2044-Her/Teleco 62/1-2

1702 pp. 1702-1717

ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 1/16

Abstract

Large-scale deployment of biometric systems for web-based services has to tackle tech-nological issues related to security, interoperability and accuracy, and social issues relatedto privacy protection and biometric acquisition process acceptance. The variety of biometrictraits, capturing devices, targeted populations and working scenarios makes the developmentof a universal solution for all-purpose deployment quite a difficult task.

This paper describes the design, implementation and applicability of an open frameworkfor distributed biometric authentication oriented to access-control in web environment. Theopen principle makes this framework a novel and practical development tool for testing andintegrating biometric algorithms and devices from third parties. Special attention has beenpaid to security and interoperability standards to ease concurrent integration and testing ofbiometric trait matchers developed by different laboratories or companies. Finally, in orderto demonstrate the versatility and usability of the framework, we describe the constructionprocess for a distributed multibiometric database acquisition tool based on this framework.

Key words: Biometric security, Distributed authentication, Biometric interoperability.

CADRE OUVERT POUR AUTHENTIFICATION BIOMÉTRIQUE DISTRIBUÉEDANS UN ENVIRONNEMENT WEB

Résumé

La mise en marche à grande échelle de systèmes biométriques pour services web doitaborder des problèmes technologiques reliés avec la sécurité, l’interopérabilité et la préci-sion, et les problèmes sociaux reliés avec la protection de l’intimité et l’acceptation du pro-cédé d’acquisition. La variété de caractéristiques biométriques, de dispositifs d’acquisition,population objectif, et scènes de travail complique obtenir une solution de usage universelpour une mise en marche général.

Cet article décrit la conception, la mise en oeuvre et l’applicabilité d’un cadre ouvertpour authentification biométrique distribuée orientée au contrôle d’accès dans un environ-

An open framework for distributed biometricauthentication in a web environment

Enrique OTERO-MURAS*, Elisardo GONZÁLEZ-AGULLA*,José L. ALBA-CASTRO*, Carmen GARCÍA-MATEO*,

Oscar W. MÁRQUEZ-FLÓREZ*

* Universidad de Vigo, Teoria de la Senal y Comunicaciones, ETSI Telecomunicacion – Campus Universitario,36310 Vigo, Spain; {eotero, eli, jalba, carmen, omarquez}@gts.tsc.uvigo.esThis work was supported with funds provided partially by the next financial sources : the European sixth frameworkprogramme under the Network of Excellence BIOSECURE (IST-2002-507604), the Spanish ministry of educationunder project TEC2005-07212/TCM, and the R&D Galician department under project PGIDT05TIC32202PR.

2044-Her/Teleco 62/1-2 4/01/07 14:29 Page 1702

E. OTERO-MURAS – AN OPEN FRAMEWORK FOR DISTRIBUTED BIOMETRIC 1703

2/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

nement web. Le principe ouvert fait de cette structure un outil de développement pratique etnouveau pour l’essai et l’intégration des algorithmes biométriques et dispositifs. On prêteattention surtout aux standards de sécurité et interopérativité pour faciliter l’intégrationconcourante et l’essai de systèmes biometric développés par différents laboratoires ou com-pagnies. Le cadre intègre également nos outils de vérification de visage et locuteur. Finale-ment, on décrit un outil web distribué d’acquisition de données biométriques basée dansnotre cadre ouvert.

Mots clés : Sécurité biométrique, Authentification distribuée, Interopérabilité biométrique.

Contents

I. INTRODUCTION

The popularity of broadband internet and cell phone connections has introduced manyhigh added-value remote services where it is important to verify the identity of the authorizeduser. Classical techniques for electronic person authentication have several drawbacks interms of performing reliable and user-friendly identity recognition; this occurs particularlywith remote operations, where hacker attacks add to forgotten, shared, lost or stolen pass-words or cards. Automatic identity verification, based on distinctive anatomical features (e.g.,face, voice, fingerprint, iris, etc.) and behavioral characteristics (e.g., online/offline signature,keystroke dynamics, etc), is becoming an increasingly reliable standalone solution and attrac-ting a great deal of attention as far as remotely-based applications are concerned. Neverthe-less, this kind of biometric authentication implies new technological challenges that must beaddressed to ensure full acceptance in many remote services.

