secure authentication using biometric methods

Information Security Technical Report, Vol 7, No. 3 (2002) 30-40

30 Information Security Technical Report, Vol. 7, No. 3

The ‘weakest link’ in the security of many systems isthe interface between the user and the rest of thesystem. Traditional methods of ensuring that thisperson is the same one who was originally registeredare acknowledged to be insecure. For example, theoverloading of users’ memory through adding evermore complex password rules forces many to commitpasswords to paper. Similarly, cards, tokens and keysare easily lost or shared with other, unauthorizedpeople. For many years biometric methods were thestaple of a certain film genre. However, in recentyears more has been learnt about the practicalities ofbiometric systems, and with devices becoming lessexpensive, this has led to an upsurge of interest intheir application.

Introduction

From time immemorial, people have soughtways to confirm the identity of individualswho are unknown to them personally, butwho have been vouched for previously bytheir countrymen or colleagues. Trustedpersons were given passphrases tomemorize, they were handed keys of everincreasing complexity to enter restrictedareas or they were issued with passportssigned by a recognized authority whichmight include a description of theindividual. These same approaches are stillin use today, centuries after theirintroduction — almost unchanged in an ageof unprecedented technological progresselsewhere.

Three advances were needed to realize biometricconfirmation of identities: i) fixed identities ofpeople, through a name, a number and a date ofbirth; ii) a distinctive, but stable, physical featureor action that could be coded to capture thoseelements which distinguish one person fromanother; and iii) automated processes to allowfor unattended comparison of this feature oraction with the coded version obtained at thetime of registration or enrolment.

The advent of the Industrial Revolution withits mass migration of the rural population totowns, and the growth of the railway networkin the 19th century, highlighted the need forstable identities, securely administeredrecords of births and deaths, and bordercontrols to limit the movement of people. Theresulting high population density in urbanareas brought with it an increase in crime, anda need to identify repeat offenders. Althoughphysical measurements and distinguishingfeatures such as scars were used at first, thediscovery — more than a century ago — of theuniqueness of fingerprints revolutionized thework of police forces. Nonetheless, the workof fingerprint experts was to remain verylabour-intensive until the development ofautomated systems which no longer used thelarge scale features of the print as a startingpoint, but made use of the minutiae — the finedetail such as the ends of ridges or pointswhere one ridge divides into two.

The past decade has seen the advent of anotherrevolution, variously described as theInformation or Knowledge Revolution,characterized by the emergence of the Internet,the availability of broadband data links to thehome, office and factory, and novel forms ofelectronic commerce. People are travelling, this

Secure Authentication Using Biometric MethodsMarek Rejman-Greene

BTexact Technologies, Adastral Park, MartleshamHeath, Ipswich, IP5 3RE, UK

issue.qxd 29/10/2002 14:25 Page 30

Secure Authentication Using Biometric Methods

Information Security Technical Report, Vol. 7, No. 3 31

time through a virtual world of computerizeddata, with secure identification again a keyrequirement to protect resources, limit criminalactivity and assure users of the integrity oftransactions. Nevertheless, almost all suchsystems still use memorized numbers orpasswords (sometimes supported by cards ortokens), in spite of research that demonstratestheir low level of security1. In contrast, biometricmethods authenticate the person directly; theyare no longer a proxy for that identity.

Biometric methods

A biometric has been defined as “ameasurable, physical characteristic orpersonal behavioural trait that can be used torecognise the identity, or verify the claimedidentity, of an enrolee”2. Numerousapproaches have been proposed over the past30 years, with only a few methods beingsufficiently distinctive, stable, robust, and costeffective to merit commercialization.

Of those methods that make use of apredominantly physical characteristic, themore useful systems are:

Fingerprint image recognition

A development of the forensic fingerprintmethod, but designed to meet therequirements of speed, low cost processingand compact storage of the coded image (the‘template’) in non-forensic applications.Although early sensors were bulky opticalsystems, many current units are silicondevices, resulting in cheaper fabrication costsand, in principle, allowing the integration ofimage processing and encryption functions onthe same chip.

Automatic facial recognition

The ubiquity of CCTV (closed circuittelevision) and Web cameras has generated

increased interest in systems that extract theimage of a face from a complex backgroundand code its individually distinctive elementsin a robust way.

Iris recognition

A very promising method of identifyingpeople based upon the highly differentiateddetail in the coloured part of the eye.

