An Overview of Biometrics

Access Control
An Overview of
Biometrics
Contents Biometric Systems
1. Introduction
2. Biometric identifiers
3. Classification of biometrics methods
4. Biometric system architecture
5. Performance evaluation
2
SECURITY INNOVATION ©2003
Contents Biometric Systems
6. Signature recognition
7. Voice recognition
8. Retinal scan
9. Iris scan
10. Face-scan and facial thermograph
11. Hand geometry
3
Personal Identification
Association of an individual with an identity:
• Verification (or authentication): confirms or denies a

claimed identity.
• Identification (or recognition): establishes the identity
of a subject (usually from a set of enrolled persons).
4
Personal Identification Objects
• Token-based:
“something that you have”
• Knowledge-based:
“something that you
know”
• Biometrics-based:
“something that you are”
5
Biometrics
• Bio + metrics:
– The statistical measurement of biological data.
• Biometric Consortium definition:
– Automatically recognizing a person using
distinguishing traits.
6
Application Domains (I)
• Access control
– to devices
• cellular phones
• logging into a computer, laptop, or PDA
• cars
• guns
– to local services
• money from a ATM machine
• logging in to computer
• accessing data on smartcard
– to remote services
• e-commerce
• e-business
7
Application Domains (II)
• Physical access control

– to high security areas
– to public buildings or areas
• Time & attendance control
• Identification
– forensic person investigation
– social services applications, e.g. immigration or
prevention of welfare fraud
– personal documents, e.g. electronic drivers license
or ID card
8
Biometric Identifiers
Ideal Properties Considerations

• Universality • Performance
• Uniqueness • Acceptability
• Stability • Forge resistance
• Quantitative
9
Biometric Technologies
• Covered in ISO/IEC 27N2949:

– recognition of signatures,
– fingerprint analysis,
– speaker recognition,
– retinal scan,
– iris scan,
– face recognition,
– hand geometry.
10
Other Biometric Methods
• Found in the literature:

– vein recognition (hand),
– keystroke dynamics,
– palm print,
– gait recognition,
– ear shape.
11
Classification of Biometric
Methods
• Static: • Dynamic:
– fingerprint – signature recognition
– retinal scan – speaker recognition
– iris scan
– hand geometry
12
Biometric System Architecture
• Basic modules of a biometric system:

– Data acquisition
– Feature extraction
– Matching
– Decision
– Storage
13
Biometric System Model
Raw data Extracted template

Data features
collection Signal matching storage
processing
score
Application decision
Authentication decision
14
Data Acquisition Module
• Reads the biometric info from the user.

• Examples: video camera, fingerprint
scanner/sensor, microphone, etc.
• All sensors in a given system must be similar
to ensure recognition at any location.
• Environmental conditions may affect their
performance.
15
Feature Extraction Module
• Discriminating features extracted from the

raw biometric data.
• Raw data transformed into small set of bytes –
storage and matching.
• Various ways of extracting the features.
• Pre-processing of raw data usually necessary.
16
Matching Module
• The core of the biometric system.

• Measures the similarity of the claimant’s
sample with a reference template.
• Typical methods: distance metrics,
probabilistic measures, neural networks, etc.
• The result: a number known as match score.
17
Decision Module
• Interprets the match score from the matching

module.
• Typically a binary decision: yes or no.
• May require more than one submitted
samples to reach a decision: 1 out of 3.
• May reject a legitimate claimant or accept an
impostor.
18
Storage Module
• Maintains the templates for enrolled users.

• One or more templates for each user.
• The templates may be stored in:
– a special component in the biometric device,
– conventional computer database,
– portable memories such as smartcards.
19
Enrolment
• Capturing, processing and storing of the

biometric template.
• Crucial for the system performance.
• Requirements for enrolment:
– secure enrolment procedure,
– check of template quality and “matchability”,
– binding of the biometric template to the person
being enrolled.
20
Possible Decision Outcomes
• A genuine individual is accepted.