Some of the issues for successful deployment of biometric-based authentication arenowadays being studied by different standardization groups to provide answers to the rapidlygrowing biometric industry. The most active standardization groups are Sub-Committees 17and 37 of the ISO/IEC JTC1. SC17 is responsible for developing standards for identity cardsand personal identification, whereas SC37 standardizes interoperability and data interchangeamong applications and systems that deal with generic biometric technologies [1]. One of thebest known standards resulting from these efforts is the Biometric Application ProgrammingInterface (BioAPI [2]), which, by defining an open API for the development of a wide varietyof biometric applications, will play an important role in the near future in terms of improvinginteroperability between biometric devices, algorithms and subsystems.

Closely linked to these working groups, although more focused on information exchangeand cooperation between industry and end users, is the Biometric Consortium [3]. Workingclosely with the National Institute of Standards and Technology (NIST), it is addressing tech-nical issues that go beyond those being studied by other international organizations, such as

I. IntroductionII. Framework design

III. Example application: remote acquisi-tion of a multimodal biometric database

IV. Conclusions and future workReferences (30 ref.)

2044-Her/Teleco 62/1-2 4/01/07 14:29 Page 1703

the definition of performance metrics for biometric traits, the development of functional spe-cifications, the performance of vendor tests and the further evolution of standards. One of themain achievements of this cooperation has been the Common Biometric Exchange File For-mat (CBEFF), released in 2001 as NISTIR 6529, which facilitates biometric data interchangeindependently of the specific biometric technology used. As will be seen below in the des-cription of our framework, we have adopted a recently developed OASIS standard (Sept. 2003)called XML Common Biometric Format (XCBF) [4], which extends CBEFF by providing a stan-dard means for exchanging biometric information using XML, thereby providing a practicalsolution for biometric applications in a web-based environment.

The operational problems specific to biometric authentication in an open network envi-ronment for a large number of users are being studied by ITU Telecommunications StudyGroup 17 (ITU-T-SG17), which has proposed the concept of a framework of biometric authen-tication technologies based on Public Key Infrastructures (PKI) using the X.509 PKI frame-work. The main operational problems arise from the security and interoperabilityrequirements for any framework that operates in an open network environment, as also fromthe very nature of biometric features. Security and interoperability concerns being studied bySG17 have to do with differences in system configurations (software and hardware) and inte-grity of registration information. Biometric-inherited drawbacks associated with large-scaledeployment of any biometric authentication application and widely acknowledged in theresearch community [5] include problems in relation to :

• Universality : not everybody can be enrolled for a particular biometric trait (failure-to-enroll).

• Distinctiveness : each biometric trait has extensive but limited grades of freedom, andso interpersonal differences tend to reduce as the population increases or the quality ofthe acquiring device is reduced.

• Stability : physical characteristics change over time, ultimately affecting biometrictraits.

Multiple biometrics [6] partially circumvent these inherited drawbacks by using simulta-neous or alternative biometric traits that mitigate the problems associated with spoofing, fai-lure-to-enroll, noise in a particular sensor or acquired feature, intra-class variation andinter-class similarities.

In short, the new challenges that arise in terms of integrating a multimodal biometric-based person recognition system in an open-network application can be summarized as fol-lows :

1) Remote acquisition of diverse biometric trait samples from off-the-shelf third partydevices

2) Secure (spoofing-proof) handling and transmission of biometric data3) Adaptive selection of monomodal or multimodal verification algorithms and user-

dependent thresholds for specific remote scenarios4) Efficient handling of the computational burden implied by biometric algorithms5) Design of a friendly man-machine interaction (frequently called “dialogue”) for unat-

tended biometric multiple sample acquisition and authentication.

This paper describes an open framework that endeavors to resolve some of these issues.We have paid a great deal of attention to the design of a client-server architecture capable ofcontrolling any kind of biometric acquisition device over a secure TCP/IP connection. Fur-

1704 E. OTERO-MURAS – AN OPEN FRAMEWORK FOR DISTRIBUTED BIOMETRIC

ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 3/16

2044-Her/Teleco 62/1-2 4/01/07 14:29 Page 1704

thermore, we have focused on driving user interaction with the system through an easilyconfigurable dialogue. Thus, verification tasks are modeled as human-machine dialoguesspecified by an XML document which describes the sample acquisition process and the bio-metric verification mode [7]. Moreover, integration of multiple biometric devices and algo-rithms (interoperability) is quite straightforward (BioAPI compliance), as we will demonstratein the sections below.

The remainder of this paper is organized as follows. Section II is devoted to the descrip-tion of our framework for distributed biometric authentication in a web environment, incor-porating design decisions that comply with BioAPI and other important standards inbiometrics. Section III demonstrates the versatility of the proposed framework by describinghow a distributed multimodal biometric database can be easily acquired. Finally, Section IVdescribes our conclusions and future research lines.