Retinal biometrics

In contrast with iris recognition, the retinabehind the eyeball is illuminated with infra-red light and the pattern of blood vessels onthis hidden surface is imaged and processed.

Hand geometry

A long established approach that codes theshape of a hand into a very a compacttemplate. Because of the physical size of thehardware required, hand geometry systemsfind their main application in the control ofaccess to buildings (or spaces withinbuildings) and in ‘time and attendance’systems that ensure only authorizedemployees are at work.

Of the predominantly behavioural traits, themost commonly employed methods are:

Speaker verification

Individually distinctive elements of the voicepattern are used, with the person speaking setwords or phrases (text-dependent mode) orthe system collecting ordinary speech (text-independent mode)

Dynamic signature verification

People signing their names oftendemonstrate consistency in the time taken towrite parts of the signature and the time that

issue.qxd 29/10/2002 14:25 Page 31



a pen is lifted above the writing surface inbetween initials and surname, the pressurewith which the pen is applied in thesesections, etc. Such DSV systems can be usedtogether with the shape of the signature tocreate a distinctive pattern.

Keystroke dynamics

In this biometric, the time between typingpairs of letters on a keyboard is captured.These time differences can show individuallydistinctive measures for users typingpassphrases, their names, routine wordsspecific to their work, etc.

The performance of biometric methods variesgreatly, not just between one method andanother, but also between differentimplementations of the same method. Notonly can different sensors be used (e.g.optical or solid state fingerprint hardware),but the algorithms used to code the imagesand match the biometric subsequently will beproprietary. (Other aspects of theperformance of biometric-enabled systemswill be discussed later.) To improve theperformance and to meet the securityrequirements of an application, more thanone biometric may be needed, or the securitypolicy may mandate the use of an additionalmethod of authentication. However, theselection of such additional measuresrequires careful thought. In summary, it isclear that it is usually not possible to answerthe question: “Which is the best biometric?”without further clarification of theapplication and specific implementation.

The biometric system in use

In general, a biometric-enabled system willconsist of four components:

• a device or sensor that measures thecharacteristic feature or behavioural trait;

• an algorithm that processes the signal andcompares it with a standardisedrepresentation of the individual’s biometricfeature or trait;

• a decision module that determines whetherthe comparison is acceptable and thenpasses this result to the main application;

• a management framework and supportingprocesses.

When a user is first enrolled in the system, thesignal or image from the sensor is processed ina proprietary manner to extract those elementsthat distinguish the user from otherindividuals. The resulting codedrepresentation is termed the template .Typically the template is more compact thanthe image from the sensor, with a size in therange between 10-1000 bytes. Systemdesigners can choose whether to store thisrecord centrally in a database, to keep itlocally on a terminal (the PC or biometricreader at the door into a room), or to store it ona portable device such as a magnetic stripecard or USB token. This decision will dependon a number of factors such as securityconsiderations, the system storage capacityand scalability limitations and the privacypreferences of end users. In nearly allapplications, the primary image or signal isnot retained.

Although there are many ways of applying abiometric method, the three principal modesof operation are:

Confirmation of first registration

There are many applications whereindividuals can obtain an advantage throughthe generation of multiple identities, e.g.payment of social security benefits and theissue of driving licences. In biometric-enabledapplication of this type, the search algorithm

issue.qxd 29/10/2002 14:25 2



uses the applicant’s template to make acomparison with all of the previously enrolledtemplates. If no templates offer a sufficientlyclose match, the user is permitted to enrol ontothe database as a unique, fresh individual.

Verification of a user’s identity

However, the most common way of usingbiometric methods at present is to verify theidentity of users. In this mode, a person makesa claim to being a specific individual, eitherdirectly by typing their user name or offeringan identifier such as a uniquely allocatednumber stored on a card. This identifier pointsto their template and a comparison is madebetween this template and the signal from thebiometric reader obtained at the time ofverification. If the match meets the securitycriteria of the application, the user’s identity isverified.

Identification of an individual user

In this ‘walk up’ mode, the user makes noclaim of identity, minimizing theauthentication overheads for the individual.The biometric system captures the data set ofthe subject (e.g. an image of an iris), processesthe image to remove noise and extracts thedistinctive features for comparison with theentire database of templates. The templatethat corresponds most closely to the featureset of the subject is deemed to be that of thesubject and the application progresses on thatassumption, perhaps customizing a service forthat individual. For security reasons, aminimum level of matching ought to be set.

