Bolle et al, 2004). Touching a biometric sensor has been likened to touching a door knob and the levels of radiant energy emitted from many sensors have been shown to not be harmful to users. For instance, studies on the Iridian Technologies iris scan systems in use at the John F Kennedy Airport in New York found that their irradiance (the amount of energy per unit time per unit area) was way below the maximum allowed limits for the prevention of heating of the cornea and their radiance (amount of energy per unit time per unit solid angle per unit area in the direction of travel) was also way below the maximum allowed limits to prevent thermal damage to the retina (http://www.jfkiat.com/Iris%20Scan/Iris%20scan%20Health.htm). ‘What may represent a real risk to the vendors and to the biometric community is casual or intentionally distorted information on medical risks from biometrics spread indiscriminately by the media’ (CESG, 2007). A commitment to education, regular safety testing, and accreditation of systems will help to reassure users that the risks are minimal and in line with those experienced in everyday life. 5.4 Privacy issues

Biometric systems are by nature invasive of privacy since they make it possible for authorities to track users while they go about their lawful business (Ashbourn, 2005). As with health concerns, privacy concerns related to the use of biometrics continue to be a favourite topic for media hype. Privacy concerns can be real or imagined and a user’s perception of the invasiveness of biometrics will impact on their acceptance of the system (Sasse, 2003). Table 7 presents a framework that the US DoD have recently recommended employing to help assess the potential privacy impact of their biometric programs (DSBTF, 2007). As the Defense Science Board Task Force (DSBTF) evaluation highlighted, the majority of the DoD’s biometric applications, particularly those relating to identity management, fall into the right hand side of the framework (i.e., towards the greater risk of privacy invasiveness).

47

DSTO-GD-0538

Table 7: BioPrivacy Application Impact Framework43

Lower risk of privacy invasiveness

Greater risk of privacy invasiveness

Overt 1. Are users aware of the system's operation? Covert

Optional 2. Is the system optional or mandatory? Mandatory

Verification 3. Is the system used for identification or verification? Identification

Fixed Period 4. Is the system deployed for a fixed period of time? Indefinite

Private Sector 5. Is the deployment public or private sector? Public Sector

Individual, Customer

6. In what capacity is the user interacting with the

system?

Employee, Citizen

Enrolee 7. Who owns the biometric information? Institution

Personal Storage

8. Where is the biometric data stored?

Database Storage

Behavioural

9. What type of biometric technology is being deployed?

Physiological

Templates

10. Does the system utilize biometric templates, biometric images, or both?

Images

According to the BioPrivacy Framework (www.bioprivacy.org/bioprivacy_text.htm):

• Biometric systems that are overt, where users are aware that data is being collected, stored, and used are perceived to be less invasive of privacy than covert systems.

• Biometrics systems that are mandatory tend to come under more suspicion or scrutiny than those that are optional simply because they are imposed on users.

• Verification systems (where the system performs a 1:1 check) are less likely to be invasive of privacy compared with identification systems (that perform 1:N checks).

• Biometric systems deployed indefinitely do tend to arouse more suspicion, but those designed to secure logical or physical access are unlikely to reduce personal privacy.

• Biometric systems deployed in the public sector are viewed as more invasive of privacy due to their perceived potential for abuse and ability to be connected to other Government departments or databases. Of particular concern for many users is the

43 www.bioprivacy.org

48

DSTO-GD-0538

impact that policy changes may have on the availability of their personal data, sometimes referred to as function creep.

• Employees are inevitably mandated to use biometric systems and privacy concerns include those such as function creep. Employees need to be informed and their consent obtained when changes are made to the system or the way their biometric data may be used.

• Biometric systems where institutions maintain ownership of a user’s biometric data raise a range of privacy issues. Systems that give the user complete control of the storage, use and disposal of their biometric data (such as storage solely on a smart card) are less likely to raise privacy issues.

• Linked to the above, biometric systems that opt for database storage of information are more liable to be abused or attacked than those that store biometric information locally (such as on a smart card). Although the chance of biometric templates being reverse-engineered is slight, the risks should never be underestimated (Roberts, 2007). The perceived risk of personal information, even in template form, being copied, changed or stolen is enough to raise the privacy concerns for many users.

• Physiological biometrics are, by their nature, very difficult to change or mask and can be collected without user compliance. This raises privacy concerns for users.

• The decision to retain identifiable biometric images obviously raises more privacy issues compared with the decision to store templates only. It should be noted though that many users still do not understand the difference between a biometric image and template and this is where education is important.

