Biometric security Bhagyasree.N,
[email protected] Bhagyasree.N,
[email protected] Abstract Biometrics as a branch of industry, science and technology exists since about 20 years. Its size is about 1 billion Euros. Problems and questions having to do with automatic people recognition are attracting more and more scientists and technician. And, although many devices already exist and/or are being proposed, it is certain that biometrics is still in the early stages of its history. This paper will be an attempt to forecast the future of biometric technologies and applications. As such, we will try to identify and describe both possible markets and new technologies that can already be predicted from present trends. From a legal point of view, this brings about new challenges which go well beyond the problems of authentication as such. While some of the features of the scenarios may not be feasible in the short term, it is apparent that the associated fundamental rights and data protection law problems will have to be addressed in the future. 1. Introduction
The word biometric can be defined as "life - measure." It is used in security and access control applications to mean measurable physical characteristics of a person that can be checked on an automated basis. Although we may think our height, weight, hair color and eye color are all physical characteristics that can easily be checked. However, our height changes with age, our hair color changes naturally (and on purpose),we can wear colored contact lenses that changes our eye color and everyone's weight fluctuates over time. But Biometric data does not change
Security personnel look for biometric data that does not change over the course of your life; that is, they look for physical characteristics that stay constant and that are difficult to fake or change on purpose. What is biometrics?
A biometric characteristic is a general term used to describe a measurable physiological and/or behavioral characteristic that can be used for automated recognition. A biometric system provides an automated method of recognizing an individual based on the individual's biometric characteristics. Biometric modalities commonly implemented or studied include fingerprint, face, iris, voice, signature, vein pattern, and hand geometry . Many other modalities are in various stages of development and assessment. Biometric systems are commonly used to control access to physical assets (laboratories, buildings, cash from ATMs, etc.) or logical information (personal computer accounts, secure electronic documents, etc). Biometric systems can also be used to determine whether or not a person is already in a database , such as for social service or national ID applications. The operation of a biometric system can be described, in a simplified manner, by a three-step process. The first step in this process involves an observation, or collection, of the biometric data. This step uses various sensors, which vary between modality, to facilitate the observation. The second step converts and describes the observed data using a digital representation called a template. This step varies between modalities and also between vendors.
In the third step, the newly acquired template is compared with one or more previously generated templates stored in a database . There is no single biometric modality that is best for all applications. Many factors must be taken into account when implementing a biometric system including location, security risks, task, expected number of users, user circumstances, existing data, etc.
2. Biometric identification systems Biometric identification systems can be grouped based on the main physical characteristic that lends itself to biometric identification:
Fingerprint identification Fingerprint ridges are formed in the womb; we have fingerprints by the fourth month of fetal development. Once formed, fingerprint ridges are like a picture on the surface of a balloon. As the person ages, the fingers get do get larger. However, the relationship between the ridges stays the same, just like the picture on a balloon is still recognizable as the balloon is inflated. Hand geometry Hand geometry is the measurement and comparison of the different physical characteristics of the hand. Although it does not have the same degree of permanence or individuality as some other characteristics, it is still a popular means of biometric authentication. Palm Vein Authentication This system uses an infrared beam to penetrate the users hand as it is waved over the system; the veins within the palm of the user are returned as black lines. Palm vein authentication has a high level of authentication accuracy due to the complexity of vein patterns of the palm. Because the palm vein patterns are internal to the body, this would be a
difficult system to counterfeit. Also, the system is contactless and therefore hygienic for use in public areas. Retina scan A retina scan provides an analysis of the capillary blood vessels located in the back of the eye; the pattern remains the same throughout life. A scan uses a lowintensity light to take an image of the pattern formed by the blood vessels. Iris scan An iris scan provides an analysis of the rings, furrows and freckles in the colored ring that surrounds the pupil of the eye. More than 200 points are used for comparison. All current iris recognition systems use these basic patents, held by Iridian Technologies. Face recognition Facial characteristics (the size and shape of facial characteristics, and their relationship to each other). Although this method is the one that human beings have always used with each other, it is not easy to automate it. Typically, this method uses relative distances between common landmarks on the face to generate a unique "face print." Signature Although the way you sign your name does change over time, and can be consciously changed to some extent, it provides a basic means of identification. Speaker Recognition:
A form of biometric testing that uses an individual’s speech, a feature influenced by both the physical structure of an individual’s vocal tract and the behavioral characteristics of the individual, for recognition purposes. Sometimes referred to as “voice recognition.” "Speech recognition" recognizes the words being said, and is not a biometric technology.
