Biometrics

From Wikipedia, the free encyclopedia

Jump to: navigation, search
At Walt Disney World biometric measurements are taken from the fingers of guests to ensure that the person's ticket is used by the same person from day to day

Biometrics refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance.

Biometric characteristics can be divided in two main classes:

  • Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, hand and palm geometry,iris recognition, which has largely replaced retina, and odor/scent.
  • Behavioral are related to the behavior of a person. Examples include, but are not limited to typing rhythm, gait, and voice. Some researchers[1] have coined the term behaviometrics for this class of biometrics.

Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral.

Contents

[edit] Introduction

The basic block diagram of a biometric system

It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:[2]

  • Universality -- each person should have the characteristic
  • Uniqueness -- is how well the biometric separates individually from another.
  • Permanence -- measures how well a biometric resists aging.
  • Collectability -- ease of acquisition for measurement.
  • Performance -- accuracy, speed, and robustness of technology used.
  • Acceptability -- degree of approval of a technology.
  • Circumvention -- ease of use of a substitute.

A biometric system can provide the following two functions [3]:

  • Verification -- Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.
  • Identification -- Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.

The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability.

If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area )

[edit] Performance

The following are used as performance metrics for biometric systems:[4]

  • false accept rate or false match rate (FAR or FMR) -- the probability that the system incorrectly declares a successful match between the input pattern and a non-matching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by disallowed people.
  • false reject rate or false non-match rate (FRR or FNMR) -- the probability that the system incorrectly declares failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.
  • receiver operating characteristic or relative operating characteristic (ROC) -- In general, the matching algorithm performs a decision using some parameters (e.g. a threshold). In biometric systems the FAR and FRR can typically be traded off against each other by changing those parameters. The ROC plot is obtained by graphing the values of FAR and FRR, changing the variables implicitly. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors).
  • equal error rate or crossover error rate (EER or CER) -- the rate at which both accept and reject errors are equal. ROC or DET plotting is used because how FAR and FRR can be changed, is shown clearly. When quick comparison of two systems is required, the EER is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
  • failure to enroll rate (FTE or FER) -- the percentage of data input is considered invalid and fails to input into the system. Failure to enroll happens when the data obtained by the sensor are considered invalid or of poor quality.
  • failure to capture rate (FTC) -- Within automatic systems, the probability that the system fails to detect a biometric characteristic when presented correctly.
  • template capacity -- the maximum number of sets of data which can be input into the system..

As the sensitivity of biometric devices increases, it decreases the FAR but increases the FRR.

One simple but artificial way to judge a system is by EER, but not all the authors provided it. Moreover, there are two particular values of FAR and FRR to show how one parameter can change depending on the other. For fingerprint there are two different results, the one from 2003 is older but it was performed on a huge set of people, while in 2004 far fewer people were involved but stricter conditions have been applied. For iris, both references belong to the same year, but one was performed on more people, the other one is the result of a competition between several universities so, even if the sample is much smaller, it could reflect better the state of art of the field.

[edit] Issues and concerns

[edit] Privacy

One common concern is how a person's biometric, once collected, can be protected. Australia has therefore introduced a Biometrics Institute Privacy Code in order to protect consumer personal data beyond the current protections offered by the Australian Privacy Act.

Another concern is that if the system is used at more than one location, a person's movements may be tracked as with any non-anonymous authentication system. An example of this would be posted security cameras linked to a facial recognition system, or a public transportation system requiring the use of biometry or registered identification card.

[edit] Discrimination

There are concerns whether our personal information taken through biometric methods can be misused, e.g. by the government to determine unwanted traits in humans for global population control. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.

[edit] Danger to owners of secured items

When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. For example, in 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car[5].

