Embed Size (px)
Citation preview
Biometrics
Pearl Brewer, Ph.D.
HOA 725
Definition of Biometrics
Automated identification based on physiological or behavioral characteristics
Examples Fingerprints Hand geometry Vein Check Facial recognition Signature Iris or retinal scan voice recognition Keystroke dynamics
Application: Secure identification and personal verification solutions
Uses: Federal, state and local governments, in the military, and in commercial a
pplications
Important Considerations
Hardware Security level Integration with applications or operating
systems, User acceptance.
Hand-based Biometrics
Fingerprint Identification
Hand Geometry
Vein Check
Fingerprint Identification
Matching the characteristics of a fingerprint on file to the one presented to the system.
Reliability depends on how many “points” you match.
Fingerprint Technology
sub-dermal fingerprint readers read below the user's surface layer of (dead) skin down to the live sub-dermal layer where an individual's true fingerprint resides. It works by bouncing electromagnetic waves, similar to radio waves, off the live tissue and blood flow underneath a persons skin.
These reflections are recorded to build up a picture of the fingerprint, which is matched against the persons known fingerprint recorded earlier.
Fingerprint Technology Uses
Door Locks Access Control
Computer work stations
Time Clocks In room safes Payment Systems
Combo Systems Combining two security methods
increases validity. Such as
a card and fingerprints Pin number and fingerprints
Advantages & Limitations
Inexpensive, cost range from $100 to $2000
Convenient, you always have it with you! False acceptance and rejection is estim
ated at around 0.0001% and less than 1% respectively
However others say they can be defeated
Can they be defeated?
It depends on the technology used: Technology that simply reads the surface or
does not use electromagnetic can be defeated. But of course you have to get the fingerprint!!
In this case a combination method is best
Hand Geometry Recognition Systems'
biometric HandReaders simultaneously analyze more than 31,000 points and instantaneously records more than 90 separate measurements of an individual's hand-including length, width, thickness and surface area-to verify that the person using the device is really who he or she claims to be.
How Hand Geometry Works
The user places the palm of his hand on a metal surface which has guidance pegs on it.
the device can reads the hand attributes.
The device then checks its database for verification of the user.
The process usually takes less than 5 seconds.
Uses of Hand Geometry
Time and Attendance Access control Identify Verification
Advantages Easy for users to work the system - requiring nothing
more than placing one's hand on the device. It has no public attitude problems as it is associated
most commonly with authorized access. The amount of data required to uniquely identify a
user in a system is the smallest by far, allowing it to be used with SmartCards easily.
It is also quite resistant to attempts to fool the system. The time and energy required to emulate a person's hand is generally too much to be worth the effort
Limitations Proprietary hardware cost Required size of hardware Injuries to hands can cause difficulty in
using the reader effectively, Some question its accuracy in general.
Vein Check Veincheck The Veincheck principle is a non-
invasive, computerized comparison of subcutaneous blood vessel structures (the veins) in the back of a hand to verify the identity of individuals for access control or card-holder ID.
How Vein Check Works
Measures the shape and size of veins in the back of the hand (or front of the wrist).
The vein pattern is best defined when the skin on the back of the hand is taut - when the fist is clenched.
The skeleton of the hand then holds the vein "tree" rigid. The vein "tree" pattern is picked up by a video camera,
and converted by a computer into a vector pattern or into a string of numbers.
This pattern of the vein "tree" is sufficiently idiosyncratic to function as a personal bar code, or PIN equivalent, that is extremely difficult to duplicate or discover.
Benefits:
Advantages and Limitations
Advantages Non-harmful, near infra-
red lighting is employed. Non-invasive, socially
acceptable alternative to fingerprinting and retinal scanning
Fast, easy-to-use, and discreet
Very low false reject rate Compact reference
pattern (400 bits) Not easily replicated
Cost
Facial Recognition Facial recognition
systems are built on computer programs that analyze images of human faces for the purpose of identifying them. The programs take a facial image,
How Facial Recognition Works
Measure characteristics such as the distance between the eyes, the length of the nose, and the angle of the jaw,
create a unique file called a "template." Using templates, the software then
compares that image with another image and produces a score that measures how similar the images are to each other.
