ok , dont worry .. am uploading that presentation and report here
Reliable user authentication is becoming an increasingly important task in the Web-enabled world. The consequences of an insecure authentication system in a corporate or enterprise environment can be catastrophic, and may include loss of confidential information, denial of service, and compromised data integrity. The value of reliable user authentication is not limited to just computer or network access. Many other applications in everyday life also require user authentication, such as banking, e- commerce, and physical access control to computer resources, and could benefit from enhanced security.
The prevailing techniques of user authentication, which involve the use of either passwords and user IDs (identifiers), or identification cards and PINs (personal identification numbers), suffer from several limitations. Passwords and PINs can be illicitly acquired by direct covert observation. Once an intruder acquires the user ID and the password, the intruder has total access to the userâ„¢s resources. In addition, there is no way to positively link the usage of the system or service to the actual user, that is, there is
no protection against repudiation by the user ID owner. For example, when a user ID and password is shared with a colleague there is no way for the system to know who the actual user is. A similar situation arises when a transaction involving a credit card number is conducted on the Web. Even though the data are sent over the Web using secure encryption methods, current systems are not capable of assuring that the rightful owner of the credit card initiated the transaction. In the modern distributed systems environment, the traditional authentication policy based on a simple combination of user ID and password has become inadequate. Fortunately, automated biometrics in general, and fingerprint technology in particular, can provide a much more accurate and reliable user authentication method. Biometrics is a rapidly advancing field that is concerned with identifying a person based on his or her physiological or behavioral characteristics. Examples of automated biometrics include fingerprint, face, iris, and speech recognition. User authentication methods can be broadly classified into three categories as shown in Table 1.1. Because a biometric property is an intrinsic property
What you know User ID
Many passwords easy to guess
What you have Cards
Can be duplicated
Lost or stolen
What you know and what you have ATM card + PIN Shared
PIN a weak link
(Writing the PIN on the card)
Something unique about the user Fingerprint
Voice print Not possible to share
Cannot be lost or stolen
Table 1.1 Existing User Authentication Techniques
of an individual, it is difficult to surreptitiously duplicate and nearly impossible to share. Additionally, a biometric property of an individual can be lost only in case of serious accident.
Biometric readings, which range from several hundred bytes to over a megabyte, have the advantage that their information content is usually higher than that of a password or a pass phrase. Simply extending the length of passwords to get equivalent bit
strength presents significant usability problems. It is nearly impossible to remember a 2K phrase, and it would take an annoyingly long time to type such a phrase (especially without errors). Fortunately, automated biometrics can provide the security advantages
of long passwords while retaining the speed and characteristic simplicity of short passwords.
Even though automated biometrics can help alleviate the problems associated with the existing methods of user authentication, hackers will still find there are weak points in the system, vulnerable to attack. Password systems are prone to brute force dictionary attacks. Biometric systems, on the other hand, require substantially more effort for mounting such an attack. Yet there are several new types of attacks possible in the biometrics domain. This may not apply if biometrics is used as a supervised authentication tool. But in remote, unattended applications, such as Web-based e-commerce applications, hackers may have the opportunity and enough time to make several attempts, or even physically violate the integrity of a remote client, before detection.
A problem with biometric authentication systems arises when the data associated with a biometric feature has been compromised. For authentication systems based on physical tokens such as keys and badges, a compromised token can be easily canceled
and the user can be assigned a new token. Similarly, user IDs and passwords can be changed as often as required. Yet, the user only has a limited number of biometric features (one face, ten fingers, two eyes). If the biometric data are compromised, the user may quickly run out of biometric features to be used for authentication.
What is Biometrics
Biometric technologies are defined as automated methods of identifying or authenticating the identity of a living person based on unique physiological or behavioral characteristics. Biometrics can provide very secure and convenient authentication for an individual since they cannot be stolen or forgotten and are very difficult to forge.
Â¢ A physiological characteristic is a relatively stable physical characteristic, such as an individualâ„¢s fingerprint, hand geometry, iris pattern, or blood vessel pattern on the back of the eye. This type of biometric measurement is usually unchanging and unalterable without significant duress to the individual.
Â¢ A behavioral characteristic is more a reflection of an individualâ„¢s psychological makeup. A signature is the most common behavioral biometric used for identification. Because most behavioral characteristics vary over time, an identification system using these must allow updates to enrolled biometric references.
Biometric System Components and Process
Three major components are usually present in a biometric system:
Â¢ A mechanism to scan and capture a digital or analog image of a living personâ„¢s biometric characteristic.
Â¢ Software for storing, processing and comparing the image.
Â¢ An interface with the applications system that will use the result to confirm an individualâ„¢s identity.
Two different stages are involved in the biometric system process â€œ
Enrollment and Verification.
As shown in Figure 3.1, the biometric image of the individual is captured during the enrollment process (e.g., using a sensor for fingerprint, microphone for voice verification, camera for face recognition, scanner for eye scan). The unique characteristics are then extracted from the biometric image to create the userâ„¢s biometric template. This biometric template is stored in a database or on a machine-readable ID card for later use during an identity verification process.
