Biometrics HOA 725 Pearl Brewer, Ph.D.
Definition of Biometrics Automated identification based on physiological or behavioral characteristics • Examples • Fingerprints • Hand geometry • Vein Check • Facial recognition • Signature • Iris or retinal scan • voice recognition • Keystroke dynamics • Application: • Secure identification and personal verification solutions • Uses: • Federal, state and local governments, in the military, and in commercial applications
Important Considerations • Hardware • Security level • Integration with applications or operating systems, • User acceptance.
Hand-based Biometrics • Fingerprint Identification • Hand Geometry • Vein Check
Fingerprint Identification • Matching the characteristics of a fingerprint on file to the one presented to the system. • Reliability depends on how many “points” you match.
Fingerprint Technology • sub-dermal fingerprint readers read below the user's surface layer of (dead) skin down to the live sub-dermal layer where an individual's true fingerprint resides. It works by bouncing electromagnetic waves, similar to radio waves, off the live tissue and blood flow underneath a persons skin. • These reflections are recorded to build up a picture of the fingerprint, which is matched against the persons known fingerprint recorded earlier.
Fingerprint Technology Uses • Door Locks • Access Control • Computer work stations • Time Clocks • In room safes • Payment Systems
Combo Systems • Combining two security methods increases validity. • Such as • a card and fingerprints • Pin number and fingerprints
Advantages & Limitations • Inexpensive, cost range from $100 to $2000 • Convenient, you always have it with you! • False acceptance and rejection is estimated at around 0.0001% and less than 1% respectively • However others say they can be defeated
Can they be defeated? • It depends on the technology used: • Technology that simply reads the surface or does not use electromagnetic can be defeated. • But of course you have to get the fingerprint!! • In this case a combination method is best
Recognition Systems' biometric HandReaders simultaneously analyze more than 31,000 points and instantaneously records more than 90 separate measurements of an individual's hand-including length, width, thickness and surface area-to verify that the person using the device is really who he or she claims to be. Hand Geometry
How Hand Geometry Works • The user places the palm of his hand on a metal surface which has guidance pegs on it. • the device can reads the hand attributes. • The device then checks its database for verification of the user. • The process usually takes less than 5 seconds.
Uses of Hand Geometry • Time and Attendance • Access control • Identify Verification
Advantages • Easy for users to work the system - requiring nothing more than placing one's hand on the device. • It has no public attitude problems as it is associated most commonly with authorized access. • The amount of data required to uniquely identify a user in a system is the smallest by far, allowing it to be used with SmartCards easily. • It is also quite resistant to attempts to fool the system. The time and energy required to emulate a person's hand is generally too much to be worth the effort
Limitations • Proprietary hardware cost • Required size of hardware • Injuries to hands can cause difficulty in using the reader effectively, • Some question its accuracy in general.
Vein Check • Veincheck • The Veincheck principle is a non-invasive, computerized comparison of subcutaneous blood vessel structures (the veins) in the back of a hand to verify the identity of individuals for access control or card-holder ID.
How Vein Check Works • Measures the shape and size of veins in the back of the hand (or front of the wrist). • The vein pattern is best defined when the skin on the back of the hand is taut - when the fist is clenched. • The skeleton of the hand then holds the vein "tree" rigid. • The vein "tree" pattern is picked up by a video camera, and converted by a computer into a vector pattern or into a string of numbers. • This pattern of the vein "tree" is sufficiently idiosyncratic to function as a personal bar code, or PIN equivalent, that is extremely difficult to duplicate or discover. • Benefits:
Advantages Non-harmful, near infra-red lighting is employed. Non-invasive, socially acceptable alternative to fingerprinting and retinal scanning Fast, easy-to-use, and discreet Very low false reject rate Compact reference pattern (400 bits) Not easily replicated Cost Advantages and Limitations
Facial recognition systems are built on computer programs that analyze images of human faces for the purpose of identifying them. The programs take a facial image, Facial Recognition
How Facial Recognition Works • Measure characteristics such as • the distance between the eyes, • the length of the nose, and • the angle of the jaw, • create a unique file called a "template." • Using templates, the software then compares that image with another image and produces a score that measures how similar the images are to each other.
Uses of Facial Recognition • Access control • ID verification
Advantages Accurate Cost-effective Familiar Non-invasive Uses legacy data Does not require user participation
Limitations • It can be impossible to match images when there are differences in lighting, camera, or camera angle, • Some say there are high rates of both "false positives" (wrongly matching innocent people with photos in the database) and "false negatives" (not catching people even when their photo is in the database).
Limitations • Some systems are easily tripped up by changes in hairstyle, facial hair, or body weight, by simple disguises, and by the effects of aging. • The technology works best under tightly controlled conditions, when the subject is starting directly into the camera under bright lights -
How Voice Recognition Works • compares a pre-recorded voice message with the current user. • Can be a data-base system or a stand alone device
The card would have a button on it and when pressed it would say "Please say your password". Compares voice to data file store remotely (via the internet) Voice Recognition Credit Card
Access Control Computer work stations Time Clocks Uses of Voice Recognition Technology
Advantages & Limitations • perfect for telecommunication applications, most of the modern personal computers already possess the necessary hardware to utilize the applications. • The error rate for this type of biometric ranges between two and five percent, • Some drawbacks to this technology are that voiceprints can vary over the course of the day, and ones health, such as a cold or laryngitis, can affect verification of the user by the system.
Biometrics and the eye • Two types • Retinal Scan • Iris Scan
Retinal Scan Technology • Retinal scanning analyses the layer of blood vessels at the back of the eye. Scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy.
How Retinal Scan Works • The user looks through a small opening in the device at a small green light. • The user must keep their head still and eye focused on the light for several seconds • During which time the device will verify his identity. This process takes about 10 to 15 seconds total.
Advantages Most Accurate Biometric System Unlike other forms of biometrics, there is continuity of the retinal pattern throughout life Difficulty in fooling such a device also make it a great long-term, high-security option. Limitations Cost Stigma of people believing that it can harm their eye User must remove glasses Advantages & Limitations
How Iris Scans Work • Involves analyzing features found in the colored ring of tissue that surrounds the pupil.
Advantages • Less intrusive of the eye-related biometrics, • Uses a fairly conventional camera element and requires no close contact between the user and the reader. • higher than average template-matching performance. • Iris biometrics work with glasses in place and is one of the few devices that can work well in identification mode.
Limitations • Ease of use and system integration have not traditionally been strong points with iris scanning devices • Cost
Signature verification • Using and individuals signature to identify them.
How Signature Verification Works • Takes into account • the shape • the stroke • speed • pen pressure, and • timing information while the person is creating the signature. • Actual signature recognition is carried out by writing on a pressure sensitive pad with a pen or stylus.
No matter how good a forger may be, they will be unable to duplicate exactly all these parameters. A signature is relatively stable over time Acceptance of this method is very high. Cost Advantages and Limitatiions
Keystroke Dynamics • Measures your typing rhythms • Refers to an authentication method that analyzes the way a user types at a terminal by monitoring keyboard input 1,000 times per second • A behavioral biometric authentication method
How Keystroke Dynamics Works • The users type the same word (or words), such as their usual user name and password set, a number of times. • The key parameters are • "flight time", the amount of time that a user spends • "reaching" for a certain key and • "dwell time", the amount of time a user spends pressing one key. The advantage in the computer environment is that neither enrollment nor verification detracts from the regular workflow.
Advantage In the computer environment is that neither enrollment nor verification detracts from the regular workflow. Limitations Advantages and Limitations
Discussion • How do you feel about Biometric Systems? • Are there ssecurity issues?