II. FRAMEWORK DESIGN

This section describes the main design decisions taken in creating a web-based frame-work that complies with the principles of security, interoperability and usability.

Any biometric recognition procedure can be divided into a number of stages :1. Acquisition of a biometric sample (device-dependent processing)2. Extraction of a biometric template (signal processing : pre-processing, feature extrac-

tion and user-template creation)3. Biometric template matching (pattern recognition processing).

The third of these stages usually requires prior training of user models and thresholds setup in an enrolment process whenever a new user is added to the system. The matching pro-cess may be based on identification or verification. In the former the biometric template ismatched against all the user reference templates with authorization to access the system. Inthe latter the biometric template is matched only against the claimed user’s reference tem-plate. Verification is the most common matching mode for restricted access applications andcorresponds to the wider security concept of identity authentication.

When dealing with distributed biometric authentication in client-server architectures, thethree processes described above will provide different configurations depending on wherethe processes are executed. Although it is obvious that the acquisition process must be exe-cuted on the client side, there are three options remaining for extracting biometric templatesand matching user reference templates : both these processes are performed in the clientmachine (pull model); the biometric template is extracted on the client side, sent to the serverand matched there against the user reference templates (push model); or both processes areperformed in the server (a variant of the push model). The pros and cons of these three pos-sible configurations are as follows :

1. Authentication on the client side is very inconvenient. Computationally demandingoperations might not be possible in the client machine, and identification mode is notfeasible for medium to large-size clients. There is also a severe security handicap, asperforming all the network authentication processes on the client side is much moreprone to tampering due to unsecured client machines. Note that verification requires


4/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

2044-Her/Teleco 62/1-2 4/01/07 14:29 Page 1705

the transaction of the claimant template from the server database to the client machineover a secure connection to avoid hacker interception. If privacy really matters, asmart-card can be used to store user biometric templates, thereby avoiding holding bio-metric data in a centralized server and sending it through a network. This solution is,nowadays, a very promising technological field because it combines the three authenti-cation premises : what the user knows, possesses or is [8] (see [1] for working drafts onID card standardization issues).

2. Biometric template extraction on the client side and template matching on the serverside have the drawback of placing most of the computational burden on the client side.This is due to the fact that pre-processing and feature extraction usually loads CPU andmemory more than the matching process. Furthermore, these processes are executed ina non-secure machine before the extracted biometric template is sent through a secureconnection.

3. Both biometric template extraction and authentication on the server side have theadvantage of placing the computational load on the server side, where they can be runon powerful computers. Consequently no biometric template is sent through the net-work, although the acquired biometric sample is. Even though encryption is also nee-ded for this transaction, it is important to note that biometric samples do not constitutesecret information. The face and voice of a client can be easily recorded, fingerprintsare left on many objects and can be recovered, signatures can be easily photographed,etc. Therefore, this data should be less dangerous in a hacker’s hands than a biometrictemplate, as the security of an authentication system cannot rely on the secrecy (confi-dentiality) but on the integrity of the biometric data [9]. Finally, from the versatilityand security point of view a secure server is a better configuration, as it places the bulkof the system on the server side. Thus, the client side, which is the weakest point in thesecurity chain, has the sole responsibility of acquiring the biometric samples. Thedisadvantages of this configuration are related to a wider bandwidth for the client-ser-ver connection and a server that must cope with the computational burden of multipleand simultaneous authentication queries.

The framework we have developed is based on the third of the above configurations. Theclient-side biometric application is in charge of multi-biometric sample acquisition, encryp-tion and secure transaction. On the server side, there is a centralized authentication serverwith a biometric authentication module that is in charge of extracting the biometric template,matching, and checking access privileges.

The main guidelines for the construction of our framework for biometric authenticationhave been the following :

• Maximized portability– of the client application, by using Java as programming language. Concretely, the

biometric client application uses the Java Web Start technology [10], a Java-basedenvironment for running desktop applications

– of the verification server, by following the standardized J2EE specification in webapplication development, permitting deployment in any J2EE compliant server.

• Maximized interoperability– with different capture devices, by using Java Media Framework for controlling com-

mon webcams and microphones, and Java BioAPI wrappers for supporting BioAPI

compliant devices.


ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 5/16

2044-Her/Teleco 62/1-2 4/01/07 14:29 Page 1706

– with different software platforms, by using web services as middleware, permittingthe development of alternative client applications that comply with our system.

