Bio Metrics Based Authentication Systems

Published on 2 weeks ago | Categories: Documents | Downloads: 0 | Comments: 0 | Views: 88
of 36
Download PDF   Embed   Report

Comments

Content

 

Biometrics Based Authentication Systems

Seminar Report¶07

INTRODUCTION Reliable user authentication is becoming an increasingly important task in the Web-enabled world. The consequences of an insecure authentication system in a corporate or enterprise environment can be catastrophic, and may include loss of  confidential information, denial of service, and compromised data integrity. The value of  reliable user authentication is not limited to just computer or network access. Many other  applications in everyday life also require user authentication, such as banking, ecommerce, and physical access control to computer resources, and could benefit from enhanced security. The prevailing techniques of user authentication, which involve the use of either    passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires the user ID and the password, the intruder has total access to the user¶s resources. In addition, there is no way to positively link the usage of o f the system or service to the act actual ual user, that is, there is no protection against repudiation by the user ID owner. For example, when a user ID and   password is shared with a colleague there is no way for the system to know who the actual user is. A similar situation arises when a transaction involving a credit card number is conducted on the Web. Even though the data are sent over the Web using secure encryption methods, current systems are not capable of assuring that the rightful owner of the credit card initiated the transaction. In the modern distributed systems environment, the traditional authentication policy based on a simple combination of user  ID and password has become inadequate. Fortunately, automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method. Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris, and speech recognition. User authentication methods can be broadly classified into three categories as shown in Table 1.1. Because a biometric property is an intrinsic property

1

 

Biometrics Based Authentication Systems

Method

Seminar Report¶07

Examples

What you know?

User ID Password

PIN Cards Badges Keys What you know and what you ATM card + PIN have?

What you have?

Something unique about the user

Fingerprint Face Iris Voice print

Properties

Shared Many passwords easy to guess Forgotten Shared Can be duplicated Lost or stolen Shared PIN a weak link  (Writing the PIN on the card)  Not possible to share Repudiation unlikely Forging difficult Cannot be lost or stolen

Table 1.1 Existing User Authentication Techniques of an individual, it is difficult to surreptitiously duplicate and nearly impossible to share. Additionally, a biometric property of an individual can be lost only in case of serious accident. Biometric readings, which range from several hundred bytes to over a megabyte, have the advantage that their information content is usually higher than that of a  password or a pass phrase. Simply extending the t he length of passwords to get equivalent bit strength presents significant usability problems. It is nearly impossible to remember a 2K    phrase, and it would take an annoyingly long time to type such a phrase (especially without errors). Fortunately, automated biometrics can provide the security advantages adva ntages of long passwords while retaining the speed and characteristic simplicity of short  passwords. Even though automated biometrics can help alleviate the problems associated with the existing methods of user authentication, hackers will still find there are weak    points in the system, vulnerable to attack. Password systems are prone to brute force dictionary attacks. Biometric systems, on the other hand, require substantially more effort for mounting such an attack. Yet there are several new types of attacks possible in the   biometrics domain. This may not apply if biometrics is used as a supervised

2

 

Biometrics Based Authentication Systems

Seminar Report¶07

authentication tool. But in remote, unattended applications, such as Web-based ecommerce applications, hackers may have the opportunity and enough time to make several attempts, or even physically violate the integrity of a remote client, before detection. A problem with biometric authentication systems arises when the data associated with a biometric feature has been compromised. For authentication systems based on  physical tokens such as keys and badges, a compromised token can be easily canceled and the user can be assigned a new token. Similarly, user IDs and passwords can be changed as often as required. Yet, the user only has a limited number of biometric features (one face, ten fingers, two eyes). If the biometric data are compromised, the user  may quickly run out of o f biometric features to be used for authentication.

3

 

Biometrics Based Authentication Systems

What

Seminar Report¶07

is Biometrics Bio metrics? ?

Biometric technologies are defined as automated methods of identifying or  authenticating the identity of a living person based on unique physiological or behavioral characteristics. Biometrics can provide very secure and convenient authentication for an individual since they cannot be stolen or forgotten and are very difficult to forge.

  A physiological characteristic is a relatively stable physical characteristic, charact eristic, such as

y

an individual¶s fingerprint, hand geometry, iris pattern, or blood vessel pattern on the back of the eye. This type of biometric measurement is usually unchanging and unalterable without significant duress to the t he individual.

  A behavioral characteristic is more a reflection of an individual¶s psychological

y

makeup. A signature is the most common behavioral biometric used for  identification. Because most behavioral characteristics vary over time, an identification system using these must allow updates to enrolled biometric references.

4

 

Biometrics Based Authentication Systems

Seminar Report¶07

Biometric System Components and Process

3.1

Components Three major components are usually usua lly present in a biometric system:

  A mechanism to scan and capture a digital or analog image of a living person¶s

y

 biometric characteristic.

  Software for storing, processing and comparing the image.

y

  An interface with the applications system that will use the result to confirm an

y

individual¶s identity.

3.2

Process Two different stages are involved in the biometric biometr ic system process ± 

Enrollment and Verification.

3.2.1 Enrollment. As shown in Figure 3.1, the biometric image of the individual is captured during the enrollment process (e.g., using a sensor for fingerprint, microphone for voice verification, camera for face recognition, scanner for eye scan). The unique characteristics are then extracted from the biometric image to create the user¶s biometric template. This biometric template is stored in a database or on a machine-readable ID card for later use during an identity verification process.

Figure 3.1 Schematic of an Enrollment E nrollment Process

5

 

Biometrics Based Authentication Systems

Seminar Report¶07

3.2.2 Verification.

Figure 3.2 illustrates the identity verification process. The biometric image is again captured. The unique characteristics are extracted from the biometric image to create the users ³live´ biometric template. This new template is then compared with the template previously stored and a numeric matching score is generated, based on the   percentage of duplication between the live and stored template. System designers determine the threshold value for this identity verification score based upon the security requirements of the system.

