bacaartikeldisiniaja -- Biometrics refers to the identification of individuals based on their unique physiological and/or behavioral characteristics. These characteristics are unique to each individual, making biometrics more reliable and stronger than traditional token- and knowledge-based technologies that distinguish between authorized and unauthorized individuals. This white paper discusses common biometric technologies, their strengths and weaknesses, security issues, and their applications in today's everyday life.
Foreword:
“Biometrics” is an automated method of recognizing individuals based on their physical or behavioral characteristics. Common commercial examples include fingerprints, faces, irises, hand shapes, voices, and dynamic signatures. These and many others are in various stages of development and/or deployment. “the best” varies greatly from application to application. These methods of identification are preferred over the traditional method of using passwords and PIN numbers for several reasons.
(i) the identified person must be physically present at the location of identification; (ii) identification based on biometric technology eliminates the need to remember passwords or carry tokens; Biometric recognition is available in identification mode. In this case, the biometric system identifies individuals across the enrolled population by searching matching databases.
Biometric system:
All biometric systems consist of three basic elements:
The process of collecting a biometric sample from an individual, known as an enrollment or enrollee, and generating a template. A template or data representing the biometrics of the enrollee.
Matching, or the process of comparing a live biometric sample to one or more templates in a system's database.
admission
Enrollment is an important first phase of biometric authentication as it generates the template used for all subsequent matching. The device typically takes her three samples of the same biometric data and averages them to create an enrollment template. Enrollment is complicated because the performance of many biometric systems is dependent on the user’ be familiar with the biometric device as enrollment is usually the first time the user touches the device. Environmental conditions also affect registration. Registration should be on terms similar to those expected in the normal matching process. For example, when using speech verification in an environment with background noise, the system's ability to match speech against pre-trained templates relies on templates captured in the same environment. In addition to user and environmental issues, biometrics themselves change over time. Many biometric systems take these changes into account through continuous averaging. Templates are averaged and updated each time a user attempts to authenticate.
template
The biometric device creates a template as data representing the biometrics of the enrollee. This device uses a unique algorithm to extract “Features”. Match this biometric from a sample of enrollees. A template is simply a record for distinguishing a person's biometric traits or traits, sometimes called minutiae. For example, templates are not actual fingerprints or voice images or recordings. Basically, a template is a numerical representation of important points taken from a person's body. Templates typically use less computer memory, allowing for the rapid processing characteristic of biometrics. The template should be stored somewhere so that subsequent templates created when a user attempts to access the system using the sensor can be compared. Some biometrics experts argue that it is impossible to reverse engineer or reproduce an individual's imprint or image from his biometric template.
Appropriate
Matching is comparing two templates. Compare the template created during registration (or the template created in a previous session, if continuously updated) with the template created in “ was created
Failure to enroll.
False match.
False nonmatch.
Failure to enroll (or acquire) is the failure of the technology to extract distinguishing features appropriate to that technology. For example, a small percentage of the population fails to enroll in fingerprint-based biometric authentication systems. Two reasons account for this failure: the individual’s fingerprints are not distinctive enough to be picked up by the system, or the distinguishing characteristics of the individual’s fingerprints have been altered because of the individual’s age or occupation, e.g., an elderly bricklayer. In addition, the possibility of a false match (FM) or a false nonmatch (FNM) exists.
These two terms are frequently misnomered “false acceptance” and “false rejection,” respectively, but these terms are application-dependent in meaning. FM and FNM are application-neutral terms to describe the matching process between a live sample and a biometric template. A false match occurs when a sample is incorrectly matched to a template in the database (i.e., an imposter is accepted). A false non-match occurs when a sample is incorrectly not matched to a truly matching template in the database (i.e., a legitimate match is denied). Rates for FM and FNM are calculated and used to make tradeoffs between security and convenience. For example, a heavy security emphasis errs on the side of denying legitimate matches and does not tolerate acceptance of imposters. A heavy emphasis on user convenience results in little tolerance for denying legitimate matches but will tolerate some acceptance of imposters.
BIOMETRIC TECHNOLOGIES:
The function of a biometric technologies authentication system is to facilitate controlled access to applications, networks, personal computers (PCs), and physical facilities. A biometric authentication system is essentially a method of establishing a person’s identity by comparing the binary code of a uniquely specific biological or physical characteristic to the binary code of an electronically stored characteristic called a biometric.