Figure 3.1 Schematic of an Enrollment Process
Figure 3.2 illustrates the identity verification process. The biometric image is again captured. The unique characteristics are extracted from the biometric image to create the users live biometric template. This new template is then compared with the template previously stored and a numeric matching score is generated, based on the percentage of duplication between the live and stored template. System designers determine the threshold value for this identity verification score based upon the security requirements of the system.
Figure 3.2 Schematic of a verification process
Secure identification systems use biometrics for two basic purposes: to identify or authenticate individuals.
Identification (1-to-many comparison) verifies if the individual exists within a known population. Identification confirms that the individual is not enrolled with another identity and is not on a predetermined list of prohibited persons. Identification will typically need a secured database containing a list of all applying individuals and their biometrics. The biometric for the individual being considered for enrollment would be compared against all stored biometrics. For many applications, an identification process is used only at the time of enrollment to verify that the individual is not already enrolled.
Authentication (1-to-1 comparison) confirms that the credential belongs to the individual presenting it. In this case, the device that performs the authentication must have access only to the individualâ„¢s enrolled biometric template, which may be stored locally or centrally.
3.3 Biometric Accuracy
A key factor in the selection of the appropriate biometric technology is its accuracy. Biometric accuracy is the systemâ„¢s ability of separating legitimate matches from imposters. When the live biometric template is compared to the stored biometric template, a matching score is used to confirm or deny the identity of the user. System designers set this numeric score to accommodate the desired level of accuracy for the system, as measured by the False Acceptance Rate (FAR) and False Rejection Rate (FRR).
Â¢ False Rejection Rate (FRR) refers to the statistical probability that the biometric system is not able to verify the legitimate claimed identity of an enrolled person, or fails to identify an enrolled person.
Â¢ False Acceptance Rate (FAR) refers to the statistical probability of False Acceptance or incorrect verification. In the most common context, both False Rejection and False Acceptance represent a security hazard.
Figure3.3 Error trade-off in a biometric system
If a mismatching pair of fingerprints is accepted as a match, it is called a false accept. On the other hand, if a matching pair of fingerprints is rejected by the system, it is called a false reject. The error rates are a function of the threshold as shown in Figure 3.3. Often the interplay between the two errors is presented by plotting FAR against FRR with the decision threshold as the free variable. This plot is called the ROC (Receiver Operating Characteristic) curve. The two errors are complementary in the sense that if one makes an effort to lower one of the errors by varying the threshold, the other error rate automatically increases. In a biometric authentication system, the relative false accept and false reject rates can be set by choosing a particular operating point (i.e., a detection threshold). Very low (close to zero) error rates for both errors (FAR and FRR) at the same time are not possible. By setting a high threshold, the FAR error can be close to zero, and similarly by setting a significantly low threshold, the FRR rate can be close to zero. A meaningful operating point for the threshold is decided based on the application requirements, and the FAR versus FRR error rates at that operating point may be quite different. To provide high security, biometric systems operate at a low FAR instead of the commonly recommended equal error rate (EER) operating point where FAR=FRR.
Selecting A Biometric Technology
The selection of the appropriate biometric technology will depend on a number of application-specific factors, including the environment in which the identity verification process is carried out, the user profile, requirements for verification accuracy and throughput, the overall system cost and capabilities, and cultural issues that could affect user acceptance. Table 4.1 shows a comparison of different biometric technologies, with their performance rated against several metrics.
Ease of Use High High Low Medium Medium High High
Error Incidence Dryness, dirt, age Hand Injury, age Glasses Lighting Lighting, age, lasses, hair Changing Signatures Noise, colds
Accuracy High High Very High Very High High High High
User Acceptance Medium Medium Medium Medium Medium High High
Long Term Stability High Medium High High Medium Medium Medium
Table 4.1 Comparisons of Biometric Technologies
Fingerprints are a distinctive feature and remain invariant over the lifetime of a subject, except for cuts and bruises. As the first step in the authentication process, a fingerprint impression is acquired, typically using an inkless scanner. Several such scanning technologies are available. Figure 5A shows a fingerprint obtained with a scanner using an optical sensor. A typical scanner digitizes the fingerprint impression at 500 dots per inch (dpi) with 256 gray levels per pixel. The digital image of the fingerprint includes several unique features in terms of ridge bifurcations and ridge endings, collectively referred to as minutiae.
Figure 5.1 Fingerprint recognition; (A) Input Image, (B) Features
The next step is to locate these features in the fingerprint image, as shown in Figure 5B, using an automatic feature extraction algorithm. Each feature is commonly represented by its location (x,y) and the ridge direction at that location (). However, due to sensor noise and other variability in the imaging process, the feature extraction stage may miss some minutiae and may generate spurious minutiae. Further, due to the elasticity of the human skin, the relationship between minutiae may be randomly distorted from one impression to the next. In the final stage, the matcher subsystem attempts to arrive at a degree of similarity between the two sets of features after compensating for the rotation, translation, and scale. This similarity is often expressed as a score. Based on this score, a final decision of match or no-match is made. A decision threshold is first selected. If the score is below the threshold, the fingerprints are determined not to match; if the score is above the threshold, a correct match is declared. Often the score is simply a count of the number of the minutiae that are in correspondence. In a number of countries, 12 to 16 correspondences (performed by a human expert) are considered legally binding evidence of identity.