To reiterate, the perceived risk of personal information, even in template form, being copied, changed, used for another purpose or stolen is enough to raise privacy concerns for many users. It is imperative that any introduction of biometrics is accompanied by policy, and education and training that cover the privacy aspects of the technology. Such education and policy needs to include a well-defined vision and set of objectives for the application of biometrics. The benefits of using biometrics over other systems must also be discussed and the policy should demonstrate how the use of biometrics is the best solution (technical, scenario and operational evaluations can help to achieve this). 5.5 Integration and support requirements

It is important when embarking on any major project to understand the impact that it will have on the wider system environment: the people, processes, policies, and other technologies. Contrary to the claims of many vendors, biometric technologies are not very adept at plug and play (Kaplan, 2007 and UKBWG, 2002). This is particularly true when the requirement is to authenticate hundreds or thousands of users in complex environments, such as the deployed military environment (International Biometric Group, 2007). The addition of biometrics to a verification system will require the addition of new hardware and software and possibly involve changes to pre-existing hardware. The following are some of the key technical considerations that will need to be made: Template storage issues – should the biometric information (template) be stored on the smart card exclusively or in a database (in support of the chain of trust)? What are the associated security and privacy issues?

49

DSTO-GD-0538

Computer resources – what computer resources will be required to support sensors and matching algorithms?

Maintenance – what are the maintenance requirements of the chosen biometric system? What implications do these have in terms of cost and time, and who is responsible?

Contingency planning – in the event of technology breakdown what contingency plans need to be developed? If the technology fails, what backup methods could be used (e.g., use picture on card only?) Who is responsible for developing these?

Upgrades – as with any technology, biometric technology will require system and sensor upgrades from time to time. What implication does this have in terms of cost and time, and who is responsible? In addition, as the algorithms underlying the biometric systems will also require upgrades, what will be the impact of such upgrades? What will be the backwards and forwards compatibility issues?

Testing/evaluation/compliance testing – Who will conduct testing and evaluation of the biometric system? Who will be responsible for ongoing compliance testing on the system? 5.5.1 Education and training

Increasing user awareness through education and training has been shown to increase user acceptance of biometrics (Riccardi, Peticone & Savastano, 2005; Ashbourn, 2005). A world-wide study commissioned by Unisys Corp in 2006, found that 66% of consumers supported the use of biometrics for identity verification (which was a significant improvement on previous studies). Respondents from the US and Canada supported biometrics for identity verification more than any other region (over 70%), although the Asia Pacific region also showed good support (68%). The researchers concluded that the reason for the significant change in acceptance was the level of education ongoing in the field. Besides formal training programs, Unisys cited other methods, such as daily reminders of biometrics through posters and login messages, and articles in relevant publications, as being integral to user awareness and acceptance (Unisys, 2006). It is important to note that education and training can start before biometrics have even been implemented. Green and Romney (2005) surveyed 200 employees from the education, technology and public service sectors about their feelings towards biometrics. Responses were very negative, with security (regarding data storage and access), and privacy concerns the dominant issues. Respondents were then invited to take part in an online technology briefing about biometrics with a focus on security, safety, and privacy issues after which they were surveyed again. Significant differences were found between the initial survey and the second one, enabling the researchers to conclude that education has a positive impact on the perceptions of biometrics. Training has also been found to be a key in meeting expectations about manufacturer’s performance specifications. Wilson and Shank (2003) found that by training users (through a formal classroom briefing followed by close supervision during enrolment, to provide users with guidance) they were able to ensure they stored good quality templates and minimised error rates as a result. The media hype regarding health issues associated with the use of biometrics could also be addressed in training and education programs, as could the many privacy concerns. ‘An informed, aware user is probably one of the key factors contributing to a successful real-world deployment of biometrics’ (CESG, 2007).

50

DSTO-GD-0538

5.6 Evaluation requirements

In order to better understand the strengths and weaknesses of biometric systems, particularly their real-life performance in a variety of contexts, it is crucial that any system under consideration is subjected to a rigorous evaluation process (Phillips, Martin, Wilson, & Przybocki, 2000). Evaluations of biometric systems generally fall into three categories: Technology evaluations test the biometric systems off-line, using data that has not been seen by the algorithm developers in order to compare competing algorithms from a single technology. Scenario evaluations evaluate the biometric systems in a simulated real-world environment in order to determine overall system performance in the simulated environment. Operational evaluations employ a biometric system in a real world environment to determine if it is sufficiently mature to meet operational performance requirements (Mansfield and Wayman, 2002). In addition to these three categories of evaluation, vulnerability assessments are also essential, particularly in highly secure environments. It should be noted that such evaluations and assessments do not replace the need for ongoing compliance checking or red-teaming of the chosen biometric system (Roberts, 2007). DSTO has developed techniques for analysing the characteristics of biometric systems, for verification purposes, in operational settings, for both Defence and other Government departments. This involves consideration not only of technical factors but also the conduct of trials in the operational setting. This approach takes into account a large number of the variables (e.g., environmental factors such as lighting, human behaviour such as crowding and organisational processes) that influence the performance of biometric systems in real-world applications. In addition, DSTO have identified work process considerations and other human factors issues (such as usability) that effect the introduction of the technology (Kaine, 2003). 5.7 Interoperability issues