• Use of free open source software : e.g. JBoss Application Server, MySQL database.• Maximized security in managing biometric data, by using WS-Security and XCBF docu-

ments (as it will be explained in Section II.2 below) and by avoiding local disk writingof user samples.

• Maximized code reusability and maintainability, by using object-oriented software anddesign patterns.

• Multilingual support both in the web and in the client desktop application.

Of the three subsections below, the first two explain the main interoperability and securitydetails of this framework, and the final subsection describes the framework from a functionalpoint of view.

II.1. Integrating BioAPI in a distributed environment

The server contains a BioAPI instance running in a Linux platform and allowing thirdparty Biometric Service Providers (BSPs) compliant with BioAPI 1.1 and compiled in C/C++ tobe integrated in our system as Linux shared objects [11]. All these BSPs, as our own Linux-based BSPs for facial and speaker verification purposes [12, 13] can be controlled throughthis server-side BioAPI.

Moreover, if a user has a BioAPI installed locally in the client machine (Linux or Win32platforms), the corresponding local BSPs will be also driven by our client application. Never-theless, for a complete integration of any BioAPI 1.1 compliant BSP within our authenticationframework by using server-side verification for more security, compiled versions of the BSP

libraries for both Linux and Win32 platforms are required.Each BSP involved in the verification or enrolment process is properly indicated in an XML

document that contains a high-level description of the protocol for the current session of veri-fication or enrolment. This document is securely transferred from server to client when star-ting the session.

The low-level processing is composed of the primitives BioAPI_capture,BioAPI_CreateTemplate, BioAPI_Process and BioAPI_VerifyMatch. In the more secure configura-tion, these primitives, with the exception of BioAPI_Capture, are executed as calls to a BSP inthe server through the remote BioAPI. The BioAPI_Capture primitive is executed as a call to theBioAPI and BSP installed in the client machine and the resulting Biometric IdentificationRecord (BIR) is sent back to the server (see Figure 1).

In our case, the client-server communication is implemented as a web service, as we willexplain in Section II.2. The entire process is transparent to the user. Java management of thedifferent BSPs through local and remote BioAPI instances is performed using a Java wrapper[14] that manage the calls to native code based on the Java Native Interface technology [15].

With the advent of the standard BioAPI 2.0, the definition of an additional layer of compo-nents below the BSPs (called Biometric Function Providers or BFPs) will allow our frameworkto relax some of the interoperability conditions for including new biometric software for ser-ver-side verification. Only the corresponding implementation (whether Windows or Linux) of


6/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

2044-Her/Teleco 62/1-2 4/01/07 14:29 Page 1707

the BFP in charge of the capture process will be necessary on the client side (called SensorBFPs), and only the Linux implementation of the BFPs in charge of the remaining processeswill be necessary on the server side (archive, processing-algorithm and matching-algorithmBFPs). Thus, the server can perform verification without forcing the client to have a duplicateof the complete BSP.

II.2. Our middleware solution : web services and XCBF

Object-oriented middleware such as CORBA or Java RMI are widely accepted solutions forinvoking remote-machine methods from local-machine objects [16]. Nevertheless, interope-rability can be increased if web services with SOAP (Simple Object Access Protocol) are used[17]. Web services with SOAP allow interoperability between heterogeneous clients (such asCORBA, but simpler) and relax the restriction on using the same programming language inboth server and client (Java RMI needs Java programming at both ends).

The same interoperability principle led us to use standard XCBF [4] for the interchange ofbiometric samples. XCBF and web services permit the development of new client applicationsthat are fully compatible with our framework and that do not need to be Java-based, merelycompliant with the agreed interface. This functionality is particularly suitable for client ter-minals without a Java Virtual Machine.


ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 7/16

FIG 1. – Building-blocks of the BioAPI model in a client/server environment.

Blocs élémentaires et modèle de la BioAPI dans une architecture client/serveur.

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1708

There is yet another advantage in using web services rather than CORBA or Java RMI. Fre-quently users access the internet through firewall-protected LANs. Firewalls filter and blocksome internet traffic for security reasons. In this environment, many (almost all) ports aretypically closed to incoming and outgoing traffic, and it may happen that the final user doesnot have the administration privileges necessary to be able to open these ports. Web services,however, are capable of tunneling everything through the ports commonly used forHTTP/HTTPS traffic generated by web browsing (TCP port 80 for HTTP and 443 for HTTPS). Asthese ports are always open, no changes in firewall configuration would be needed in order tooperate, and this is one of the fundamental advantages behind the progressive success of webservices for remote applications deployment.

