Jump to content

Biometrics

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by MFZBCN (talk | contribs) at 10:56, 6 August 2012 (→‎See also). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

For the academic journal of statistics in biology, see Biometrics (journal). For the application of statistics to topics in biology, see Biostatistics.
At Walt Disney World in Lake Buena Vista, Florida, biometric measurements are taken from the fingers of guests to ensure that a ticket is used by the same person from day to day

Biometrics (or biometric authentication)[note 1] refers to the identification of humans by their characteristics or traits. Computer science, biometrics to be specific, is used as a form of identification and access control.[1] It is also used to identify individuals in groups that are under surveillance.

Biometric identifiers are the distinctive, measurable characteristics used to label and describe individuals.[2] The two categories of biometric identifiers include physiological and behavioral characteristics.[3] A physiological biometric would identify by one's voice, DNA, hand print or behavior. Behavioral biometrics are related to the behavior of a person, including but not limited to: typing rhythm, gait, and voice.[note 2] Some researchers have coined the term behaviometrics to describe the latter class of biometrics.[4]

More traditional means of access control include token-based identification systems, such as a driver's license or passport, and knowledge-based identification systems, such as a password or personal identification number.[2] Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods, however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.[2][5]

Biometric functionality

Many different aspects of human physiology, chemistry or behavior can be used for biometric authentication. The selection of a particular biometric for use in a specific application involves a weighting of several factors. Jain et al. (1999)[6] identified seven such factors to be used when assessing the suitability of any trait for use in biometric authentication. Universality means that every person using a system should possess the trait. Uniqueness means the trait should be sufficiently different for individuals in the relevant population such that they can be distinguished from one another. Permanence relates to the manner in which a trait varies over time. More specifically, a trait with 'good' permanence will be reasonably invariant over time with respect to the specific matching algorithm. Measurability (collectability) relates to the ease of acquisition or measurement of the trait. In addition, acquired data should be in a form that permits subsequent processing and extraction of the relevant feature sets. Performance relates to the accuracy, speed, and robustness of technology used (see performance section for more details). Acceptability relates to how well individuals in the relevant population accept the technology such that they are willing to have their biometric trait captured and assessed. Circumvention relates to the ease with which a trait might be imitated using an artifact or substitute.

No single biometric will meet all the requirements of every possible application.[6]

The basic block diagram of a biometric system

A biometric system can operate in the following two modes.[3] In verification mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be. Three steps involved in person verification.[7] In the first step, reference models for all the users are generated and stored in the model database. In the second step, some samples are matched with reference models to generate the genuine and impostor scores and calculate the threshold. Third step is the testing step. This process may use a smart card, username or ID number (e.g. PIN) to indicate which template should be used for comparison.[note 3] 'Positive recognition' is a common use of verification mode, "where the aim is to prevent multiple people from using same identity".[3]

In Identification mode the system performs a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown individual. The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. Identification mode can be used either for 'positive recognition' (so that the user does not have to provide any information about the template to be used) or for 'negative recognition' of the person "where the system establishes whether the person is who she (implicitly or explicitly) denies to be".[3] The latter function can only be achieved through biometrics since other methods of personal recognition such as passwords, PINs or keys are ineffective.

The first time an individual uses a biometric system is called enrollment. During the enrollment, biometric information from an individual is captured and stored. In subsequent uses, biometric information is detected and compared with the information stored at the time of enrollment. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and the system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block necessary features are extracted. This step is an important step as the correct features need to be extracted in the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of the relevant characteristics extracted from the source. Elements of the biometric measurement that are not used in the comparison algorithm are discarded in the template to reduce the filesize and to protect the identity of the enrollee[citation needed].

