Upload
vanngoc
View
218
Download
2
Embed Size (px)
Citation preview
Chapter OneIntroduction to Biometrics
1.1 Biometrics Definition
Biometrics: is the application of statistical analysis to biological data.
Biometrics refers to the identification of humans by their characteristics or
traits. Biometrics is used in computer science as a form of identification and
access control.
It is also used to identify individuals in groups that are under
surveillance. Biometric identifiers are the distinctive, measurable
characteristics used to label and describe individuals. Biometric identifiers are
often categorized as physiological versus behavioral characteristics.
Physiological characteristics are related to the shape of the body.
Behavioral characteristics are related to the pattern of behavior of a
person.
1.2 Biometrics History
Biometrics is the application of statistical analysis to biological data. In
the 21st century, it seems almost intuitive to think of our bodies as natural
identification systems for our unique selves. In fact, the idea that our bodies,
eyes, faces and fingers might give us (and criminals) away developed over
time, through the work of many people.
1
Chapter one: introduction to Biometrics
19th Century:
Anthropometry Develops Others date the origins of biometrics to
Alphonse Bertillon. He was a member of the police was working as a record
clerk in his native Paris when he invented anthropometry in the late 19th
century: the use of body measurements to identify criminals.
Bertillon's system also involved recording suspects' body movements
and marks on their bodies, such as warts or tattoos. Both American and British
police forces used this system, which came to be called Bertillonage, to narrow
the number of suspects they sought. However, measurements could not be
made exactly and different officers always measured slightly differently
Late 19th Century:
Fingerprinting Begins. There are many steps in the history of
fingerprinting as a way to identify criminals. Bertillon included fingerprinting
in his system, but not as an important element. An Argentine police official
was the first person to keep fingerprint files.
He classified fingerprints according to a system established by Sir
Francis Galton, an anthropologist related to Charles Darwin. Galton later
published a book, Fingerprints, that contained a classification system. His
discovery that no two individuals share the same fingerprint, and his
classification of the details of an individual's fingerprint are largely used today.
By the 1920s, fingerprint identification was used by law enforcement.
2
Chapter one: introduction to Biometrics
Figure(1-1) : Fingerprint
Late 20th Century: Automated Biometric Techniques
Although finger printing is still in use today, computer aided techniques
began developing—rapidly—in the last quarter of the twentieth century. These
techniques sought to measure our voices, our hands, fingers, irisis and faces.
Once ideas were proposed, development was rapid. For example, in 1985, the
idea that irises are unique was proposed; development of an iris identification
system began in 1993; in 1994 the first iris recognition algorithm was patented,
and the year after that, a commercial product measuring irises became
available. Iris scanners have already been tested as supplements in security
contexts in a number of countries, as well as in commercial contexts.
3
Chapter one: introduction to Biometrics
1.3 How Biometrics Work
Biometric technology must first gather information into a computer
database, for example, a database of fingerprints. The computer will compare
the fingerprints in the database to any new sample and recognize when there is
a match. The matches can be used for either identification or verification
purposes.
Biometric Identification
A biometrics system searches the database for a match to the newly
captured sample, and grants access if it is found. Using a fingerprint as part of
the login process to a computer is an example of this mode.
Biometric Verification
A biometrics system searches the database for a match to the newly
captured sample, and authenticates an individual's claimed identity from his or
her previously enrolled pattern. Using a palm scanner to unlock a door is an
example of this mode.
1.4 Uses of Biometrics
Biometrics has long being touted as a powerful tool for solving
identification and authentication issues for immigration and customs, physical
security, and computer security. It involves measuring one or more unique
physiological human characteristics, the shape of a body, fingerprints, structure
of the face, DNA, hand/palm geometry, iris patterns, and even odor/scent.
Behavioral traits can also be used – typing rhythm, gait, and voice.
4
Chapter one: introduction to Biometrics
These technologies have enormous promise because they can never be
forgotten, lost or copied, unlike the current methods of cards and passwords
Biometrics are seductive. Your voiceprint unlocks the door of your house.
Your iris scan lets you into the corporate offices. You are your own key.
Unfortunately, the reality isn't that simple.
Biometrics are the oldest form of identification. Dogs have distinctive
barks. Cats spray. Humans recognize faces. On the telephone, your voice
identifies you. Your signature identifies you as the person who signed a
contract.