In all three modes of operation, there is acomparison stage. Although this matchingmay appear to be a trivial step, the variabilityof conditions at the human-machine interfaceresults in considerable problems whenbiometric methods are deployed. For example,users may position their fingers at a slightly

different angle in a fingerprint biometric, theambient lighting in a facial recognition systemmay change from direct sunlight to artificialillumination at night, a user in a speakerverification scheme may develop a cold, etc. Ifa biometric system is configured to expect tooclose a match it will reject the correctlyenrolled user, causing them to resort to abackup system, which itself may be lesssecure. Conversely, if the threshold foraccepting a valid match is set too low, thesystem may allow an impostor to be accepted.

The resultant trade-off between high security(with a greater possibility of false rejection)and a more usable system (risking falseacceptance) is a common feature of any systemthat uses a biometric. Sometimes, the systemadministrator is permitted to adjust value ofthe threshold, perhaps individually for eachuser, so as to pass difficult cases (‘goats’) moreeasily. Alternatively, a probability score can bereturned to the application, representing thelikelihood that the person is who they claim tobe. In this latter instance, the application canmake use of other information, such as thevalue of the transaction, to determine whetherto accept the identity.

It would be useful if such performance trade-offs were known in advance of decisions aboutwhich biometric to use. It would guide usersin the selection of optimal threshold settingscorresponding to a specific security policy.Experience shows, however, that performanceis a sensitive function of a number ofvariables. These include the context of theapplication, the demographic details of thesubject population (gender, age, disability,race, etc.) and the extent to which userscooperate with the system. Discussion of thedetails of such testing is deferred to a latersection. However, it should be noted that,owing to the high cost of conductingindependently managed tests, the results ofsuch studies are often not publicized.

issue.qxd 29/10/2002 14:25 Page 33



The cost of deploying a system with abiometric needs to be carefully assessed.Although prices of the sensors and readers arecontinually falling, the whole life costs ofintroduction, training and provision of usersupport, secure enrolment, integration withother applications, etc., will dominate anyquotation from a reputable system integrator.In particular, system designers shouldunderstand the cost structures associated withthe registration and enrolment phases as thesecan dominate the budget in many promisingsystems.

Piloting of applications, although a costlyundertaking, is necessary as a precursor formost deployments, providing an indication ofthe performance to be expected when thesystem is fully deployed; however, experiencegained in many high profile systemsdemonstrates that trials conducted even undernominally similar conditions can give over-optimistic results. Fine-tuning the systemduring the initial rollout should enable thesystem to be adjusted in the light of any suchdivergence from predicted performance,provided that the system is flexible enough toincorporate such changes. Over the longerterm, changes in physical features or traitsmay lead to problems with matching to theoriginal template. Systems can eithergradually age the template in line with thesechanges, or a programme of re-enrolment maybe needed. Both fingerprints and iris patternshave demonstrated stability over severaldecades, whereas facial images will, ingeneral, require frequent updating.

As we have mentioned previously, allbiometric methods present problems forsections of the population. For some users,this can be alleviated by specific training andsupport to explore alternatives (such asselecting a finger other than the index ormiddle one, for which most readers aredesigned). In some circumstances, the security

policy can allow for individual setting of thethreshold, although these exceptions shouldbe audited and the impact on the overallsecurity of the system needs careful analysis.There remains a group for whom even thesemeasures will not produce a satisfactoryresult. For these individuals, a backup oralternative method will have to be offered.However, resorting to existing alternatives ofpasswords or tokens will probably degradethe strength of the authentication mechanism.

How well will it work? Testingbiometric devices and systems

An ideal biometric system would have a stabletemplate, unique to every individual in theuser population, and with sufficientdifferentiation from other users’ templates toensure correct operation over a range ofsecurity thresholds. It should authenticatepeople within an appropriate time for theapplication, and operate over the range ofenvironmental conditions likely to beencountered in the application. Of course, thisidealized system should be safe, secure andacceptable to end users.

No system will meet these requirements, and inmost cases the realizable performance will fallshort of the theoretically optimum levels, dueto compromises in the commercialization of amethod. One limit will be the size of thetemplate; however, not every bit will offer thedifferentiation between individuals.Nevertheless, the iris recognition template withan effective size of 256 bytes has the potential ofdifferentiating between people in very largepopulations3, and therefore operation inidentification or unique registration modes ispossible. By contrast, the 9 bytes of a handgeometry system will be suited to applicationswhere verification of an identity is the aim.

