a conceptual framework for testing biometric algorithms ......• tests under real-life conditions...
TRANSCRIPT
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
A Conceptual Framework forTesting Biometric Algorithms withinOperating Systems' Authentication
Arslan Brömme,Marcel Kronberg, Oliver Ellenbeck, and Oliver Kasch
Biometric Authentication Research GroupFaculty of InformaticsUniversity of Hamburg
[broemme, biometrik]@informatik.uni-hamburg.de
ACM Symposium on Applied Computing SAC 2002March 11-14, 2002, Madrid, Spain
Plan of the Talk
1. Introduction
2. Process of Biometric Authentication• Process of Biometric Authentication with Data Logging• Resource Requirements of Biometric Techniques• Data Logging Module
3. Biometric Authentication with Data Logging• Unix: myPluggable Authentication Modules (PAM)• Windows NT/2k: myGraphical Identification and Authentication
Interface (GINA) & Overview of Surrounding Architecture
4. Testing Biometric Algorithms for Authentication• Conceptual Framework• Example: Expected Benefits for Iris Biometrics• Improving Biometric Algorithms for Applications?
• Summary, Conclusions and Future Work
• Demonstration (modified GINA within Windows 2k)(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
proceedings
1. Introduction
Mission: Development of adequate biometric algorithms for authentication purposes
• Laboratory tests are not sufficient• Not possible to accurately simulate realistic
environmental conditions
• Tests under real-life conditions are necessary
• Test results are used for evaluation of biometric algorithms' • Degree of fitness (robustness, performance)• Usability of biometric technique
• Collection of quantitative data (data logging) andqualitative data (human observer)• Within standard OS (Windows NT/2k & Unix)
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2. Process of Biometric Authentication
• Process of Biometric Authentication with Data Logging• Definition of process for standard OS
• Resource Requirements of Biometric Techniques• Tabular overview of resource requirements for
different biometric techniques
• Data Logging Module• Concept of data logging module for OS logon
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.1 Process of Biometric Authentication w. Data Logging I
securedata
loggingdatabase
start login
login dialog
capturing/scanningprocess
raw & calibrationdata
biometricalgorithm
result
biologicalcharacteristics
biometricsignature class
securebiometricdatabase
t1
t2
t3
t4
t11
d1
d2
d3-9
d10
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.1 Process of Biometric Authentication w. Data Logging II
Biometric algorithm is subdivided into four modules
• preprocessing
• quality check & normalization
• signal processing & calculation of biometric signature
• comparison & decision
Timestamps t1-10 and data d1-9 from different modules can be collected
P
Q
S
D
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.1 Process of Biometric Authentication w. Data Logging III
securedata
loggingdatabase
biometricsignature class
securebiometricdatabase
t4
t8
t9
t11
d3
preprocessing
preprocessed data
quality check &normalization
normalized data
signal processing &calc. biometric signature
comparison &(final) decision
t5
t6
t7
t10
biometric signature
d4d5d6d7d8d9
biometricalgorithmP
Q
S
D
controlinformation
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.2 Resource Requirements of Biometric Techniques I
Five abstract resources for OS identified
• Video [image]
• Video [stream]
• Audio [stream]
• Scan [single values]
• Scan [time series]
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.2 Resource Requirements of Biometric Techniques II
body part
Vid
eo
[im
ag
e]
Vid
eo
[st
ream
]
Au
dio
[st
ream
]
Sca
n [
sin
gle
]
Sca
n [
tim
ese
ries]
face geometry x x - - -iris x x - - -retina (veins) x x - - -voice - - x - -lip movement - x - - -dental x - - x -ear x - - x -
head
tongue x - - x -hand geometry x x - x -handfinger/palm print x x - x -
brain waves - - - - xcerebric intuitional acts - x - - x
DNA x - - - xgesture - x - - xodor - - - x xmovement patterns - x - - x
posture x x - - -
signing x x - x -
biological characteristic
body
motoric
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.3 Data Logging Module I
Storing collected data in authentication records byusing a data logging module.
Functions of data logging module
• Create an authentication record
• Update of an authentication record
• Insert single values into an authentication record
• Pass stream values to an authentication record
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
2.3 Data Logging Module II
biometricauthentication
process
dataloggingmodule
securedata
loggingdatabase
securedata
loggingdatabase
I. II.
[d1] login specific data
[d2:r1] video [image]
[d2:r2] video [stream]
[d2:r3] audio [stream]
[d2:r4] scan [single values]
[d2:r5] scan [time series]
[d3] internal data from P
[d10] result...
[t1] start of login
[t11] end of module D
...
securecommunication
channel
3. Biometric Authentication with Data Logging
• Unix• myPluggable Authentication Modules (PAM)
• Windows NT/2k• myGraphical Identification and Authentication Interface
(GINA)
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
3.1 Unix: myPluggable Authentication Modules (PAM)
pluggable authentication mechanism
system entry service
authentication and data logging mechanism
PAMconfiguration file
Login:PAM-awareapplication
PAM
PAM module:secure biometric
database
PAM module:biometric algorithm
PAM module:secure data
logging database
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
3.2 Windows NT/2k: Graphical Identification and Authentication Interface (GINA) & more
WINLOGON myGINA
secure attentionsequence
SSPI
mySP
myAP
LSAm
yA
P/
SP
application
biometric GINA
biometric AP
biometric SSP
biometric applicationbiometricdatabase
securedata
loggingdatabase
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
3.2 Windows NT/2k: Overview of Surrounding Architecture
[Figure by Microsoft]
4. Testing Biometric Algorithms for Authentication
• Conceptual Framework
• Example: Expected Benefits for Iris Biometrics
• Improving Biometric Algorithms for Applications?
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
proceedings
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
application
chooseenvironment
choosebiometric techniquemethod sensor drivers
chooseoperating systemUnix Windows NT/2k
implement biometricauthentication processinto operating system
evaluation ofbiometric algorithm
biometricauthentication
process
4.1 Conceptual Framework I
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
implement biometricauthentication processinto operating system
biometric authentication
process
securedata logging
module &database
securebiometricdatabase
securecommunication
channelsimplement/parameterizebiometric algorithm
operatingsystem
biometrictechnique
4.1 Conceptual Framework II
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
implement/parameterizebiometric algorithm
testing of thebiometric algorithm
within laboratory
testing of the biometric algorithm
within application
evaluation of data logging &
human observations
evaluation of data logging &
human observations
evaluation of the biometricalgorithm´s fitness for
specific application
4.1 Conceptual Framework III
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
evaluation of the biometricalgorithm's fitness for
specific application
result
testingchoosebiometric technique
4.1 Conceptual Framework IV
5. Summary and Conclusions
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
In this paper we have introduced a
• biometric authentication process with data logging
embedded into a
• conceptual framework for testing biometric algorithms.
The presented conceptual framework enables thecollection of
• quantitative data (robustness, performance) and• qualitative data (human observations)
within operating systems‘ authentication.
5. Future Work
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“
• Development of adequate biometric algorithms for real-life applications
• Applicability of the conceptual framework for different biometric applications
• Mobile IT, vehicles, entrance control systems, surveillance systems
• Biometric enrollment process with data logging
6. Demonstration
Modified GINA.DLL within Windows 2kfor Demonstration at ACM SAC 2002
Author:
Aleksander Koleski Biometric Authentication Research Group
Supervisor:
Arslan BrömmeBiometric Authentication Research Group
Faculty of Informatics, University of [email protected]
(c) 2002 Arslan Brömme „A Conceptual Framework for Testing Biometric Algorithms ...“