| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

Authentication technologies

This version was saved 17 years, 4 months ago View current version     Page history
Saved by PBworks
on November 5, 2006 at 6:47:53 pm
 

Authentication.

 

AUTHORIZATION. RECOGNITION. VERIFICATION. IDENTIFICATION. SCREENING.

 


 

The definition for authentication is: „The process of establishing the validity of the user attempting to gain access to a system.” or "The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual" (16).

 

Authorization is: "The process of granting or denying access to a network resource. Most computer security systems are based on a two-step process. The first stage is authentication, which ensures that a user is who he or she claims to be. The second stage is authorization, which allows the user access to various resources based on the user's identity." For the purpose of this review on data authentication, a "subject" is the identity attempting to access a device, and an "object" is the device. (16).

 

Recognition is a generic term, and does not necessarily imply either verification or identification. All biometric systems perform “recognition” to “again know” a person who has been previously enrolled. Verification is a task where the biometric system attempts to confirm an individual’s claimed identity by comparing a submitted sample to one or more previously enrolled templates.

Identification is a task where the biometric system attempts to determine the identity of an individual. A biometric is collected and compared to all the templates in a database. Identification is “closed-set” if the person is known to exist in the database. In “open-set” identification, sometimes referred to as a “watchlist,” the person is not guaranteed to exist in the database. The system must determine whether the person is in the database.

 

An individual can be identified and authenticated by what he knows (password), or by what he owns (smart card) or by his human characteristics (biometrics). Unlike a password or a PIN, a biometric trait cannot be lost, stolen or recreated.

 

ACCESS MANAGEMENT.

 

In a number of countries there have been numerous attempts on authentication: INTERNET2 in the USA- is a consortium of 207 universities working to develop advanced network applications and technologies.

In UK the previous JANET that served around 50 sites with line speeds of 9.6 kbit/s evolved into the JANET IP Service, SuperJanet, SuperJanet II and Super Janet III. Athens also was initially deployed in the higher education sector in 1996 and has firmly established itself as the de facto standard for secure access management to web-based services for the UK education and health sectors.

 

The Shibboleth (developed by INTERNET2) architecture defines a way of exchanging information between an organization and a provider of digital resources (such as data, video, documents, etc). In the Shibboleth model, the organization exchange the information into a secure manner, authenticate the user and provide information about the user. The information about user is called attribute information.

Organizations that use Shibboleth to access resources must join or create a federation. A federation creates a "circle of trust" for organizations that want to access a set of resources. Each federation has its own criteria for organizations that want to join it, and defined levels of trust for access to the set of resources.

The Shibboleth project has established two federations, InQueue and InCommon. InQueue enables organisations to test their Shibboleth implementation, while InCommon is for production use.

Other federations include the Swiss SWITCH AAI, EDINA SDSS and the Eduserv test and production federations.

 

AAI- Authentication and Authorization Infrastructure (AAI)

 

AAI uses a federated approach, insofar as each party controls the steps relevant to it: universities register and authenticate their members and resource owners define their access rules. All parties involved profit by a standards-based AAI 19.

 

 

 

The authentication and authorization infrastructure (AAI) planned in the years 2002-2003 and proven and tested in pilot projects has gone live. Over 100'000 users of the universities of Berne, Geneva, Lausanne, Lucerne and Zurich as well as the ETH Zurich are in a position to authenticate within AAI by means of their user accounts. This opens up entirely new possibilities for resource owners to authenticate these members of the universities and to grant them, if authorized,access to the resources – without having to register and administrate users themselves.

 

Some example resources

As operator of the central AAI components, SWITCH (The Swiss Education and Research Network) is experienced in AAI-enabling different types of resources.

 

A) Apache, IIS Web server or Tomcat

AAI components can be added to Web servers by standard procedures.

SWITCH provides a detailed installation and configuration guides. On request, SWITCH also carries out ready-to-use integrations of web-sites.