The operational issues in an automated fingerprint identification system (AFIS) are somewhat different from those in a more traditional password-based system. First, there is a system performance issue known as the fail to enroll rate to be considered. Some people have very faint fingerprints, or no fingers at all, which makes the system unusable for them. A related issue is a Reject option in the system based on input image quality. A poor quality input is not accepted by the system during enrollment and authentication. Note that non-cooperative users, improper usage, dirt on the finger can cause poor quality inputs, or bad input scanners. This has no analog in a password system. Then there is the fact that in a biometric system the matching decision is not clear-cut. A password system always provides a correct responseâ€if the passwords match, it grants access but otherwise refuses access. However, in a biometric system, the overall accuracy depends on the quality of input and enrollment data along with the basic characteristics of the underlying feature extraction and matching algorithm.
5.1 FEATURES OF A FINGERPRINT
A fingerprint is composed of valley and ridge lines. They follow a pattern. The general shape of this pattern may be classified according to 5 classes. The second set of features of a fingerprint are cores and deltas. The core is located by a square while the delta is located by a triangle as shown in figure 5.2.
Figure 5.2 shows core by squares and delta by a triangle
The AFIS allows a classification using more than one criteria versus a search based only on a single fingerprint pattern, reducing the number of fingerprints inspected. The pattern classification divides all fingerprint templates into five sets. Interestingly, the distribution of fingerprints in these 5 classes is not homogeneous among all people:
Â¢ Left loop class represents 34% of the total
number of fingerprints
Â¢ Right loop class represents 31% of the total
number of fingerprints
Â¢ Whorl class represents 27 % of the total number
Â¢ Arch class represents 4% of the total number
Figure 5.3 Fingers can then be sorted in the pattern classifications after computing the core and the delta:
Â¢ Tented arch class represents 3% of the total
number of fingerprints
Â¢ Less than 1% for unusable fingerprints (scar,
illness of the skin, etc)
5.2 HOW DOES FINGERPRINT IDENTIFICATION WORK
The first step in fingerprint identification is collecting the fingerprint, named enrollment. In this step, the applicant acquires the reference fingerprint for later authentication. The reference fingerprint is called the template of the fingerprint.
Most often in order to ensure that a good template is obtained, the fingerprint needs to be captured more than once. Twice is most common but at times an additional capture may be requested. After the capture of the template, it can be stored in a database, on a token with 2D barcode, or in a smart card.
At this point, the applicant is registered and the next stage is to compare the fingerprint with the template to the fingerprint read by the sensor. After reading the fingerprint, the authentication system extracts the minutiae in the same way as it did during the enrollment process. Since the fingerprint is never captured in the same position, the verification algorithm must perform rotation and translation of the captured fingerprint in order to adjust the fingerprint minutiae with the template minutiae.
The matching process calculates a score of the probability of a successful fingerprint read. Once every minutia is processed, a total score is computed and compared to a threshold score, which leads to the decision of a fingerprint Ëœhitâ„¢ or Ëœno hitâ„¢.
5.3 Components Of a Fingerprint System
There are two ways a matching algorithm can be implemented, using either identification matching or authentication matching. In identification matching, one fingerprint is compared to many fingerprints using an Automated Fingerprint Identification System (AFIS) that is comprised of several computers and a database storage system. In authentication matching, where there is a one to one fingerprint comparison, there needs to be only one fingerprint terminal and a token loaded that contains the fingerprint template. The matching could be done on token, in the terminal
or in both the terminal and token.
5.3.1 The Sensors
Electronic fingerprint sensors are manufactured in different ways using capacitive, optical, thermal, or pressure sensitive (resistive) technology. These different types of sensors are able to produce an image of the fingerprint when the ridge is darker than the valley. The most common sensors currently on the market are capacitive and optical sensors. Optical sensors provide the best image quality but are expensive and can be fooled by some fake fingers. Sensors based on capacitive technology provide a balance of image quality and cost although, some fake fingers can also fool this technology. However, the most common fake fingers made of silicon cannot fool a capacitive sensor because the fake finger does not possess electrical properties.
Figure 5.4 Components of a fingerprint system
Iris recognition leverages the unique features of the human iris to provide an unmatched identification technology. So accurate are the algorithms used in iris recognition that the entire planet could be enrolled in an iris database with only a small chance of false acceptance or false rejection. The technology also addresses the FTE (Failure To Enroll) problems, which lessen the effectiveness of other biometrics. The tremendous accuracy of iris recognition allows it, in many ways, to stand apart from other biometric technologies. All iris recognition technology is based on research and patents
held by Dr. John Daugman.
6.1 The Iris
Iris recognition is based on visible (via regular and/or infrared light) qualities of the iris. A primary visible characteristic is the trabecular meshwork (permanently formed by the 8th month of gestation), a tissue that gives the appearance of dividing the iris in a radial fashion. Other visible characteristics include rings, furrows, freckles, and the corona, to cite only the more familiar. Expressed simply, iris recognition technology converts these visible characteristics into a 512 byte IrisCode, a template stored for future verification attempts. 512 bytes is a fairly compact size for a biometric template, but the quantity of information derived from the iris is massive. From the iris' 11mm diameter, Dr. Daugman's algorithms provide 3.4 bits of data per square mm. This density of information is such that each iris can be said to have 266 unique "spots", as opposed to 13-60 for traditional biometric technologies. This '266' measurement is cited in all iris recognition literature; after allowing for the algorithm's correlative functions and for characteristics inherent to most human eyes, Dr. Daugman concludes that 173 "independent binary degrees-of-freedom" can be extracted from his algorithm â€œ an exceptionally large number for a biometric.