• A genuine individual is rejected (error).
• An impostor is rejected.
• An impostor is accepted (error).
21
Errors
• Balance needed between 2 types of error:

– Type I: system fails to recognize valid user (‘false
non-match’ or ‘false rejection’).
– Type II: system accepts impostor (‘false match’ or
‘false acceptance’).
• Application dependent trade-off between two
error types.
22
Tolerance Threshold
• Error tolerance threshold is crucial and
application dependent.
• Tolerance too large gives Type II error (admit
impostors).
• Tolerance too small gives Type I errors (reject
legitimate users).
• Equal error rate for comparison: false non-
match equal to false match.
23
Biometric Technologies
• Signature recognition
• Voice recognition
• Retinal scan
• Iris scan
• Face biometrics
• Hand geometry
24
Signature Recognition
• Signatures in wide use for many years.

• Signature generating process a trained reflex -
imitation difficult especially ‘in real time’.
• Automatic signature recognition measures the
dynamics of the signing process.
25
Dynamic Signature Recognition
• Variety of characteristics can be used:

– angle of the pen,
– pressure of the pen,
– total signing time,
– velocity and acceleration,
– geometry.
26
Dynamic Signature Verification
(I)
Electronic pen [LCI-SmartPen]
27
Dynamic Signature Verification
(II)
Digitising tablet by Digitising tablet [Hesy Signature Pad

Wacom Technologies by BS Biometric Systems GmbH]
28
Signature Recognition:
Advantages / Disadvantages
• Advantages:
– Resistance to forgery
– Widely accepted
– Non-intrusive
– No record of the signature
• Disadvantages:
– Signature inconsistencies
– Difficult to use
– Large templates (1K to 3K)
29
Fingerprint Recognition
• Ridge patterns on fingers uniquely identify
people.
• Classification scheme devised in 1890s.
• Major features: arch, loop, whorl.
• Each fingerprint has at least one of the major
features and many ‘small’ features.
30
Features of Fingerprints
31
Fingerprint Recognition (cont.)
• In a machine system, reader must minimize

image rotation.
• Look for minutiae and compare.
• Minor injuries a problem.
• Automatic systems can not be defrauded by
detached real fingers.
32
Fingerprint Authentication
• Basic steps for fingerprint authentication:
– Image acquisition,
– Noise reduction,
– Image enhancement,
– Feature extraction,
– Matching.
33
Fingerprint Processing
a b
a) Original
b) Orientation
c d
c) Binarised
d) Thinned
e f e) Minutiae
f) Minutia graph
34
Fingerprint Recognition
• Sensors
– optical sensors
– ultrasound sensors
– chip-based sensors
– thermal sensors
• Integrated products
– for identification – AFIS systems
– for verification
35
Fingerprint Recognition:
Sensors (I)
Electro-optical sensor
[DELSY® CMOS sensor modul]
Optical fingerprint sensor
[Fingerprint Identification Unit
FIU-001/500 by Sony]
Capacitive sensor
[FingerTIP™ by Infineon]
36
Sensors (II)
Thermal sensor
[FingerChip™ by ATMEL
(was: Thomson CSF)]
E-Field Sensor
[FingerLoc™ by Authentec]
37
Integrated Systems (I)
[BioMouse™ Plus by American Biometric Company]
Physical Access Control System

[BioGate Tower by Bergdata]
[ID Mouse by Siemens]
38
Integrated Systems (II)
Keyboard [G 81-12000
by Cherry]
[TravelMate 740 by Compaq und Acer]

System including
fingerprint sensor,
smartcard reader and
display by DELSY
39
• Advantages:
– Mature technology
– Easy to use/non-intrusive
– High accuracy
– Long-term stability
– Ability to enrol multiple fingers
• Disadvantages:
– Inability to enrol some users
– Affected by skin condition
– Association with forensic applications
40
Speech Recognition
• Linguistic and speaker dependent acoustic

patterns.
• Speaker’s patterns reflect:
– anatomy (size and shape of mouth and throat),
– behavioral (voice pitch, speaking style).
• Heavy signal processing involved (spectral
analysis, periodicity, etc)
41
Speaker Recognition Systems
• Text-dependent: predetermined set of phrases

