CPE549_L3-1 - 6/9/2008 6/9/2008 Biometrics Chapter 13...

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: 6/9/2008 6/9/2008 Biometrics Chapter 13 Definition “A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.” Biometrics Derived Derived from the Greek words – “Bio”: Life – “Metric”: to measure Measures Measures and Analyzes characteristics – Physiological – Behavioral Authentication Authentication 1 6/9/2008 6/9/2008 Why Biometrics? Identity Identity thefts Something Something you know can be stolen Predicted Predicted or hacked Reliability Reliability on manual verification Application Categories Biometric applications available today are categorized into 2 sectors • Psychological: Iris, Fingerprints, Hand, Retinal and Face recognition • Behavioral: Voice, Typing pattern, Signature Biometric Authentication Process Acquisition Acquisition Creation Creation of Master characteristics Storage Storage of Master characteristics Acquisition(s) Acquisition(s) Comparison Comparison Decision Decision 2 6/9/2008 6/9/2008 Biometric Components The metrics of Biometrics Biometrics FTE FTE – Failure To Enroll FTA FTA – Failure To Accept FAR FAR – False Acceptance Rates FRR FRR – False Reject Rates Usability Metrics Failure to Enroll Errors occur when the technology is unable to read the characteristics of a given person. They are based upon the quality of the data obtained The failure to enroll rate is multiplied by the number of expected users. Medicine Medicine Intake Hoarseness Hoarseness Sticky Sticky fingers Cataract Cataract Rare Rare skin diseases 3 6/9/2008 6/9/2008 Usability Metrics Failure to Acquire occurs when the technology is not presented with sufficient usable data to make a decision. Those who are enrolled but are mistakenly rejected after many verification/identification attempts count for the Failure To Acquire (FTA) rate. either accidentally or on purpose Smudged Smudged finger prints Retina Retina alignment Mumbling Mumbling Hand Hand positioning Performance Metrics False Acceptance Rate (FAR): This determines how often an intruder can successfully bypass the biometric authentication. non authorized person is accepted as authorized. False Accept Rates claimed for today's biometric access systems range from 0.0001% to 0.1%. A lower rate is more secure and more likely to present a real deterrent ; for example, an FAR of 0.01% states that the chance of fooling the system is 1:10000. False Rejection Rate (FRR): This signifies how often a real user will not be verified successfully. authorized person is rejected access. The False Reject Rates quoted for current biometric systems range from 0.00066% to 1.0%. A high rate translates into more user retries; hence usability suffers. Crossover: Error curves give a graphical representation of a biometric device's "personality." The point where false accept and false reject curves crossover is called the "Equal Error Rate." The Equal Error Rate provides a good indicator of the unit's performance. The best technologies have the lowest Equal Error Rate. False Acceptance Rates 4 6/9/2008 6/9/2008 Essential parameters Liveness Liveness testing Tamper Tamper resistance Secure Secure communication Security Security Threshold level Fall Fall back node Fingerprint recognition Divides Divides print into loops, whorls and arch Calculates Calculates minutiae points (ridge endings) Comparisons Comparisons authentication authentication Fingerprint techniques Optical Optical Capacitive Capacitive Thermal Thermal Ultrasonic Ultrasonic 5 6/9/2008 6/9/2008 Disadvantages Racial Racial issues Dirt Dirt , grime and wounds Placement Placement of finger Too Too big a database to process Can Can be spoofed – liveness important! Hand Geometry Geometry Geometry of users hands More More reliable than fingerprinting Balance Balance in performance and usability Disadvantage Very Very large scanners 6 6/9/2008 6/9/2008 Retinal Scanning Scans Scans retina into database User User looks straight into retinal reader Scan Scan using low intensity light Very Very efficient – cant be spoofed! Disadvantages User User has to look “directly” FTE FTE ratio high in this biometric Acceptability Acceptability concerns – Light exposure – Hygiene Iris Scanner Scans Scans unique pattern of iris Iris Iris is colored and visible from far No No touch required Overcomes Overcomes retinal scanner issues Contact Contact lenses an issue? 