The performance of a specific implementationof a biometric method can be evaluated in

issue.qxd 29/10/2002 14:25 Page 34



three ways: technology tests, scenario testsand operational evaluations4.

The technology evaluation concentrates on thealgorithms used in the processing of astandard set of inputs into templates and thecomparison of these templates relating tospecific individuals with a database of otherinputs taken from these individuals under avariety of environmental conditions. Suchtesting requires careful attention to process ifit is to be fair and impartial. Generally, thesetests are run in the form of competitions everyone or two years by an independent body, andthe continued improvement in the resultsfrom the winners (and even the averageentrant) testifies to the maturity of thesetechnologies. Currently, such tests are run forthree biometric methods: the FERET series offace recognition algorithms5, the NIST seriesfor speaker verification6, and the FVC series offingerprint algorithm comparisonscoordinated by the University of Bologna7.

Scenario tests attempt to simulate theoperational conditions under which abiometric device could be used, with theproviso that the tests are conducted understrictly controlled conditions. Often, a numberof biometric devices or systems are tested inparallel with the same subject population.Although the results of such comparisonsshould be treated with caution, it is often theonly way in which prospective customers ofbiometric systems can narrow down theoptions for a specific application.

Operational evaluations test the biometric in apilot environment, over an extended period oftime, and with subjects that are typical of thepopulation of end users in a future fulldeployment. By this stage, a decision on abiometric method and specific supplier willhave been made and the tests will confirm thepredicted performance and highlight anyunforeseen problems.

Although the focus of scenario andoperational testing is usually on the technicalaspects, it should not be forgotten that there isa human dimension to the use of biometric-enabled systems. These tests present anopportunity to gauge the reaction of potentialusers, to understand the fears and concernsthey may have and to assess the need fortraining and support.

Testing of devices and systems is a complexundertaking. Early tests, predominantly bythe suppliers of devices themselves, gaveover-optimistic projections of performanceunder operational conditions, and wereobtained with small groups under idealizedconditions. In an effort to standardize oncommon procedures, Sandia NationalLaboratories in the USA conducted two seriesof comparative tests on standalone biometricdevices and included questionnaires to elicitimpressions of acceptability fromparticipants8. Subsequent problems in the useof devices that had been tested demonstratedthe need for better testing strategies. As aresult, a scientific basis for testing hasemerged from studies at the biometricsresearch centre at San Jose State University9,the work of the Biometrics Consortium10 (afocal point for US Government’s research, testand development activities), the EuropeanCommission sponsored BIOTEST project11 ledby the UK’s National Physical Laboratory andthe activities of the UK Biometric WorkingGroup12. A standardization of the testing andreporting methodologies now offers theprospective user of biometric systemsconfidence in the interpretation of test results.

Nevertheless, tests only give a partialindication of the likely performance of thedeployed system. The effect of changes in theenvironment, such as varying light levelsaffecting the reliability of face recognitionsystems and sudden bursts of backgroundnoise degrading the security of speaker

issue.qxd 29/10/2002 14:25 Page 35



verification systems, are predictable. Otherfactors such as difficulties that non-Caucasianwomen may have in using some fingerprintverification systems are less obvious.

How secure is a system withbiometric devices?

Even though biometric-enabled modules areoften designed as a countermeasure to anacknowledged vulnerability in a system, theythemselves must be secure. For example, theconfirmation of a match needs to be protectedand the template database may have to beencrypted to meet the requirements of thesecurity policy for the system as a whole. Recentpapers have also demonstrated how fewcommercially available devices are resistant tospoofing13. Photographs of faces and artificialfingers made from gelatine appeared to havebeen accepted as genuine biometric inputs, inspite of the claims of many vendors that theyhave ‘live and well’ features included in theirproducts. This aspect of security has generatedinterest in testing this aspect of devices, asvendors are often unwilling to discuss theirvulnerabilities on the grounds of commercialsensitivity or ‘security’14.

Although these are the most obvious concerns,assessing the security of systems withbiometric components presents numerouschallenges to the designer of secure systems15.However, objective assessment of the securityof a device, without even considering thesystem as a whole, is an expensiveundertaking. To date, only one device hascompleted the assessment against theinternational Common Criteria functional andassurance security requirements. Thisassessment has resulted in a draft for abiometric-specific methodology tosupplement the main Common Criteriamethodologies16. To support this, work isunderway on harmonisation of ProtectionProfiles for biometric devices17.