Any decision to adopt biometrics also needs to take into account the range of inter-operability issues that such a decision presents. Interoperability issues will exist locally, nationally and internationally and involve the examination of hardware and software, data formats, and guidelines. Given the substantial growth of the biometrics market and interest in the technology, many industry standards have emerged to cover a range of biometric technologies and issues. Standards help to increase the quality and competitiveness of the market, while enabling interoperability across jurisdictions, both nationally and internationally. While the US currently has the lead on developing biometric standards, there is much work ongoing in Europe (see http://www.eubiometricforum.com), and standards are also currently being developed in Australia (led by Standards Australia and the Australian Government Information Management Office or AGIMO). In addition, Australia also has representatives commenting on the key set of international standards for the implementation of biometrics, namely ISO/IEC JTC1 SC37 (http://isotc.iso.org). Many

51

DSTO-GD-0538

other countries are developing their own standards, both on a country-wide and sector by sector basis. For instance, the US DoD is working closely with the National Institute of Standards and Technology (NIST) to ensure biometric standards are reflecting the intricacies of the military environment. It is vitally important that the biometric standards of others be taken into account to facilitate interoperability.

6. Conclusion

In recent years automated biometric systems, such as facial, fingerprint, and iris recognition systems, have been developed to facilitate a range of functions broadly categorised as verification, identification or watch list functions. Such automated systems offer advantages over current strategies, including the elimination of fatigue effects associated with human performance and adding the possibility of measuring features (e.g., iris pattern) that cannot be readily sensed by humans. Biometrics have been successfully applied across a range of procedures and processes to enhance security including physical and logical access control, management of major plant and machinery, weapons control, identity management, and personnel management. The decision to introduce biometrics should not be taken lightly. Automated biometric systems need to be seen as an adjunct to existing systems, adding to techniques already used, and organisations contemplating the adoption of biometric technology need to understand that there are a range of issues that should be addressed. Privacy and security concerns need to be addressed early and have multiple policy implications (security, identity management, and privacy policies etc.). In terms of security, the vulnerability of biometric systems to attack should be determined in any system application, and any system under consideration should be subjected to a thorough vulnerability assessment, including analyses of system vulnerability, attacker profiles, and threat vectors. The decision to adopt biometrics should also be subject to a usability and user acceptance study, and the privacy issues of introducing biometrics should be noted and addressed in relevant policy. A training and education package to accompany the introduction of biometrics should also be considered. The introduction of biometrics brings with it a range of integration and support requirements that should also be addressed, specifically those relating to interoperability. Common standards, data formats, guidelines and evaluation programs should be developed or adopted to take into account the various biometric standards and frameworks already in place. Finally, biometric systems should only be considered where they add significant operational advantages to an existing capability. The future appears lucrative for biometrics. With annual global biometrics revenues projected to grow from $2.1 billion in 2006 to $5.7 billion in 2010 and with inspection of patent databases uncovering a range of new and exciting applications, biometrics truly appear to be living up to the tag applied to them by the MIT Technology Review in 2001 as one of the ‘top ten emerging technologies that will change the world’.

