joshua grieser. general definition ◦ biometrics is the science and technology of measuring and...

BiometricsJoshua Grieser

General Definition◦ Biometrics is the science and technology of

measuring and analyzing biological data IT Definition

◦ Refers to technologies and methods for uniquely recognizing humans based upon at least one physical or behavioral trait

Instead of using something you have (a key) or something you know (a password), biometrics uses who you are to identify you

Introduction

Quantitative measurements of humans for the purpose of identification dates back to 1870s◦ Measurement system of Alphonse Bertillon

System included skull diameter and arm and foot length measurements

1920s: used to identify prisoners 1960s: digital signal processing techniques

lead to automating human identification 1970s: government using technologies for

fingerprint and hand geometry

History of Biometrics

Two categories of biometric identifiers◦ Anatomical◦ Behavioral

Different types of biometric systems How it works Enrollment process Uses of biometric systems

◦ Current◦ Future

Overview

Fingerprint Face recognition Iris recognition Palm print

Common Types

DNA Voice patterns Handwriting Keystroke dynamics Skin analysis Vein patterns Gait

Other Types

Token – something a person possesses and uses to assert a claim to identity◦ (Password, PIN)

Tokens no longer sufficient to authenticate identity◦ Easy to counterfeit/steal◦ Cannot ensure positive identification of a person◦ Passwords forgotten and stolen

Biometric identifiers are linked to a person More robust audit trail, documentation

Why Use Biometrics?

Large number of civilian and government applications

Physical access control Welfare disbursement International border crossing National ID cards Computer log-in Safes Home alarm systems

Current Applications

Seven factors used:◦ Universality◦ Uniqueness◦ Permanence◦ Measurability◦ Performance◦ Acceptability◦ Circumvention

Note: No single biometric will meet all requirements of every possible application.

Assessing suitability of a trait

Universality◦ Means that every person using a system should

possess the trait. Uniqueness

◦ Means the trait should be sufficiently different for each person using the system in order to distinguish from one another.

Permanence◦ Relates to a trait varying over time. Trait with

good permanence will be more invariant over time, not constantly changing.

Seven Factors

Measurability (collectability)◦ Relates to the ease of measuring the trait. The data

form can be processed, features extracted. Performance

◦ Relates to accuracy, speed and robustness of the technology used.

Acceptability◦ Relates to how well individuals in the population

accept the technology. They are willing to have that biometric trait captured and assessed.

Circumvention◦ Relates to the how easy the trait is to imitate.

Seven Factors

All systems boil down to the same three steps

Enrollment◦ Records information about you

Storage◦ Translates the info into a code or graph

Comparison◦ Compares traits to the template on file

How it works

All systems also use the same three components

Sensor◦ Detects characteristic being used for identification

Computer◦ Reads and stores the information

Software◦ Performs actual comparison

How it works

In general, biometric system will scan trait and process data by accessing a database.

Two modes◦ Verification mode◦ Identification mode

Biometric templates◦ Most biometric types are converted into

mathematical representations to compare against

How it works

Stored in reader device, central repository, or portable token

Some devices have temporary storage

System performs one-to-one comparison Uses specific template stored in a database Involves confirming or denying a person’s

claimed identity Am I who I claim I am? To determine which template to compare

against, one of the following is used:◦ Smart card◦ Username◦ ID number

Verification Mode

System performs one-to-many comparison◦ More difficult

Attempts to recognize a person from a list of users in the template database

Who am I? Successfully identifies the human if the

sample collected matches template from the database when compared

Comparison result has to fall into preset threshold

Identification Mode

Enrollment - first time an individual uses the biometric system

During enrollment, biometric information from individual is captured and stored in the database

In subsequent uses, the sample is collected and compared with the information stored at the time of enrollment

Three Blocks

Enrollment

Interface between system and real world (human)

Where the system acquires all necessary data

Actual interaction with sensors Mainly image acquisition systems Can be different depending on desired

characteristics

First Block

All pre-processing performed Removes artifacts from sensors to enhance

input Normalization Example: removing background noise

Second Block

Necessary, unique features are extracted to create the template

Critical step, correct features have to be extracted in the optimal way

Uses vector of numbers or an image with particular properties to create template

Discards measurements not used in creation of template◦ Reduce file size◦ Protect identity of enrollee

Third Block

Encrypted using strong cryptographic algorithms to secure and protect them from disclosure

Protects biometric templates from being◦ Reconstructed◦ Decrypted◦ Reverse-engineered◦ Manipulated in other ways

Most templates are site specific Data is converted into code, not real life

representation of person’s traits

Templates are safe

When performing matching phase, template is passed to matcher that compares it with existing templates

Estimates distance between them using comparing algorithm ◦ (how different the two templates are)

Many different algorithms depending on biometric type◦ Example: Hamming distance

If accepted, it is output for specified use like entrance in a restricted area

Comparing Algorithms

“distance” between two strings of equal length (how different they are)

Measures minimum number of substitutions required to change one string into the other string (number of errors)

Examples◦ “toned” “roses” = 3◦ 1011101  1001001 = 2◦ 2173896  2233796 = 3

Programmed in many different languages Used for strings, integers, characters

Hamming Distance

Oldest biometric known Were previously captured with ink on paper

and mailed/faxed Entire process now done in near real time Leading toward use in applications from

biometric passports to ATMs Ridges and furrows used as reference points 60-70 points of reference in fingerprints

Fingerprint

Fingerprint

Face we are born with remains identifiable throughout our lives

Curves and contours remain relatively stable

Requires large image capture device Most suitable at fixed locations Least intrusive, can be scanned from a

distance Accuracy depends on lighting conditions

Face Recognition

Face Recognition

Each iris has different shapes and colors As unique as a snowflake Less intrusive, scanners don’t require bright

lights Mathematical expression of iris is most

detailed of any biometric technology Most accurate biometric Considered one of the most secure