Voice analysis The analysis of the pitch, tone, cadence and frequency of a person’s voice can also be used 3. Characteristics of successful biometric identification methods
The following factors are needed to have a successful biometric identification method:
The physical characteristic should not change over the course of the person's lifetime The physical characteristic must identify the individual person uniquely The physical characteristic needs to be easily scanned or read in the field, preferably with inexpensive equipment, with an immediate result The data must be easily checked against the actual person in a simple, automated way.
Other characteristics that may be helpful in creating a successful biometric identification scheme are:
Ease of use by individuals and system operators The willing (or knowing) participation of the subject is not required Uses legacy data (such as face recognition or voice analysis).
5. Biometrics Algorithm algorithm is A biometrics sequence of instructions that tell a biometric system how to solve a particular problem. Typically, biometric systems use these sequences of rules to interpret data that has been abstracted from the original source. For example, rather than work on fingerprint images directly, biometric systems take from a particular print a set of features that best defines differences between individuals.
An algorithm will have a finite number of steps and is typically used by the biometric engine to compute whether a biometric sample and template are a match. 6. Biometric Match
This is the name given to the decision that a biometric sample and a reference template stored in a biometric database comes from the same human source, based on their high level of similarity. A biometric match may consist of a score which designates the degree of similarity between the sample and the reference template. Typically, a match should never be identical; freshly gathered samples will inevitably vary somewhat from the reference template, due to subtle changes over time and errors in the process of feature extraction. The sample must score above the predetermined biometric match threshold.
4. Biometric Data 7. Biometric Sample
A general phrase for computer data created during a biometric process. It includes raw sensor observations, biometric samples, models, templates and/or similarity scores. Biometric data is used to describe the information collected during an enrollment, verification, or identification process, but does not apply to end user information such as user name, demographic information and authorizations.
Information or computer data obtained from a biometric sensor device. Examples are images of a face or fingerprint. Users of biometric identification systems sometimes refer to an "attempt" when talking about gathering a sample. In this context, "attempt" just refers to the submission of a single set of biometric sample to a biometric system for
identification or verification. For security reasons, some biometric systems will not permit more than one attempt to identify or verify an individual. 8. Biometric System
"Biometric system " refers to the various individual components (like sensors, matching algorithm, and result display) that combine to make an operational biometric system. A biometric system is an automated system capable of: 1. Capturing a biometric sample from an end user 2. Extracting and processing the biometric data from that sample 3. Storing the extracted information in a database 4. Comparing the biometric data with data contained in one or more reference references 5. Deciding how well they match and indicating whether or not an identification or verification of identity has been achieved. A biometric system may be a component of a larger system 9. Common Biometric Format (CBEFF)
Exchange
File
direct response from the individual. The response gathered can be either voluntary or involuntary. In a voluntary response, the end user will consciously react to something that the system presents. In an involuntary response, the end user's body automatically responds to a stimulus. A challenge response can be used to protect the system against attacks. 11. Threshold
A user sets it for biometric systems operating in the verification or open-set identification (watch list) tasks. 12. Biometric feature extraction
is the process by which key features of the sample are selected or enhanced. Typically, the process of feature extraction relies on a set of algorithms; the method varies depending on the type of biometric identification used. Here are some examples of biometric feature extraction:
A standard that provides the ability for a system to identify, and interface with, multiple biometric systems, and to exchange data between system components.
A fingerprint feature extraction program will locate, measure and encode ridge edgings and bifurcations in the print. A voice recording may filter out particular frequencies and patterns. A digital picture may pull out particular measurements, like the relative positions of the ears, forehead, cheekbones and nose. Iris prints will encode the mapping of furrows and striations in the iris.
10. Challenge Response 13. Live Biometric Capture
In biometric identification systems, challenge/response is a method used to confirm the presence of a person by getting some form of
A "live biometric capture" refers to a device that obtains biometric information immediately,
typically in a digital comparison to a database.
format,
ready
for
Here are some examples of live biometric capture:
A fingerprint capture device that electronically captures fingerprint images using a sensor (rather than scanning ink based fingerprint images from a card, or attempting to scan images lifted from a surface). An iris or retinal scanner that immediately provides appropriate information for database comparison. A digital photograph of the person's face.
14. Liveness Detection
"Liveness detection" is a biometric capture technique used to ensure that the biometric sample submitted is from an end user. A liveness detection method can help protect the system against some types of spoofing attacks. Automated Biometric Identification System (ABIS) is a Department of Defense (DOD) system patterned on the successful Integrated Automated Fingerprint Identification System (IAFIS). The intent of the system is to enable military agencies to conduct automated fingerprint searches, store images electronically, and exchange fingerprints on a 24-hour daily basis.