6.2 The Algorithm
The first step is location of the iris by a dedicated camera no more than 3 feet from the eye. After the camera situates the eye, the algorithm narrows in from the right and left of the iris to locate its outer edge. This horizontal approach accounts for obstruction caused by the eyelids. It simultaneously locates the inner edge of the iris (at the pupil), excluding the lower 90 degrees because of inherent moisture and lighting issues.
The monochrome camera uses both visible and infrared light, the latter of which is located in the 700-900 nm range (this is in the lower range of IR; the American Academy of Ophthalmology uses similar ranges in their studies of macular cysts). Upon location of the iris, as seen above, an algorithm uses 2-D Gabor wavelets to filter and map segments of the iris into hundreds of vectors (known here as phasors). Understanding in detail the 2-D Gabor phasor encoders requires a degree in advanced mathematics, but they can be summarized as follows. The wavelets of various sizes assign values drawn from the orientation and spatial frequency of select areas, bluntly referred to as the "what" of the sub-image, along with the position of these areas, bluntly referred to as the "where." The "what" and "where" are used to form the IrisCode. Not the entire iris is used: a portion of the top, as well as 45 degree of the bottom, is unused to account for eyelids and camera-light reflections (see below). Essential to the understanding of the technology is that it provides exceptional detail, well beyond what any pictorial or point-based representation could provide (some filters actually span as much as 70degree of the iris). Remember also that for future identification, the database will not be comparing images of irises, but rather hexadecimal representations of data returned by wavelet filtering and mapping.
The Iris Code constructed from these complex measurements provides such a tremendous wealth of data that iris recognition offers levels of accuracy orders of magnitude higher than other biometrics. Some statistical representations of the accuracy follow:
Â¢ The odds of two different irises returning a 75% match (i.e. having a Hamming
Distance of 0.25): 1 in 1016
Â¢ Equal Error Rate (the point at which the likelihood of a false accept and false
reject are the same): 1 in 1.2 million
Â¢ The odds of 2 different irises returning identical Iris Codes: 1 in 1052
Other numerical derivations demonstrate the unique robustness of these algorithms. A person's right and left eyes have a statistically insignificant increase in similarity: 0.00048 on a 0.5 mean. This serves to demonstrate the hypothesis that iris shape and characteristics are phenotypic - not entirely determined by genetic structure. The algorithm can also account for occlusion (blocking) of the iris: even if 2/3 of the iris were completely obscured, accurate measure of the remaining third would result in an equal error rate of 1 in 100,000.
Iris recognition can also account for those ongoing changes to the eye and iris, which are defining aspects of living tissue. The pupil's expansion and contraction, a constant process separate from its response to light, skews and stretches the iris. The algorithm accounts for such alteration after having located the boundaries of the iris. Dr. Daugman draws the analogy to a "homogenous rubber sheet" which, despite its distortion, retains certain consistent qualities. Regardless of the size of the iris at any given time, the algorithm draws on the same amount of data, and its resultant IrisCode is stored as a 512-byte template. A question asked of all biometrics is their ability to determine fraudulent samples. Iris recognition can account for this in several ways: the detection of papillary (pupil) changes; reflections from the cornea; detection of contact lenses atop the cornea; and use of infrared illumination to determine the state of the sample eye tissue.
6.4 An example-Verieye
Neurotechnologia, Ltd. offers VeriEye, the system for person identification using the eye iris image taken by a video camera. VeriEye implements new eye iris recognition technology and are based on our original method of feature set definition. VeriEye is available in the form of software development kit (SDK), and can be easily integrated into a customer's access control or identification/verification system.
6.4.1 VeriEye SDK includes:
1. VeriEye dynamic link library for Windows (DLL file).
2. C source code of the example program using VeriEye DLL).
3. Software description.
4. Description of eye illumination and positioning equipment for iris scan
6.4.2 VeriEye technical specifications
False rejection rate < 3 %
False acceptance rate < 0.0001 %
Recognition time 0.7 s
Size of one record in the database About 2 Kb
Database size Unlimited
6.4.3 Requirements to the image quality
1. The size of iris in the scanned image must be between 200x200 and 640x480 pixels, image resolution 200 dpi.
2. The image should be free of the bulb reflections in the iris area. However, it may contain small reflections in the pupil area.
3. The scanned slip must contain at least 30 % of the iris area not damaged by reflections, shadows or eyelashes.
4. During the eye scanning head tilt must be less than 14 degrees with respect to vertical
The speaker-specific characteristics of speech are due to differences in physiological and behavioral aspects of the speech production system in humans. The main physiological aspect of the human speech production system is the vocal tract shape. The vocal tract is generally considered as the speech production organ above the vocal folds, which consists of the following: (i) laryngeal pharynx (beneath the epiglottis), (ii) oral pharynx (behind the tongue, between the epiglottis and velum), (iii) oral cavity (forward of the velum and bounded by the lips, tongue, and palate), (iv) nasal pharynx (above the velum, rear end of nasal cavity), and (v) nasal cavity (above the palate and extending from the pharynx to the nostrils).