The defining factor for implementing a biometric authentication system is that it cannot fall prey to hackers; it can’t be shared, lost, or guessed. Simply put, a biometric authentication system is an efficient way to replace the traditional password based authentication system. While there are many possible biometrics, at least eight mainstream biometric authentication technologies have been deployed or pilot-tested in applications in the public and private sectors and are grouped into two as given,
Contact Biometric Technologies
fingerprint,
hand/finger geometry,
dynamic signature verification, and
keystroke dynamics
Contactless Biometric Technologies
facial recognition,
voice recognition
iris scan,
retinal scan,
CONTACT BIOMETRIC TECHNOLOGIES:
For the purpose of this study, a biometric technology that requires an individual to make direct contact with an electronic device (scanner) will be referred to as a contact biometric. Given that the very nature of a contact biometric is that a person desiring access is required to make direct contact with an electronic device in order to attain logical or physical access. Because of the inherent need of a person to make direct contact, many people have come to consider a contact biometric to be a technology that encroaches on personal space and to be intrusive to personal privacy.
Fingerprint
The fingerprint biometric is an automated digital version of the old ink-and-paper method used for more than a century for identification, primarily by law enforcement agencies. The biometric device involves users placing their finger on a platen for the print to be read. The minutiae are then extracted by the vendor’s algorithm, which also makes a fingerprint pattern analysis. Fingerprint template sizes are typically 50 to 1,000 bytes. Fingerprint biometrics currently have three main application arenas: large-scale Automated Finger Imaging Systems (AFIS) generally used for law enforcement purposes, fraud prevention in entitlement pro-grams, and physical and computer access.
Hand/Finger Geometry
Hand or finger geometry is an automated measurement of many dimensions of the hand and fingers. Neither of these methods takes actual prints of the palm or fingers. Only the spatial geometry is examined as the user puts his hand on the sensor’s surface and uses guiding poles between the fingers to properly place the hand and initiate the reading. Hand geometry templates are typically 9 bytes,
and finger geometry templates are 20 to 25 bytes. Finger geometry usually measures two or three fingers. Hand geometry is a well-developed technology that has been thoroughly field-tested and is easily accepted by users.
Dynamic Signature Verification
Dynamic signature verification is an automated method of examining an individual’s signature. This technology examines such dynamics as speed, direction, and pressure of writing; the time that the stylus is in and out of contact with the “paper”; the total time taken to make the signature; and where the stylus is raised from and lowered onto the “paper.” Dynamic signature verification templates are typically 50 to 300 bytes.
Keystroke Dynamics
Keystroke dynamics is an automated method of examining an individual’s keystrokes on a keyboard. This technology examines such dynamics as speed and pressure, the total time of typing a particular password, and the time a user takes between hitting certain keys. This technology’s algorithms are still being developed to improve robustness and distinctiveness. One potentially useful application that may emerge is computer access, where this biometric could be used to verify the computer user’s identity continuously.
CONTACTLESS BIOMETRIC TECHNOLOGIES:
A contactless biometric can either come in the form of a passive (biometric device continuously monitors for the correct activation frequency) or active (user initiates activation at will) biometric. In either event, authentication of the user biometric should not take place until the user voluntarily agrees to present the biometric for sampling. A contactless biometric can be used to verify a persons identity and offers at least two dimension that contact biometric technologies cannot match. A contactless biometric is one that does not require undesirable contact in order to extract the required data sample of the biological characteristic and in that respect a contactless biometric is most adaptable to people of variable ability levels.
Facial Recognition
Facial recognition records the spatial geometry of distinguishing features of the face. Different vendors use different methods of facial recognition, however, all focus on measures of key features. Facial recognition templates are typically 83 to 1,000 bytes. Facial recognition technologies can encounter performance problems stemming from such factors as no cooperative behavior of the user, lighting, and other environmental variables. Facial recognition has been used
in projects to identify card counters in casinos, shoplifters in stores, criminals in targeted urban areas, and terrorists overseas.
Voice Recognition
Voice or speaker recognition uses vocal characteristics to identify individuals using a pass-phrase. Voice recognition can be affected by such environmental factors as background noise. Additionally it is unclear whether the technologies actually recognize the voice or just the pronunciation of the pass-phrase (password) used. This technology has been the focus of considerable efforts on the part of the telecommunications industry and NSA, which continue to work on
improving reliability. A telephone or microphone can serve as a sensor, which makes it a relatively cheap and easily deployable technology.