Figure 3.2 Schematic of a verification process Secure identification systems use biometrics for two basic purposes: to identify or authenticate individuals.  Identification (1-to-many comparison) verifies if the individual exists within a known

  population. Identification confirms that the individual is not enrolled with another 

6

 

Biometrics Based Authentication Systems

Seminar Report¶07

identity and is not on a predetermined list of prohibited persons. Identification will typically need a secured database containing a list of all applying individuals and their    biometrics. The biometric for the individual being considered for enrollment would be compared against all stored biometrics. For many applications, an identification process is used only at the time of enrollm enro llment ent to verify that the individual is not already enrolled.

 Authentication

(1-to-1 comparison) confirms that the credential belongs to the individual

 presenting it. In this case, the device that performs the authentication must have access only to the individual¶s enrolled biometric template, which may be stored locally or  centrally.

3.3

Biometric Accuracy A key factor in the selection of the appropriate biometric technology is its

accuracy. Biometric accuracy is the system¶s ability of separating legitimate matches from imposters. When the live biometric template is compared to the stored biometric template, a matching score is used to confirm or deny the identity of the user. System designers set this numeric score to accommodate the desired level of accuracy for the system, as measured by the False Acceptance Rate (FAR) and False Rejection Rate (FRR).

Rejection Rate (FRR) refers to the statistical probability that the biometric system is not able to verify the legitimate claimed identity of an enrolled person, or fails ‡ False

to identify an enrolled person. ‡ False Acceptance Rate (FAR) refers to the statistical probability of False Acceptance or incorrect verification. In the most common context, both False Rejection and False Acceptance represent a security security hazard.

7

 

Biometrics Based Authentication Systems

Seminar Report¶07

Figure3.3 Error trade-off in a biometric system

If a mismatching pair of fingerprints is accepted as a match, it is called a false accept. On the other hand, if a matching pair of fingerprints is rejected by the system, it is called a false reject. The error rates are a function of the threshold as shown in Figure 3.3. Often the interplay between the two t wo errors is presented by plotting FAR against FRR with the decision threshold as the free variable. This plot is called the ROC (Receiver  Operating Characteristic) curve. The two errors are complementary in the sense that if  one makes an effort to lower one of the errors by varying the threshold, the other error  rate automatically increases.

In a biometric authentication authentication system, the relative false false

accept and false reject rates can be set by choosing a particular operating point (i.e., a detection threshold). Very low (close to zero) error rates for both errors (FAR and FRR) at the same time are not possible. By setting a high threshold, the FAR error can be close to zero, and similarly by setting a significantly low threshold, the FRR rate can be close to zero. A meaningful operating point for the threshold is decided based on the application requirements, and the FAR versus FRR error rates at that operating point may   be quite different. To provide high security, biometric systems operate at a low FAR  instead of the commonly recommended equal error rate (EER) operating point where FAR=FRR.

8

 

Biometrics Based Authentication Systems

Seminar Report¶07

Selecting A Biometric Technology

The selection of the appropriate biometric technology will depend on a number of  application-specific factors, including the environment in which the identity verification   process is carried out, the user profile, requirements for verification accuracy and throughput, the overall system cost and capabilities, and cultural issues that could affect user acceptance. Table 4.1 shows a comparison of different biometric technologies, with their performance rated against several metrics.

Characteri

Finger-

stics

 print

Ease

of  High

Hand

Retina

Iris

Face

Signature

Voice

Mediu

Medium

High

High

Lighting, age, lasses, hair  High

Changing  Noise, Signatures colds

High

High

Geometry High

Low

Use

m

Error  Incidence

Dryness, dirt, age

Hand Injury, age

Glasses

Accuracy

High

High

User  Acceptanc e Long Term Stability

Medium

Medium

Very High Medium

Very High Mediu

Medium

High

High

High

m High

Medium

Medium

Medium

High

Medium

Lightin g

Table 4.1 Comparisons of Biometric Technologies Techno logies

9

 

Biometrics Based Authentication Systems

Fingerprint

Seminar Report¶07

Authentication

Fingerprints are a distinctive feature and remain invariant over the lifetime of a subject, except for cuts and bruises. As the first step in the authentication process, a fingerprint impression is acquired, typically using an inkless scanner. Several such scanning technologies are available. Figure 5A shows a fingerprint obtained with a scanner using an optical sensor. A typical scanner digitizes the fingerprint impression at 500 dots per inch (dpi) with 256 gray levels per pixel. The digital image of the fingerprint includes several unique features in terms of ridge bifurcations and ridge endings, collectively referred to as minutiae minutiae..

Figure 5.1 Fingerprint recognition; (A) Input Image, (B) Features

The next step is to locate these features in the fingerprint image, as shown in Figure 5B, using an automatic feature extraction algorithm. Each feature is commonly represented by its location (x,y) and the ridge direction at that location () ().. However, due to sensor noise and other variability in the imaging process, the feature extraction stage

10

 

Biometrics Based Authentication Systems

Seminar Report¶07

may miss some minutiae and may generate spurious minutiae. Further, due to the elasticity of the human skin, the relationship between minutiae may be randomly distorted from one impression to the next. In the final stage, the matcher subsystem attempts to arrive at a degree of similarity between the two sets of features after  compensating for the rotation, translation, and scale. This similarity is often expressed as a score. Based on this score, a final decision of match or no-match is made. A decision threshold is first selected. If the score is below the threshold, the fingerprints are determined not to match; if the score is above the threshold, a correct match is declared. Often the score is simply a count of the number of the minutiae that are in correspondence. In a number of countries, 12 to 16 correspondences (performed by a human expert) are considered legally binding evidence of identity.