B) WebCT

The e-learning platform WebCT Vista of the Swiss Virtual Campus (SVC) is being integrated with AAI. The registration of individual users of the universities mentioned above is thus no longer necessary.

SWITCH supports providers of courses on the SVC platform with the specific configuration of their authorization concept or helps operators to integrate their own WebCT platforms with AAI.

C) Web-based applications

There are portal and proxy solutions for Web applications which cannot be integrated directly with the AAI.

SWITCH has a tool box which helps integrating such „black box“ applications.

 

Uportal is another open source portal technology being adopted mostly in the U.S, but with an increasing number of adoptive institutions in the U.K. Uportal offers:

• Single sign-on

• Opportunities for personalisation

• Open source

• Campus web including chat, forums and survey

• Integration with assessment technologies such as ASAP and QuestionMark Perception.

 

THE USE OF BIOMETRICS.

 

What Is Biometrics?

 

Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic 1. Biometric recognition technology relies upon the physical characteristics of an individual, such as fingerprints, voiceprint, pattern of the iris of the eye and facial pattern, in identifying an individual, offering positive identification that is difficult to counterfeit. Examples of physiological biometric features include height, weight, body odor, the shape of the hand, the pattern of veins, retina or iris, the face and the patterns on the skin of thumbs or fingers (fingerprints). Examples of behavioral biometrics are voice patterns, signature and keystroke sequences and gait (the body movement while walking).

 

The term “biometrics” is derived from the Greek words “bio” (life) and “metrics” (to measure). Automated biometric systems have only become available over the last few decades, due to significant advances in the field of computer processing.

 

Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.

 

According to the Biometrics Catalog 7 “Biometrics” is a general term used alternatively to describe a characteristic or a process.

 

As a characteristic:

1. A measurable biological (anatomical and physiological) and behavioral characteristic that can be used for automated recognition.

 

As a process:

2. Automated methods of recognizing an individual based on measurable biological (anatomical and physiological) and behavioral characteristics.

 

Some biometric systems permit more than one attempt to identify or verify an individual.

Some biometric features are persistent over time while others change. All biometric features are deemed ‘unique’ but some are less ‘distinct’ than others and thus less useful for automated identification purposes. The distinctiveness of any biometric feature depends also on the effectiveness of the sampling technique used to measure it, as well as the efficiency of the matching process used to declare a ‘match’ between two samples. Biometric identification is a technique that uses biometric features to identify human beings. Biometrics are used to strongly link a stored identity to the physical person this represents. Since a person’s biometric features are a part of his or her body, they will always be with that person where ever he/she goes and available to prove his or her identity. Biometric technologies may be used in three ways: (a) to verify that people are who they claim to be, (b) to discover the identity of unknown people, and (c) to screen people against a watch-list.

 

Jain A. states that the evaluation whether a particular body characteristic is suitable for biometric use can be done on the following seven criteria 11 identified by the author as being the seven pillars of Biometric Wisdom:

Universality. All human beings are endowed with the same physical characteristics - such as fingers, iris, face, DNA – which can be used for identification.

Distinctiveness. For each person these characteristics are unique, and thus constitute a distinguishing feature.

Permanence. These characteristics remain largely unchanged throughout a person's life.

Collect ability. A person's unique physical characteristics need to be collected in a reasonably easy fashion for quick identification.

Performance. The degree of accuracy of identification must be quite high before the system can be operational.

Acceptability. Applications will not be successful if the public offers strong and continuous resistance to biometrics.

Resistance to Circumvention.

In order to provide added security, a system needs to be harder to circumvent than existing identity management systems.

 

Biometric Application Types

 

In functional terms the current uses of biometrics can be categorised under the following headings: verification, identification and screening. Another potential use of biometrics, though not yet in a mature state of development, is biometric encryption.

 

Verification (1-to-1 matching)

Verification is a test to ensure whether person X is really who he or she claims to be. Two types of verification can be envisaged: with centralised storage or distributed storage.