Since March 2004, a new OASIS security standard for web services, called WS-Security[18], is in charge of ensuring integrity and confidentiality for SOAP messages. Furthermore,XCBF documents can be handled as web-service security tokens for biometric information. Ofthe several implementations of WS-Security, we have chosen WSS4J, an open source imple-mentation developed in Java by the Apache Software Foundation [19]. In this way we canguarantee the integrity of data in the communication between client and server and canauthenticate the source of biometric data and verification results, even if no secure transportlayer (for instance, an SSL connection) is present.

In order to comply with the Core Security Requirements of the ANSI X9.84 standard forBiometric Information Management and Security [9], we should also guarantee the physicalsecurity of the machines. However, as client machines are in a non-controlled environment,this is not feasible. Anyway, some actions can be considered to protect client-side software innon-trustworthy environments from reverse-engineering or tampering attacks. One well-known method for securing Java applications is code obfuscation. With code obfuscation thetask of decompilation, although not impossible, is rendered much more difficult. We use anopen source tool, called Proguard [20], for Java code obfuscation. Moreover, we are currentlyanalyzing more complex methods for remote code checking and software authentication.

II.3. The overall framework

As mentioned above, an XML document specifies the biometric sample acquisition proto-col in an enrolment or verification session. This document represents the man-machine dia-logue. Due to the inexistence of an universally agreed markup language for biometricacquisition we have developed an extension to the VoiceXML standard suited to our necessi-ties. We have called this markup language BioVoiceXML [7]. Our system can easily be trans-lated to any other future markup language (e.g. EMMA : Extensible MultiModal AnnotationMarkup Language, from W3C, currently at Working Draft status [21]).

Figure 2 depicts a block diagram and functionality description for the framework. Star-ting from a client verification or enrolment request, the successive actions and functionalitiesare explained as follows (see diagram numbering) :

1. The Java Web Start biometric client application obtains, from the server, the XML dia-logue that contains the enrolment or verification process description.

2. The dialogue manager interprets high-level instructions and prompts information to theuser, acquires a biometric sample, and performs an enrolment or verification.


8/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1709

3. Each time a sample acquisition is needed, the BioAPI manager obtains the sample eitherfrom a BSP installed locally through a BioAPI_Capture primitive using a Java NativeInterface wrapper, or from ad hoc application code using the Java Media Frameworkfor controlling the audio and video capture devices. The latter option is provided forcontrolling the most common non-BioAPI capture devices, e.g., usual webcams andmicrophones, as biometric inputs. Thus, multimodal biometric authentication can beperformed without forcing the user to have installed a local BioAPI in his machine, byusing, for instance, our BSPs for face and speaker verification.

4. The result of the acquisition process is embedded into an XCBF biometric token andsent to the server bound to an enrolment or verification request.

5. The enrolment or verification process is executed in the server as a sequence of BioAPI

calls.6. The verification result or enrolment templates are stored in the respective server data-

bases.7. The user’s results database will be available to finally authenticate users for the web

through a centralized authentication service (CAS).

One of the framework objectives is to offer biometric authentication capabilities to otherweb-based applications. We have not designed any new authentication service given the wide


ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 9/16

FIG 2. – Building-blocks and functionality description of the open framework.

Blocs élémentaires et description de la fonctionnalité du cadre ouvert.

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1710

variety of open-source projects aimed at offering classical single sign-on authentication ser-vices for web environments. Some of these make use of user attributes interchange (identityfederation) or include access control and authorization policies. We are, however, more inter-ested in the authentication process itself, specifically in offering a centralized authenticationservice for websites, web resources or web applications.

We have integrated our framework as an authentication module in CAS (Central Authenti-cation Server), a widely accepted Java-based system developed at Yale University [22]. Themain idea behind this integration consists of taking advantage of the infrastructure providedby CAS to improve security beyond basic mechanisms based on login and password, addingbiometric verification. By integrating our framework in CAS, we make possible that anyapplication prepared to use CAS for authenticating his users can also use our biometric fra-mework for this purpose. The open-source e-learning platform Moodle is a well knownexample of application that is yet capable of relying the authentication task to CAS. We hadused it to demonstrate the usability of our biometric framework within a common web appli-cation.

Figure 3 (left) shows a Central Authentication Service with single sign-on. The steps inthe authentication protocol are as follows :

1. The user requests a web resource protected by a central authentication service. If theuser has not been authenticated, the request is forwarded to this central authenticationservice.