Uses of Facial Recognition
Access control
ID verification
Advantages
Accurate
Cost-effective
Familiar
Non-invasive
Uses legacy data
Does not require user participation
Limitations It can be impossible to match images when
there are differences in lighting, camera, or camera angle,
Some say there are high rates of both "false positives" (wrongly matching innocent people with photos in the database) and "false negatives" (not catching people even when their photo is in the database).
Limitations Some systems are easily tripped up by
changes in hairstyle, facial hair, or body weight, by simple disguises, and by the effects of aging.
The technology works best under tightly controlled conditions, when the subject is starting directly into the camera under bright lights -
How Voice Recognition Works
compares a pre-recorded voice message with the current user. Can be a data-base
system or a stand alone device
Voice Recognition Credit Card
The card would have a button on it and when pressed it would say "Please say your password".
Compares voice to data file store remotely (via the internet)
Uses of Voice Recognition Technology
Access Control Computer work
stations Time Clocks
Advantages & Limitations
perfect for telecommunication applications, most of the modern personal computers already possess the necessary hardware to utilize the applications.
The error rate for this type of biometric ranges between
two and five percent,
Some drawbacks to this technology are that voiceprints can vary over the course of the day, and ones health, such as a cold or laryngitis, can affect verification of the user by the system.
Biometrics and the eye
Two typesRetinal ScanIris Scan
Retinal Scan Technology
Retinal scanning analyses the layer of blood vessels at the back of the eye. Scanning involves using a low-intensity light source and an optical coupler and can read the patterns at a great level of accuracy.
How Retinal Scan Works
The user looks through a small opening in the device at a small green light.
The user must keep their head still and eye focused on the light for several seconds
During which time the device will verify his identity. This process takes about 10 to 15 seconds total.
Advantages & Limitations
Advantages Most Accurate Biometric
System Unlike other forms of
biometrics, there is continuity of the retinal pattern throughout life
Difficulty in fooling such a device also make it a great long-term, high-security option.
Limitations Cost Stigma of people
believing that it can harm their eye
User must remove glasses
How Iris Scans Work
Involves analyzing features found in the colored ring of tissue that surrounds the pupil.
Advantages Less intrusive of the eye-related biometrics, Uses a fairly conventional camera element
and requires no close contact between the user and the reader.
higher than average template-matching performance.
Iris biometrics work with glasses in place and is one of the few devices that can work well in identification mode.
Limitations Ease of use and system integration
have not traditionally been strong points with iris scanning devices
Cost
Signature verification
Using and individuals signature to identify them.
How Signature Verification Works
Takes into account the shape the stroke speed pen pressure, and timing information while the person is creating the
signature. Actual signature recognition is carried out by
writing on a pressure sensitive pad with a pen or stylus.
Advantages and Limitatiions
No matter how good a forger may be, they will be unable to duplicate exactly all these parameters.
A signature is relatively stable over time
Acceptance of this method is very high.
Cost
Keystroke Dynamics
Measures your typing rhythms Refers to an authentication method that
analyzes the way a user types at a terminal by monitoring keyboard input 1,000 times per second
A behavioral biometric authentication method
How Keystroke Dynamics Works
The users type the same word (or words), such as their usual user name and password set, a number of times.
The key parameters are "flight time", the amount of time that a user spends "reaching" for a certain key and "dwell time", the amount of time a user spends
pressing one key. The advantage in the computer environment is that neither enrollment nor verification detracts from the regular workflow.
Advantages and Limitations
Advantage In the computer
environment is that neither enrollment nor verification detracts from the regular workflow.
Limitations
Discussion How do you feel about Biometric
Systems?
Are there ssecurity issues?