 

a) Verification with centralised storage

If a centralised database exists (produced once at enrolment and updated with each additional user) where all biometric data and the associated identities are stored, the biometric sample of the claimed identity is retrieved from the database. This is then compared to the live sample provided by person X, resulting in a match or a non-match.

Two types of error are possible for verification: (i) a false match (person X is not who he claims to be but the system erroneously accepts him, i.e. acceptance of an impostor; also known as false positive) and (ii) a false reject (person X is who he claims to be but the system fails to make the match, i.e. rejection of a legitimate person; also known as false negative). The matching can be done locally on the device temporarily storing the acquired sample or remotely by the hardware that stores the sample acquired during enrolment. False rejects will cause unnecessary inconvenience to innocent individuals whereas false matches are more insidious as they allow a fraudulent individual to pass, but the mistake goes unnoticed by the system.

b) Verification with distributed storage

If the biometric data is stored in a memory device that is carried by the individual, for example a smart card or a chip integrated into an identity document, person X will provide a live biometric sample and this will be compared to the biometric data stored on the memory device. This can be done either by the verification system which retrieves person X’s biometric data from the memory device and compares them to the live sample, or by the memory device itself, if it is sufficiently sophisticated to perform the verification. The identity details are either stored on the memory device or written on the accompanying documents e.g. in the case of a passport, identity information might be printed next to the chip. If the verification process succeeds, then person X is confirmed to be the valid bearer of the identification documents.

As before, false acceptance and false rejection errors are possible. In addition, there is the possibility that the documentation or the memory device are fraudulent or have been tampered with.

 

Identification (1-to-many matching)

Identification is used to discover the identity of an individual when the identity is unknown (the user makes no claim of identity). Contrary to verification, for the process of identification a central database is necessary that holds records for all people known to the system; without a database of records, the process of identification is not possible.

When person X comes to be identified, he provides a live biometric sample, e.g. a fingerprint is taken or the iris is scanned. The data is processed and the resulting biometric template is compared against all the entries in the database to find a match (or a list of possible matches). The system then returns as a response either the match (or list of possible matches) it has found, or that there is no match against the enrolled population. Identification may result in one of two types of error described previously: i.e. a false match or a false reject. Since the system checks against a database of enrolled templates or full images, the maintenance of the integrity of the database is essential in protecting individuals from identity theft.

 

Screening

The third type of process is screening, which makes use of a database or watch-list. A watch-list contains data of individuals to be apprehended or excluded. A record on the watch-list may contain only biometric data for a wanted individual or may also have identity information, depending on what is known. Everyone who passes the screening process provides a biometric sample, which is checked for matches against the watch-list. The key feature of a watch-list is that people are not on the whole identified; they will only be identified if they appear on the list. If there is no match the person passes through and their biometric sample should in principle be discarded. In the case of a match, a human operator decides on further action. Screening can take place overtly, for example at border control or covertly, such as scanning a crowd with the use of security cameras.

 

 

Factors Of Authentication.

 

There are several types of authentication, one of the most commonly used is a password or personal identification number (PIN). This is known as single factor authentication -- something the subject knows. One of the most secure authentication processes would use a combination of factors such as something the subject knows (password, pass phrase, or PIN), something they have (smartcard, token, or tag) and something they are (fingerprint, handwriting, iris, or retina scan, and so on) 15.

 

Other behind-the-scenes authentication techniques used are digital certificates and digital signatures. Pretty Good Privacy (PGP) uses keys and digital signatures to enable authentication of e-mail messages to ensure that they came from whom they said they did. Likewise, secure Web sites use digital certificates to let the subject know that they are whom they say they are and that they can be trusted.

 

The key difference of biometrics to other digital identifiers, such as passwords, PINs or credit cards is that biometrics cannot be lost or forgotten; since biometric measurements are part of the body, they will always be present when needed. Moreover, the process of identification is automated or semi-automated. In some cases this automation mimics something humans do in everyday life (face or voice recognition), but for most technologies automation is necessary because humans alone would not be able to distinguish different individuals (iris recognition, hand patterns).