for enrolment and identification.
• Text-prompted: fixed set of words, but user
prompted to avoid recorded attacks.
• Text-independent: free speech, more difficult
to accomplish.
42
Speaker Recognition:
Advantages/ Disadvantages
• Advantages:
– Use of existing telephony infrastructure
– Easy to use/non-intrusive/hands free
– No negative association
• Disadvantages:
– Pre-recorded attack
– Variability of the voice
– Affected by noise
– Large template (5K to 10K)
43
Eye Biometric
• Retina:
– back inside of the eye ball.
– pattern of blood vessels used for identification
• Iris:
– colored portion of the eye surrounding the pupil.
– complex iris pattern used for identification.
44
Retinal Pattern
• Accurate biometric measure.

• Genetically independent: identical twins have
different retinal pattern.
• Highly protected, internal organ of the eye.
• May change during the life of a person.
45
Retinal Recognition
Retinal recognition system [Icam 2001 by Eyedentify]
46
Retinal Scan:
• Advantages:
– High accuracy
– Long-term stability
– Fast verification
• Disadvantages:
– Difficult to use
– Intrusive
– Limited applications
47
Iris Properties
• Iris pattern possesses a high degree of randomness:

extremely accurate biometric.
• Genetically independent: identical twins have
different iris pattern.
• Stable throughout life.
• Highly protected, internal organ of the eye.
• Patterns can be acquired from a distance (1m).
• Patterns can be encoded into 256 bytes.
48
Iris Recognition
• Iris code developed by John Daugman at Cambridge.

• Extremely low error rates.
• Fast processing.
• Monitoring of pupils oscillation to prevent fraud.
• Monitoring of reflections from the moist cornea of the
living eye.
49
The Iris Code
50
Iris Recognition
System for passive iris recognition by Sensar
System for active iris recognition by

IrisScan
51
Iris Recognition:
• Advantages:
– High accuracy
– Long term stability
– Nearly non-intrusive
– Fast processing
• Disadvantages:
– Not exactly easy to use
– High false non-match rates
– High cost
52
Face-scan and Facial
Thermographs
• Static controlled or dynamic uncontrolled
shots.
• Visible spectrum or infrared (thermographs).
• Non-invasive, hands-free, and widely
accepted.
• Questionable discriminatory capability.
53
Face Recognition
• Visible spectrum: inexpensive.
• Most popular approaches:
– eigen faces,
– Local feature analysis.
• Affected by pose, expression, hairstyle, make-
up, lighting, eyeglasses.
• Not a reliable biometric measure.
54
Face Recognition
Face recognition system

[TrueFace Engine by Miros]
Face recognition system

[One-to-One™ by Biometric Access Corporation]
55
Face Recognition:
• Advantages:
– Non-intrusive
– Low cost
– Ability to operate covertly
• Disadvantages:
– Affected by appearance/environment
– High false non-match rates
– Identical twins attack
– Potential for privacy abuse
56
Facial Thermograph
• Captures the heat emission patterns derived

from the blood vessels under the skin.
• Infrared camera: unaffected by external
changes (even plastic surgery!) or lighting.
• Unique but accuracy questionable.
• Affected by emotional and health state.
57
Facial Thermograph:
• Advantages:
– Non-intrusive
– Stable
– Not affected by external changes
– Identical twins resistant
– Ability to operate covertly
• Disadvantages:
– High cost (infrared camera)
– New technology
– Potential for privacy abuse
58
Hand Geometry
• Features: dimensions and shape of the hand,

fingers, and knuckles as well as their relative
locations.
• Two images taken: one from the top and one
from the side.
59
Hand Geometry Reading
Hand geometry reader by Recognition Systems
Hand geometry reader for

two finger recognition by BioMet Partners
60
Hand Geometry:
• Advantages:
– Not affected by environment
– Mature technology
– Non-intrusive
– Relatively stable
• Disadvantages:
– Low accuracy
– High cost
– Relatively large readers
– Difficult to use for some users (arthritis, missing
fingers or large hands)
61
Multimodal Biometric Systems
• Combination of biometric technologies