Design flaws can offer unintentional ‘backdoors’ to critical parts of the unit. Such flawsmay lie undiscovered, often due to theunwillingness of suppliers to publish detailsof the algorithm or internal processes. Forexample, in one system that was tested, anartefact of the algorithm allowed an unusualtemplate (obtained during a normalenrolment) to match successfully against 15%of the rest of the trial group.

Determining the limits to individualdistinctiveness of people using biometricmethods is often unclear. The incidence ofidentical twins in the population places a limiton most facial recognition systems (althoughthe developers of methods using spatialvariations in the heat output from bloodvessels in the face claim otherwise).Fingerprint systems should offer many ordersof magnitude better identification capabilities,although commercially dictated compromisesresult in performance significantly inferior toforensic AFIS systems.

As in many other technically advanced securitysolutions, simple attacks can be very effective.Spray painting cameras or fingerprint sensorswill force the use of alternative backupmethods or disable systems completely.

Finally, no system designer should forget theweakest link in a security system: the peoplewho operate the system, whether they aresystem administrators or managers. Unlessproper security policies are adhered to, it maybe relatively easy for unauthorized users tocollude with managers at an enrolment so asto add multiple instances of their identity or tolink their biometric template to a false identity.

Will users want to use biometricsystems?

More than 30 years after the first developmentof a biometric device, the extent of user

issue.qxd 29/10/2002 14:25 Page 36



acceptance of these novel methods remains tobe determined. To date, many large scaledeployments have been in environmentswhere users have little or no choice. Visitors toprisons, personnel in military institutions,refugees, recipients of social security benefitsor citizens in developing countries have beenthe early adopters of these technologies.

In European countries, the evidence fromrelatively crude surveys has been equivocal,and there is little data from scientificallystructured studies to answer the keyquestions. Some research points to anunwillingness to use fingerprint recognitionfor fear of misuse by security agencies. Forother people, there appear to be concernsabout hygiene. Other respondents base theirsupport for the application of fingerprinttechnology on the parallel with use by police:“if it’s a strong enough way of identifyingpeople for them, then it will stop criminalsstealing my identity”. More detailed studiesare necessary if these disparate strands are tobe unravelled. Use of innovative techniquessuch as grounded theory methods18 should beconsidered; these attempt to reduceinterviewer bias thereby allowing the subjectsgreater freedom to express their opinions. Onegroup of commentators believes that clearanswers will not be forthcoming until devicesstart appearing in offices and on the HighStreet. Until that time, media reports andfuturistic films will play a crucial role ininforming the general public.

Many privacy advocates believe thatbiometric authentication is a disproportionateresponse to the need for strongerauthentication. A universal identifier thatcould be used for commercial transactions, inpassports and health services is viewed withsuspicion. The temptation for otherorganizations to make use of such an identifierfor less important applications — so-called‘function creep’ — could be difficult to resist.

Nevertheless, there is a measure of legalprotection in the European Union. As abiometric template can be traced back to anindividual19, in a legal sense it appears to bepersonal data, and is therefore subject to theprovisions of the 1995 European Directive onPersonal Data Protection20 and the laws ofindividual member states that incorporate thisdirective into national law21. Furtherprotection is offered by Article 8 of theEuropean Convention on Human Rights22

guaranteeing rights to respect for their privateand family life. Relatively little has beenpublished on the application of these laws tobiometric systems, although data protectionauthorities in different Member States appearto be diverging in their initial views on howthe end user of a biometric system should beprotected.

The major provisions of data protection lawsare summarized in eight principles, amongwhich are fair dealing in the collection and useof the data, requirements for appropriatesecurity measures for the databases andsystems storing the data, and limitations ontransfer or exchange of data outside theEuropean Economic Area. Beyond this,commentators suggest specific proceduralmeasures to reassure end users. Onerecommendation proposes that applicationsshould be segmented by sector or division ofan organization so that large databases of dataare not created.23

In the USA, where no comprehensive dataprotection legislation exists, such privacyconcerns have been taken up by the IBIA, anindustry lobbying group, which has offered aset of privacy principles, advocating clearpolicies for applications in the private sectorand enforceable legal standards forgovernment deployments24.