 

Biometrics is not only a fascinating pattern recognition research problem but, if carefully used, could also be an enabling technology with the potential to make our society safer, reduce fraud and lead to user convenience (user friendly man-machine interface) by broadly providing the following three functionalities:

(a) Positive Identification (“Is this person truly known to the system?”).

Commercial applications such as computer network logon, electronic data security, ATMs, credit card purchases, physical access control, cellular phones, PDAs, medical records management, and distance learning are sample authentication applications. Authentication applications are typically cost sensitive with a strong incentive for being userfriendly.

(b) Large Scale Identification (“Is this person in the database?”). Typical large-scale identification applications include welfare-disbursement, national ID cards, border control, voter ID cards, driver’s license, criminal investigation, corpse identification, parenthood determination, missing children identification, etc. These large-scale identification applications require a large sustainable throughput with as little human supervision as possible.

(c) Screening (“Is this a wanted person?”)

 

WHY DO WE NEED IT

and why use biometrics in education?

 

It is easy to understand the need for biometrics if you've ever forgot or left your network password on your computer. Aside from what's known as "logical" use—using a finger scan or another type of technology to determine if a user is allowed to access information—biometrics can also give appropriate people access to a school building or area.

Biometrics isn't just for inside walls, either. Banks are looking at the technology to replace cards and PINs at ATMs. There's potential for using biometrics to verify payment in online purchases.

 

There is an increasing need to find a way to solve user identification issues and cut costs for password administration. In educational institution the students found it difficult to remember passwords, or occasionally they borrow user names and passwords belonging to other students—and misused them.

With the fingerprint readers in place at the Kvarnby School’s workstations 24, problems with forgotten or misused passwords have practically been eliminated. Now all 450 students and teachers are logging on to the computers using their fingerprint, which has not only made the login routines easier, but also saves valuable classroom time—up to 50% on a 40 min lesson.

After extensive research, the IT group decided that a fingerprint based solution for login would eliminate the identification problems. Precise Biometrics distributor, Data Construction, provided the login solution at the Kvarnby School and made it possible for the IT administrators to be sure that people were who they claimed to be. Students did not have to remember passwords any longer, or worry about someone misusing their login ID.

 

There are many reasons to consider this form of personal identification. For each reason, authenticating ourselves by who we are and not what we know, what we carry, or how we choose to identify ourselves (i.e. PINs, passwords, smart card security token) solves and simplifies these issues. Some of the most justifications for biometric use in identity 20:

• Passwords are expensive. Aberdeen Group research finds that depending on company size, the labor costs per user per year for configuring and maintaining password systems is $100 – $350. We forget passwords and frequently have passwords set up granularly -- program by program.

• Passwords are overwhelming. Simply put, we have so many of them that we cannot remember them all. Our saturation of these secrets increases the likelihood that we do not properly protect them. How many truly random constructs of words, numbers, and even punctuation can a human really remember before jeopardizing the whole security strategy by writing stuff down?

• Applications demand it. This will increase traceability of nefarious individuals or stolen identities.

• It increases financial accountability. Used with some applications, like government assistance programs, biometrics could help eliminate instances of identity fraud. This is the ultimate identifier for a government issued credit card or a low income assistance program.

• It improves physical security. We are now more sensitive than ever about the need to ensure that physical premises are safeguarded at point of entry. Knowing exactly who is coming into our buildings is indispensable. Biometrics can provide ubiquitous building entry identifiers – at least for pre-approved people.

• It reduces paper. In many cases, traditional forms of verification generate boatloads of paper. Furthermore, other instances of authentication like notaries often rely solely on paper to document an event. Biometrics combined with other automation can eliminate our sole reliance on a paper trail for a given transaction or event.