52

DSTO-GD-0538

7. References

Akarun, L, Gokberk, B & Salah, AA 2005, ‘3D Face Recognition for Biometric Applications’, Proceedings of the 13th European Signal Processing Conference (EUSIPCO), September 4-8, 2005, Antalya, Turkey, http://www.arehna.di.uoa.gr/Eusipco2005/defevent/papers/cr1899.pdf, last accessed 27 March 2007. Ashbourn, J 2005, The social implications of the wide scale implementation of biometric and related technologies, background paper for the Institute of Prospective Technological Studies, DG JRC, Sevilla, European Commission. http://cybersecurity.jrc.es/docs/LIBE%20Biometrics%20March%2005/SocialImplications_Ashbourn.pdf, last accessed 27 March 2007. Bella, G, Bistarelli, S & Martinelli, F 2003, Biometrics to Enhance Smartcard Security, http://www.sci.unich.it/~bista/papers/papers-download/mocviatocfinal.pdf, last accessed 27 March 2007. Blackburn, T, Butavicius, M, Graves, I, Hemming, D, Ivancevic, V, Johnson, R, Kaine, A, McLindin, B, Meaney, K, Smith, B & Sunde, J 2003, Biometrics Technology Review 2002, DSTO-GD-0356. Bolle, RM, Connell, JH, Pankanti, S, Ratha, NK & Senior, AW 2004, Guide to Biometrics, Springer, New York. Bourlai, T, Drygajlo, A, Kittler, J, Kryszczuk, K, Prodanov, P & Richardi, J 2006, BioSecure: Biometrics for Secure Authentication Report, http://www.cilab.upf.edu/biosecure1/public_docs_deli/BioSecure_Deliverable_D08-1-2_b2.pdf, last accessed 27 March 2007. Bullis, K 2006, ‘Smart cards with built-in fingerprint scanners’, MIT Technology Review. http://www.technologyreview.com/Biztech/17040/, last accessed 27 March 2007. Celent 2006, Biometric ATMs in Japan: Fighting Fraud with Vein Pattern Authentication, http://www.celent.com/PressReleases/20060329(2)/BiometricsJapan.htm, last accessed 20 July 2007. CESG (Communications-Electronics Security Group) 2007, Management Summary 07: Health and Safety Issues in Biometrics, http://www.cesg.gov.uk/site/ast/index.cfm?menuSelected=4&subMenu=4&displayPage=407, last accessed 30 April 2007. Cetingul, HE, Yemez, Y, Evzin, E & Tekalp, AM 2004, ‘Discriminative Lip Motion Features for Biometric Speaker Identification’, Proceedings of the 2004 International Conference on Image Processing (ICP), http://ieeexplore.ieee.org/iel5/9716/30678/01421480.pdf, last accessed 27 March 2007.

53

DSTO-GD-0538

Chang, KI, Bowyer, KW & Flynn, PJ 2005, ‘An Evaluation of Multimodal 2D+3D Face Biometrics’, IEEE Transactions on Pattern Analysis and Machine Intelligence, 27(4), pp. 619-624, http://ieeexplore.ieee.org/iel5/34/30436/01401913.pdf, last accessed 27 March 2007. Chang, T, Chen, Z, Cheng, B, Cody, M, Liska, M, Recce, M, Sebastian, D & Shishkin, D 2005, ‘Enhancing handgun safety with embedded signal processing and dynamic grip recognition’, Proceedings of 31st Annual Conference of IEEE Industrial Electronics Society, November 6-10, 2005. Chen, Y, Jain, A, Parziale, G & Diaz-Santana, E 2006, 3D Touchless Fingerprints. http://www.biometrics.org/bc2006/presentations/Wed_Sep_20/BSYM/20_Chen_research.pdf, last accessed 27 March 2007. Damousis, I.G., Tzovaras, D. & Bekiaris, E. 2008, ‘Unobtrusive Multimodal Biometric Authentication: the HUMABIO Project Concept’ Journal on Advances in Signal Processing, http://www.hindawi.com/GetArticle.aspx?doi=10.1155/2008/265767&e=ref, last accessed 12 May 2008. Deubel, P 2007, ‘Biometrics in K-12: The Legal Conundrum’, T.H.E. Journal, http://www.thejournal.com/articles/20494, last accessed 27 July 2007. Down, MP & Sands, RJ 2004, ‘Biometrics: An Overview of the Technology, Challenges and Control Considerations’, Information Systems Control Journal. http://www.isaca.org/Template.cfm?Section=Home&CONTENTID=21337&TEMPLATE=/ContentManagement/ContentDisplay.cfm, last accessed 27 March 2007. DSBTF (Defense Science Board Task Force) 2007, Report of the Defense Science Board Task Force on Defense Biometrics, March 2007, http://www.acq.osd.mil/dsb/reports/2007-03-Biometrics.pdf, last accessed 12 April 2007. DSTO (Defence Science and Technology Organisation) 2007, SmartGate Series One Factory Acceptance Testing Eragny, France, DSTO-TR-2036, DSTO Edinburgh, SA (RESTRICTED). Greneker, EF 2006, ‘Radar Technology for Acquiring Biological Signals’, The Journal of Credibility Assessment and Witness Psychology, vol. 7, no. 2, pp. 127-134. Greneker, EF & Geisheimer, J 2001 ‘Non-Contact Lie Detector using Radar Vital Signs Monitor (RVSM) Technology’, IEEE Aerospace and Electronic Systems Magazine, vol. 16, no. 8, pp. 10-14. Gomez, E, Traviesco, CM, Briceno, JC & Ferrer, MA 2002, ‘Biometric Identification System by Lip Shape’, Proceedings of the 36th Annual IEEE International Carnahan Conference on Security Technology, http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=1049223, last accessed 27 March 2007. Gordon, N & White, C 2007, CESG Biometric Programme, NZ_AU Presentation.