If enrollment is being performed, the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area)[citation needed]. Selection of biometrics in any practical application depending upon the characteristic measurements and user requirements.[7] We should consider Performance, Acceptability, Circumvention, Robustness, Population coverage, Size, Identity theft deterrence in selecting a particular biometric.Selection of biometric based on user requirement considers Sensor availability, Device availability, Computational time and reliability, Cost, Sensor area and power consumption

Multimodal biometric system

Multimodal biometric fuse the information obtained from different sources to overcome the limitations of unimodal biometric systems. From the point of integration mode, Multimodal Biometric System can operate in one of the different modes: Serial, parallel, hierarchical, pipelining, or sequential approach with reject option.[7] Broadly, the information fusion is divided into three parts, pre-mapping fusion, midst-mapping fusion, and post-mapping fusion/late fusion.In pre-mapping fusion information can be combined at sensor level or feature level. Sensor-level fusion can be mainly organized in three classes: (1) single sensor-multiple instances, (2) intra-class multiple sensors, and (3) inter-class multiple sensors.[7] Feature-level fusion can be mainly organized in two categories: (1) intra-class and (2) inter-class.[7] Intra-class is again classified into four subcategories: (a) Same sensor-same features, (b) Same sensor-different features, (c) Different sensors-same features, and (d) Different sensors-different features.

Performance

The following are used as performance metrics for biometric systems:[8]

  • false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. In case of similarity scale, if the person is imposter in real, but the matching score is higher than the threshold, then he is treated as genuine that increase the FAR and hence performance also depends upon the selection of threshold value.[7]
  • false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly rejected.
  • receiver operating characteristic or relative operating characteristic (ROC): The ROC plot is a visual characterization of the trade-off between the FAR and the FRR. In general, the matching algorithm performs a decision based on a threshold which determines how close to a template the input needs to be for it to be considered a match. If the threshold is reduced, there will be fewer false non-matches but more false accepts. Correspondingly, a higher threshold will reduce the FAR but increase the FRR. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors).
  • equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most accurate.
  • failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs.
  • failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly.
  • template capacity: the maximum number of sets of data which can be stored in the system.

History of Biometrics

Biometrics has been around since about 29,000 BC when cavemen would sign their drawings with handprints. [citation needed] In 500 BC Babylonian business transactions were signed in clay tablets with fingerprints. [citation needed] The earliest cataloging of fingerprints dates back to 1881 when Juan Vucetich started a collection of fingerprints of criminals in Argentina. The History of Fingerprints.

Adaptive biometric Systems

Adaptive biometric Systems aim to auto-update the templates or model to the intra-class variation of the operational data.[9] The two-fold advantages of these systems are solving the problem of limited training data and tracking the temporal variations of the input data through adaptation. Recently, adaptive biometrics have received a significant attention from the research community. This research direction is expected to gain momentum because of their key promulgated advantages. First, with an adaptive biometric system, one no longer needs to collect a large number of biometric samples during the enrollment process. Second, it is no longer necessary to re-enrol or retrain the system from the scratch in order to cope up with the changing environment. This convenience can significantly reduce the cost of maintaining a biometric system. Despite these advantages, there are several open issues involved with these systems. For mis-classification error (false acceptance) by the biometric system, cause adaptation using impostor sample. However, continuous research efforts are directed to resolve the open issues associated to the field of adaptive biometrics. More information about adaptive biometric systems can be found in the critical review by Rattani et al.[10]

Current, emerging and future applications of biometrics

Among the different interests, the recent ones include adaptive Multimodal Biometric System, complementary vs supplementary information, physiological biometrics, spoofing, and so on.[7]

Proposal calls for biometric authentication to access certain public networks

John Michael (Mike) McConnell, a former vice admiral in the United States Navy, a former Director of US National Intelligence, and Senior Vice President of Booz Allen Hamilton promoted the development of a future capability to require biometric authentication to access certain public networks in his Keynote Speech[11] at the 2009 Biometric Consortium Conference.