– Fingerprint and face recognition
– Face recognition and lip movement
– Fingerprint recognition and dynamic signature
verification
• Increase the level of security achieved by the
system
• Enlarge the user base
62
How good are biometric
products?
• How can we find out, how good a biometric
product is?
– Empirical tests of the product
• There have been independent tests on a series
of biometric products
– in Japan
– in Germany
63
Different Threat Scenarios
1. Regular biometric
sensor using
artificially generated
biometric data
2. Replay attack of
eavesdropped
biometric data
3. Manipulation of
stored biometric
reference data
64
Japanese Test
• Tsutomu Matsumoto, a Japanese
cryptographer working at Yokohama
National University
• 11 state-of-the-art fingerprint sensors
• 2 different processes to make gummy fingers
– from live finger
– from latent fingerprint
Gummy fingers fooled fingerprint sensors

80% of the time
65
Test in Germany (I)
• 11 biometric sensors
– 9 fingerprint sensors,
– 1 face recognition system, and
– 1 iris scanner
• Fingerprint sensors –
– reactivate latent fingerprints (optical and capacitive sensors)
– apply latex finger (thermal sensor)
• Face recognition system –
– down- (up-) load biometric reference data from (to) hard
disk
– no or only weak life detection
66
Test in Germany (II)
• Iris recognition –
– picture of iris of enrolled person with cut-out
pupil, where a real pupil is displayed
All tested biometric systems could be

fooled, but the effort differed
considerably
67
Choosing the Biometrics
• Does the application need identification or

authentication?
• Is the collection point attended or
unattended?
• Are the users used to the biometrics?
• Is the application covert or overt?
68
Choosing the Biometrics (cont.)
• Are the subjects cooperative or non-

cooperative?
• What are the storage requirement
constraints?
• How strict are the performance
requirements?
• What types of biometrics are acceptable to the
users?
69
Conclusions
• Biometric technology has great potential

• There are many biometric products around,
regarding the different biometric technologies
• Shortcomings of biometric systems due to
– manufacturers ignorance of security concerns
– lack of quality control
– standardisation problems
• Biometric technology is very promising
• Manufacturers have to take security concerns
serious
70

An Overview of Biometrics

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

An Overview of Biometrics

Uploaded by

Copyright:

Available Formats

Access Control

Association of an individual with an identity:

• Verification (or authentication): confirms or denies a

• Physical access control

Ideal Properties Considerations

• Covered in ISO/IEC 27N2949:

• Found in the literature:

• Basic modules of a biometric system:

Raw data Extracted template

• Reads the biometric info from the user.

• Discriminating features extracted from the

• The core of the biometric system.

• Interprets the match score from the matching

• Maintains the templates for enrolled users.

• Capturing, processing and storing of the

• A genuine individual is accepted.

• Balance needed between 2 types of error:

• Signatures in wide use for many years.

• Variety of characteristics can be used:

Electronic pen [LCI-SmartPen]

Digitising tablet by Digitising tablet [Hesy Signature Pad

• In a machine system, reader must minimize

[BioMouse™ Plus by American Biometric Company]

Physical Access Control System

[TravelMate 740 by Compaq und Acer]

• Linguistic and speaker dependent acoustic

• Text-dependent: predetermined set of phrases

• Accurate biometric measure.

Retinal recognition system [Icam 2001 by Eyedentify]

• Iris pattern possesses a high degree of randomness:

• Iris code developed by John Daugman at Cambridge.

System for passive iris recognition by Sensar

System for active iris recognition by

Face recognition system

Face recognition system

• Captures the heat emission patterns derived

• Features: dimensions and shape of the hand,

Hand geometry reader by Recognition Systems

Hand geometry reader for

• Combination of biometric technologies

Gummy fingers fooled fingerprint sensors

All tested biometric systems could be

• Does the application need identification or

• Are the subjects cooperative or non-

• Biometric technology has great potential

You might also like