54

DSTO-GD-0538

Graves, I, Johnson, R & McLindin, B 2003, ‘Problems with False Accept Rate in Operational Access Control Systems, Proceedings of the 4th Australian Information Warfare and IT Security Conference, Adelaide, November 2003, pp. 129-135. Green, N & Romney, GW 2005, ‘Establishing public confidence in the security of fingerprint biometrics’, Proceedings of the 6th International Conference ITHET, July 7-9, 2005, Juan Dolio, Dominican Republic, http://ieeexplore.ieee.org/iel5/10436/33131/01560332.pdf?arnumber=1560332, last accessed 27 March 2007. Griffin, P 2004, Predicting performance of fused biometric systems, Identix Research, September, 2004. Hamilton, W 2007, ‘Understanding the impact of federal credentialing programs’, The Winter 2007 Biometrics Summit, February 26 – March 1, 2007, Miami, Florida. Hao, F, Andersdon, R, & Daugman, J 2006, ‘Combining Crypto with Biometrics Effectively’, IEEE Transactions on Computers, 55(9), pp. 1081-1088. Hogg, RV & Tanis EA 2000 Probability and Statistical Inference, 6th Edition, Prentice Hall, New York. International Biometric Group 2007, Systems Integration, http://www.biometricgroup.com/core_capabilities.html, last accessed 27 March 2007. ISO/IEC 19795-1-2006 2006, Information Technology – Biometric performance testing and reporting. Part 1 – Principles and Framework, 2006-04-01. ISO/IEC JTC 1/SC 37 Biometrics 2004, 1st Working Draft 24714, Biometrics – Technical Report on Cross Jurisdictional and Societal Aspects of Implementation of Biometric Technologies, American National Standards Institute. Jain, AK, Ross, A & Prabhakar, S 2004, ‘An Introduction to Biometric Recognition’, IEEE Transactions on Circuits and Systems for Video Technology, 14(1), pp. 4-20. Jain, A, Ross, A & Uludag, U 2005, ‘Biometric Template Security: Challenges and Solutions’, Proceedings of the 13th European Signal Processing Conference (EUSIPCO), September 4-8, 2005, Antalya, Turkey. Kaine, A 2003, ‘The Impact of Facial Recognition Systems on Business Practices within an Operational Setting’, Proceedings of the 25th Conference on Information technology Interfaces ITI 2003, June 16-19, 2003, Cavtat, Croatia. Kaplan, D 2007, ‘From InfoSec 2007: Effective biometric solutions still face hurdles before widespread deployment’, SC Magazine, 20 March 2007, http://scmagazine.com/us/news/article/644931/from-infosec-2007-effective-biometrics-solutions-face-hurdles-widespread-deployment/, last accessed 9 May 2007.

55

DSTO-GD-0538

Kauchak, M 2006, ‘A Multimodal Future’, Special Operations Technology Online Archives, 4(3), http://www.special-operations-technology.com/article.cfm?DocID=1391, last accessed 27 March 2007. Kuester, N 2006, Military Multi-modal Biometric System Analysis, thesis in partial fulfilment of Master of Psychology (Organisational and Human Factors), University of Adelaide. Khan, I 2006, Vein Pattern Recognition – Biometrics Underneath the Skin, http://www.findbiometrics.com/article/320, last accessed 27 March 2007. Khan, M 2003, Multimodal Biometrics: A more secure way against Intruders, http://multimedia.ece.uic.edu/FIT03/Day-2/S11/p3.pdf, last accessed 27 March 2007. Ko, T 2005, ‘Multimodal Biometric Identification for Large User Population Using Fingerprint, Face and Iris Recognition’, Proceedings of the 34th Applied Imagery and Pattern Recognition Workshop (AIPR05). Koenig P 2002, Personal identification method and apparatus using acoustic resonance analysis of body parts, US Patent 6724689, http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=%22Personal+identification+method+apparatus+using+acoustic+resonance+analysis+body+parts%22.TI.&OS=TTL/, last accessed 10 May 2008. Korotkaya, Z 2003, Biometric Person Authentication: Odor, http://www.it.lut.fi/kurssit/03-04/010970000/seminars/Korotkaya.pdf, last accessed 27 March 2007. Krane, J 2003, ‘U.S Military Compiles Biometric Database On Iraqi Fighters, Saddam Loyalists’, Information Week, http://www.informationweek.com/story/showArticle.jhtml?articleID=9800069&ls=TW_051403_fea&fb=20021204_security, last accessed 27 March 2007. Mansfield, AJ & Wayman, JL 2002, Best Practices in Testing and reporting Performance of Biometric Devices, NPL Report CMSC 14/02, http://www.cesg.gov.uk/site/ast/biometrics/media/BestPractice.pdf, last accessed 27 March 2007. Martinez-Diaz, M, Fierrez-Aguilar, J, Alonso-Fernandez, F, Ortega-Garcia, J, Siguenza, JA 2006, ‘Hill-Climbing and Brute-Force Attacks on Biometric Systems: A Case Study in Match-on-Card Fingerprint Verification’, Proceedings of the 40th Annual IEEE International Carnahan Conference on Security Technology, October 16-20, 2006, Lexington, Kentucky. Miles, CA & Cohn, JP 2006, ‘Tracking Prisoners in Jail With Biometrics’, NIJ Journal 253, http://www.ojp.usdoj.gov/nij/journals/253/tracking.html, last accessed 20 July 2007.

