ACCESS CONTROL

Access control refers to the procedures and mechanisms used either to restrict entry into the
premises where something confidential is stored or to restrict entry to the computing device, or to
software and/or data within the computer and to those persons authorized to use such resources.

In the fields of physical security and information security, access control is the selective restriction
of access to a place or other resource. The act of accessing may mean consuming, entering, or
using. Permission to access a resource is called authorization.
Access control approaches determine how users interact with data and other network resources.
Furthermore, access control measures ensure data are protected from unauthorized disclosure or
modification.

User Identification and authentication are important for information systems security:

1. Identification provides user identity to the security system. This identity is typically provided
in the form of a user ID. The security system will typically search through all the abstract
objects that it knows about and find the specific one for the privileges of which the actual user
is currently applying. Once this is complete, the user has been identified.

2. Authentication is the process of validating user identity. It is the process of verifying the
claimed identity of a user. The fact that the user claims to be represented by a specific abstract
object (identified by its user ID) does not necessarily mean that this is true. To ascertain that an
actual user can be mapped to a specific abstract user object in the system, and therefore be
granted user rights and permissions specific to the abstract user object, the user must provide
evidence to prove his identity to the system. Authentication is the process of ascertaining
claimed user identity by verifying user-provided evidence.
The evidence provided by a user in the process of user authentication is called a credential.
There are three types (factors) of authenticating information:
 something the user knows, e.g. a password, pass-phrase or PIN
 something the user has, such as smart card or a key fob
 something the user is, such as fingerprint, verified by biometric measurement
 BIOMETRIC SYSTEM
Biometrics is the science and technology of measuring and analyzing biological data. In
information technology, biometrics is the science for determining a person’s identity (ID) by
measuring his/her physiological characteristics for authentication purposes.
The term biometrics comes from the Greek words bios meaning life and metrikos meaning
measure. Everyone known that we all intuitively use some body characteristics such as face, gait
or voice to recognize each other. Since today, a wide range of applications require reliable
verification schemes to confirm the ID of an individual, recognizing humans on the basis of their
body characteristics has become more and more interesting in emerging technology applications.

Biometrics is an important method for physical access control. Biometrics is basically a collection
of methods for identification based on measuring the physiological characteristics that are unique
to each and every individual. Some of these characteristics are:
• Voice
• Fingerprints
• Body contours
• Retina and Iris
• Handwriting style/hand written signature

Biometrics methods, in general, involve performing some human action for configuring a system
used to recognize the physiological parameters of the ID to be authenticated, for e.g.:
1. Drawing a few signatures so that the system can analyze and record their characteristic/pattern.
2. Looking into a scanning apparatus in order to record retinal pattern.
3. Intoning words for the analysis and recording of voice patterns.
4. Collecting multiple video shots of a person walking (Gait acquisition).

FIG: THE BASIC BLOCK DIAGRAM OF A BIOMETRIC SYSTEM

 Biometric systems use the following three steps:
 Enrollment: The first time you use a biometric system, it records basic information about you,
like your name or an identification number. It then captures an image or recording of your specific
trait.
 Storage: Contrary to what you may see in movies, most systems don't store the complete image or
recording. They instead analyze your trait and translate it into a code or graph. Some systems also
record this data onto a smart card that you carry with you.
 Matching/Comparison: The next time you use the system, it compares the obtained template
with other existing templates. Then, it either accepts or rejects that you are who you claim to be.

Systems also use following three components:

 A sensor that detects the characteristic being used for identification
 A computer that reads and stores the information
 Software that analyzes the characteristic, translates it into a graph or code and performs the actual
comparisons
 CHARACTERISTICS OF BIOMETRICS
Biometric characteristics can be divided in two main classes:
1. Physiological are related to the shape of the body. Examples include, but are not limited to
fingerprint, face recognition, DNA, Palm print, hand geometry, iris recognition (which has largely
replaced retina).
2. Behavioral are related to the behavior of a person. Examples include, but are not limited to typing
rhythm, gait, and voice. Some researchers have coined the term behaviometrics for this class of
biometrics.
Strictly speaking, voice is also a physiological trait because every person has a different vocal tract,
but voice recognition is mainly based on the study of the way a person speaks, commonly classified
as behavioral.