 

The function of a biometric authentication system is to facilitate controlled access to applications, networks, personal computers (PCs), and physical facilities. A biometric authentication system is essentially a method of establishing a person’s identity by comparing the binary code of a uniquely specific biological or physical characteristic to the binary code of an electronically stored characteristic called a biometric template. The defining factor for implementing a biometric authentication system is that it cannot fall prey to hackers; it can’t be shared, lost, or guessed. Simply put, a biometric authentication system is an efficient way to replace the traditional password based authentication system 8.

Therefore, it is reasonable to conclude that PCs, cell phones, and other wireless (mobile) devices would be the first mass-market products to incorporate biometrics. Compared with desktop units, notebooks and other mobile devices are more subject to theft, tampering, been lost and has a shorter lifespan of usefulness (as technology rapidly evolves).

Today, most information-technology (IT) managers would probably pay a modest premium for an easy-to-use alternative to password protection of such machines. But, many of these managers expect to wait several years before they consider widespread deployment of biometrics on desktop.

 

Many individuals, have a high regard for the need to protect information and facilities. To many of them, a well-thought-out biometrics program will be a logical improvement to existing security procedures. The threat posed by weaknesses in the current programs and the importance of biometrics to solving this problem will be the basis of decisions made by policymakers and legal counsel with regard to the structure of the program, the importance of enforcing compliance, and the extent of accommodations for legitimate individual concerns.

 

If, in the near future, major computer manufacturers, software developers, and Internet providers embrace biometrics for computer and network access, this commercial development might influence Although experimentation is generally welcome, the education should have a biometric policy in place that will, at a minimum, address sociocultural concerns 26.

 

BIOMETRIC APPLICATIONS

 

Most biometric applications fall into one of nine general categories:

• Financial services (e.g., ATMs and kiosks).

• Immigration and border control (e.g., points of entry, precleared frequent travelers, passport and visa issuance, asylum cases).

• Social services (e.g., fraud prevention in entitlement programs).

• Health care (e.g., security measure for privacy of medical records).

• Physical access control (e.g., institutional, government, and residential).

• Time and attendance (e.g., replacement of time punchcard).

• Computer security (e.g., personal computer access, network access, Internet use, e-commerce, e-mail, encryption).

• Telecommunications (e.g., mobile phones, call center technology, phone cards, televised shopping).

• Law enforcement (e.g., criminal investigation, national ID, driver’s license, correctional institutions/prisons, home confinement, smart gun).

 

A large scale application in Europe is EURODAC for asylum requests. EURODAC is an EU wide database (AFIS) set up to check the fingerprints of asylum seekers against the records of

other EU countries. Using fingerprint recognition to secure physical access is another popular application. Moreover, embedding of fingerprint readers in electronic devices opens up a whole range of digital applications that are based on online authentication.

 

The Integrated Automated Fingerprint Identification System, more commonly known as IAFIS, is one of the largest biometric database in the world. It is a US national fingerprint and criminal history system maintained by the Federal Bureau of Investigation (FBI).

 

Fingerprint scanning is also being used to arrange secure access to schools and schools premises such as cafeterias and libraries.

450 users at the Kvarnby School were provided with biometrics and other schools within the Stockholm school system are now considering implementing the same fulfilling solution. This solution came up because the schools needed to find an easy-to-use solution that saved classroom time and could be installed, operated and maintained without becoming a major drain on the school’s budget.

 

With the embedding of fingerprint scanners in electronic devices, online authentication (replacement of passwords, PINs, etc) becomes possible for a whole range of applications including electronic payments.

 

At EU level, the Council of European Ministers adopted the Regulation on mandatory facial images and fingerprints in EU passports at its meeting in Brussels on 13 December 2004. This Regulation applies to passports and travel documents issued by Member States (excluding Ireland, the UK and Denmark). After the Regulation is published in the Official Journal passports issued will have to contain a facial image within 18 months, and fingerprints within three years. Also a Committee will be set up by the European Commission with representatives from 22 Member States to decide on the details such as how many fingerprints are to be taken, the equipment needed and the costs.