A basic premise in the above proposal is that the person that has uniquely authenticated themselves using biometrics with the computer is in fact also the agent performing potentially malicious actions from that computer. However, if control of the computer has been subverted, for example in which the computer is part of a botnet controlled by a hacker, then knowledge of the identity of the user at the terminal does not materially improve network security or aid law enforcement activities.[12]

Recently, another approach to biometric security was developed, this method scans the entire body of prospects to guarantee a better identification of this prospect. This method is not globally accepted because it is very complex and prospects are concerned about their privacy. Very few technologists apply it globally.

Issues and concerns

Privacy and discrimination

It is possible that data obtained during biometric enrollment may be used in ways for which the enrolled individual has not consented. For example, biometric security that utilizes an employee's DNA profile could also be used to screen for various genetic diseases or other 'undesirable' traits.[according to whom?]

There are three categories of privacy concerns:[13]

  1. Unintended functional scope: The authentication goes further than authentication, such as finding a tumor.
  2. Unintended application scope: The authentication process correctly identifies the subject when the subject did not wish to be identified.
  3. Covert identification: The subject is identified without seeking identification or authentication, i.e. a subject's face is identified in a crowd.

Danger to owners of secured items

When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. For example, in 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.[14]

Cancelable biometrics

One advantage of passwords over biometrics is that they can be re-issued. If a token or a password is lost or stolen, it can be cancelled and replaced by a newer version. This is not naturally available in biometrics. If someone's face is compromised from a database, they cannot cancel or reissue it. Cancelable biometrics is a way in which to incorporate protection and the replacement features into biometrics. It was first proposed by Ratha et al.[15]

Several methods for generating new exclusive biometrics have been proposed. The first fingerprint based cancelable biometric system was designed and developed by Tulyakov et al.[16] Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al.[17] and Savvides et al.,[18] whereas other methods, such as Dabbah et al.,[19] take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies

Soft biometrics

Soft biometrics traits are physical, behavioural or adhered human characteristics, which have been derived from the way human beings normally distinguish their peers (e.g. height, gender, hair color). Those attributes have a low discriminating power, thus not capable of identification performance, additionally they are fully available to everyone which makes them privacy-safe.

International sharing of biometric data

Many countries, including the United States, are planning to share biometric data with other nations.

In testimony before the US House Appropriations Committee, Subcommittee on Homeland Security on "biometric identification" in 2009, Kathleen Kraninger and Robert A Mocny [20] commented on international cooperation and collaboration with respect to biometric data, as follows:

To ensure we can shut down terrorist networks before they ever get to the United States, we must also take the lead in driving international biometric standards. By developing compatible systems, we will be able to securely share terrorist information internationally to bolster our defenses. Just as we are improving the way we collaborate within the U.S. Government to identify and weed out terrorists and other dangerous people, we have the same obligation to work with our partners abroad to prevent terrorists from making any move undetected. Biometrics provide a new way to bring terrorists’ true identities to light, stripping them of their greatest advantage—remaining unknown.

According to an article written in 2009 by S. Magnuson in the National Defense Magazine entitled "Defense Department Under Pressure to Share Biometric Data" the United States has bi-lateral agreements with other nations aimed at sharing biometric data.[21] To quote that article:

Miller [a consultant to the Office of Homeland Defense and America's security affairs] said the United States has bi-lateral agreements to share biometric data with about 25 countries. Every time a foreign leader has visited Washington during the last few years, the State Department has made sure they sign such an agreement.

Governments are unlikely to disclose full capabilities of biometric deployments

Certain members of the civilian community are worried about how biometric data is used. Unfortunately, full disclosure may not be forthcoming to the civilian community.[22] In particular, the Unclassified Report of the Defense Science Board Task Force on Defense Biometrics states in Chapter 17, Recommendation 45 that it is wise to protect, and sometimes even to disguise, the true and total extent of national capabilities in areas related directly to the conduct to the conduct of security-related activities. This also potentially applies to Biometrics. It goes on to say that this is a classic feature of intelligence and military operations. In short, the goal is to preserve the security of what the intelligence community calls `sources and methods'.

Countries applying biometrics

Main article: Countries applying biometrics

Countries using biometrics include: Australia, Brazil, Canada, Gambia, Germany,India, Iraq, Israel, Italy, Netherlands, New Zealand, Norway, United Kingdom, and United States.