56

DSTO-GD-0538

Nakajima, K, Mizukami, Y, Tanaka, K & Tamura, T 2000, ‘Footprint-Based Personal Recognition’, IEEE Transactions on Biomedical Engineering, 47(11), pp. 1534-1537. Narayanaswami, C 2005, ‘Form Factors for Mobile Computing and Device Symbiosis’, Proceedings of the Eighth International Conference on Document Analysis and Recognition (ICDAR'05), pp. 335. Nixon, MS & Carter, JN 2004, ‘On Gait as a Biometric: Progress and Prospects’, Proceedings of EUSIPCO 2004, Vienna, Austria. Ortiz Jnr, S 2007, ‘Brain-computer Interfaces: Where Human and Machine Meet’, Computer. http://www.computer.org/portal/cms_docs_computer/computer/homepage/Jan07/COM_017-021.pdf, last accessed 27 March 2007. Parks, DR, Roederer, M & Moore, WA 2006 ‘A New ‘‘Logicle’’ Display Method Avoids Deceptive Effects of Logarithmic Scaling for Low Signals and Compensated Data’, Cytometry Part A, 69(A): 541–551, International Society for Analytical Cytology, http://herzenberg.stanford.edu/Publications/Reprints/LAH517.pdf. Patrick, AS 2004, Usability and Acceptability of Biometric Security Systems, IST-044-RWS-007, http://www.nrc-cnrc.gc.ca, last accessed 27 March 2007. Piazza, P 2005, ‘The Smart Cards are Coming…Really’, Security Management Online, http://www.securitymanagment.com/library/001697.html, last accessed 27 March 2007. Phillips, PJ 2008, Multi Biometrics Grand Challenge Kick-Off Workshop, Presentation, April 18, http://face.nist.gov/mbgc/mbgc_presentations.htm, last accessed 12 June 2008. Phillips, PJ, Martin, A, Wilson, CL & Przybocki, M 2000, ‘An Introduction to Evaluating Biometric Systems’, Computer, http://www.frvt.org/DLs/FERET7.pdf, last accessed 27 March 2007. Phillips, PJ, Scruggs, WT, O’Toole, AJ, Flynn, PJ, Bowyer, KW, Schott, CC & Sharpe, M 2007, FRVT2006 and ICE 2006 Large-Scale Results, http://face.nist.gov/frvt/frvt2006/FRVT2006andICE2006LargeScaleReport.pdf, last accessed 5 April 2007. Ratha, N, Chikkerur, S, Connell, JH & Bolle, RM 2007, ‘Generating Cancellable Fingerprint Templates’, IEEE Transactions on Pattern Analysis and Machine Intelligence, 29(4), pp. 561-572. Riccardi, L, Peticone, B, & Savastano, M 2005, ‘Biometrics for massive access control – traditional problems and innovative approaches’, Proceedings of the 2005 IEEE Workshop on Information Assurance and Security, United States Military Academy, West Point, New York.