 

THE BIOMETRIC SYSTEM.

 

Biometric identification works generally in four stages: enrolment, storage, acquisition and matching. Features extracted during enrolment and acquisition stages are often transformed (through a non-reversible process) into templates in an effort to facilitate the storage and matching processes. Templates contain less data than the original sample, are usually manufacturer-dependent and are therefore not generally interoperable with those of other manufacturers. Templates or full samples thus acquired may then be held in storage that is either centralised (e.g. in a database) or decentralised (e.g. on a smart card). As a consequence of the statistical nature of the acquisition and matching stages, biometric systems are never 100% accurate. There are two kinds of possible errors: a false match, and a false non-match. These errors vary from one biometric technology to another and depend on the threshold used to determine a ‘match’. This threshold is set by the operators depending on the application.

 

The four stages corespond to the six basic steps of a generic biometric system 2:

1. Sample acquisition: first the collection of the biometric data must be done using the appropriate sensor; for example an image capture in the case of iris recognition or a saliva sample for DNA.

2. Feature extraction: this step performs the transformation from sample into template. In general, the template is numeric data. (This step can be omitted if full images are used).

3. Quality verification: this step establishes a reference image or template by

repeating the two first operations as many times as needed so as to ensure that the system has captured and recognised the data correctly.

4. Storage of reference template: this step registers the reference template.

Several storage mediums are possible (see the following section) and the choice depends on the requirements of the application;

5. Matching: this step compares the real-time input data from an individual against the reference template(s) or image(s);

6. Decision: this step uses the result of the matching step to declare a result, in accordance with application-dependent criteria (e.g. decision threshold). E.g. for a verification task the result would say whether the user claiming an identity should be authenticated.

 

BRIEF PRESENTATION OF BIOMETRIC MODALITIES

and their applications, advantages and disadvantages.

 

Of the many possible biometrics, this chapter presents contact and contactless biometric technologies as well as the emerging and multiple biometric solutions with their advantages and disadvantages. Many biometric authentication technologies have been deployed or pilot-tested in applications in the public and private sectors. These are fingerprint, hand/finger geometry, facial recognition, voice recognition, iris scan, retinal scan, dynamic signature verification, and keystroke dynamics.

 

Contact Biometric Technologies

 

Fingerprint

 

The fingerprint biometric is an automated digital version of the old ink-and-paper method used for more than a century for identification, primarily by law enforcement agencies.

Among all the biometric techniques, fingerprint-based identification is the oldest method which has been successfully used in numerous applications. Everyone is known to have unique fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as the minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending 18.

The biometric device involves a user placing his finger on a platen for the fingerprint to be read. The minutiae are then extracted by the vendor’s particular algorithm to create a template. Fingerprint biometrics have three main application arenas: large-scale Automated Finger Imaging Systems (AFIS) for law enforcement uses, fraud prevention in entitlement programs, and access control for facilities or computers.

 

 

Picture writing of a hand with ridge patterns was discovered in Nova Scotia. In ancient Babylon, fingerprints were used on clay tablets for business transactions. In ancient China, thumb prints were found on clay seals (17).

 

 

Advantages

 

  • Subjects have multiple fingers
  • Easy to use, with some training
  • Some systems require little space
  • Large amounts of existing data to allow background and/or watch list checks
  • Has proven effective in many large scale systems over years of use
  • Fingerprints are unique to each finger of each individual and the ridge arrangement remains permanent during one's lifetime

 

Disadvantages

 

  • Public Perceptions
  • Privacy concerns of criminal implications
  • Health or societal concerns with touching a sensor used by countless individuals
  • Collection of high quality nail-to-nail images requires training and skill, but current flat reader technology is very robust
  • An individual’s age and occupation may cause some sensors difficulty in capturing a complete and accurate fingerprint image

 