  • The 2002 film Minority Report features extensive use of casual Iris/Retina scanning techniques for both personal Identification and Point Of Sale transaction purposes. The main character changes his official Identity by having his eyes transplanted, and later accesses a security system using one of the removed eyes.
  • The movie Gattaca portrays a society in which there are two classes of people: those genetically engineered to be superior (termed "Valid") and the inferior natural humans ("Invalid"). People considered "Valid" have greater privileges, and access to areas restricted to such persons is controlled by automated biometric scanners similar in appearance to fingerprint scanners, but which prick the finger and sample DNA from the resulting blood droplet
  • The Disney, Pixar 2004 film The Incredibles shows a scene where Mr Incredible visits Edna Mode at the mansion, a fashion designer for superhero costumes. Edna Mode enters the lab by identifying herself, she then takes off her glasses and having her eyes scanned and using her voice in order to get into the lab.
  • The television program MythBusters attempted to break into a commercial security door[specify] equipped with fingerprint authentication as well as a personal laptop so equipped.[23] While the laptop's system proved more difficult to bypass, the advanced commercial security door with "live" sensing was fooled with a printed scan of a fingerprint after it had been licked, as well as by a photocopy of a fingerprint.[24]
  • In Demolition Man the character Simon Phoenix cuts out a living victim's eye in order to open a locked door which is fitted with iris scanning. A similar plot element was used in Angels & Demons (2009) when an assassin gains access to a top secret CERN facility using a physicist's eye. However, both of these examples are misleading to the audience since the methods depicted for enucleation (removal of an eye) from a corpse would not be a viable way to defeat such a system.[25]

See also

Notes

  1. ^ As Jain & Ross (2008, footnote 4 on page 1) point out, "the term biometric authentication is perhaps more appropriate than biometrics since the latter has been historically used in the field of statistics to refer to the analysis of biological (particularly medical) data [36]" (wikilink added to original quote).
  2. ^ Strictly speaking, voice is also a physiological trait because every person has a different vocal tract, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral. Biometric voice recognition is separate and distinct from speech recognition with the latter being concerned with accurate understanding of speech content rather than identification or recognition of the person speaking.
  3. ^ Systems can be designed to use a template stored on media like an e-Passport or smart card, rather than a remote database.