The operational issues in an automated fingerprint identification system (AFIS) are somewhat different from those in a more traditional password-based system. First, there is a system performance issue known as the ³fail to enroll´ rate to be considered. Some people have very faint fingerprints, or no fingers at all, which makes the system unusable for them. A related issue is a ³Reject´ option in the system based on input image quality. A poor quality input is not accepted by the system during enrollment and authentication. Note that non-cooperative users, improper usage, dirt on the finger can cause poor quality inputs, or bad input scanners. This has no analog in a password system. Then there is the fact that in a biometric system the matching decision is not clear-cut. A password system always provides a correct response²if the passwords match, it grants access but otherwise refuses access. However, in a biometric system, the overall accuracy depends on the quality of input and enrollment data along with the basic characteristics of the underlying feature extraction and matching algorithm.

11

 

Biometrics Based Authentication Systems 5.1

FEATURES

Seminar Report¶07

OF A FINGERPRINT

A fingerprint is composed of valley and ridge lines. They follow a pattern. The general shape of this pattern may be classified according to 5 classes. The second set of  features of a fingerprint are cores and deltas. The core is located by a square while the delta is located by a triangle t riangle as shown in figure 5.2.

Figure 5.2 shows core by squares and delta by a triangle t riangle

The AFIS allows a classification using more than one criteria versus a search  based only on a single fingerprint pattern, reducing the number of fingerprints inspected. The pattern classification divides all fingerprint templates into five sets. Interestingly, the distribution of fingerprints in these 5 classes is not homogeneous among a mong all people:

  Left loop class represents 34% of the total tot al

y

number of fingerprints

  Right loop class represents 31% of the total

y

number of fingerprints

  Whorl class represents 27 % of the total number 

y

of fingerprints

  Arch class represents 4% of the total number 

y

of fingerprints

12

 

Biometrics Based Authentication Systems

Seminar Report¶07

Figure 5.3 Fingers can then t hen be sorted in the pattern classifi classifications cations after computing the core and the delta:

  Tented arch class represents 3% of o f the total

y

number of fingerprints

  Less than 1% for unusable fingerprints (scar,

y

illness of the skin, etc)

5.2

HOW DOES FINGERPRINT IDENTIFICATION WORK?

The first step in fingerprint identification is collecting the fingerprint, named enrollment. In this step, the applicant acquires the reference fingerprint for later  authentication. The reference fingerprint is called the template t emplate of the fingerprint. Most often in order to ensure that a good template is obtained, the fingerprint needs to be captured more than once. Twice is most common but at times an additional capture may  be requested. After the capture of the template, it can be stored in a database, on a token with 2D barcode, or in a smart card.

At this point, the applicant is registered and the next stage is to compare the fingerprint with the template to the fingerprint read by the sensor. After reading the fingerprint, the authentication system extracts the minutiae in the same way as it did during the enrollment process. Since the fingerprint is never captured in the same

13

 

Biometrics Based Authentication Systems

Seminar Report¶07

 position, the verification algorithm must perform rotation and translation of the captured fingerprint in order to adjust the fingerprint minutiae with the template minutiae.

The matching process calculates a score of the probability of a successful fingerprint read. Once every minutia is processed, a total score is computed and compared to a threshold score, which leads to the decision of a fingerprint µhit¶ or µno hit¶.

5.3

Components Of a Fingerprint System

There are two ways a matching algorithm can be implemented, using either  identification matching or authentication matching. In identification matching, one fingerprint is compared to many fingerprints using an Automated Fingerprint Identification System (AFIS) that is comprised of several computers and a database storage system. In authentication matching, where there is a ³one to one´ fingerprint comparison, there needs to be only one fingerprint terminal and a token loaded that contains the fingerprint template. The matching could be done on token, in the terminal or in both the terminal and token. to ken.

5.3.1

The Sensors Electronic fingerprint sensors are manufactured in different ways using

capacitive, optical, thermal, or pressure sensitive (resistive) technology. These different types of sensors are able to produce an image of the fingerprint when the ridge is darker  than the valley. The most common sensors currently on the market are capacitive and optical sensors. Optical sensors provide the best image quality but are expensive and can   be fooled by some fake fingers. Sensors based on capacitive technology provide a   balance of image quality and cost although, some fake fingers can also fool this

14

 

Biometrics Based Authentication Systems

Seminar Report¶07

technology. However, the most common fake fingers made of silicon cannot fool a capacitive sensor because the fake finger does not possess electrical properties.

Figure 5.4 Components of a fingerprint system

15

 

Biometrics Based Authentication Systems

Seminar Report¶07

Iris Authentication

Iris recognition leverages the unique features of the human iris to provide an unmatched identification technology. So accurate are the algorithms used in iris recognition that the entire planet could be enrolled in an iris database with only a small chance of false acceptance or false rejection. The technology also addresses the FTE (Failure To Enroll) problems, which lessen the effectiveness of other biometrics. The tremendous accuracy of iris recognition allows it, in many ways, to t o stand apart from other   biometric technologies. All iris recognition technology is based on research and patents held by Dr. John Daugman.  

