services and computational cloud: the inevitable future of ......• reliable winnowing techniques...
TRANSCRIPT
© Cukic 2012
CITeR The Center for Identification Technology Research An NSF I/UCR Center advancing integrative biometrics research
Services and Computational Cloud:
The Inevitable Future of Biometrics
Bojan Cukic
Center for Identification Technology Research (CITeR)
West Virginia University
BCC, September 2012
© Cukic 2012
Biometrics in the Cloud
* E. Kohlwey et al. “Leveraging the Cloud for Big Data Biometrics, Booz Allen Hamilton, 2011
© Cukic 2012
• Business case:
– Companies spend 70-80% of their IT budget in maintenance of infrastructure.
– SaaS improves operational efficiency by eliminating upfront investment and ongoing infrastructure maintenance.
– Services / Clouds trending up: • From $16B (‘08) to $42B (‘12)
– Growth comes with dependability expectations.
• Delegate maintenance cost to biometric service providers.
Biometric Services?
© Cukic 2012
• Necessary for giga-scale biometric
applications.
– Quadratic growth of the number of operations
– Example: de-duplication
• Operational flexibility
– Integration of matchers and modalities
– Cost per match reflects criticality of the query
– Cost specific vulnerability reduction
Computational Cloud?
© Cukic 2012
• Let’s run some numbers:
– A match takes a mili-second, 100 million identities in
the data set:
• De-duplicating an identity takes 100,000 seconds, i.e., 27
hours
• De-duplicating entire data base takes ~ 15.4 trillion
years!
– A match takes a micro-second, 100 million identities:
• De-duplicating an identity takes 100 seconds
• De-duplicating entire data base takes 16 billion years!
• Not practical (without effective winnowing)!
De-duplication Time
© Cukic 2012
Risk function
Operational Flexibility @ Check Point’s
Traveler Queues
Watch Lists / Identity DB
Legend
=Required Signal
=Optional Signal
= Movement
Public Key Directory
Secondary Inspection /
Detainment
Border Access
=Optional Movement
Inspection Stations (w/ biometric )
Local,
distributed,
or central?
Modality,
quality,
scalability,
update, access ?
Acceptance,
modality,
quality?
Modality,
FMR,
vulnerability,
exceptions,
throughput?
False Non - Match Rate,
Inconvenience acceptance?
False
Match Rate
© Cukic 2012
Face Recognition ROCs
2006 Face
Recognition
Vendor
Test (FRVT)
© Cukic 2012
P(+)=0.01
P(-)=0.99
Face recognition cost curves
1E-3 1E-2 1E-1 1E-4
P(+)=0.001
P(-)=0.999
P(+)=0.0001
P(-)=0.9999
© Cukic 2012
Choosing Match Algorithm
In feasible implementations, FMR is NOT ACCEPTABLE!
© Cukic 2012
Challenges in Deploying
Dependable Biometric SaaS
• Middleman - Network Service Provider
– SaaS requires an active Internet connection
– In SaaS, who is to blame for a network connection
issue?
• SLAs should include the user and the service provider.
• How many network providers?
– Offline mode may (not) be feasible in Biometric SaaS.
• Storing data locally and synchronizing on availability may
reduce data loss, but increases complexity.
© Cukic 2012
Multi-tenancy and
Confidentiality, Integrity
• Data sensitivity: Collocation brings risks.
• Reputation fate sharing
– Clients who partake in illicit activities may tamper the
reputation of others using shared resources.
• Providers may off-shore data stores.
– Legal assurances and ramifications?
• Distributing the application across multiple
servers, virtual machines.
– Highly dynamic environments.
• Related issues with data integrity and security.
© Cukic 2012
Scalability, Performance
• Provider’s headache:
– Performance should not degrade with the addition
of new clients or extra workload.
• For SaaS, scalability on demand is a challenge.
• Complexity of multi-tenancy impacts solution
approaches.
• Customer’s illusion of infinite resources.
• Reliable winnowing techniques
– A challenge, except for fingerprints.
– One of the fundamental research topics.