Iris Recognition

Approximately 250 distinctive characteristics in an iris

All can be used as points of reference for comparison

Odds of two people having the same pattern are 1 in 7 billion

Comparing against database is quick and high level of accuracy

Used in airports and other secure facilities Most costly system

Iris Recognition

Iris Recognition

Size and shape of hands are unique to individuals

Device scans 3-D geometry of hand and fingers

Creates mathematical picture which is compared against a database

Readers are large, best suited for fixed point access

Capture units withstand extreme workforce conditions like temperature, weather

Can also verify individual’s hand even when it is dirty

Palm Print

Palm Print/Hand Geometry

Password for voice is tone and timbre Graph representation and compared against

a database User has to teach the computer first by

speaking a number of phrases Quick and efficient after the enrollment

process Only ambient noise limits its application

Voice Recognition

Not just how you shape each letter Analyzes act of writing Examines pressure you use, speed and

rhythm with which you write Records sequence in which you form letters

◦ Add dots and crosses as you go or after you finish Systems sensors can include touch-

sensitive writing surface or pen that contains sensors and detects angle, pressure, and direction

Translates handwriting into a graph

Handwriting Recognition

Handwriting Recognition

PressureSpeedAccelerationAngle

Aim to auto-update templates Benefits:

◦ No longer need to collect large number of biometric samples during enrollment process

◦ No longer necessary to re-enroll/retrain the system

◦ Can significantly reduce the cost of maintaining a biometric system

Issues:◦ Higher false acceptance◦ Threshold has to account for a changing template

Adaptive Biometric Systems

Privacy and discrimination◦ Possible to use data from enrollment for ways in

which the user did not consent◦ Example: DNA recognition used to screen for

genetic diseases Higher danger to owners

◦ Thieves can get more desperate◦ Example: cut off a finger to get access to

fingerprint scanner Cancelable biometrics

◦ Unlike passwords, biometrics cannot be cancelled or reissued to a person if compromised

Issues and Concerns

Some people object to biometrics for cultural or religious reasons

Possibility of companies selling biometric data similar to email addresses/phone numbers

Over reliance – not foolproof, can’t forget about common sense security practices

Accessibility – some systems can’t be adapted for all populations (elderly/disabled people)

Issues and Concerns

Australia Brazil Canada Germany India Iraq Italy United States

Used in Many Countries

International sharing of biometric data◦ Countries, including US, are sharing biometric

data with other nations◦ Positive:

Could help combat terrorism by having access to other countries’ data

◦ Negative: Easier for people in other countries to get access to

our data Makes it easier to tamper with

International Issue

Minority Report◦ Uses Iris scans for identification as well as POS

transactions MythBusters

◦ Attempted to break into commercial security door◦ Had fingerprint authentication◦ Successful with printed scan of fingerprint◦ Unsuccessful with gel fingerprint

Mission Impossible◦ Voice/iris recognition

Popular Culture

Biometrics Vulnerability Assessment Service Proprietary of Biometrics Institute Customer submits their system for

independent testing Conducted in an independent laboratory Biometric devices are sent to have their

vulnerabilities investigated, assessed, and reported

Helps make sure your system is secure and work out any kinks

BVAS

Central source of info on biometrics-related activities of the federal government

Sister site www.biometrics.org Repository of public information and

opportunities for discussion Developed to encourage collaboration and

sharing of info on biometric activities among:◦ Government departments and agencies◦ State, regional, and international organizations◦ General public

Biometrics.gov

Biometrics Reference◦ General info about biometric technologies,

government programs and privacy planning Presidential Directives

◦ PD that touch on biometrics or federal biometric activities

NSTC Subcommittee on Biometrics and Identity Management Room◦ Info on the National Science & Technology Council’s

Subcommittee on Biometrics Standards

◦ Info on federal biometric standards policy

Four main rooms

Hospitals using scan of veins in your hand to identify patients◦ Easy access to medical records◦ Eliminates paper records

Germany, supermarkets use fingerprint biometrics to identify consumer account information and make payments◦ Possible use in the US

Combine heat sensors to fingerprint, hand scanners◦ Confirm an actual hand is interacting

Future Applications

Mobile Automated Fingerprint ID System◦ Comparisons made immediately over mobile networks

US border control◦ Digital photo of both index fingers for non residents◦ Combat terrorism and monitor residence permits

Digital face/fingerprint images on passports◦ Increase security/reduce processing time at borders

Enable access to secure/sensitive areas like energy supply facilities or nuclear power stations

Opportunities for digital citizen cards◦ e-government, e-banking, e-business

Future Applications

Digital Cards

Layered systems◦ Combines a biometric method with a keycard or

PIN

Multimodal systems◦ Combines multiple biometric methods

simultaneously to confirm identification◦ Example: iris scanner and a voiceprint system

3-D palm print systems replace 2-D◦ Much higher anti-counterfeit capability

Multiple Biometrics

Being tested at Hong Kong Polytechnic University’s Biometrics Research Center

Uses laser scanning to construct 3-D shape of tongue

Collected in about 2-3 seconds

Tongue Scanning?

Continually increasing revenues More companies switching to biometric

security systems Annual revenues expect $11 billion by 2017 Compound Annual

Growth Rate

Biometric Industry

Biometric Industry Forecast

Biometrics in Military

http://www.youtube.com/watch?v=zHRiWz8D8C0&list=PLA3DB8B404806A6DD&index=4&feature=plpp_video

http://www.youtube.com/watch?v=ATowdPuQGNY&feature=BFa&list=PLA3DB8B404806A6DD&lf=plpp_video

Questions?