6.1

The Iris

Iris recognition is based on visible (via regular and/or infrared light) qualities of  the iris. A primary visible characteristic is the trabecular meshwork (permanently formed  by the 8th month of gestation), a tissue that gives the appearance of dividing the iris in a radial fashion. Other visible characteristics include rings, furrows, freckles, and the corona, to cite only the more familiar. Expressed simply, iris recognition technology converts these visible characteristics into a 512 byte IrisCode(tm), a template stored for  future verification attempts. 512 bytes is a fairly compact size for a biometric template,   but the quantity of information derived from the iris is massive. From the iris' 11mm diameter, Dr. Daugman's algorithms provide 3.4 bits of data per square mm. This density of information is such that each iris can be said to have 266 unique "spots", as opposed to 13-60 for traditional biometric technologies. This '266' measurement is cited in all iris recognition literature; after allowing for the algorithm's correlative functions and for  characteristics inherent to most human eyes, Dr. Daugman concludes that 173 "independent binary degrees-of-freedom" can be extracted from his algorithm ± an exceptionally large number for a biometric. biometric.  

16

 

Biometrics Based Authentication Systems

6.2

Seminar Report¶07

The Algorithm

The first step is location of the iris by a dedicated camera no more than 3 feet from the eye. After the camera situates the eye, the algorithm narrows in from the right and left of the iris to locate its outer edge. This horizontal approach accounts for  obstruction caused by the eyelids. It simultaneously locates the inner edge of the iris (at the pupil), excluding the lower 90 degrees because of inherent moisture and lighting issues.

The monochrome camera uses both visible and infrared light, the latter of which is located in the 700-900 nm range (this is in the lower range of IR; the American Academy of Ophthalmology uses similar ranges in their studies of macular cysts). Upon location of the iris, as seen above, an algorithm uses 2-D Gabor wavelets to filter and map segments of the iris into hundreds of vectors (known here as phasors). Understanding in detail the 2-D Gabor phasor encoders requires a degree in advanced mathematics, but they can be summarized as follows. The wavelets of various sizes assign values drawn from the orientation and spatial frequency of select areas, bluntly referred to as the "what" of the sub-image, along with the position of these areas, bluntly referred to as the "where." The "what" and "where" are used to form the IrisCode. Not the entire iris is used: a portion of the top, as well as 45 degree of the bottom, is unused to account for eyelids and camera-light reflections (see below). Essential to the understanding of the technology is that it provides exceptional detail, well beyond what any pictorial or point-based representation could provide (some filters actually span as much as 70degree of the iris). Remember also that for future identification, the database will not be comparing images of irises, but rather hexadecimal representations of data returned by wavelet filtering and mapping.  

17

 

Biometrics Based Authentication Systems

6.3

Seminar Report¶07

Accuracy

The Iris Code constructed from these complex measurements provides such a tremendous wealth of data that iris recognition offers levels of accuracy orders of  magnitude higher than other biometrics. Some statistical representations of the accuracy follow:

  The odds of two different irises irises returning a 75% match (i.e. having a Hamming

y

Distance of 0.25): 1 in 1016 

  Equal Error Rate (the point at which the likelihood of a false accept and false

y

reject are the same): 1 in 1.2 million  

y

52

The odds of 2 different d ifferent irises irises returning identical Iris Codes: 1 in 10

 

Other numerical derivations demonstrate the unique robustness of these algorithms. A person's right and left eyes have a statistically insignificant increase in similarity: 0.00048 on a 0.5 mean. This serves to demonstrate the hypothesis that iris shape and characteristics are phenotypic - not entirely determined by genetic structure. The algorithm can also account for occlusion (blocking) of the iris: even if 2/3 of the iris were completely obscured, accurate measure of the remaining third would result in an equal error rate of 1 in 100,000.

Iris recognition can also account for those ongoing changes to the eye and iris, which are defining aspects of living tissue. The pupil's expansion and contraction, a constant process separate from its response to light, skews and stretches the iris. The algorithm accounts for such alteration after having located the boundaries of the iris. Dr. Daugman draws the analogy to a "homogenous rubber sheet" which, despite its distortion, retains certain consistent qualities. Regardless of the size of the iris at any given time, the algorithm draws on the same amount of data, and its resultant IrisCode is stored as a 512-byte template. A question asked of all biometrics is their ability to determine fraudulent samples. Iris recognition can account for this in several ways: the detection of papillary (pupil) changes; reflections from the cornea; detection of contact lenses atop the cornea; and use of infrared illumination to determine the state of the sample eye tissue. t issue.

18

 

Biometrics Based Authentication Systems

6.4

Seminar Report¶07

An example-Verieye  N eurotechnologia, eurotechnologia, Ltd.  offers

VeriEye, the system for person identification using

the eye iris image taken by a video camera. VeriEye implements new eye iris recognition technology and are based on our original method of feature set definition. VeriEye is available in the form of software development kit (SDK), and can be easily integrated into a customer's access control or identification/verification identification/verification system.

6.4.1  VeriEye SDK includes: 1. VeriEye dynamic link library library for Windows (DLL file). file). 2. C source code code of the example example program using VeriEye VeriEye DLL). 3. Software description. 4. Description of eye illumination illumination and positioning equipment equipment for iris scan scan  

6.4.2 VeriEye technical specifications False rejection rate

<3%

False acceptance rate

< 0.0001 %

Recognition time

0.7 s

Size of one record in the database Database size

About 2 Kb Unlimited

6.4.3 Requirements to the image quality 1. The size of iris in the scanned image must be between 200x200 and 640x480 pixels, image resolution 200 dpi. 2. The image should be free of the bulb reflections in the iris area. However, it may contain small reflections in the pupil area. 3. The scanned slip must contain at least 30 % of the iris area not damaged by reflections, shadows or eyelashes. 4. During the eye scanning head tilt must be less than 14 degrees w with ith respect to vertical axis.   19

 

Biometrics Based Authentication Systems

Seminar Report¶07

Voice Authentication 7.1 

Introduction The speaker-specific characteristics of speech are due to differences in

  physiological and behavioral aspects of the speech production system in humans. The main physiological aspect of the human speech production system is the vocal tract shape. The vocal tract is generally considered as the speech production organ above the vocal folds, which consists of the following: (i) laryngeal pharynx (beneath the epiglottis), (ii) oral pharynx (behind the tongue, between the epiglottis and velum), (iii) oral cavity (forward of the velum and bounded by the lips, tongue, and palate), (iv) nasal   pharynx (above the velum, rear end of nasal cavity), and (v) nasal cavity (above the  palate and extending from the pharynx to the nostrils).