Iris Scan
Iris scanning measures the iris pattern in the colored part of the eye, although the iris color has nothing to do with the biometric. Iris patterns are formed randomly. As a result, the iris patterns in your left and right eyes are different, and so are the iris patterns of identical-cal twins. Iris scan templates are typically around 256 bytes. Iris scanning can be used quickly for both identification and verification
Applications because of its large number of degrees of freedom. Current pilot programs and applications include ATMs (“Eye-TMs”), grocery stores (for checking out), and the few International Airports (physical access).
Retinal Scan
Retinal scans measure the blood vessel patterns in the back of the eye. Retinal scan templates are typically 40 to 96 bytes. Because users perceive the technology to be somewhat intrusive, retinal scanning has not gained popularity with end-users. The device involves a light source shined into the eye of a user who must be standing very still within inches of the device. Because the retina can change with certain medical conditions, such as pregnancy, high blood pressure, and AIDS, this biometric might have the potential to reveal more information than just an individual’s identity.
Emerging biometric technologies:
Many inventors, companies, and universities continue to search the frontier for the next biometric that shows potential of becoming the best. Emerging biometric is a biometric that is in the infancy stages of proven technological maturation. Once proven, an emerging biometric will evolve in to that of an established biometric. Such types of emerging technologies are the following:
Brainwave Biometric
DNA Identification
Vascular Pattern Recognition
Body Odor Recognition
Fingernail Bed Recognition
Gait Recognition
Handgrip Recognition
Ear Pattern Recognition
Body Salinity Identification
Infrared Fingertip Imaging & Pattern Recognition
SECURITY ISSUES:
The most common standardized encryption method used to secure a company’s infrastructure is the Public Key Infrastructure (PKI) approach. This approach consists of two keys with a binary string ranging in size from 1024-bits to 2048-bits, the first key is a public key (widely known) and the second key is a private key (only known by the owner). However, the PKI must also be stored and inherently it too can fall prey to the same authentication limitation of a password, PIN, or token. It too can be guessed, lost, stolen, shared, hacked, or circumvented; this is even further justification for a biometric authentication system. Because of the structure of the technology industry, making biometric security a feature of embedded systems, such as cellular phones, may be simpler than adding similar features to PCs. Unlike the personal computer, the cell phone is a fixed-purpose device. To successfully incorporate Biometrics, cell-phone developers need not gather support from nearly as many groups as PC-application developers must.
Security has always been a major concern for company executives and information technology professionals of all entities. A biometric authentication system that is correctly implemented can provide unparalleled security, enhanced convenience, heightened accountability, superior fraud detection, and is extremely effective in discouraging fraud. Controlling access to logical and physical assets of a company is not the only concern that must be addressed. Companies, executives, and security managers must also take into account security of the biometric data (template). There are many urban biometric legends about cutting off someone finger or removing a body part for the purpose of gain access.
This is not true for once the blood supply of a body part is taken away, the unique details of that body part starts to deteriorate within minutes. Hence the unique details of the severed body part(s) is no longer in any condition to function as an acceptable input for scanners. The best overall way to secure an enterprise infrastructure, whether it be small or large is to use a smart card. A smart card is a portable device with an embedded central processing unit (CPU). The smart card can either be fashioned to resemble a credit card, identification card, radio frequency identification (RFID), or a Personal Computer Memory Card International Association (PCMCIA) card. The smart card can be used to store data of all types,
but it is commonly used to store encrypted data, human resources data, medical data, financial data, and biometric data (template). The smart card can be access via a card reader, PCMCIA slot, or proximity reader. In most biometric-security applications, the system itself determines the identity of the person who presents himself to the system. Usually, the identity is supplied to the system, often by presenting a machine-readable ID card, and then the system asked to confirm. This problem is "one-to- one matching." Today's PCs can conduct a one-to-one match in, at most, a few seconds. One-to-one matching differs significantly from one-to-many matching. In a system that stores a million sets of prints, a one-to-many match requires comparing the presented fingerprint with 10 million prints (1 million sets times 10 prints/set).
A smart card is a must when implementing a biometric authentication system; only by the using a smart card can an organization satisfy all security and legal requirements. Smart cards possess the basic elements of a computer (interface, processor, and storage), and are therefore very capable of performing authentication functions right on the card. The function of performing authentication within the confines of the card is known as ‘Matching on the Card (MOC)’. From a security prospective MOC is ideal as the biometric template, biometric sampling and associated algorithms never leave the card and as such cannot be intercepted or spoofed by others (Smart Card Alliance). The problem with smart cards is the public-key infrastructure certificates built into card does not solve the problem of someone stealing the card or creating one. A TTP (Trusted Third Party) can be used to verify the authenticity of a card via an encrypted MAC (Media Access Control).