[edit] Cancelable biometrics

Physical features, such as face, fingerprint, iris, retina, hand, or behavioral features, such as signature, voice, gait, must fulfill a certain criteria to qualify for use in recognition. They must be unique, universal, acceptable, collectible and convenient to the person, in addition, to reliability at recognition, performance and circumvention. Most importantly, however, permanence is a key feature for biometrics. They must retain all the above features in particular the uniqueness unchanged, or acceptably changed, over the lifetime of the individual. On the other hand, this fundamental feature has brought biometrics to challenge a new risk. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity.

Previously, research was focusing on using biometrics to overcome the weakness in traditional authentication systems that use tokens, passwords or both. Weakness, such as sharing passwords, losing tokens, guessable passwords, forgetting passwords and a lot more, were successfully targeted by biometric systems, although accuracy still remains a great challenge for many different biometric data. But one ordinary advantage of password does not exist in biometrics. That is re-issue. If a token or a password is lost or stolen, they can be cancelled and replaced by a newer version i.e. reissued. On the other hand, this is not naturally available in biometrics. If someone’s face is compromised from a database, they cannot cancel it neither reissue it. All data, including biometrics is vulnerable whether in storage or in processing state. It is relatively recently research has been undertaken to consider protection of biometric data more seriously. Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al.[6]. Besides reliable accuracy performance and the replacement policy cancellable biometric has to be non-revisable in order to fulfill the aim.

Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al.[7] and Savvides et al.[8], whereas other methods, such as Dabbah et al.[9], take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies.

[edit] Countries applying biometrics

[edit] United States

The United States government has become a strong advocate of biometrics with the increase in fear of terrorism since September 11, 2001.

The FBI is currently spending $1 billion to create a new biometric database, which will store DNA, fingerprints, and other biometric data. The computers running the database will be contained in an underground facility about the size of a football field.[10]

Both the Department of Homeland Security and DARPA are heavily funding research into facial recognition systems.[11]. The Information Processing Technology Office, ran a program known as Human Identification at a Distance which developed technologies that are capable of identifying a person at up to 500 ft by their facial features.

Bush issued a presidential directive (NSPD 59, HSPD 24)[12] in 2008 which requires increased capability for sharing and interoperability in "collection, storage, use, analysis, and sharing of biometric and associated biographic and contextual information of individuals" among the departments and agencies of the executive branch of the U.S. federal government.[12][13]

Starting in 2005, US passports with facial (image-based) biometric data were scheduled to be produced. Privacy activists in many countries have criticized the technology's use for the potential harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some apprehension in the United States (and the European Union) that the information can be "skimmed" and identify people's citizenship remotely for criminal intent, such as kidnapping.

The US Department of Defense (DoD) Common Access Card, is an ID card issued to all US Service personnel and contractors on US Military sites. This card contains biometric data and digitized photographs. It also has laser-etched photographs and holograms to add security and reduce the risk of falsification. There have been over 10 million of these cards issued.

According to Jim Wayman, director of the National Biometric Test Center at San Jose State University, Walt Disney World is the nation's largest single commercial application of biometrics.[14] However, the US Visit program will very soon surpass Walt Disney World for biometrics deployment.

[edit] Germany

The biometrics market in Germany will experience enormous growth until 2009. “The market size will increase from approximately 12 million € (2004) to 377 million €” (2009). “The federal government will be a major contributor to this development”.[15] In particular, the biometric procedures of fingerprint and facial recognition can profit from the government project.[15] In May 2005 the German Upper House of Parliament approved the implementation of the ePass, a passport issued to all German citizens which contain biometric technology. The ePass has been in circulation since November 2005, and contains a chip that holds a digital photograph and one fingerprint from each hand, usually of the index fingers, though others may be used if these fingers are missing or have extremely distorted prints. “A third biometric identifier – iris scans – could be added at a later stage”.[16] An increase in the prevalence of biometric technology in Germany is an effort to not only keep citizens safe within German borders but also to comply with the current US deadline for visa-waiver countries to introduce biometric passports.[16] In addition to producing biometric passports for German citizens, the German government has put in place new requirements for visitors to apply for visas within the country. “Only applicants for long-term visas, which allow more than three months' residence, will be affected by the planned biometric registration program. The new work visas will also include fingerprinting, iris scanning, and digital photos”.[17]