The system includes mandatory collection of ten rolled fingerprints, a minimum of five mug shots from varying angles, and an oral swab to collect DNA. "Automated Biometric Identification System" is also used as a generic term in the biometrics community to discuss a biometric system.
system, allowing the entrance only to those persons who know a specific code, own a card or have determined physic marks. When a new authentication system is implanted, it is essential a judgment between simplicity, price and efficiency, as well as social acceptability. The password method is the cheapest and simplest technology, because it only requires elementary software resources. The Smart Cards are very useful since they can be easily combined with other authentication systems, serving as storage system.Besides, sometimes they are combined with cryptography methods, which makes them more difficult (more expensive) to implement. The Digital Signature is very difficult to falsify, since is encrypted by complicated mathematic operations. It is considered that is even less falsifiable than the manual signature recognition (although this last is already enough trustworthy). The advantage that Biometrics presents is that the information is unique for each individual and that it can identify the individual in spite of variations in the time (it does not matter if the first biometric sample was taken year ago). The pillars of e-learning security are: authentication, privacy (data confidentiality) authorization (access control), data integrity and non-repudiation. Biometric is a technique that can provide all this requirements with quite lot reliability.
15. New possible markets of biometrics are:
Authentication Access and attendance control
Travel control
Each one of the Technologies used in our days bring us a manner to restrict the access to a
Financial and other transactions requiring authorization Remote voting (authorization). Use of automatic working devices.
E.Pressure (tactile) sensors
16. Technologies for biometric devices
Such sensors are used for fingerprint recognition, but also for movement tracking (for example signature recognition). All such techniques can allow to analyze the internal body structures.
A. Optical technologies
F.Magnetic fields
Such technologies are used in fingerprint, hand shape, face, iris, veins and also in all other cases, where optical parameters are interesting. Special case is iris and retina recognition – there is no other possibility to make contact less iris or retina recognition. Another special case are techniques for remote temperature sensing. This can be done only with infrared cameras.
Magnetic fields are especially interesting in connection with tomography. It is a technology that from today’s point of view can be considered as unrealistic, but further development of it can cause that especially for the investigation of body parts, such as finger or hands the use of it cannot be excluded.
B.Acoustical technologies
Man’s body is surely reacting to electric fields and creating them. Both phenomena can be used for recognition. Today it is only partially the case in capacitive fingerprint sensors, but there are much more possibilities that can be used.
Action control.
Presently the only acoustical technologies that are available are used for voice recognition. Ultrasound technologies are also in use for biometric applications, but on a very limited scale. C.Microwaves
As far as I know, they are not used in biometric devices now, but especially THz- waves can be used in the future. The ability of this waves to propagate through clothes can allow to use them for body shape recognition. Microwaves are also used for movement tracking.
G.Electric fields
H.Chemical emissions
Each living body produces streams of particles, which can be analyzed from the chemical point of view. This is the case with odor, and especially with particles that contains DNA or RNA strains. Disadvantage can be the ease to fool such techniques. But especially odor detection can be useful for example for tracking purposes
D.Capacitive sensors
Already used or proposed techniques are: Sensors reacting to local capacity changes are used for finger recognition. It is possible to use capacity sensors for tracking movements.
a)Fingerprints or other elements of finger, such as veins inside. b)Palms, its prints and/or the whole hand
c)Signature, measures behavioral attributes, such as pressure, stroke and time
m) EEG We can also use
d)Keystroke, art of typing. n)Body shape recognition. e)Voice. f)Iris, retina, features of eye movements. g)Face, head – its shape, specific movements.
o)Investigation of internal structure of body parts and its living structures.
h)Other elements of head, such as ears, lip prints.
p) Analysis of other electrical and magnetic fields, created by man’s body or of its reactions to such fields.
i) Gait, unique manner of walking, such as pace, width of steps and peculiar gait.
q)Analysis of face and head vibrations during speaking.
j) Odor.
New technological Developments include recognition of Fingerprints on Baggage and Freight, CCTV, behavioral Pattern Analysis, and Identification.
k) DNA. l) ECG
Reference: Books and journals:
[1] Hakin9 [2] Biometric Technologies and Verification Systems [3] Face biometrics for personal identification Websites:
[1] [2] [3] [4] [5] [6] [7]
www.findbiometrics.com www.technovelgy.com www.webopedia.com www.searchsecurity.techtarget.com www.blog.protogenist.com www.en.wikipedia.org www.ieee.org