References

  1. ^ "Biometrics: Overview". Biometrics.cse.msu.edu. 2007-09-06. Retrieved 2012-06-10.
  2. ^ a b c Jain, A., Hong, L., & Pankanti, S. (2000). "Biometric Identification". Communications of the ACM, 43(2), p. 91-98. DOI 10.1145/328236.328110
  3. ^ a b c d Jain, Anil K.; Ross, Arun (2008). "Introduction to Biometrics". In Jain, AK; Flynn, P; Ross, A (eds.). Handbook of Biometrics. Springer. pp. 1–22. ISBN 978-0-387-71040-2.
  4. ^ "Biometrics for Secure Authentication" (PDF). Retrieved 2012-07-29.
  5. ^ Weaver, A.C. (2006). "Biometric Authentication". Computer, 39 (2), p. 96-97. DOI 10.1109/MC.2006.47
  6. ^ a b Jain, A.K.; Bolle, R.; Pankanti, S., eds. (1999). Biometrics: Personal Identification in Networked Society. Kluwer Academic Publications. ISBN 978-0-7923-8345-1.
  7. ^ a b c d e f g Sahoo, SoyujKumar (1 January 2012). "Multimodal Biometric Person Authentication : A Review". IETE Technical Review. 29 (1): 54. doi:10.4103/0256-4602.93139. Retrieved 23 February 2012. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)CS1 maint: unflagged free DOI (link)
  8. ^ "CHARACTERISTICS OF BIOMETRIC SYSTEMS". Cernet.
  9. ^ A. Rattani, "Adaptive Biometric System based on Template Update Procedures," PhD thesis, University of Cagliari, Italy, 2010
  10. ^ A. Rattani, B. Freni, G. L. Marcialis and F. Roli,"Template update methods in adaptive biometric systems: a critical review," 3rd International Conference on Biometrics, Alghero, Italy, pp. 847-856, 2009
  11. ^ McConnell, Mike (January 2009). KeyNote Address. Biometric Consortium Conference. Tampa Convention Center, Tampa, Florida,. Retrieved 20 February 2010.{{cite conference}}: CS1 maint: extra punctuation (link)
  12. ^ Schneier, Bruce. "The Internet: Anonymous Forever". Retrieved 1 October 2011.
  13. ^ Pfleeger, Charles (2007). Security in Computing (4th ed.). Boston: Pearson Education. p. 220. ISBN 978-0-13-239077-4. {{cite book}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
  14. ^ Kent, Jonathan (31 March 2005). "Malaysia car thieves steal finger". BBC Online. Kuala Lumpur. Retrieved 11 December 2010.
  15. ^ N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM systems Journal, vol. 40, pp. 614–634, 2001.
  16. ^ S. Tulyakov, F. Farooq, and V. Govindaraju, "Symmetric Hash Functions for Fingerprint Minutiae," Proc. Int'l Workshop Pattern Recognition for Crime Prevention, Security, and Surveillance, pp. 30–38, 2005
  17. ^ A. B. J. Teoh, A. Goh, and D. C. L. Ngo, "Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 28, pp. 1892–1901, 2006.
  18. ^ M. Savvides, B. V. K. V. Kumar, and P. K. Khosla, ""Corefaces" – Robust Shift-Invariant PCA based Correlation Filter for Illumination Tolerant Face Recognition," presented at IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04), 2004.
  19. ^ M. A. Dabbah, W. L. Woo, and S. S. Dlay, "Secure Authentication for Face Recognition," presented at Computational Intelligence in Image and Signal Processing, 2007. CIISP 2007. IEEE Symposium on, 2007.
  20. ^ Kraniger, K; Mocny, R. A. (March 2009). (Document). US Department of Homeland Security. {{cite document}}: Missing or empty |title= (help); Unknown parameter |accessdate= ignored (help); Unknown parameter |contribution= ignored (help); Unknown parameter |url= ignored (help)
  21. ^ Magnuson, S (January 2009). "Defense department under pressure to share biometric data". NationalDefenseMagazine.org. Retrieved 20 February 2010.
  22. ^ Defense Science Board (DSB) (September 2006). (Document). Washington, D.C. 20301-3140: Office of the Under Secretary of Defense For Acquisition, Technology, and Logistics. p. 84. {{cite document}}: Missing or empty |title= (help); Unknown parameter |accessdate= ignored (help); Unknown parameter |chapter= ignored (help); Unknown parameter |contribution= ignored (help); Unknown parameter |series= ignored (help); Unknown parameter |url= ignored (help)CS1 maint: location (link)
  23. ^ Video of the Mythbusters episode on how to hack fingerprint scanners[dead link]
  24. ^ "Crimes and Myth-Demeanors 1". Mythbusters. Season 4. Episode 16. July 12, 2006. The Discovery Channel. Yes. {{cite episode}}: External link in |transcripturl= (help); Unknown parameter |serieslink= ignored (|series-link= suggested) (help); Unknown parameter |transcripturl= ignored (|transcript-url= suggested) (help)
  25. ^ Carlisle, James; Carlisle, Jennifer (2009). "Eyeball to Eyeball: the Use of Biometrics in ANGELS & DEMONS". In Burstein, Dan; de Keijzer, Arne (eds.). Inside Angels & Demons: The Story Behind the International Bestseller. Vanguard Press. pp. 374–383. ISBN 978-1-59315-489-9.

Further reading

  • The dictionary definition of biometrics at Wiktionary
Retrieved from "https://en.wikipedia.org/w/index.php?title=Biometrics&oldid=506058069"