7.2 Pattern Matching
The pattern matching process involves the comparison of a given set of input feature vectors against the speaker model for the claimed identity and computing a matching score. For the Hidden Markov models discussed above, the matching score is the probability that the model generated a given set of feature vectors.
Retina scan is an exceptionally accurate biometric technology having been established as an effective solution for every demanding authentication scenarios.
Biometrics the automated measurement of a physiological or behavioral aspect of the human body for authentification or identification is a rapidly growing industry. Biometric solutions are used successfully in fields as varied as e-commerce, network access. Biometricsâ„¢ ease of use, accuracy, reliability, and flexibility are quickly establishing them as the premier authentification.
An established technology where the unique patterns of the retina are scanned by a low intensity light source via an optical coupler. Retinal scanning has proved to be quite
accurate in use but does require user to look in to a receptacle and focus on a given point. This is not particularly convenient if you are a spectacle wearer or have some intimate contact with the reading device. For these reasons retinal scanning has a few user acceptance problems although the technology itself can work well.
Face recognition is one of the newest technologies. Specialized recognition software coupled with video camera allows these systems to recognize peopleâ„¢s faces. There are various methods by which facial scan technology recognize peoples. All share some commonalities, such as emphasizing those sections of the face which are less susceptible to alteration, including the upper outlines of the eye sockets, the areas surrounding oneâ„¢s cheekbones, and the sides of the mouth. Most technologies are resistant to moderate changes in hairstyle, as they do not utilize areas of the face located near the hairline. All of the primary technologies are designed to be robust enough to conduct enough to conduct 1- toâ€œmany searches, that is to locate a single face out of a data base of thousands of faces.
Facial scan Process Flow-Sample capture, Feature extraction, template comparison, and matching â€œdefine the process flow of facial scan technology. The following applies to one to one verification. The sample capture will generally consist of a 20-30 second enrollment process whereby several pictures are taken of oneâ„¢s face. Ideally the series of pictures incorporate slightly different angles and facial expressions, to allow for more accurate searches. After enrollment distinctive features are extracted, resulting in the creation of a template. The templates are much smaller than the image from which it is drawn.
Authentification follows the same protocol. The user claims an identity such as a login name or a PIN, stands or sits in front of the camera for a few seconds, and is either verified or rejected. This comparison is based on the similarity of the newly created live template against the template or templates on file. The degree of similarity required for verification also known as the threshold can be adjusted for different personnel, PCâ„¢s, time of day and other factors One variant of this process is the use of facial scan technology in forensics. Biometric templates taken from static photographs of known criminals are stored in large databases. These records are searched, 1-to-many, to determine if the detainee is using an alias when being booked.
Combining Biometrics with Smart Cards
Smart cards are widely acknowledged as one of the most secure and reliable forms of electronic identification. To provide the highest degree of confidence in identity verification, biometric technology is considered to be essential in a secure identification system design. This section summarizes the key benefits of a secure ID system that combines smart cards and biometrics.
10.1 Enhanced Privacy
Using smart cards significantly enhances privacy in biometric ID systems. The smart card provides the individual with a personal database, a personal firewall and a personal terminal. It secures personal information on the card, allowing the individual to control access to that information and removing the need for central database access during identity verification.
10.2 A Personal Database.
How and where an ID system keeps personal information about its members is an important privacy consideration, affecting a systemâ„¢s real and perceived privacy behavior. Most ID systems store personal information for all system members in a central database. This centralization leads many to be concerned that their personal information is less protected, or at a minimum, more vulnerable to compromise. Smart cards store and safeguard personal information on the individualâ„¢s card.
The use of smart card IDs can promote confidence in an ID system by offering each member a unique secure, portable and personal database, separating their information from other membersâ„¢ data. With a smart card ID the cardholder maintains physical possession of private information. This enhances the trust relationship with the system, as the cardholder now shares in the decision of who is allowed to use their personal information for identity verification and in the responsibility to protect it. The smart card personal database is portable and can be used in a variety of devices and networks. An ID system can take advantage of this portability by using closed local networks or standalone devices to carry out different identification tasks, rather than relying on a centralized system. By enabling local identity verification, smart card based secure ID systems can help alleviate concerns that the system is centrally tracking ID older activities.
Unlike other ID card technologies that act as simple data containers, smart cards are unique in acting more like data servers, where data is not directly accessed but must be requested from the server (in this case the smart cardâ„¢s microprocessor). When used in combination with biometrics, a smart card ID becomes even more personal and private. A biometric provides a strong and unique binding between the cardholder and the personal database on the card, identifying the cardholder as the rightful owner of this card. The biometric cannot be borrowed, lost, or stolen like a PIN or password, and so strengthens the authentication of an individualâ„¢s identity.