7.2 

Pattern Matching

The pattern matching process involves the comparison of a given set of input feature vectors against the speaker model for the claimed identity and computing a matching score. For the Hidden Markov models discussed above, the matching score is the probability that the model generated a given set of feature vectors.

20

 

Biometrics Based Authentication Systems

Seminar Report¶07

Retina Authentication 

Retina scan is an exceptionally accurate biometric technology having been established as an effective solution for every demanding authentication scenarios.

Biometrics the automated measurement of a physiological or behavioral aspect of  the human body for authentification or identification is a rapidly growing industry. Biometric solutions are used successfully in fields as varied as e-commerce, network  access. Biometrics¶ ease of use, accuracy, reliability, and flexibility are quickly establishing them as the premier pr emier authentification.

An established technology where the unique patterns of the retina are scanned by a low intensity light source via an optical o ptical coupler. Retinal scanning has pro proved ved to be quite accurate in use but does require user to look in to a receptacle and focus on a given point. This is not particularly convenient if you are a spectacle wearer or have some intimate contact with the reading device. For these reasons retinal scanning has a few user  acceptance problems although the technology t echnology itself can work well.

21

 

Biometrics Based Authentication Systems

Face

Seminar Report¶07

Authentication

Face recognition is one of the newest technologies. Specialized recognition software coupled with video camera allows these systems to recognize people¶s faces. There are various methods by which facial scan technology recognize peoples. All share some commonalities, such as emphasizing those sections of the face which are less susceptible to alteration, including the upper outlines of the eye sockets, the areas surrounding one¶s cheekbones, and the sides of the mouth. Most technologies are resistant to moderate changes in hairstyle, as they do not utilize areas of the face located near the hairline. All of the primary technologies are designed to be robust enough to conduct enough to conduct 1- to±many searches, that is to locate a single face out of a data base of thousands of faces.

Facial

scan Process

Flow-Sample

capture, Feature extraction, template comparison, and

matching ±define the process flow of facial scan technology. The following applies to one to one verification. The sample capture will generally consist of a 20-30 second enrollment process whereby several pictures are taken of one¶s face. Ideally the series of    pictures incorporate slightly different angles and facial expressions, to allow for more accurate searches. After enrollment distinctive features are extracted, resulting in the creation of a template. The templates are much smaller than the image from which it is drawn.

Authentification follows the same protocol. The user claims an identity such as a login name or a PIN, stands or sits in front of the camera for a few seconds, and is either  verified or rejected. This comparison is based on the similarity of the newly created ³live´ template against the template or templates on file. The degree of similarity required for verification also known as the threshold can be adjusted for different  personnel, PC¶s, time of day and other factors One variant of this process is the use of  facial scan technology in forensics. Biometric templates taken from static photographs of  known criminals are stored in large databases. These records are searched, 1-to-many, to determine if the detainee is using an alias when being booked.

22

 

Biometrics Based Authentication Systems

Seminar Report¶07

Combining Biometrics with Smart Cards Smart cards are widely acknowledged as one of the most secure and reliable forms of electronic identification. To provide the highest degree of confidence in identity verification, biometric technology is considered to be essential in a secure identification system design. This section summarizes the key benefits of a secure ID system that combines smart cards and biometrics.

10.1

Enhanced Privacy

Using smart cards significantly enhances privacy in biometric ID systems. The smart card provides the individual with a personal database, a personal firewall and a  personal terminal. It secures personal information on the card, allowing the individual to control access to that information and removing the need for central database access during identity verification.

10.2 

A Personal Database.

How and where an ID system keeps personal information about its members is an important privacy consideration, affecting a system¶s real and perceived privacy  behavior. Most ID systems store personal information for all system members in a central database. This centralization leads many to be concerned that their personal information is less protected, or at a minimum, more vulnerable to compromise. Smart cards store and safeguard personal information on the individual¶s card. The use of smart card IDs can promote confidence in an ID system by offering each member a unique secure, portable and personal database, separating their  information from other members¶ data. With a smart card ID the cardholder maintains  physical possession of private information. This enhances the trust relationship with the system, as the cardholder now shares in the decision of who is allowed to use their   personal information for identity verification and in the responsibility to protect it. The smart card personal database is portable and can be used in a variety of devices and networks. An ID system can take advantage of this portability by using closed local networks or standalone devices to carry out different identification tasks, rather than

23

 

Biometrics Based Authentication Systems

Seminar Report¶07

relying on a centralized system. By enabling local identity verification, smart card based secure ID systems can help alleviate concerns that the system is centrally tracking ID older activities. Unlike other ID card technologies that act as simple data containers, smart cards are unique in acting more like data servers, where data is not directly accessed but must  be requested from the server (in this case the smart card¶s microprocessor). When used in combination with biometrics, a smart card ID becomes even more personal and private. A  biometric provides a strong and unique binding between the cardholder and the personal database on the card, identifying the cardholder as the rightful owner of this card. The  biometric cannot be borrowed, lost, or stolen like a PIN or password, and so strengthens the authentication of an individual¶s identity.

10.3

A Personal Firewall.  