Most suppliers of biometric devices have beensmall to medium enterprises, with limited

issue.qxd 29/10/2002 14:25 Page 37



budgets for testing their products, developingsecure products or setting standards forinteroperability. Indeed, many aimed todevelop proprietary solutions so as to capturethe greater proportion of the market for anapplication. Many such companies havedisappeared or have merged with others asthe predicted expansion in the use ofbiometrics failed to materialize. In thepotential user community, the fear of such acollapse of a supplier with no second sourcinghas deterred their wider application. Inresponse, suppliers, integrators and customersfor systems are working together to developstandards, in the first instance for anapplication-level interface. The BioAPIConsortium has developed a specification forthis API, along with a referenceimplementation25. At that time, a device levelstandard was judged to be too complex,although in May 2000 Microsoft and I/OSoftware announced their cooperation in thedevelopment of BAPI, an alternativebiometrics API, with the aim of integratingbiometric authentication into future versionsof the Windows operating system.26

In the wake of September 11th, the demand forother standards has increased. The financialsector had already agreed a standard forbiometric management and security27, andstandardized formats for the exchange ofbiometric data files are also available28. Thereis growing pressure to move standards such asBioAPI to formal ISO international status,with the formation of the ISO/IEC JTC1/SC37 Biometrics committee and its UKshadow, IST/44.

Will biometric methods becomeubiquitous?

The future of biometric technologies hasalways been viewed in terms of exponentialgrowth. The alternatives offered clearlyinadequate security and the high technology

image associated with biometrics was seen asan advantage. Each year, such forecasts havebeen proved wrong, in spite of a continuingdecrease in the cost of devices. A decade ago,signature verification was about to reducecredit card fraud and save the costs of storingcredit card slips; voice recognition wouldenable novel applications to be deployed bytelecommunications operators. Five years ago,the development of silicon fingerprint sensorswas regarded as the most significantinnovation in the biometrics market, reducingthe cost of devices 20-fold.

In spite of applications such as the payment ofpensions to 2 million South African citizensusing fingerprint verification, few large scalesystems were installed. Part of the reason forthe slow take-up may lie with a pre-occupation with the technology. Thefragmentation of the market and the over-exaggerated claims of ease of use and highperformance may also have played a part. Asearch for a ‘killer application’ may havediverted attention from opportunities in nichemarkets.

The European market for systems usingbiometrics promises to be very large. Manynovel devices and systems have emerged inEurope, and in contrast with the USA, someof the largest multinationals are activelyinvolved in these technologies. Governmentsin Europe are assessing their response to theUS PATRIOT Act that mandates theintroduction of biometric authentication forpassports for countries that take part in theVisa Waiver programme. In the UK, aconsultation paper on Entitlement Cards hasproposed biometric authentication to securethe issue of such cards, passports anddriving licences. Other countries areexamining the use of face recognitiontechnology to automatically check that theface on a passport photograph matches theholder.

issue.qxd 29/10/2002 14:25 Page 38



In the commercial sector, interest continues intime-and-attendance applications to ensurethat only correctly verified employees are atwork. With the cost of security personnelcontinuing to increase, access control tobuildings is also seen to be a major marketopportunity. As more valuable services start tobe deployed in third generation mobiletelephony systems, the use of strongerauthentication than that offered by a fourfigure PIN is likely to become an increasinglyurgent requirement.

In spite of these opportunities, the future forbiometric-enabled applications in Europeremains uncertain. One response is tounderstand the market forces driving orinhibiting the adoption of these methods, andclarify the gaps in research, skills andknowledge that need to be addressed bothnationally and at a regional level. As part ofthe Fifth Framework collaborative researchprogramme, the European Commission isfunding the BIOVISION project to develop aroadmap for biometrics in the EU over theperiod to 201029. The nine partners from fivecountries bring together viewpoints from thesupplier, integrator, academic and usercommunities, as well as key leaders in thesecurity, legal and testing fields. The partnershave already identified several key aspectsthat require further research, e.g. in security,user acceptability and medical implications.They have also noted the fragmentation of thebiometrics sector and propose the formationof a European Biometrics Forum to share bestpractice and develop multinationalpartnerships.

Biometric methods of identification andverification have come a long way over thepast 30 years. The technologies have maturedand our knowledge of testing andspecification of devices has advancedsubstantially. This paper shows that thereremain unanswered questions in a number of

key areas, both at the device and systemlevels. Nevertheless, the variety of differentsolutions on offer, both in the commercial andin the government sectors, make it unlikelythat it will take another 30 years for biometricdevices to become the authenticationmechanism of choice, replacing passwordsand PINs, securing smart cards and perhapsreducing the billions of door keys in daily usetoday.