10.3 A Personal Firewall.
In smart card based ID systems, the card is not just a data repository but also an intelligent guardian â€ a personal firewall â€ for the cardholderâ„¢s information. When information is requested from the ID card, a smart card can verify that the requestor is authorized to perform such an inquiry. A smart card ID also has the ability to behave differently based who is checking the ID. For example, most individuals will cooperate with a uniformed officer who requests to see an ID. But is this officer a valid officer And what portion of the personal information is he or she authorized to see With a smart card ID, the card would authenticate the officer through a portable card reader and release only the information that is relevant to the officerâ„¢s responsibilities. The same ID card could be used to prove legal age when purchasing from a bar. In this case, the smart card ID would just confirm age, but not divulge any other personal information. Once personal information is released, it is very hard to control what happens to the information, including how it might be used. It is an important privacy consideration for individuals to clearly understand when and to whom personal information is released by an ID system. The release of personal information is hard to control when carried out by a centralized database somewhere on a network, without the information ownerâ„¢s knowledge or consent. A smart card based ID system gives the cardholder control over who can access personal information stored on the card. A biometric further enhances this control, ensuring that only the rightful cardholder can authorize access to personal information.
10.4 Enhanced Security
Biometric technologies are used with smart cards for ID system applications specifically due to their ability to identify people with minimal ambiguity. A biometric based ID allows for the verification of who you claim to be(information about the cardholder printed or stored in the card) based on who you are (the biometric information stored in the smart card), instead of, or possibly in addition to, checking what you know (such as a PIN). As shown in Figure 10.1, this increases the security of the overall ID system and improves the accuracy, speed, and control of cardholder authentication.
Figure 10.1 Impact of Smart Cards and Biometrics on Security
As the importance of accurate identification grows, new technologies are being added to ID systems to improve their security.
Deploying biometrics in a mass market, like credit card authorization or bank ATM access, raises additional concerns beyond the security of the transactions. One such concern is the publicâ„¢s perception of a possible invasion of privacy. In addition to personal information such as name and date of birth, the user is asked to surrender images of body parts, such as fingers, face, and iris. These images, or other such biometric signals, are stored in digital form in various databases. This raises the concern of possible
sharing of data among law enforcement agencies, or commercial enterprises.
Figure 11.1 Authentication process based on cancelable biometrics
The public is concerned about the ever-growing body of information that is being collected about individuals in our society. The data collected encompass many applications and include medical records and biometric data. A related concern is the coordination and sharing of data from various databases. In relation to biometric data, the public is, rightfully or not, worried about data collected by private companies being matched against databases used by law enforcement agencies. Fingerprint images, for example, can be matched against the FBI or INS (Immigration and Naturalization Service) databases with ominous consequences.
These concerns are aggravated by the fact that a personâ„¢s biometric data are given and cannot be changed. One of the properties that make biometrics so attractive for authentication purposesâ€their invariance over timeâ€is also one of its liabilities. When a credit card number is compromised, the issuing bank can just assign the customer a new credit card number. When the biometric data are compromised, replacement is not possible. In order to alleviate this problem, we introduce the concept of cancelable biometrics. It consists of an intentional, repeatable distortion of a biometric signal based on a chosen transform. The biometric signal is distorted in the same fashion at each presentation, for enrollment and for every authentication. With this approach, every instance of enrollment can use a different transform thus rendering cross matching impossible. Furthermore, if one variant of the transformed biometric data is compromised, then the transform function can simply be changed to create a new variant (transformed representation) for reenrollment as, essentially, a new person. In general, the distortion transforms are selected to be noninvertible. So even if the transform function is known and the resulting transformed biometric data are known, the original (undistorted) biometrics cannot be recovered.
The techniques presented here for transforming biometric signals differ from simple compression using signal or image processing techniques. While compression of the signal causes it to lose some of its spatial domain characteristics, it strives to preserve the overall geometry. That is, two points in a biometric signal before compression are likely to remain at comparable distance when decompressed. This is usually not the case with our distortion transforms. Our technique also differs from encryption. The purpose of encryption is to allow a legitimate party to regenerate the original signal. In contrast, distortion transforms permanently obscure the signal in a noninvertible manner.
When employing cancelable biometrics, there are several places where the transform, its parameters, and identification templates could be stored. This leads to a possible distributed process model as shown in Figure 11.1. The merchant is where the primary interaction starts in our model. Based on the customer ID, the relevant transform is first pulled from one of the transform databases and applied to the biometrics. The resulting distorted biometrics is then sent for authentication to the authorization server. Once the userâ„¢s identity has been confirmed, the transaction is finally passed on to the relevant commercial institution for processing. Note that an individual user may be subscribed to multiple services, such as e-commerce merchants or banks. The authentication for each transaction might be performed either by the service provider itself, or by an independent third party. Similarly, the distortion transform might be managed either by the authenticator or by still another independent agency. Alternatively, for the best privacy the transform might remain solely in the possession of the user, stored, say, on a smart card. If the card is lost or stolen, the stolen transform applied to another personâ„¢s biometrics will have very little impact. However, if the transform is applied to a stored original biometrics signal of the genuine user, it will match against the stored template of the person. Hence liveness detection techniques should be added to prevent such misuse.
Vulnerable Points of a Biometric System
A generic biometric system can be cast in the framework of a pattern recognition system. The stages of such a generic system are shown in Figure 12.1.