In smart card based ID systems, the card is not just a data repository but also an intelligent guardian ² a personal firewall ² for the cardholder¶s information. When information is requested from the ID card, a smart card can verify that the requestor is authorized to perform such an inquiry. A smart card ID also has the ability to behave differently based who is checking the ID. For example, most individuals will cooperate with a uniformed officer who requests to see an ID. But is this officer a valid officer? And what portion of the personal information is he or she authorized to see? With a smart card ID, the card would authenticate the officer through a portable card reader and release only the information that is relevant to the officer¶s responsibilities. The same ID card could be used to prove legal age when purchasing from a bar. In this case, the smart card ID would just confirm age, but not divulge any other personal information. Once personal information is released, it is very hard to control what happens to the information, including how it might be used. It is an important privacy consideration for individuals to clearly understand when and to whom personal information is released by an ID system. The release of personal information is hard to control when carried out by a centralized database somewhere on a network, without the information owner¶s knowledge or  consent. A smart card based ID system gives the cardholder control over who can access

24

 

Biometrics Based Authentication Systems

Seminar Report¶07

  personal information stored on the card. A biometric further enhances this control, ensuring that only the rightful cardholder can authorize aut horize access to personal information.

10.4

Enhanced Security

Biometric technologies are used with smart cards for ID system applications specifically due to their ability to identify people with minimal ambiguity. A biometric   based ID allows for the verification of ³who you claim to be´(information about the cardholder printed or stored in the card) based on ³who you are´ (the biometric information stored in the smart card), instead of, or possibly in addition to, checking ³what you know´ (such as a PIN). As shown in Figure 10.1, this increases the security of  the overall ID system and improves the accuracy, speed, and control of cardholder  authentication.

Figure 10.1 Impact of Smart Cards and Biometrics on Security   As the importance of accurate identification grows, new technologies are being added to ID systems to im improve prove their security.

25

 

Biometrics Based Authentication Systems

Seminar Report¶07

Cancelable Biometrics

Deploying biometrics in a mass market, like credit card authorization or bank  ATM access, raises additional concerns beyond the security of the transactions. One such concern is the public¶s perception of a possible invasion of privacy. In addition to  personal information such as name and date dat e of birth, the user is asked to surrender images of body parts, such as fingers, face, and iris. These images, or other such biometric signals, are stored in digital form in various databases. This raises the concern co ncern of possible sharing of data among law enforcement agencies, or commercial enterprises.

Figure 11.1 Authentication process based on cancelable cance lable biometrics

26

 

Biometrics Based Authentication Systems

Seminar Report¶07

The public is concerned about the ever-growing body of information that is being collected about individuals in our society. The data collected encompass many applications and include medical records and biometric data. A related concern is the coordination and sharing of data from various databases. In relation to biometric data, the   public is, rightfully or not, worried about data collected by private companies being matched against databases used by law enforcement agencies. Fingerprint images, for  example, can be matched against the FBI or INS (Immigration and Naturalization Service) databases with ominous consequences.

These concerns are aggravated by the fact that a person¶s biometric data are given and cannot be changed. One of the properties that make biometrics so attractive for  authentication purposes²their invariance over time²is also one of its liabilities. When a credit card number is compromised, the issuing bank can just assign the customer a new credit card number. When the biometric data are compromised, replacement is not   possible. In order to alleviate this problem, we introduce the concept of ³cancelable  biometrics.´ It consists of an intentional, repeatable distortion of a biometric signal based on a chosen transform. The biometric signal is distorted in the same fashion at each   presentation, for enrollment and for every authentication. With this approach, every instance of enrollment can use a different transform thus rendering cross matching impossible. Furthermore, if one variant of the transformed biometric data is compromised, then the transform function can simply be changed to create a new variant (transformed representation) for reenrollment as, essentially, a new person. In general, the distortion transforms are selected to be noninvertible. So even if the transform function is known and the resulting transformed biometric data are known, the original (undistorted) biometrics cannot be recovered. The techniques presented here for transforming biometric signals differ from simple compression using signal or image processing techniques. While compression of  the signal causes it to lose some of its spatial domain characteristics, it strives to preserve the overall geometry. That is, two points in a biometric signal before compression are

27

 

Biometrics Based Authentication Systems

Seminar Report¶07

likely to remain at comparable distance when decompressed. This is usually not the case with our distortion transforms. Our technique also differs from encryption. The purpose of encryption is to allow a legitimate party to regenerate the original signal. In contrast, distortion transforms permanently obscure the signal in a noninvertible manner.

When employing cancelable biometrics, there are several places where the transform, its parameters, and identification templates could be stored. This leads to a  possible distributed process model as shown in Figure 11.1. The ³merchant´ is where the  primary interaction starts in our model. Based on the customer ID, the relevant transform is first pulled from one of the transform databases and applied to the biometrics. The resulting distorted biometrics is then sent for authentication to the ³authorization´ server. Once the user¶s identity has been confirmed, the transaction is finally passed on to the relevant commercial institution for processing. Note that an individual user may be subscribed to multiple services, such as e-commerce merchants or banks. The authentication for each transaction might be performed either by the service provider  itself, or by an independent third party. Similarly, the distortion transform might be managed either by the authenticator or by still another independent agency. Alternatively, for the best privacy the transform might remain solely in the possession of the user, stored, say, on a smart card. If the card is lost or stolen, the stolen transform applied to another person¶s biometrics will have very little impact. However, if the transform is applied to a stored original biometrics signal of the genuine user, it will match against the stored template of the person. Hence ³liveness´ detection techniques should be added to  prevent such misuse.

28

 

Biometrics Based Authentication Systems

Seminar Report¶07

Vulnerable Points of a Biometric System A generic biometric system can be cast in the framework of a pattern recognition system. The stages of such a generic system are shown in Figure 12.1.

