27-06-2014, 03:20 PM
Biometric Authentication Systems
Biometric Authentication Systems.pdf (Size: 521.27 KB / Downloads: 12)
Introduction
Humans recognize each other according to their various characteristics
for ages. We recognize others by their face when we
meet them and by their voice as we speak to them. Identity verification
(authentication) in computer systems has been traditionally
based on something that one has (key, magnetic or chip card) or
one knows (PIN, password). Things like keys or cards, however,
tend to get stolen or lost and passwords are often forgotten or disclosed.
To achieve more reliable verification or identification we
should use something that really characterizes the given person.
Biometrics offer automated methods of identity verification or
identification on the principle of measurable physiological or behavioral
characteristics such as a fingerprint or a voice sample. The
characteristics are measurable and unique. These characteristics
should not be duplicable, but it is unfortunately often possible to biometrics
create a copy that is accepted by the biometric system as a true
sample. This is a typical situation where the level of security
provided is given as the amount of money the impostor needs to
gain an unauthorized access. We have seen biometric systems
where the estimated amount required is as low as $100 as well as
systems where at least a few thousand dollars are necessary.
What to measure
Most significant difference between biometric and traditional
technologies lies in the answer of the biometric system to an authentication/
identification request. Biometric systems do not give
simple yes/no answers. While the password either is ’abcd’ or not
and the card PIN 1234 either is valid or not, no biometric system
can verify the identity or identify a person absolutely. The person’s not always the
signature never is absolutely identical and the position of the fin- same
ger on the fingerprint reader will vary as well. Instead, we are told
how similar the current biometric data is to the record stored in
the database. Thus the biometric system actually says what is
Biometric techniques
There are lots of biometric techniques available nowadays. A
few of them are in the stage of the research only (e.g. the odor
analysis), but a significant number of technologies is already mature
and commercially available (at least ten different types of biometrics
are commercially available nowadays: fingerprint, finger
geometry, hand geometry, palm print, iris pattern, retina pattern,
facial recognition, voice comparison, signature dynamics and typing
rhythm).
Fingerprint technologies
Fingerprint identification is perhaps the oldest of all the biometric
techniques. Fingerprints were used already in the Old China as
a means of positively identifying a person as an author of the document.
Their use in law enforcement since the last century is well the oldest
known and actually let to an association fingerprint = crime. This
caused some worries about the user acceptance of fingerprint-based
systems. The situation improves as these systems spread around
and become more common.
Fingerprint processing
Fingerprints are not compared and usually also not stored as
bitmaps. Fingerprint matching techniques can be placed into two
categories: minutiae-based and correlation based. Minutiae-based
techniques find the minutiae points first and then map their relative
placement on the finger. Minutiae are individual unique character- minutiae
istics within the fingerprint pattern such as ridge endings, bifurcations,
divergences, dots or islands (see the picture on the following
page). In the recent years automated fingerprint comparisons have
been most often based on minutiae
Retina
Retina scan is
based on the blood
vessel pattern in the
retina of the eye.
Retina scan technology
is older than the
iris scan technology
that also uses a part
of the eye. The first
retinal scanning systems
were launched
by EyeDentify in
1985.
The main drawback of the retina scan is its intrusiveness. The
method of obtaining a retina scan is personally invasive. A laser
light must be directed through the cornea of the eye. Also the operation
of the retina scanner is not easy. A skilled operator is required
and the person being scanned has to follow his/her directions.
A retina scan produces at least the same volume of data as a
fingerprint image. Thus its discrimination rate is sufficient not only high
discrimination
rate
for verification, but also for identification. In the practice, however,
the retina scanning is used mostly for verification. The size of the
eye signature template is 96 bytes.
Hand geometry
Hand geometry is based on the
fact that nearly every person’s hand
is shaped differently and that the
shape of a person’s hand does not
change after certain age. Hand geometry
systems produce estimates
of certain measurements of the hand
such as the length and the width of
fingers. Various methods are used to
measure the hand. These methods
aremost commonly based either on mechanical or optical principle.
The latter ones are much more common today. Optical hand geometry
scanners capture the image of the hand and using the image
edge detection algorithm compute the hand’s characteristics.
There are basically 2 sub-categories of optical scanners. Devices
from the first category create a black-and-white bitmap image
Signature dynamics
The signature dynamics recognition is based on the dynamics
of making the signature, rather than a direct comparison of the signature
itself afterwards. The dynamics is measured as a means of
the pressure, direction, acceleration and the length of the strokes, dynamics
number of strokes and their duration. The most obvious and important
advantage of this is that a fraudster cannot glean any information
on how to write the signature by simply looking at one that
has been previously written
Facial recognition
Facial recognition is the most natural means of biometric identification.
The method of distinguishing one individual from another
is an ability of virtually every human. Until recently the facial
recognition has never been treated as a science. natural
Any camera (with a sufficient resolution) can be used to obtain
the image of the face. Any scanned picture can be used as
well. Generally speaking the better the image source (i.e. camera
or scanner) the more accurate results we get. The facial recognition
systems usually use only the gray-scale information. Colors (if image source
available) are used as a help in locating the face in the image only.
The lighting conditions required are mainly dependent on the quality
of the camera used. In poor light condition, individual features
may not be easily discernible. There exist even infrared cameras
that can be used with facial recognition systems.
Speaker verification
The principle of speaker verification is to analyze the voice of
the user in order to store a voiceprint that is later used for identification/
verification. Speaker verification and speech recognition are
two different tasks. The aim of speech recognition is to find what principle
has been told while the aim of the speaker verification is who told
that. Both these technologies are at the edge between research and
industrial development. Texas Instruments reported their work in
speech verification for access control already in
Acquisition
The current biometric measurements must be obtained for the
system to be able to make the comparison with the master template.
These subsequent acquisitions of the user’s biometric measurements
are done at various places where the authentication of
the user is required. This might be user’s computer in the office, an
ATM machine or a sensor in front of a door. For the best performance
the kind of the input device used at the enrollment and for
the subsequent acquisitions should be the same. Other conditions
of use should also be as similar as possible with the conditions at
the enrollment. These includes the background (face recognition),
the background noise (voice verification) or the moisture (fingerprint).
While the enrollment is usually guided by trained personnel,
the subsequent biometric measurements are most commonly fully
automatic and unattended
Creation of new characteristics
The biometric measurements obtained in the previous step are
processed and new characteristics are created. The process of feature
extraction is basically the same as in the case of the enrollment.
Only a single biometric sample is usually available. This
might mean that the number or quality of the features extracted is
lower than at the time of enrollment
Conclusions
Even if the accuracy of the biometric techniques is not perfect
yet, there are many mature biometric systems available now. Proper
design and implementation of the biometric system can indeed
increase the overall security, especially the smartcard based solutions
seem to be very promising. Making a secure biometric systems
is, however, not as easy as it might appear. The word biometrics
is very often used as a synonym for the perfect security. This is
a misleading view. There are numerous conditions that must be taken
in account when designing a secure biometric system. First, it
is necessary to realize that biometrics are not secrets. This implies be careful
that biometric measurements cannot be used as capability tokens
and it is not secure to generate any cryptographic keys from them.
Second, it is necessary to trust the input device and make the communication
link secure. Third, the input device needs to check the
liveness of the person being measured and the device itself should
be verified for example by a challenge-response protocol