Figure 12.1 Possible attack points in a generic biometrics-based system
The first stage involves biometric signal acquisition from the user (e.g., the inkless fingerprint scan). The acquired signal typically varies significantly from presentation to presentation; hence, pure pixel-based matching techniques do not work reliably. For this reason, the second signal processing stage attempts to construct a more invariant representation of this basic input signal (e.g., in terms of fingerprint minutiae). The invariant representation is often a spatial domain characteristic or a transform (frequency) domain characteristic, depending on the particular biometric.
During enrollment of a subject in a biometric authentication system, an invariant template is stored in a database that represents the particular individual. To authenticate the user against a given ID, the corresponding template is retrieved from the database and matched against the template derived from a newly acquired input signal. The matcher arrives at a decision based on the closeness of these two templates while taking into account geometry, lighting, and other signal acquisition variables. Note that password-based authentication systems can also be set in this framework. The keyboard becomes
the input device. The password encrypted can be viewed as the feature extractor and the comparator as the matcher. The template database is equivalent to the encrypted password database.
There are eight places in the generic biometric system of Figure 12.1 where attacks may occur. The numbers in Figure 12.1 correspond to the items in the following list.
1. Presenting fake biometrics at the sensor: In this mode of attack, a possible reproduction of the biometric feature is presented as input to the system. Examples include a fake finger, a copy of a signature, or a facemask.
2. Resubmitting previously stored digitized biometrics signals: In this mode of attack, a recorded signal is replayed to the system, bypassing the sensor. Examples include the presentation of an old copy of a fingerprint image or the presentation of a previously recorded audio signal.
3. Overriding the feature extraction process: The feature extractor is attacked using a Trojan horse, so that it produces feature sets preselected by the intruder.
4. Tampering with the biometric feature representation: The features extracted from the input signal are replaced with a different, fraudulent feature set (assuming the representation method is known). Often the two stages of feature extraction and matcher are inseparable and this mode of attack is extremely difficult. However, if minutiae are transmitted to a remote matcher (say, over the Internet) this threat is very real. One could snoop on the TCP/IP (Transmission Control Protocol/Internet Protocol) stack and alter certain packets.
5. Corrupting the matcher: The matcher is attacked and corrupted so that it produces preselected match scores.
6. Tampering with stored templates: The database of stored templates could be either local or remote. The data might be distributed over several servers. Here the attacker could try to modify one or more templates in the database, which could result either in authorizing a fraudulent individual or denying service to the persons associated with the corrupted template. A smart card-based authentication system, where the template is stored in the smart card and presented to the authentication system, is particularly vulnerable to this type of attack.
7. Attacking the channel between the stored templates and the matcher: The stored templates are sent to the matcher through a communication channel. The data traveling through this channel could be intercepted and modified.
8. Overriding the final decision: If the final match decision can be overridden by the hacker, then the authentication system has been disabled. Even if the actual pattern recognition framework has excellent performance characteristics, it has been rendered useless by the simple exercise of overriding the match result.
There exist several security techniques to thwart attacks at these various points. For instance, finger conductivity or fingerprint pulse at the sensor can stop simple attacks at point 1. Encrypted communication channels can eliminate at least remote attacks at point 4. However, even if the hacker cannot penetrate the feature extraction module, the system is still vulnerable. The simplest way to stop attacks at points 5, 6, and 7 is to have the matcher and the database reside at a secure location. Of course, even this cannot prevent attacks in which there is collusion. Use of cryptography prevents attacks at point 8. It is observed that the threats outlined in Figure 12.1 are quite similar to the threats to password-based authentication systems. For instance, all the channel attacks are similar. One difference is that there is no fake password equivalent to the fake biometric attack at point 1 (although, perhaps if the password was in some standard dictionary it could be deemed fake). Furthermore, in a password- or token-based authentication system, no attempt is made to thwart replay attacks (since there is no expected variation of the signal from one presentation to another). However, in an automated biometric-based authentication system, one can check the liveness of the entity originating the input signal.
There are many concerning potential biometric applications, some popular examples being;
13.1 ATM MACHINE USE.
Most of the leading banks have been experimenting with biometrics of ATM machines use and as general means of combining card fraud. Surprisingly, these experiments have rarely consisted of carefully integrated devices into a common process, as could be achieved with certain biometric devices. Previous comments in this paper concerning user psychology come to mind here one wonder why we have not seen a more professional and carefully considered implementation from this sector. The banks will of course have a view concerning the level of fraud and cost of combating it via technology solutions such as biometrics. They will also express concern about potentially alienating customers with such as approach. However, it still surprises many in the biometric industry that the banks and financial institutions have so far failed to embrace this technology with any enthusiasm.
13.2 WORKSTATION AND NETWORK ACCESS
For a long time this was an area often discussed but rarely implemented until recent developments saw the unit price of biometric devices fall dramatically as well as several designs aimed squarely at this application. In addition, with household names such as Sony, Compaq, KeyTronics, Samsung and others entering the market, these devices appear almost as a standard computer peripheral. Many are viewing this as the application, which will provide critical mass for biometric industry and create the transition between sci-fi device to regular systems component, thus raising public awareness and lowering resistance to the use of biometrics in general.
13.3 TRAVELS AND TOURISM
There are many in this industry who have the vision of a multi application card for travelers which, incorporating a biometric, would enable them to participate in various frequent flyer and border controls systems as well as paying for their air ticket, hotel rooms, hire care etc, all with one convenient token.