2. The user is authenticated by the central authentication server. As a result, he obtainscredentials and is forwarded again to the web resource.

3. At the second attempt at a web resource request, the browser automatically sends theuser credentials.

4. The web resource validates the user credentials against the central authentication server.

5. The user requests a new different web resource protected by the central authenticationservice. If the user single sign-on session is correctly authenticated no further authenti-cation is required.

6. Identical to 4.

Figure 3 (right) shows a Central Authentication Service that includes a biometricauthentication module. This is an adaptation of the single sign-on authenticationprotocol to include biometrics :

1. Initial request.2. With the biometric module the authentication process is broken down as follows :

a.The user launches the biometric client.b.Biometric authentication is performed (by the server in this case).c.The Central Authentication Server checks the result of the biometric authentication

in order to grant credentials to the user.3. Request.4. Validation.


10/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1711

Figure 4 depicts the graphical user interface of the Java Web Start biometric client appli-cation. The background window corresponds to the web interface of our customized CentralAuthentication Service with biometric verification.


ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 11/16

FIG 3. – CAS implementation. Single Sign-On (left); Biometric Authentication (right).

Exécution du cas : Single Sign-On (gauche) – Authentification biométrique (droit).

FIG 4. – Screenshot of the graphical user interface for the biometric authentication system.

L’écran du système pour l’authentification biométrique.

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1712

III. EXAMPLE APPLICATION : REMOTE ACQUISITION OF AMULTIMODAL BIOMETRIC DATABASE

In this section we describe how the framework can be used for the management of a web-based tool for the acquisition of a multimodal biometric database of remote users throughoutthe world.

III.1. The value of a realistic multimodal biometric database

The performance of different biometric authentication systems reported in the scientificliterature are very data-dependent and so are only really meaningful for specific tasks, speci-fic populations and a specific acquisition set-up. For example, the performance of a particularbiometric system was claimed by its manufacturer to have an FRR of 0.3% and an FAR of0.1%, but an independent test by the Sandia National Lab found that the system had an FRR

of 25% and an unknown FAR [5].Most of the databases collected to foster research into specific biometric traits have been

acquired in a controlled set-up that allowed to focus the work on improving robustness inspecific variables : illumination, expression or pose in faces [23], background noise in voices[24], plain or rolled contact in fingerprints [25], etc. Other databases were allocated a bigbudget so as to represent a large population and so represent a reference dataset for compa-ring biometric algorithms from different laboratories and companies [26, 27, 28, 29].

Successful deployment of a biometric system needs improvements in relation to certaintechnological and social issues. Referring merely to technological issues, there is much workto be done in regard to robustness against concurrent variability sources in the acquisitionprocess, such as :

• Different third party capturing devices even for the same biometric feature.• Uncontrolled remote scenarios, regarding noise, illumination, device configuration,

user approach to biometrics or even technology, etc.• Effects of ageing or wealth.

Even when some of the large reference datasets have quite realistic acquisition condi-tions, none of them has been designed to represent all the variability of a web-based large-scale application. Using a framework like that described here it is possible to distribute thecapturing process over the web and to build a dataset very useful for testing state-of-the-artbiometric algorithms.

III.2. Description of the implemented multimodal biometric database acquisition tool

Starting from the framework described in previous sections, the construction of an appli-cation for distributed acquisition of multimodal biometric samples through the web is quite


12/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1713

straightforward. It can be viewed, in fact, as several enrolment sessions. There are still someextra functionalities arising from the fact that the purpose of the database is not only the crea-tion of enrolment templates, but also the training of biometric authentication algorithms.Another important issue is that there will be, in general, no supervision of the remote acqui-sition process, although offline supervision will be necessary.

Our distributed multimodal biometric database acquisition tool was developed for audio-visual biometric features, i.e. using the least expensive and most common biometric devices :webcams and microphones. Extension to other biometrics is possible, as explained in Sec-tion II.1 above. In any case, the huge variety of deployed webcams and microphones makesthe implementation of the distributed database acquisition tool quite challenging.

The client application in charge of the acquisition is almost identical to the Java WebStart client application previously presented for the authentication system. (see Figure 4 insection II.3). As in the case of the biometric system, the client application can be launchedusing any browser in Windows or Linux through a web interface. For this purpose, this webinterface allows a user to register into the system or logging into his account. When registe-ring, the system asks for a typed password and a spoken password. The spoken passwordwill be used for text-dependent speaker authentication [13] and multimodal voice-text-lips-tracking authentication. The web interface gives information to the user regarding the num-ber of completed sessions of each type, and offers the possibility for launching a new session,or checking past stored samples, among other options.