Germany is also one of the first countries to implement biometric technology at the Olympic Games to protect German athletes. “The Olympic Games is always a diplomatically tense affair and previous events have been rocked by terrorist attacks - most notably when Germany last held the Games in Munich in 1972 and 11 Israeli athletes were killed”.[18]

Biometric technology was first used at the Olympic Summer Games in Athens, Greece in 2004. “On registering with the scheme, accredited visitors will receive an ID card containing their fingerprint biometrics data that will enable them to access the 'German House'. Accredited visitors will include athletes, coaching staff, team management and members of the media”.[18]

As a protest against the increasing use of biometric data, the influential hacker group Chaos Computer Club published a fingerprint of German Minister of the Interior Wolfgang Schäuble in the March 2008 edition of its magazine Datenschleuder. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers.[19]

[edit] Brazil

Since the beginning of the 20th century, Brazilian citizens have had user ID cards. The decision by the Brazilian government to adopt fingerprint-based biometrics was spearheaded by Dr. Felix Pacheco at Rio de Janeiro, at that time capital of the Federative Republic. Dr. Pacheco was a friend of Dr. Juan Vucetich, who invented one of the most complete tenprint classification systems in existence. The Vucetich system was adopted not only in Brazil, but also by most of the other South American countries. The oldest and most traditional ID Institute in Brazil (Instituto de Identificação Félix Pacheco) was integrated at DETRAN [5] (Brazilian equivalent to DMV) into the civil and criminal AFIS system in 1999.

Each state in Brazil is allowed to print its own ID card, but the layout and data are the same for all of them. The ID cards printed in Rio de Janeiro are fully digitized using a 2D bar code with information which can be matched against its owner off-line. The 2D bar code encodes a color photo, a signature, two fingerprints, and other citizen data. This technology was developed in 2000 in order to enhance the safety of the Brazilian ID cards.

By the end of 2005, the Brazilian government started the development of its new passport. The new documents started to be released by the beginning of 2007, at Brasilia-DC. The new passport included several security features, like Laser perforation, UV hidden symbols, security layer over variable data and etc.. Brazilian citizens will have their signature, photo, and 10 rolled fingerprints collected during passport requests. All of the data is planned to be stored in ICAO E-passport standard. This allows for contactless electronic reading of the passport content and Citizens ID verification since fingerprint templates and token facial images will be available for automatic recognition.

[edit] Iraq

Biometrics are being used extensively in Iraq to catalogue as many Iraqis as possible providing Iraqis with a verifiable identification card, immune to forgery. During account creation, the collected biometrics information is logged into a central database which then allows a user profile to be created. Even if an Iraqi has lost their ID card, their identification can be found and verified by using their unique biometric information. Additional information can also be added to each account record, such as individual personal history. This can help American forces determine whether someone has been causing trouble in the past. One major system in use in Iraq is called BISA.[20] This system uses a smartcard and a user's biometrics (fingerpint, iris, and face photos) to ensure they are authorized access to a base or facility.[21] Another is called BAT for Biometric Automated Toolset.[22]

[edit] Japan

Several banks in Japan have adopted either palm vein authentication or finger vein authentication technology on their ATMs. Palm vein authentication technology which was developed by Fujitsu, among other companies, proved to have a false acceptance rate of 0.01177% and a false rejection rate of 4.23%. Finger vein authentication technology, developed by Hitachi, has a false acceptance rate of 0.0100% and a false rejection rate of 1.26%. [23] Finger vein authentication technology has so far been adopted by banks such as Sumitomo Mitsui Financial Group, Mizuho Financial Group and Japan Post Bank. Palm vein authentication technology has been adopted by banks such as the Bank of Tokyo-Mitsubishi UFJ. [24]

[edit] United Kingdom

Fingerprint scanners used in some schools to facilitate the subtraction of funds from an account financed by parents for the payment of school dinners. By using such a system nutritional reports can be produced for parents to surveil a child's intake. This has raised questions from liberty groups as taking away the liberty of choice from the youth of society. Other concerns arise from the possibility of data leaking from the providers of school meals to interest groups that provide health services such as the NHS and insurance groups that may end up having a detrimental effect on the ability of individuals to enjoy equality of access to services.