7 6/9/2008 6/9/2008 Face recognition User User faces camera Neutral Neutral expression required Apt Apt lighting and position Algorithms Algorithms for processing Decision Decision Issues with Face Recognition? Issues Identification Identification across expression FRR FRR or FAR fluctuate Easily Easily spoofed Tougher Tougher usability High High Environmental impact 8 6/9/2008 6/9/2008 Behavioral Voice Voice Signature Signature Typing Typing pattern Voice Recognition Speech Speech input – Frequency – Duration – Cadence Neutral Neutral tone User User friendly Disadvantages Local Local acoustics Background Background noise Device Device quality Illness Illness , emotional behavior Time Time consuming enrollment Large Large processing template 9 6/9/2008 6/9/2008 Signature Recognition Signature Signature measures (dynamic) – Speed – Velocity – Pressure • Captures images (static) • High user acceptance Issues Signature Signature variable with – Age, illness, emotions • Requires high quality hardware • High FRR as signatures are very dynamic Typing Patterns Typing User User typing pattern – Speed – Press and Release Rate • Unique patterns are generated • comparisons 10 6/9/2008 6/9/2008 Issues Not Not very scalable FRR FRR is high Can Can be spoofed – by simple technology (recorders) Usability issues in Biometrics User User acceptability Knowledge Knowledge of technology Familiarity Familiarity with biometric characteristic Experience Experience with device Usability issues… Environment Environment of use Transaction Transaction criticality Time Time consuming tasks 11 6/9/2008 6/9/2008 Biometric solutions Educate Educate Train Train Explain Explain Interfaces Use Use Trainers Supervised Supervised Playtime General issues FTE FTE posses problem Biometric Biometric characteristics are not encrypted Trust Trust on input device Cannot Cannot authenticate computers! Privacy Privacy attack?! Current applications Banks Banks Immigration Immigration facilities across USA IDwidget IDwidget – interesting research Eyegaze Eyegaze at Stanford 12 6/9/2008 6/9/2008 User Acceptance Socially Socially acceptable – Knowledge of technology and computers – Acceptance of the concept Usability Usability Security Security Personal Personal privacy Usability Considerations Familiarity Familiarity with characteristics Experience Experience with devices Environment Environment of use Transaction Transaction Criticality Security Considerations Biometrics Biometrics are not secrets and are therefore susceptible to modified or spoofed measurements There There is no recourse for revoking a compromised identifier Strategic Strategic Solutions – Liveness testing – Multi-biometrics Multi- 13 6/9/2008 6/9/2008 Privacy Considerations A reliable biometric system provides an reliable irrefutable proof of identity Threatens Threatens individuals right to anonymity – Cultural concerns – Religious concerns – Violates civil liberties Strategic Strategic Solutions – Biometric cryptosystems – Transparency Advantages Reduces Reduces cost within organizations Increases Increases security Competitive Competitive advantage Convenience Convenience to employees NonNon-repudiation Eliminates Eliminates a paper trail Disadvantages Accuracy Accuracy of Performance Failure Failure to enroll rate Information Information Abuse May May violate privacy 14 6/9/2008 6/9/2008 Conclusion Biometrics Biometrics is a technology that can simplify the process of authentication Biometrics Biometrics can be best used in situations where specific identity or exception identity is desired References Tynan, Tynan, Dan, “Biometrics: from Reel to Real” www.pcworld.com/resource/printable/article/o,aid,120889,00.asp www.pcworld.com/resource/printable/article/o,aid,120889,00.asp Yudkowsky, Yudkowsky, Chaim, “Byte of Success”, http://accounting.smartpros.com/x40536.xml http://accounting.smartpros.com/x40536.xml http://perso.wanadoo.fr/fingerchip/biometrics/movies.htm http://perso.wanadoo.fr/fingerchip/biometrics/movies.htm Biometrics Biometrics http://searchsecurity.techtarget.com/sdefinition/0,,sid14_gci211666,00. http://searchsecurity.techtarget.com/sdefinition/0,,sid14_gci211666,00. html International International Biometric Group, http://www.biometricgroup.com/reports/public/reports/ http://www.biometricgroup.com/reports/public/reports/ Patrick, Patrick, Andrew S., “Usability and Acceptability of Biometric Security Systems” , Institute for Information Technology National Research Council Biometric Biometric Assessment Benefits http://www.axhttp://www.axsbiometrics.com/riskans.htm Bioidentification http://www.bromba.com/faq/biofaqe.htm Bioidentification http://www.bromba.com/faq/biofaqe.htm Fact Fact sheet http://www.jrc.cec.eu.int/download/press/20050330_biometrics_fact_sheet.pdf http://www.jrc.cec.eu.int/download/press/20050330_biometrics_fact_sheet.pdf 15 ...
View Full Document

This note was uploaded on 12/14/2011 for the course CPE 549 taught by Professor Sparks during the Fall '11 term at University of Alabama - Huntsville.

Ask a homework question - tutors are online