CRITERIA FOR SELECTION OF BIOMETRICS SYSTEMS

It is possible to understand if a human characteristic can be used for biometrics in terms of the
following parameters:
1. Universality – each person should have the characteristic.
2. Uniqueness – is how well the biometric separates individuals from another.
3. Permanence – measures how well a biometric resists aging and other variance over time.
4. Collectability – ease of acquisition for measurement.
5. Performance – accuracy, speed, and robustness of technology used.
6. Acceptability – degree of approval of a technology.
7. Circumvention – ease of use of a substitute.
Selecting the right biometric is a complicated problem that involves more factors than just accuracy.
It depends on cost, error rates, computational speed, acquit-ability, privacy and ease of use.

BIOMETRICS TECHNIQUES
FINGERPRINT IDENTIFICATION
Fingerprint identification is, perhaps, the oldest of the biometric sciences. In recent years, fingerprint
comparisons have been based on "minutiae", i.e., individual unique characteristics within the
fingerprint pattern. Within a typical fingerprint image obtained by a live scan device, there is an
average of 30-40 minutiae.
Fingerprint images contain a large amount of data. Because of the high level of data present in the
image, it is possible to eliminate false matches and quickly reduce the number of possible matches to
a small number, even with large database sizes. Because of the fact that Fingerprint Imaging
Systems use more than one finger image in the match process, the match discrimination process is
geometrically increased.
FACIAL RECOGNITION
Facial recognition is the most natural means of biometric identification; this method of
distinguishing one individual from another is an inherent ability of virtually every human. Face
recognition systems work by systematically analyzing specific features that are common to
everyone’s face – the distance between the eyes, width of the nose, position of cheekbones, jaw line,
chain and forth. These numerical quantities are then combined in a single code that uniquely
identifies each person.

HAND GEOMETRY
Hand geometry is based on the fact that virtually every person’s hand is shaped differently than
another person’s hand and that the shape of a person’s hand (after a certain age) does not
significantly change its shape. In this system, the shape of the hand is carefully measured, including
the width and length of the hand and fingers. Human hands are not nearly as unique as fingerprints.
Hand geometry, as compared to some other means of biometric identification (notably fingerprints),
does not produce a large data set. Therefore, given a large number of records, hand geometry may
not be able to distinguish one individual from another who has similar hand characteristics.

RETINAL SCAN
Retinal Scan technology is based on the blood vessel pattern in the retina of the eye. An infrared
light source is used to illuminate the retina of the eye; the infrared energy is absorbed faster by blood
vessels in the retina than by surrounding tissue. The image of the enhanced blood vessel pattern of
the retina is analyzed for characteristic points within the pattern.
A retinal scan can produce almost the same volume of data as a fingerprint image analysis. Based on
the fact that a high data volume equates to a high discrimination rate (identification rate), it would
seem that retinal scan may be an alternative to fingerprint identification.

IRIS SCAN
Iris Scan technology is based on characteristics in the iris of the eye. A person must stand
approximately 12-14 inches from a camera which frame-grabs an image of the iris for analysis. An
iris scan produces a high data volume which equates to a high discrimination rate (identification
rate).
Iris scan technology may be more acceptable to user than retinal scans and, as opposed to retinal
scan, it does not use an infrared light source to highlight the biometric pattern in the iris.

VASCULAR PATTERNS
Vascular pattern technology is very similar to Retinal Scan technology in that it uses infrared light to
produce an image of the vein pattern in the face, in the back of a hand, or on the wrist.
Vascular pattern technology is generally acceptable to users except that some users still object to any
biometric method that uses infrared.
SIGNATURE RECOGNITION
Signature recognition is based on the dynamics of making the signature, i.e., acceleration rates,
directions, pressure, stroke length, etc., rather than a direct comparison of the signature after it has
been written.
The problems with signature recognition lie in the means of obtaining the measurements used in the
recognition process and the repeatability of the signature. The instrumentation cannot consistently
measure the dynamics of the signature. Also, a person does not make a signature in a fixed manner;
therefore, the data obtained from any one signature from an individual has to allow for a range of
possibilities. Signature recognition has the same problem with match discrimination (i.e., finding a
match in a large database) as does hand geometry.

VOICE DYNAMICS
Voice dynamics relies on the production of a "voice template" that is subsequently used to compare
with a spoken phrase. A speaker must repeat a set phrase several times as the system builds the
template. This biometrics technique relies on the behavior of the subject rather than the physical
characteristics of the voice and is, therefore, prone to inaccuracy.

DESIGN ISSUES IN BIOMETRICS SYSTEM

A generic biometrics system goes through six basic steps as discussed below. The last two steps are
used only during the recognition phase.

1. SAMPLE ACQUISITION
This is the first step, in this step, the biometrics data is collected using an appropriate sensor, for
example, an image capture in the case of iris recognition or a saliva sample in case of DNA. A
biometric system captures the sample of biometric characteristics like fingerprint, voice etc of the
person who want to login to the system.