57

DSTO-GD-0538

Riera, A, Soria-frisch, A, Caparrini, M, Cester, I & Ruffini, G 2008, ‘Unobtrusive Biometric System Based on Electroencephalogram Analysis’, EURASIP Journal on Advances in Signal Processing, vol. 2008, pp. 1-8. Roberts, C 2006, Biometric Technologies - Fingerprints, http://www.ccip.govt.nz/ccip-publications/ccip-reports/Biometrics%20Technologies%20-%20Fingerprints.pdf, last accessed 27 March 2007. Roberts, C 2007, ‘Biometric attack vectors and defences’, Computers and Security, 26(2007), pp. 14-25. Ross, A & Jain, A 2004, ‘Multimodal Biometrics: An Overview’, Proceedings of EUSIPCO 2004, Vienna, Austria. Ryan, R 2007, ‘How to successfully design and deploy biometrics to protect identity and overcome privacy concerns’, The Winter 2007 Biometrics Summit. Feb 26 – March 1, 2007, Miami, Florida. Sanderson, S & Erbetta, JH 2000, Authentication for Secure Environments Based on Iris Scanning Technology, http://ieeexplore.ieee.org/iel5/6829/18346/00847019.pdf, last accessed 27 March 2007. Sandström, M 2004 Liveness Detection in Fingerprint Recognition Systems, PhD Thesis, http://www.diva-portal.org/diva/getDocument?urn_nbn_se_liu_diva-2397-1__fulltext.pdf. Sasse, MA 2004, Usability and trust in information systems, http://www.dti.gov.uk/files/file15320.pdf, last accessed 27 March 2007. Sasse, MA 2003, Usability and User Acceptance of Biometrics, http://www.cesg.gov.uk/site/ast/biometrics/media/Usability_and_User_Acceptance.pdf, last accessed 27 March 2007. Schuckers, SAC 2002 Spoofing and Anti-Spoofing Measures, online article for Elsevier Information Security Report on Biometrics, http://www.citer.wvu.edu/members/publications/files/15-SSchuckers-Elsevior02.pdf. Shackel, B 1975, Applied Ergonomics Handbook, IPC Technology Press, Guildford. Simon, C & Goldstein, I 1935, ‘A New Scientific Method of Identification’, New York State Journal of Medicine, 35(18), pp. 901-906. Simmons, C 2005, TBS Announces First Touchless, 3D Live-Scan Fingerprint System. http://www.send2press.com/newswire/2005-04-0405-008.shtml, last accessed 27 March 2007. Simpson, I 2007, ‘Biometrics: Issues and Applications’, Proceedings of the 6th Annual Multimedia Systems Conference, January 13, 2007, University of South Hampton.

58

DSTO-GD-0538

Snelick, R, Uludag, U, Mink, A, Indovina, M & Jain, A 2005, ‘Large Scale Evaluation of Multimodal Biometric Authentication Using State-of-the-Art Systems’, IEEE Transactions on Pattern Analysis and Machine Intelligence, 27(3), pp. 450-455. Spence, B 2007, Biometrics in Physical Access Control: Issues, Status and Trends, http://www.siaonline.org, last accessed 27 March, 2007. Summerfield, C 2006, Voice Authentication Evaluations, National Centre for Biometric Studies Conference on Voice Authentication for Identity Management, September 28, 2006, University of Canberra. Tao, Q, van Rootseler, R, Veldhuis, R, Gehlen, S & Weber, F 2007, ‘Optimal Decision Fusion and Its Application on 3D Face Recognition’, Proceedings of the Workshop on Biometrics and eCards, Darmstadt, Germany, http://www.3dface.org/files/papers/veldhuis-CAST2007-OptimalDecisionFusion.pdf last accessed 27 July 2007. Thalheim, L, Krissler, J & Ziegler, P-M 2002, Body Check: Biometric Access protection Devices and their Programs Put to the Test, http://www.heise.de/ct/english/02/11/114/, last accessed 27 March 2007. Uludag, U, Pankanti, S, Prabhakar, S & Jain, AK 2004, ‘Biometric Cryptosystems: Issues and Challenges’, Proceedings of the IEEE, 92(6), pp. 948-960. Unisys 2006, Consumers Worldwide Overwhelmingly Support Biometrics for Identity Verification, Says Unisys Study, Unisys Media Release No: 0406/8651, http://www.unisys.com/about__unisys/news_a_events/04268651.htm UKBWG (United Kingdom Biometrics Working Group) 2002, Use of Biometrics for Authentication and Identification: Advice on Product Selection, Issue 2.0, http://www.idsysgroup.com/ftp/Biometrics%20Advice.pdf, last accessed 27 March 2007. Victor, B, Bower, K & Sarkar, S 2002, ‘An Evaluation of Face and Ear Biometrics’, Proceedings of the ICPR, http://ieeexplore.ieee.org/iel5/8091/22378/01044746.pdf, last accessed 27 March 2007. Wasem, RE, Lake, J, Seghetti, L, Monke, J, Vina, S 2004, Border Security: Inspections, Practices, Policies and Issues, CRS Report for Congress, http://www.ilw.com/immigdaily/news/2004,1006-security.pdf, last accessed 27 March 2007. Wiederhold MD, Israel SA, Meyer RP & Irvine JM 2003, Identification by analysis of physiometric variation, United States Patent 6993378, http://www.wipo.int/pctdb/images4/PCT-PAGES/2003/012003/03000015/03000015.pdf, last accessed 10 May 2008.