Technically this is eminently possible, but from a political and commercial point of view there are many issues to resolve, not the least being who would own the card, be responsible for administration and so on. These may not be insurmountable problems and perhaps we may see something along these lines emerge. A notable challenge in this respect would be packaging such an initiative in a way that would be truly attractive for users.
13.4 INTERNET TRANSACTIONS
Many immediately of think of on line transactions as being an obvious area for biometrics, although there are some significant issues to consider in this context. Assuming device cost could be brought down to level whereby a biometric (and perhaps chip card) reader could be easily incorporated into a standard build PC, we still have the problem of authenticated enrollment and template management, although there are several approaches one could take to that. Of course, if your credit already incorporated a biometric this would simplify things considerably. It is interesting to note that certain device manufactures have collaborated with key encryption providers to provide an enhancement to their existing services. Perhaps we shall see some interesting developments in this area in the near future.
13.5 Telephone Transactions.
No doubt many telesales and call center managers have pondered the use of biometrics. It is an attractive possibility to consider, especially for automated processes. However, voice verification is a difficult area of biometrics, especially if one does not have direct control over the transducers, as indeed you wouldnâ„¢t when dealing with the general public. The variability of telephone handsets coupled to the variability of line quality and the variability of user environments presents a significant challenge to voice verification technology, and that is before you even consider the variability in understanding among users.
The technology can work well in controlled closed loop conditions but is extraordinarily difficult to implement on anything approaching a large scale. Designing in the necessary error correction and fallback procedures to automated systems in a user-friendly manner is also not a job for the faint hearted. Perhaps we shall see further developments, which will largely overcome these problems. Certainly there is a commercial incentive to do so and I have no doubt that much research is under way in this respect.
13.6 Public Identity Cards.
A biometric incorporated into a multi purpose public ID cards would be useful in a number of scenarios if one could win public support for such a scheme. Unfortunately, in this country as in others there are huge numbers of individuals who definitely do not want to be identified. This ensures that any such proposal would quickly become a political hot potato and a nightmare for the minister concerned. You may consider this a shame or a good thing, depending on your point of view. From a dispassionate technology perspective it represents something of a lost opportunity, but this is of course nothing new. Itâ„¢s interesting that certain local authorities in the UK have issued Ëœcitizenâ„¢ cards with which named cardholders can receive various benefits including discounts at local stores and on certain services. These do not seem to have seriously challenged, even though they are in effect an ID card.
The ultimate form of electronic verification of a personâ„¢s identity is biometrics; using a physical attribute of the person to make a positive identification. People have always used the brainâ„¢s innate ability to recognize a familiar face and it has long been known that a personâ„¢s fingerprints can be used for identification. The challenge has been to turn these into electronic processes that are inexpensive and easy to use.
Banks and others who have tested biometric-based security on their clientele, however, say consumers overwhelmingly have a pragmatic response to the technology. Anything that saves the information-overloaded citizen from having to remember another password or personal identification number comes as a welcome respite.
Biometrics can address most of the security needs, but at what cost Surprisingly, the benefits quickly outweigh the costs. Like so many technological developments, innovative people have found new ways to implement biometric systems, so prices have come down dramatically in the last year or two. As prices have come down, the interest level and the knowledge about how to effectively utilize these systems have increased. So the investment is decreasing and the recognizable benefits are increasing. Biometrics, when properly implemented, not only increase security but also often are easier to use and less costly to administer than the less secure alternatives. Biometrics canâ„¢t be forgotten or left at home and they donâ„¢t have to be changed periodically like passwords.
1. R. Germain, A. Califano, and S. Colville, Fingerprint Matching Using Transformation Parameter Clustering, IEEE Computational Science and Engineering 4, No. 4, 42â€œ49 (2004).
2. L. Oâ„¢Gorman, Practical Systems for Personal Fingerprint Authentication, IEEE Computer 33, No. 2, 58â€œ60 (2004).
3. N. K. Ratha and R. M. Bolle, Smart Card Based Authentication, in Biometrics: Personal Identification in Networked Society, A. K. Jain, R. M. Bolle, and S. Pankanti, Editors, Kluwer Academic Press, Boston, MA (2003), pp. 369â€œ384.
4. T. Rowley, Silicon Fingerprint Readers: A Solid State Approach to Biometrics, Proceedings of the CardTech/SecureTech Conference, CardTech/SecureTech, Bethesda, MD(2003), pp. 152â€œ159.
5. The Biometric Consortium (ND). Introduction to Biometrics December 11, 2003 from URL http://www.biometrics.org/html/introduction.html.
6. B. Miller, Vital Signs of Identity, IEEE Spectrum 31, No.2, 22â€œ30 (2003).
7. B. Schneier, The Uses and Abuses of Biometrics, Communications of the ACM 42, No. 8, 136 (2002).
8. W. Bender, D. Gruhl, N. Morimoto, and A. Lu, Techniques for Data Hiding, IBM Systems Journal 35, Nos. 3&4, 313â€œ336 (2003).
9. Biometric Digest -http://biometrics.cse.msu.edu
10. Biometric Consortium - http://www.biometricgroup.com