2. FEATURE EXTRACTION
In this step, the sample is transformed into the template. In general, the template is numeric data.
Unique data are extracted from the sample and a template is created. Unique features are then
extracted by the system and converted into a digital biometric code. This sample is then stored as the
biometric template for the individual.

3. QUALITY VERIFICATION
In this step, a reference image or template image is established by repeating the first two operations
as many times as needed so as to ensure that the system has captured and recognized the data
correctly.

4. STORAGE OR REFERENCE TEMPLATE

In this step, reference templates are registered. Several storage media can be used but the choice
depends on the requirements of the applications. The template is compared with a new sample. The
biometric data are then stored as the biometric template or reference template for that person.
5. MATCHING
In this step, the real time input data from an individual is compared with the reference templates or
images.

6. DECISION
In this step, the result of the matching step is used to declare a result. Application dependent criteria
for example, decision threshold are kept into consideration while taking decisions about the
authenticity of and individual. The system then decides whether the features extracted from the new
sample are a match or a non-match with the template. When identity needs checking, the person
interacts with the biometric system, a new biometric sample is taken and compared with the template.
If the template and the new sample match, the person’s identity is confirmed else a non-match is
confirmed.

KEY SUCCESS FACTORS FOR BIOMETRICS SYSTEM

For any effective biometric system, there are a few important factors associated with it like accuracy,
speed and throughput rate, acceptance by users, reliability, data storage requirements etc.

1. ACCURACY:
 False Accept Rate or False Match Rate (FAR or FMR) – the probability that the system
incorrectly matches the input pattern to a non-matching template in the database. It measures
the percent of invalid inputs which are incorrectly accepted.
 False Reject Rate or False Non-Match Rate (FRR or FNMR) – the probability that the
system fails to detect a match between the input pattern and a matching template in the
database. It measures the percent of valid inputs which are incorrectly rejected.
 Receiver Operating Characteristic or Relative Operating Characteristic (ROC) – The
ROC plot is a visual characterization of the trade-off between the FAR and the FRR. In
general, the matching algorithm performs a decision based on a threshold which determines
how close to a template the input needs to be for it to be considered a match. If the threshold is
reduced, there will be less false non-matches but more false accepts. Correspondingly, a higher
threshold will reduce the FAR but increase the FRR. A common variation is the Detection
error trade-off (DET), which is obtained using normal deviate scales on both axes. This more
linear graph illuminates the differences for higher performances (rarer errors).
 Equal Error Rate or Crossover Error Rate (EER or CER) – the rate at which both accept
and reject errors are equal. The value of the EER can be easily obtained from the ROC curve.
The EER is a quick way to compare the accuracy of devices with different ROC curves. In
general, the device with the lowest EER is most accurate.
 Failure to Enroll Rate (FTE or FER) – the rate at which attempts to create a template from
an input is unsuccessful. This is most commonly caused by low quality inputs.
 Failure to Capture Rate (FTC) – Within automatic systems, the probability that the system
fails to detect a biometric input when presented correctly.
 Template Capacity – the maximum number of sets of data which can be stored in the system.
2. SPEED AND THROUGHPUT RATE:
One of the important characteristics of biometric system is speed and throughput. Data processing
capability of the biometrics system decided the speed; it is stated as how fast they take the accept or
reject decisions. As per the generally accepted standards are concerned, a system speed of 5sec from
start-up through decision enunciation is considered to be good, but it is not easy for most biometrics
system to meet these standards.

3. ACCEPTABILITY BY USERS:
User acceptability is one of the biggest challenges for the deployment of biometrics systems.
Biometrics system acceptance occurs when the user of the system i.e. , management and unions
involved in the organization need to come to an agreement that biometrics should be deployed for the
protection of organizational assets. The management is also responsible about the implementation
based on the cost/benefit associated with the biometrics system.

4. UNIQUENESS:
For business systems, it is very important that they should be based on unique characteristics of the
individuals. If the biometrics system is based on unique characteristics, it can provide a positive
identification rather than a statement of high probability that it is the right person. There are three
physical characteristics that are considered to be unique; the fingerprint, the retina of eye, and the iris
of eye.

5. RELIABILITY:
Another vital success factor of biometrics system is the reliability of the biometrics. The concept of
‘reliability’ is related to the concept of ‘selectivity’. Reliability is the probability that the system will
correctly identify the mate when the mate is present in the system repository, whereas selectivity is
the number of incorrect mates determined for a given search.