a conceptual framework for testing biometric algorithms ......• tests under real-life conditions...

(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“

A Conceptual Framework forTesting Biometric Algorithms withinOperating Systems' Authentication

Arslan Brömme,Marcel Kronberg, Oliver Ellenbeck, and Oliver Kasch

Biometric Authentication Research GroupFaculty of InformaticsUniversity of Hamburg

[broemme, biometrik]@informatik.uni-hamburg.de

ACM Symposium on Applied Computing SAC 2002March 11-14, 2002, Madrid, Spain

Plan of the Talk

1. Introduction

2. Process of Biometric Authentication• Process of Biometric Authentication with Data Logging• Resource Requirements of Biometric Techniques• Data Logging Module

3. Biometric Authentication with Data Logging• Unix: myPluggable Authentication Modules (PAM)• Windows NT/2k: myGraphical Identification and Authentication

Interface (GINA) & Overview of Surrounding Architecture

4. Testing Biometric Algorithms for Authentication• Conceptual Framework• Example: Expected Benefits for Iris Biometrics• Improving Biometric Algorithms for Applications?

• Summary, Conclusions and Future Work

• Demonstration (modified GINA within Windows 2k)(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“

proceedings

1. Introduction

Mission: Development of adequate biometric algorithms for authentication purposes

• Laboratory tests are not sufficient• Not possible to accurately simulate realistic

environmental conditions

• Tests under real-life conditions are necessary

• Test results are used for evaluation of biometric algorithms' • Degree of fitness (robustness, performance)• Usability of biometric technique

• Collection of quantitative data (data logging) andqualitative data (human observer)• Within standard OS (Windows NT/2k & Unix)


2. Process of Biometric Authentication

• Process of Biometric Authentication with Data Logging• Definition of process for standard OS

• Resource Requirements of Biometric Techniques• Tabular overview of resource requirements for

different biometric techniques

• Data Logging Module• Concept of data logging module for OS logon



2.1 Process of Biometric Authentication w. Data Logging I

securedata

loggingdatabase

start login

login dialog

capturing/scanningprocess

raw & calibrationdata

biometricalgorithm

result

biologicalcharacteristics

biometricsignature class

securebiometricdatabase

t1

t2

t3

t4

t11

d1

d2

d3-9

d10


2.1 Process of Biometric Authentication w. Data Logging II

Biometric algorithm is subdivided into four modules

• preprocessing

• quality check & normalization

• signal processing & calculation of biometric signature

• comparison & decision

Timestamps t1-10 and data d1-9 from different modules can be collected

P

Q

S

D


2.1 Process of Biometric Authentication w. Data Logging III

securedata

loggingdatabase

biometricsignature class


t4

t8

t9

t11

d3

preprocessing

preprocessed data

quality check &normalization

normalized data

signal processing &calc. biometric signature

comparison &(final) decision

t5

t6

t7

t10

biometric signature

d4d5d6d7d8d9

biometricalgorithmP

Q

S

D

controlinformation


2.2 Resource Requirements of Biometric Techniques I

Five abstract resources for OS identified

• Video [image]

• Video [stream]

• Audio [stream]

• Scan [single values]

• Scan [time series]


2.2 Resource Requirements of Biometric Techniques II

body part

Vid

eo

[im

ag

e]

Vid

eo

[st

ream

]

Au

dio

[st

ream

]

Sca

n [

sin

gle

]

Sca

n [

tim

ese

ries]

face geometry x x - - -iris x x - - -retina (veins) x x - - -voice - - x - -lip movement - x - - -dental x - - x -ear x - - x -

head

tongue x - - x -hand geometry x x - x -handfinger/palm print x x - x -

brain waves - - - - xcerebric intuitional acts - x - - x

DNA x - - - xgesture - x - - xodor - - - x xmovement patterns - x - - x

posture x x - - -

signing x x - x -

biological characteristic

body

motoric


2.3 Data Logging Module I

Storing collected data in authentication records byusing a data logging module.

Functions of data logging module

• Create an authentication record

• Update of an authentication record

• Insert single values into an authentication record

• Pass stream values to an authentication record


2.3 Data Logging Module II

biometricauthentication

process

dataloggingmodule

securedata

loggingdatabase

securedata

loggingdatabase

I. II.

[d1] login specific data

[d2:r1] video [image]

[d2:r2] video [stream]

[d2:r3] audio [stream]

[d2:r4] scan [single values]

[d2:r5] scan [time series]

[d3] internal data from P

[d10] result...

[t1] start of login

[t11] end of module D

...

securecommunication

channel

3. Biometric Authentication with Data Logging

• Unix• myPluggable Authentication Modules (PAM)

• Windows NT/2k• myGraphical Identification and Authentication Interface

(GINA)



3.1 Unix: myPluggable Authentication Modules (PAM)

pluggable authentication mechanism

system entry service

authentication and data logging mechanism

PAMconfiguration file

Login:PAM-awareapplication

PAM

PAM module:secure biometric

database

PAM module:biometric algorithm

PAM module:secure data

logging database


3.2 Windows NT/2k: Graphical Identification and Authentication Interface (GINA) & more

WINLOGON myGINA

secure attentionsequence

SSPI

mySP

myAP

LSAm

yA

P/

SP

application

biometric GINA

biometric AP

biometric SSP

biometric applicationbiometricdatabase

securedata

loggingdatabase


3.2 Windows NT/2k: Overview of Surrounding Architecture

[Figure by Microsoft]

4. Testing Biometric Algorithms for Authentication

• Conceptual Framework

• Example: Expected Benefits for Iris Biometrics

• Improving Biometric Algorithms for Applications?


proceedings


application

chooseenvironment

choosebiometric techniquemethod sensor drivers

chooseoperating systemUnix Windows NT/2k

implement biometricauthentication processinto operating system

evaluation ofbiometric algorithm

biometricauthentication

process

4.1 Conceptual Framework I


implement biometricauthentication processinto operating system

biometric authentication

process

securedata logging

module &database


securecommunication

channelsimplement/parameterizebiometric algorithm

operatingsystem

biometrictechnique

4.1 Conceptual Framework II


implement/parameterizebiometric algorithm

testing of thebiometric algorithm

within laboratory

testing of the biometric algorithm

within application

evaluation of data logging &

human observations

evaluation of data logging &

human observations

evaluation of the biometricalgorithm´s fitness for

specific application

4.1 Conceptual Framework III


evaluation of the biometricalgorithm's fitness for

specific application

result

testingchoosebiometric technique

4.1 Conceptual Framework IV

5. Summary and Conclusions


In this paper we have introduced a

• biometric authentication process with data logging

embedded into a

• conceptual framework for testing biometric algorithms.

The presented conceptual framework enables thecollection of

• quantitative data (robustness, performance) and• qualitative data (human observations)

within operating systems‘ authentication.

5. Future Work


• Development of adequate biometric algorithms for real-life applications

• Applicability of the conceptual framework for different biometric applications

• Mobile IT, vehicles, entrance control systems, surveillance systems

• Biometric enrollment process with data logging

6. Demonstration

Modified GINA.DLL within Windows 2kfor Demonstration at ACM SAC 2002

Author:

Aleksander Koleski Biometric Authentication Research Group

[email protected]

Supervisor:

Arslan BrömmeBiometric Authentication Research Group

Faculty of Informatics, University of [email protected]


a conceptual framework for testing biometric algorithms ......• tests under real-life conditions...

Documents