In order to be useful, biometrics must be stored in a database. Alice's
voice biometric works only if you recognize her voice; it won't help if she is a
stranger. You can verify a signature only if you recognize it. To solve this
problem, banks keep signature cards.
Alice signs her name on a card when she opens the account, and the
bank can verify Alice's signature against the stored signature to ensure that the
check was signed by Alice.
There is a variety of different biometrics. In addition to the three
mentioned above, there are hand geometry, fingerprints, iris scans, DNA,
typing patterns, signature geometry (not just the look of the signature, but the
pen pressure, signature speed, etc.). The technologies are different, some are
more reliable, and they'll all improve with time.
Biometrics are hard to forge: it's hard to put a false fingerprint on your
finger, or make your iris look like someone else's. Some people can mimic
5
Chapter one: introduction to Biometrics
others' voices, and Hollywood can make people's faces look like someone else,
but these are specialized or expensive skills. When you see someone sign his
name, you generally know it is he and not someone else.
On the other hand, some biometrics are easy to steal. Imagine a remote
system that uses face recognition as a biometric. In order to gain authorization,
take a Polaroid picture of yourself and mail it in. We'll compare the picture
with the one we have in file.'' What are the attacks here?
Take a Polaroid picture of Alice when she's not looking. Then, at some
later date, mail it in and fool the system. The attack works because while it is
hard to make your face look like Alice's, it's easy to get a picture of Alice's
face. And since the system does not verify when and where the picture was
taken--only that it matches the picture of Alice's face on file--we can fool it.
A keyboard fingerprint reader can be similar. If the verification takes
place across a network, the system may be unsecure. An attacker won't try to
forge Alice's real thumb, but will instead try to inject her digital thumbprint
into the communications.
The moral is that biometrics work well only if the verifier can verify
two things: one, that the biometric came from the person at the time of
verification, and two, that the biometric matches the master biometric on file. If
the system can't do that, it can't work. Biometrics are unique identifiers, but
they are not secrets. You leave your fingerprints on everything you touch, and
your iris patterns can be observed anywhere you look.
6
Chapter one: introduction to Biometrics
Biometrics also don't handle failure well. Imagine that Alice is using
her thumbprint as a biometric, and someone steals the digital file. Now what?
This isn't a digital certificate, where some trusted third party can issue her
another one. This is her thumb. She has only two. Once someone steals your
biometric, it remains stolen for life; there's no getting back to a secure
situation.
And biometrics are necessarily common across different functions. Just
as you should never use the same password on two different systems, the same
encryption key should not be used for two different applications. If my
fingerprint is used to start my car, unlock my medical records, and read my
electronic mail, then it's not hard to imagine some very unsecure situations
arisin.
Biometrics are powerful and useful, but they are not keys. They are not
useful when you need the characteristics of a key: secrecy, randomness, the
ability to update or destroy. They are useful as a replacement for a PIN, or a
replacement for a signature (which is also a biometric). They can sometimes be
used as passwords: a user can't choose a weak biometric in the same way they
choose a weak password.
7
Chapter one: introduction to Biometrics
1.5 Advantages of Biometric Technologies
Enhanced security was thought to be the greatest benefit of biometric
technologies, followed by accuracy. Other benefits were its unique feature of
not being shared/copied/lost, it reduces paperwork, and it is convenient. On the
other hand, the greatest disadvantage was possible invasions of privacy,
followed by the financial costs to implement.
Figure (1-2): Advantages of Biometric Technologies
8
Chapter one: introduction to Biometrics
1.6 Disadvantages of Biometric Technologies
While biometric technologies are on the upswing and their use is
becoming widespread because of the advantages we have outlined above,
biometric technologies also have some disadvantages. Such as
Limitations: Because these technologies apply to human beings, they
are affected and are limited by many situations that may affect the individual.
For example, fingerprint technology may not be effective if the subject has
dirty, deformed, or cut hands; iris technology may not be effective if the
subject has a bad eye; and voice technology may be affected by infections.
Also background noise can interfere with voice recognition systems.
Affordability (high cost): Because biometric technologies are new
technologies, they tend to be rather expensive without widespread use. For
example, facial and voice recognition and iris technologies are still not yet
affordable.
Cannot replace a biometric that has been lost or misappropriated.
Once a biometric has been compromised, it cannot be made right again.
Biometrics evolve and degrade over time and require constant updates
of the reference biometric.
9
Chapter one: introduction to Biometrics
Figure (1-3): Disadvantages of Biometric Technologies
10