The first time a new user launches an acquisition session, the Java Web Start runtimeenvironment downloads the binary code (bytecodes) for the client application from the ser-ver, including all the libraries for using the web service.

In the next accesses to an acquisition session, the client application previously downloa-ded is executed as a desktop application. First of all, the user is requested to enter his loginand password. Once the login and password have been checked, an XML document with thecorresponding dialogue for this session is automatically downloaded and interpreted tolocally drive the whole sample acquisition process [7]. This process is analogous to an enrol-ment process defined for the biometric authentication system. When the acquisition processis finished, the entire set of samples is sent directly and secured from local memory to theuser database on the server side. No disk writing is performed in the client computer to avoidspoofing as much as possible.

The behavior to be prescribed for an acquisition session for single or multiple biometricsis highly customizable by writing a document with the adequate dialogue for describing theactions to be executed by the acquisition application.

Figure 5 depicts the graphical user interface of the client application, at the moment of afrontal face still-image acquisition. The overlaid glasses and chin serve as a user-based nor-malization method for face scale and pose. This is an example of dialogue customization.

The client application window is divided into two main panels. The left panel is used forshowing messages and instructions to the user. These prompts are configurable in the docu-ment with the dialogue for each particular acquisition session. The right panel shows thewebcam video stream and the still image shots to be acknowledged before storage. Any over-laid image or mask can be defined here to help remote and unattended acquisition. Audioacquisition is also controlled through this panel, and playback of the acquired samples helpto decide if the acquisition has been correct. Correct and incorrect acquisition settings andexamples can be reached through the help button at any time.


ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 13/16

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1714

Once the acquisition is complete, the user may attempt another enrolment session or viewthe samples previously acquired in order to validate them.

Finally, we have also developed a web-based administration tool to simplify control overusers and reconfiguration of the entire database acquisition parameters : enrolment protocols,number and type of sessions, and language adaptations.

IV. CONCLUSIONS AND FUTURE WORK

In this paper we have presented and explained the design and implementation of an openframework for distributed biometric authentication in a web environment. Some of the issuesrelated to interoperability in biometrics and security for distributed applications over opennetworks have been addressed by endeavoring to comply fully with widely accepted stan-dards, such as BioAPI and X9.84. Diverse open-source solutions have been carefully integratedin our framework attending to flexibility, portability, and interoperability issues.

We have also demonstrated the versatility and usability of the framework by defining atool for distributed biometric database acquisition. This tool has been designed as a fully


14/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

FIG 5. – Screenshot of session with controlled frontal face acquisition.

L’écran de session avec l’acquisition contrôlée de visage de front.

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1715

operative service but is totally reconfigurable for similar biometric uses. Either the biometricauthentication system or the database acquisition tool can be tested online on the GTS site1

Regarding future lines of work, the BioAPI consortium is currently working on improvinginteroperability in distributed environments, in the form of what is known as the BioAPI Inter-working Protocol (SC 37 N 1268). This standard will allow a client application to executeBSPs from remote machines as if these were running locally. Our framework will be adaptedin the future to comply with this new standard.

We also intend to improve integrity, security and privacy of biometric samples from theweakest point of the system, the unattended client, to the more secure server environment.For this purpose we are evaluating some current used potential techniques to ensure thesesecurity aspects, as integrating watermarking techniques, implementing challenge/responsesystems or analyzing the possibility of deterministically distorting the biometric sample ineach user access (called cancelable biometrics in [30]).

Manuscrit reçu leAccepté le

REFERENCES

[1] Biometric-aimed Sub-Committees of the ISO/IEC JTc1: http://isotc.iso.org, http://www.sc17.com[2] BioAPI Consortium (ANSI/INCITS 358-2002): http://www.bioapi.org[3] Biometric Consortium: http://www.biometrics.org[4] XML Common Biometric Format: http://xml.coverpages.org/xcbf.html[5] JAIN (A.), BOLLE (R.), PANKANTI (S.), Introduction to Biometrics. In Biometrics. Personal Identification in

Networked Society. Kluwer Academic Publishers, 2002.[6] ROSS (A.), JAIN (A.K.), Multimodal Biometrics: An Overview. In Proc. of 12th European Signal Processing

Conference (EUSIPCO), pp. 1221-1224, Vienna (Austria), September 2004.[7] GONZÁLEZ-AGULLA (E.), ARGONES-RÚA (E.), GARCÍA-MATEO (C.), MÁRQUEZ-FLÓREZ (O.), Development and

Implementation of a Biometric Verification System for Internet Applications. In Proc. of the 2nd COST275Workshop, Vigo (Spain), pp. 33-39, March 2004.