[edit] Australia

Visitors intending to visit Australia may soon have to submit to biometric authentication as part of the Smartgate system, linking individuals to their visas and passports. Biometric data are already collected from some visa applicants by Immigration. Australia is the first country to introduce a Biometrics Privacy Code, which is established and administered by the Biometrics Institute. The Biometrics Institute Privacy Code Biometrics Institute forms part of Australian privacy legislation. The Code includes privacy standards that are at least equivalent to the Australian National Privacy Principles (NPPs) in the Privacy Act and also incorporates higher standards of privacy protection in relation to certain acts and practices. Only members of the Biometrics Institute are eligible to subscribe to this Code. Biometrics Institute membership, and thus subscription to this Code, is voluntary.

[edit] Biometrics in popular culture

  • The movie Gattaca portrays a society where there are two classes of people: those genetically engineered to be "superior" and the inferior "natural" humans. The "superior" people have more priveleges, and must walk through biometric scanners that check the DNA in flakes of their skin that are coming off to ensure that they have "good" genes.
  • The television program MythBusters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped.[25] While the laptop's system proved more difficult to bypass, the advanced commercial security door with "live" sensing was fooled with a printed scan of a fingerprint after it had been licked. There is no basis to assume that the tested security door is representative of the current typical state of biometric authentication, however. With careful matching of tested biometric technologies to the particular use that is intended, biometrics provide a strong form of authentication that effectively serves a wide range of commercial and government applications.

[edit] See also

[edit] References

  1. ^ http://www.cilab.upf.edu/biosecure1/public_docs_deli/BioSecure_Deliverable_D10-2-3_b3.pdf
  2. ^ Jain, A. K.; Ross, Arun; Prabhakar, Salil (January 2004), "An introduction to biometric recognition", IEEE Transactions on Circuits and Systems for Video Technology 14th (1): 4–20, doi:10.1109/TCSVT.2003.818349 
  3. ^ Jain, A. K.; Ross, A.; Pankanti, S. (June 2006), "Biometrics: A Tool for Information Security", IEEE Transactions on Information Forensics and Security 1st (2), doi:10.1109/TIFS.2006.873653 
  4. ^ ""CHARACTERISTICS OF BIOMETRIC SYSTEMS"". Cernet. http://www.ccert.edu.cn/education/cissp/hism/039-041.html. 
  5. ^ BBC News: Malaysia car thieves steal finger [1]
    Some other reports, giving more credence to the story: [2][3]
  6. ^ N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM systems Journal, vol. 40, pp. 614-634, 2001.
  7. ^ A. B. J. Teoh, A. Goh, and D. C. L. Ngo, "Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 28, pp. 1892-1901, 2006.
  8. ^ M. Savvides, B. V. K. V. Kumar, and P. K. Khosla, ""Corefaces"- Robust Shift Invariant PCA based Correlation Filter for Illumination Tolerant Face Recognition," presented at IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04), 2004.
  9. ^ M. A. Dabbah, W. L. Woo, and S. S. Dlay, "Secure Authentication for Face Recognition," presented at Computational Intelligence in Image and Signal Processing, 2007. CIISP 2007. IEEE Symposium on, 2007.
  10. ^ Arena, Kelly; Carol Cratty (February 4, 2008). "FBI wants palm prints, eye scans, tattoo mapping" (in English). CNN. http://www.cnn.com/2008/TECH/02/04/fbi.biometrics/. Retrieved on 2009-03-14. 
  11. ^ Frank, Thomas (May 10, 2007). "Face recognition next in terror fight". USA Today. http://www.usatoday.com/news/washington/2007-05-10-facial-recognition-terrorism_N.htm. Retrieved on 2009-03-16. 
  12. ^ a b Office of the Press Secretary, The White House (June 5, 2008). National Security Presidential Directive and Homeland Security Presidential Directive. Press release. http://www.whitehouse.gov/news/releases/2008/06/20080605-8.html. Retrieved on 2008-06-30. 
  13. ^ Bain, Ben (June 6, 2008). "Bush pushes biometrics for national security". Federal Computer Week (Media, Inc.). http://www.fcw.com/online/news/152750-1.html. Retrieved on 2008-06-30. 
  14. ^ Article describing Disney's 2006 biometric initiative replacing hand geometric scanners with fingerprint readers
  15. ^ a b The Biometrics Market in Germany 2004-2009: Anti-terrorism Laws Drive Growth - Market Research Reports - Research and Markets
  16. ^ a b IDABC - DE: Germany to phase-in biometric passports from November 2005
  17. ^ Migration Information Source - Germany Weighs Biometric Registration Options for Visa Applicants
  18. ^ a b Biometrics used to keep German Olympians safe - Software - Breaking Business and Technology News at silicon.com
  19. ^ CCC publishes fingerprints of Wolfgang Schäuble, the German Home Secretary, Heise Online, published 2008-03-31, accessed 2008-04-17
  20. ^ "Biometric Identification System for Access". http://www.csc.com/solutions/security/casestudies/2829.shtml. 
  21. ^ "DoD Readies Biometric ID System for U.S. Bases in Iraq". http://www.defenselink.mil/news/newsarticle.aspx?id=31641. 
  22. ^ Biometrics on the front line
  23. ^ International Biometric Group Comparative Biometric Testing Round 6 Public Report
  24. ^ Biometrics: Vein Scanners Show Promise
  25. ^ Video of the Mythbusters episode on how to hack fingerprint scanners [4]