Figure 12.1 Possible attack points in a generic biometrics-based biometr ics-based system

The first stage involves biometric signal acquisition from the user (e.g., the inkless fingerprint scan). The acquired signal typically varies significantly from   presentation to presentation; hence, pure pixel-based matching techniques do not work  reliably. For this reason, the second signal processing stage attempts to construct a more invariant representation of this basic input signal (e.g., in terms of fingerprint minutiae). The invariant representation is often a spatial domain characteristic or a transform (frequency) domain characteristic, depending on the particular biometric.

During enrollment of a subject in a biometric authentication system, an invariant template is stored in a database that represents the particular individual. To authenticate the user against a given ID, the corresponding template is retrieved from the database and matched against the template derived from a newly acquired input signal. The matcher 

29

 

Biometrics Based Authentication Systems

Seminar Report¶07

arrives at a decision based on the closeness of these two templates while taking into account geometry, lighting, and other signal acquisition variables. Note that password based authentication systems can also be set in this framework. The keyboard beco becomes mes the input device. The password encrypted can be viewed as the feature extractor and the comparator as the matcher. The template database is equivalent to the encrypted  password database. There are eight places in the generic biometric system of Figure 12.1 where attacks may occur. The numbers in Figure 12.1 correspond to the items in the following list. 1. Presenting fake biometrics at the sensor: In this mode of attack, a possible reproduction of the biometric feature is presented as input to the system. Examples include a fake finger, a copy of a signature, or a facemask. 2. Resubmitting previously stored digitized biometrics signals: In this mode of attack, a recorded signal is replayed to the system, bypassing the sensor. Examples include the   presentation of an old copy of a fingerprint image or the presentation of a previously recorded audio signal. 3. Overriding the feature extraction process: The feature extractor is attacked using a Trojan horse, so that it produces feature sets preselected by the intruder. 4. Tampering with the biometric feature representation: The features extracted from the input signal are replaced with a different, fraudulent feature set (assuming the representation method is known). Often the two stages of feature extraction and matcher  are inseparable and this mode of attack is extremely difficult. However, if minutiae are transmitted to a remote matcher (say, over the Internet) this threat is very real. One could ³snoop´ on the TCP/IP (Transmission Control Protocol/Internet Protocol) stack and alter  certain packets. 5. Corrupting the matcher: The matcher is attacked and corrupted so that it produces  preselected match scores. 6. Tampering with stored templates: The database of stored templates could be either  local or remote. The data might be distributed over several servers. Here the attacker  could try to modify one or more templates in the database, which could result either in authorizing a fraudulent individual or denying service to the persons associated with the

30

 

Biometrics Based Authentication Systems

Seminar Report¶07

corrupted template. A smart card-based authentication system, where the template is stored in the smart card and presented to the authentication system, is particularly vulnerable to this type of attack. 7. Attacking the channel between the stored templates and the matcher: The stored templates are sent to the matcher through a communication channel. The data traveling through this channel could be intercepted and modified. 8. Overriding the final decision: If the final match decision can be overridden by the hacker, then the authentication system has been disabled. Even if the actual pattern recognition framework has excellent performance characteristics, it has been rendered useless by the simple exercise of overriding the match result.

There exist several security techniques to thwart attacks at these various points. For instance, finger conductivity or fingerprint pulse at the sensor can stop simple attacks at point 1. Encrypted communication channels can eliminate at least remote attacks at  point 4. However, even if the hacker cannot penetrate the feature extraction module, the system is still vulnerable. The simplest way to stop attacks at points 5, 6, and 7 is to have the matcher and the database reside at a secure location. Of course, even this cannot  prevent attacks in which there is collusion. Use of cryptography prevents attacks at point 8. It is observed that the threats outlined in Figure 12.1 are quite similar to the threats to  password-based authentication systems. For instance, all the channel attacks are similar. One difference is that there is no ³fake password´ equivalent to the fake biometric attack  at point 1 (although, perhaps if the password was in some standard dictionary it could be deemed ³fake´). Furthermore, in a password- or token-based authentication system, no attempt is made to thwart replay attacks (since there is no expected variation of the ³signal´ from one presentation to another). However, in an automated biometric-based authentication system, one can check the liveness of the entity originating the input signal.

31

 

Biometrics Based Authentication Systems

Seminar Report¶07

Applications There are many concerning potential biometric applications, some popular  examples being;

13.1

ATM MACHINE USE.

Most of the leading banks have been experimenting with biometrics of ATM machines use and as general means of combining card fraud. Surprisingly, these experiments have rarely consisted of carefully integrated devices into a common process, as could be achieved with certain biometric devices. Previous comments in this paper  concerning user psychology come to mind here one wonder why we have not seen a more  professional and carefully considered implementation from this sector. The banks will of  course have a view concerning the level of fraud and cost of combating it via technology solutions such as biometrics. They will also express concern about potentially alienating customers with such as approach. However, it still surprises many in the biometric industry that the banks and financial institutions have so far failed to embrace this technology with any enthusiasm.

13.2 WORKSTATION AND NETWORK ACCESS

For a long time this was an area often discussed but rarely implemented until recent developments saw the unit price of biometric devices fall dramatically as well as several designs aimed squarely at this application. In addition, with household names such as Sony, Compaq, KeyTronics, Samsung and others entering the market, these devices appear almost as a standard computer peripheral. Many are viewing this as the application, which will provide critical mass for biometric industry and create the transition between sci-fi device to regular systems component, thus raising public awareness and lowering resistance to the use u se of biometrics in general.

32

 

Biometrics Based Authentication Systems 13.3

Seminar Report¶07

TRAVELS AND TOURISM

There are many in this industry who have the vision of a multi application card for travelers which, incorporating a biometric, would enable them to participate in various frequent flyer and border controls systems as well as paying for their air ticket, hotel rooms, hire care etc, all with one convenient token. Technically this is eminently possible, but from a political and commercial point of view there are many issues to resolve, not the least being who would own the card, be responsible for administration and so on. These may not be insurmountable problems and   perhaps we may see something along these lines emerge. A notable challenge in this respect would be packaging such an initiative in a way that would be truly attractive for  users.

