© Cukic 2012

CITeR The Center for Identification Technology Research An NSF I/UCR Center advancing integrative biometrics research

Services and Computational Cloud:

The Inevitable Future of Biometrics

Bojan Cukic

Center for Identification Technology Research (CITeR)

West Virginia University

BCC, September 2012

© Cukic 2012

Biometrics in the Cloud

* E. Kohlwey et al. “Leveraging the Cloud for Big Data Biometrics, Booz Allen Hamilton, 2011

© Cukic 2012

• Business case:

– Companies spend 70-80% of their IT budget in maintenance of infrastructure.

– SaaS improves operational efficiency by eliminating upfront investment and ongoing infrastructure maintenance.

– Services / Clouds trending up: • From $16B (‘08) to $42B (‘12)

– Growth comes with dependability expectations.

• Delegate maintenance cost to biometric service providers.

Biometric Services?

© Cukic 2012

• Necessary for giga-scale biometric

applications.

– Quadratic growth of the number of operations

– Example: de-duplication

• Operational flexibility

– Integration of matchers and modalities

– Cost per match reflects criticality of the query

– Cost specific vulnerability reduction

Computational Cloud?

© Cukic 2012

• Let’s run some numbers:

– A match takes a mili-second, 100 million identities in

the data set:

• De-duplicating an identity takes 100,000 seconds, i.e., 27

hours

• De-duplicating entire data base takes ~ 15.4 trillion

years!

– A match takes a micro-second, 100 million identities:

• De-duplicating an identity takes 100 seconds

• De-duplicating entire data base takes 16 billion years!

• Not practical (without effective winnowing)!

De-duplication Time

© Cukic 2012

Risk function

Operational Flexibility @ Check Point’s

Traveler Queues

Watch Lists / Identity DB

Legend

=Required Signal

=Optional Signal

= Movement

Public Key Directory

Secondary Inspection /

Detainment

Border Access

=Optional Movement

Inspection Stations (w/ biometric )

Local,

distributed,

or central?

Modality,

quality,

scalability,

update, access ?

Acceptance,

modality,

quality?

Modality,

FMR,

vulnerability,

exceptions,

throughput?

False Non - Match Rate,

Inconvenience acceptance?

False

Match Rate

© Cukic 2012

Face Recognition ROCs

2006 Face

Recognition

Vendor

Test (FRVT)

© Cukic 2012

P(+)=0.01

P(-)=0.99

Face recognition cost curves

1E-3 1E-2 1E-1 1E-4

P(+)=0.001

P(-)=0.999

P(+)=0.0001

P(-)=0.9999

© Cukic 2012

Choosing Match Algorithm

In feasible implementations, FMR is NOT ACCEPTABLE!

© Cukic 2012

Challenges in Deploying

Dependable Biometric SaaS

• Middleman - Network Service Provider

– SaaS requires an active Internet connection

– In SaaS, who is to blame for a network connection

issue?

• SLAs should include the user and the service provider.

• How many network providers?

– Offline mode may (not) be feasible in Biometric SaaS.

• Storing data locally and synchronizing on availability may

reduce data loss, but increases complexity.

© Cukic 2012

Multi-tenancy and

Confidentiality, Integrity

• Data sensitivity: Collocation brings risks.

• Reputation fate sharing

– Clients who partake in illicit activities may tamper the

reputation of others using shared resources.

• Providers may off-shore data stores.

– Legal assurances and ramifications?

• Distributing the application across multiple

servers, virtual machines.

– Highly dynamic environments.

• Related issues with data integrity and security.

© Cukic 2012

Scalability, Performance

• Provider’s headache:

– Performance should not degrade with the addition

of new clients or extra workload.

• For SaaS, scalability on demand is a challenge.

• Complexity of multi-tenancy impacts solution

approaches.

• Customer’s illusion of infinite resources.

• Reliable winnowing techniques

– A challenge, except for fingerprints.

– One of the fundamental research topics.