[edit] Further reading

  • White Paper - Identification Flats: A Revolution in Fingerprint Biometrics. Published by Aware, Inc., March 2009.
  • [6]. SecuGen Fingerprint Readers Now Work with Tutis Biometric Logon Software to Authenticate Users to Active Directory
  • NBSP Biometric Technology Application Manual. Published by the National Biometric Security Project (NBSP), the BTAM is a comprehensive reference manual on biometric technology applications.
  • “Fingerprints Pay For School Lunch.” (2001). Retrieved 2008-03-02. [7]
  • Yun, Yau Wei. The ‘123’ of Biometric Technology, 2003. Retrieved from on November 21, 2005 from the World Wide Web: [8]
  • Biometric Digest newsletter. Published monthly with weekly updates. 64 issues per year. Primary source of news & information, vendors, case studies, calendar of events for expositions & conferences, financial reports, names in the news and more.[9]
  • “Biometrics in Australia.” (2006). Retrieved 2006-06-11. [10]
  • “Biometrics Institute Australia Conference”. (2006). Retrieved 2006-06-11. [11]
  • “Biometrics an emerging Technology: Market Report Australia”(2005) Retrieved 2006-06-11. [12]
  • “Germany clears biometric passports plan.” (2005). Globe and Mail.com Insider Edition. Retrieved 2006-06-11. [13]
  • “Germany to phase-in biometric passports from November 2005”. (2005). E-Government News. Retrieved 2006-06-11. [14]
  • Oezcan, V. (2003). “Germany Weighs Biometric Registration Options for Visa Applicants”, Humboldt University Berlin. Retrieved 2006-06-11. [15]
  • Sturgeon, W. (2004). “Biometrics used to keep German Olympians safe...but what are they testing - moustache or mullet?” Security Strategy Sillicon.com Retrieved 2006-06-11.[16]
  • “The Biometrics Market in Germany 2004-2009: Anti-terrorism Laws Drive Growth” (2004). Soreon Research. Retrieved 2006-06-11 [17]

[edit] External links

Personal tools