13.4

INTERNET TRANSACTIONS

Many immediately of think of on line transactions as being an obvious area for    biometrics, although there are some significant issues to consider in this context. Assuming device cost could be brought down to level whereby a biometric (and perhaps chip card) reader could be easily incorporated into a standard build PC, we still have the   problem of authenticated enrollment and template management, although there are several approaches one could take to that. Of course, if your credit already incorporated a   biometric this would simplify things considerably. It is interesting to note that certain device manufactures have collaborated with key encryption providers to provide an enhancement to their existing services. Perhaps we shall see some interesting developments in this area in the near future.

13.5

Telephone Transactions.

  No doubt many telesales and call center managers have pondered the use of   biometrics. It is an attractive possibility to consider, especially for automated processes. However, voice verification is a difficult area of biometrics, especially if one does not have direct control over the transducers, as indeed you wouldn¶t when dealing with the general public. The variability of telephone handsets coupled to the variability of line quality and the variability of user environments presents a significant challenge to voice

33

 

Biometrics Based Authentication Systems

Seminar Report¶07

verification technology, and that is before you even consider the variability in understanding among users. The technology can work well in controlled closed loop conditions but is extraordinarily difficult to implement on anything approaching appro aching a large scale. Designing in the necessary error correction and fallback procedures to automated systems in a userfriendly manner is also not a job for the faint hearted. Perhaps we shall see further  developments, which will largely overcome these problems. Certainly there is a commercial incentive to do so and I have no doubt that much research is under way in this respect.

13.6

Public Identity Cards.

A biometric incorporated into a multi purpose public ID cards would be useful in a number of scenarios if one could win public support for such a scheme. Unfortunately, in this country as in others there are huge numbers of individuals who definitely do not want to be identified. This ensures that any such proposal would quickly become a  political hot potato and a nightmare for the minister concerned. You may consider this a shame or a good thing, depending on your point of view. From a dispassionate technology perspective it represents something of a lost opportunity, but this is of course nothing new. It¶s interesting that certain local authorities in the UK have issued µcitizen¶ cards with which named cardholders can receive various benefits including discounts at local stores and on certain services. These do not seem to have seriously challenged, even though they are in effect an ID card.

34

 

Biometrics Based Authentication Systems

Seminar Report¶07

Conclusion

The ultimate form of electronic verification of a person¶s identity is   biometrics; using a physical attribute of the person to make a positive identification. People have always used the brain¶s innate ability to recognize a familiar face and it has long been known that a person¶s fingerprints can be used for identification. The challenge has been to turn these into electronic processes that are inexpensive and easy to use.

Banks and others who have tested biometric-based security on their  clientele, however, say consumers overwhelmingly have a pragmatic response to the technology. Anything that saves the information-overloaded citizen from having to remember another password or personal identification number comes as a welcome respite.

Biometrics can address most of the security needs, but at what cost? Surprisingly, the benefits quickly outweigh the costs. Like so many technological developments, innovative people have found new ways to implement biometric systems, so prices have come down dramatically in the last year or two. As prices have come down, the interest level and the knowledge about how to effectively utilize these systems have increased. So the investment is decreasing and the recognizable benefits are increasing. Biometrics, when properly implemented, not only increase security but also often are easier to use and less costly to administer  than the less secure alternatives. Biometrics can¶t be forgotten or left at home and they don¶t have to be changed periodically like passwords.

35

 

Biometrics Based Authentication Systems

Seminar Report¶07

Bibliography

1.  R. Germain, A. Califano, and S. Colville, ³Fingerprint Matching Using Transformation Parameter Clustering,´  IEEE  C omputational  omputational  S cience cience  and    E ngineering  ngineering  4, No. 4, 42±49 (2004). 2.  L. O¶Gorman, ³Practical Systems for Personal Fingerprint Authentication,´  IEEE   C omputer 33, omputer  33, No. 2, 58±60 (2004). 3.   N. K. Ratha and R. M. Bolle, ³Smart Card Based Authentication,´ in  Biometrics:  ersonal    I dentification dentification  in   N etworked  etworked  S ociety, ociety, A. K. Jain, R. M. Bolle, and S.  P ersonal  Pankanti, Editors, Kluwer Academic Press, Boston, MA (2003), pp. 369±384. 4.  T. Rowley, ³Silicon Fingerprint Readers: A Solid State Approach to Biometrics,´  P roceedings roceedings  of    the C ardTech/  ardTech/ S S ecureTech e  cureTech C onference, onference, CardTech/SecureTech, Bethesda, MD(2003), pp. 152±159. 5.  The Biometric Consortium (ND).  I ntroduction ntroduction  to  Biometrics December 11, 2003 http://www.biometrics.org/html/ .biometrics.org/html/introduction.ht introduction.html ml. from URL http://www

6.  B. Miller, ³Vital Signs of Identity,´  IEEE  S  pectrum 31, No.2, 22±30 (2003). 7.  B. Schneier, ³The Uses and Abuses of Biometrics,´ 42, No. 8, 136 (2002).

ommunications  of    the ACM  C ommunications

8. W. Bender, D. Gruhl, N. Morimoto, and A. Lu, ³Techniques for Data Hiding,´  I  B M S   ystems J ournal 35, ournal  35, Nos. 3&4, 313±336 (2003 ). 9. Biometric Digest -http://biometrics.cse.msu.edu -http://biometrics.cse.msu.edu  10. Biometric Consortium - http://www.biometricgroup.com

36

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close