Biography

Marek Rejman-Greene is a senior consultant inBTexact’s Security Technologies practice,specializing in biometrics, human securityissues, privacy aspects of telecoms servicesand the application of Public KeyInfrastructures (PKI). He is a leader in themain European biometric organizations: theAssociation for Biometrics and the UKGovernment’s Biometric Working Group. Hecoordinates BT-sponsored university researchon issues of identity, human security and PKI.

Referencesi M.A. Sasse et al., Transforming the ‘weakest link’ - a human/computerinteraction approach to usable and effective security. In: Internet and WirelessSecurity, editors R. Temple and J. Regnault, Institution of Electrical Engineers,2002, pp. 243-261.

2 Association for Biometrics and International Computer Security Association,1999 Glossary of Biometric Terms, http://www.afb.org.uk/downloads/glossuk2.htm

3 M.M. Gifford et al., 1999. Networked biometric systems – requirements basedupon iris recognition systems, BT Technol. J., Vol. 17(2), April 1999, pp. 163-169.

4 A. Mansfield and J. Wayman, 2002. Best Practices in Testing and ReportingPerformance of Biometric Devices, v, 2.01 (August 2002), http://www.cesg.gov.uk/technology/biometrics/media/Best%20Practice.pdf

5 www.dodcounterdrug.com/facialrecognition/FRVT2000/frvt2000.htm

6 http://nist.gov/speech/publications/index.htm

7 http://bias.csr.unibo.it/fvc2002/

8 J. Holmes et al., 1991. A Performance Evaluation of Biometric Identification Devices,Sandia National Laboratories report SAND91-0276 (June 1991).

9 www.engr.sjsu.edu/biometrics

10 www.biometrics.org

11 www.npl.co.uk/npl/sections/this/biotest

12 www.cesg.gov.uk/biometrics

13 T. van der Putte and J. Keuning, 2000. Biometric Finger Recognition : Don’t GetYour Fingers Burned, Smart Card Research and Applications, IFIP FourthWorking Conference pp.289-303 (September 2000) and T. Matsumoto et al.,

issue.qxd 29/10/2002 14:25 Page 39



Impact of Artificial ‘Gummy’ Fingers on Fingerprint Systems, Proceedings of SPIE4677 (2002).

14 A Valencia, Biometric Liveness Testing, Proceedings of CardTech-SecurTech,(New Orleans, May 2002).

15 Marek Rejman-Greene, 1998. Security considerations in the use of biometricdevices, Information Security Technical Report, Vol. 3, No. 1, 1998, pp. 77-80.

16 Common Criteria Biometric Evaluation Methodology Working Group,Biometric Evaluation Methodology Supplement, (version 10, August 2002).

17 http://www.cesg.gov.uk/technology/biometrics/media/bdpp082.pdf (DraftIssue 0.82, 5 September 2001).

18 B. G. Glaser and A. L. Strauss, 1967. Discovery of Grounded Theory, Strategiesfor Qualitative Research Aldine (Chicago).

19 This discussion is based in part on a study by Jan Grijpink, Privacy Law:Biometrics and Privacy Computer Law and Security Report , Vol. 17(3), 2001, pp.154-160.

20 Directive 95/46/EC of the European Parliament and of the Council of 24October 1995 on the protection of individuals with regard to the processing of

personal data and on the free movement of such data http://europa.eu.int/eurlex/en/lif/dat/1995/en_395L0046.html

21 In the UK, this is the Data Protection Act 1998.

22 In the UK, this is incorporated in law as the Human Rights Act, 1998.

23 Simon Davies, Touching Big Brother: How biometric technology will fuse fleshand machine. Information Technology and People, Vol. 7, No. 4, 1994 and atwww.privacy.org/pi/reports/biometric.html

24 International Biometric Industry Association, www.ibia.org/privacy.htm

25 www.bioapi.org

26 www.iosoftware.com/press/release.asp?id=21

27 www.x9.org ANSI X9.84 Biometric Management and Security (2001).

28 www.itl.nist.gov/div895/isis/cbeff CBEFF: Common Biometric Exchange FileFormat (Jan 2001).

29 Contacts: Marek Rejman-Greene of BTexact Technologies and Martin Walsh ofDaon.

issue.qxd 29/10/2002 14:25 Page 40

secure authentication using biometric methods

Documents