[8] MENKUS (B.), Understanding the Use of Passwords. Computers and Security 7(2), pp. 132-136, 1988.[9] ANSI X9.84-2003, Biometric information management and security for the financial services industry.

American National Standards Institute, New-York (USA), 2003.[10] Java Web Start Technology : http://java.sun.com/products/javawebstart/[11] YUAN (X.), HUI (S.C.), LEUNG (M.H.K), GAO (Y.), Towards a BioAPI compliant face verification system,

Computer Standards & Interfaces 26 (2004) pp. 289-299.[12] GONZÁLEZ-JIMÉNEZ (D.), ALBA-CASTRO (J. L.), Frontal Face Authentication through creaseness driven Gabor

jets. Lecture Notes in Computer Science 3212 (Springer), pp 660-667, 2004.[13] RODRÍGUEZ-LIÑARES (L.), GARCÍA-MATEO (C.), ALBA-CASTRO (J.L.), On Combining Classifiers for speaker

authentication, Pattern Recognition, 36, pp.347-359, 2003.[14] Open Source Project JBioAPI: a Java BioAPI wrapper for Linux.

http://www.qrivy.net/~michael/blua/jbioapi/[15] JNI – Java Native Interface : http://java.sun.com/j2se/1.3/docs/guide/jni/[16] RICHIARDI (J.), DRYGAJLO (A.), PALACIOS-VENIN (A.), LUDVIG (R.), GENTON (O.), HOUMGNY (L.), A distributed

multimodal biometric authentication framework. In Proc. of the 3rd COST275 Workshop, Oct. 2005.[17] W3C Simple Object Access Protocol (SOAP) 1.1: http://www.w3.org/TR/soap/[18] OASIS Web Services Security – SOAP Messages Security 1.0:

http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0.pdf[19] Apache open-source implementation of the OASIS Web Services Security:

http://ws.apache.org/wss4j/[20] Proguard: Open Source Java shrinker, optimizer and obfuscator : http://proguard.sourceforge.net


ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007 15/16

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1716

[21] W3C Extensible MultiModal Annotation markup language: http://www.w3.org/TR/emma/[22] Central Authentication Server Open-Source Project:

https ://clearinghouse.ja-sig.org/wiki/display/CAS/Home[23] MARTINEZ (A.M.), BENAVENTE (R.), The AR Face Database. CVC Technical Report #24, June 1998.[24] The SpeechDat Projects : http://www.speechdat.com[25] NIST special databases form the Image Group:

http://www.itl.nist.gov/iad/894.03/databases/defs/dbases.html[26] MESSER (K.), MATAS (J.), KITTLER (J.), LUETTIN (J.), MAÏTRE (G.), XM2VTSDB : The extended M2VTSDB.

International Conference on Audio and Video-based Biometric Person Authentication, 1999.[27] NIST Speaker Recognition Evaluation page :

http://www.nist.gov/speech/tests/spk/index.htm[28] PHILLIPS (P.), FLYNN (P.), SCRUGGS (T.), BOWYER (K.W.), CHANG (J.), HOFFMAN (K.), MARQUES (J.), MIN (J.),

WOREK (W.), Overview of the face recognition grand challenge. In Proc. of IEEE Conf. on Computer Vision andPattern Recognition (CVPR), San Diego, CA, June 2005.

[29] MESSER (K.), KITTLER (J.), SADEGHI (M.), HAMOUZ (M.), KOSTYN (A.), MARCEL (S.), BENGIO (S.), CARDINAUX (F.),SANDERSON (C.), POH (N.), RODRIGUEZ (Y.), KRYSZCZUK (K.), CZYZ (J.), VANDENDORPE (L.), NG (J.),CHEUNG (H.), TANG (B.), Face authentication competition on the banca database. In Proceedings of theInternational Conference on Biometric Authentication (ICBA), Hong Kong, July 15-17 2004.

[30] RATHA (N. K.), CONNELL (J. H.), BOLLE (R. M.), Enhancing security and privacy in biometrics-based authen-tication systems, IBM Systems Journal, 40, nº 3, 2001.


16/16 ANN. TÉLÉCOMMUN., 62, n° 1-2, 2007

2044-Her/Teleco 62/1-2 4/01/07 14:30 Page 1717

Documents

2044-Her/Teleco 62/1-2