59

DSTO-GD-0538

Wilson, P & Shank, B 2003, ‘Costs and Benefits of Integrating Biometrics with a Navy Tactical Weapons System’, Proceedings of the 2003 IEEE Workshop on Information Assurance, United States Military Academy, West Point, New York. Woodward, JD, Watkins Webb, K, Newton, EM, Bradley, MA, Rubenson, D, Larson, K, Lilly, J, Smythe, K, Houghton, B, Pincus, HA, Schachter, J & Steinberg, P 2001, Army Biometric Applications: Identifying and Addressing Sociocultural Concerns, http://www.rand.org/pubs/monograph_reports/MR1237/, last accessed 27 March 2007. Woodward, JD, Horn, C, Gatune, J & Thomas, A 2003, Biometrics A Look at Facial Recognition, RAND Documented Briefing, http://www.rand.org/pubs/documented_briefings/DB396/DB396.pdf, last accessed 27 March 2007. Yao, Y, Abidi, B, Kalka, ND, Schmidt, N & Abidi, M 2006, ‘High magnification and long distance face recognition: database acquisition, evaluation, and enhancement’, Proceedings of the 2006 Biometrics Symposium, http://ieeexplore.ieee.org/iel5/4341611/4341612/04341635.pdf?tp=&isnumber=&arnumber=4341635, last accessed 8 July 2008. Zhang, D, Liu, Z, Yan, J & Shi, P 2007, ‘Tongue-Print: A Novel Biometrics Pattern’, in Lecture Notes in Computer Science, Berlin: Springer, pp. 1174-1183.

60

Page classification: UNCLASSIFIED

DEFENCE SCIENCE AND TECHNOLOGY ORGANISATION

DOCUMENT CONTROL DATA 1. PRIVACY MARKING/CAVEAT (OF DOCUMENT)

2. TITLE Biometrics Technology Review 2008

3. SECURITY CLASSIFICATION (FOR UNCLASSIFIED REPORTS THAT ARE LIMITED RELEASE USE (L) NEXT TO DOCUMENT CLASSIFICATION) Document (U) Title (U) Abstract (U)

4. AUTHOR Rebecca Heyer

5. CORPORATE AUTHOR DSTO Defence Science and Technology Organisation PO Box 1500 Edinburgh South Australia 5111 Australia

6a. DSTO NUMBER DSTO-GD-0538

6b. AR NUMBER AR 014-200

6c. TYPE OF REPORT General Document

7. DOCUMENT DATE May 2008

8. FILE NUMBER 2007/1101846

9. TASK NUMBER CCT07/029

10. TASK SPONSOR CDS

11. NO. OF PAGES 66

12. NO. OF REFERENCES 79

13. URL on the World Wide Web http://www.dsto.defence.gov.au/corporate/reports/DSTO-GD-0538.pdf

14. RELEASE AUTHORITY Chief, Land Operations Division

15. SECONDARY RELEASE STATEMENT OF THIS DOCUMENT

Approved for public release OVERSEAS ENQUIRIES OUTSIDE STATED LIMITATIONS SHOULD BE REFERRED THROUGH DOCUMENT EXCHANGE, PO BOX 1500, EDINBURGH, SA 5111 16. DELIBERATE ANNOUNCEMENT No Limitations 17. CITATION IN OTHER DOCUMENTS Yes 18. DSTO RESEARCH LIBRARY THESAURUS

Automation Biometrics Biometric Identification Security

19. ABSTRACT Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. In recent years automated biometric systems, such as facial, fingerprint and iris recognition systems, have been developed to facilitate a range of functions. These functions can be broadly categorised as verification or identification, and include, for instance, physical and logical access control, management of major plant and machinery, weapons control, identity management, surveillance operations, and personnel management. This paper is an updated version of the Biometrics Technology Review 2002 published in 2003 by Blackburn et al. It provides an overview of the basic elements of biometrics; a detailed examination of current and future biometric technologies; discusses the many different applications of biometrics; and highlights the issues associated with using such technology.

Page classification: UNCLASSIFIED