Fingerprint recognition has a good balance related to seven pillars of biometrics 2. Nearly every human being possesses fingerprints (universality) with the exception of hand-related disabilities. Fingerprints are also distinctive and the fingerprint details are permanent, although they may temporarily change due to cuts and bruises on the skin or external conditions (e.g. wet fingers). Live-scan fingerprint sensors can capture high-quality images (collectability). The deployed fingerprint-based biometric systems offer good performance and fingerprint sensors have become quite small and affordable. Fingerprints have a stigma of criminality associated with them but that is changing with the increased demand of automatic recognition and authentication in a digitally interconnected society (acceptability). By combining the use of multiple fingers, cryptographic techniques and liveness detection, fingerprint systems are becoming quite difficult to circumvent. (Maltoni et al., 2003: 11)

 

When only one finger is used however, universal access and permanent availability may be problematic. Moreover, everyday life conditions can also cause deformations of the fingerprint, for instance as a result of doing manual work or playing an instrument. Certain conditions, such as arthritis, affect the ease of use of fingerprint readers. Other conditions such as eczema, may affect the fingerprint itself. It is estimated that circa five per cent of people would not be able to register and deliver a readable fingerprint. With large scale applications which entail millions of people, an estimated five per cent of people being temporarily or permanently unable to register amounts to a significant number. This will not only lead to serious delays (decrease in task performance) or annoyance (decrease in user satisfaction), but also makes fingerprinting not fully universally accessible (Sasse, 2004: 7).

 

Palm Print And Footprint Identification

 

Whether it is palm prints or footprints, the evolution of the human blueprint has allowed them both to share virtually all of the same detectable characteristics as fingerprints. The major difference 8 is that the palm and foot are larger and can therefore yield a greater number of minutiae points to be used for comparison of the sample biometric to the stored biometric template.

 

 

Hand/Finger Geometry

 

Hand or finger geometry is an automated measurement of many dimensions of the hand and fingers. Neither of these methods take prints of the palm or fingers. Rather, only the spatial geometry is examined as the user lays his hand on the sensor’s surface and uses guiding poles between the fingers to place the hand properly and initiate the reading. Finger geometry typically uses two or three fingers. During the 1996 Summer Olympics, hand geometry secured access to the athletes’ dorms at Georgia Tech. Hand geometry is a

well-developed technology that has been thoroughly field-tested and is easily accepted by users.

 

Hand geometry recognition relies on measuring the structure of the hand. The acquisition stage takes measurements of almost 100 points on the top of the hand (size of knuckles, length of fingers, etc.) and computes a mathematical formula based on those measurements to create the template. The cooperation of the individual is required at this stage. Users tend to find hand recognition systems simpler to use because the readers are more intuitive. In addition, such systems do not hold negative connotations; thus facilitating user acceptance.

The hand’s lower level of distinctiveness compared to other biometrics makes it suitable for

verification and medium-scale identification applications. Compared to other biometrics, the accuracy of hand geometry is somewhat lower but it produces a very low false reject rate. The relatively simple and cost effective setup are also major strengths of hand recognition systems as is the fact that it performs well in both internal and external environments and generates less privacy concerns (2).

 

The hand is a popular biometric for certain applications; its most widespread use is for physical access control and for time and attendance applications (e.g. S.Francisco Airport employees’ access - 30 000 enrolees). It is also utilised for border control, e.g. frequent traveller programme at Tel Aviv’s Ben Gurion airport and the US Immigration and Naturalization Service Passenger Accelerated Service System (INSPASS) programme used at nine airports.

Because hand and finger geometry have a low degree of distinctiveness, the technology is not well-suited for identification applications.

Recent research has developed new recognition methods aimed at increasing performance.

Finally, some projects are studying hand recognition as a promising candidate for web-access.

 

Advantages

  • Easy to capture
  • Believed to be a highly stable pattern over the adult lifespan

 

Disadvantages

  • Use requires some training
  • Not sufficiently distinctive for identification over large databases; usually used for verification of a claimed enrollment identity
  • System requires a large amount of physical space

 

Dynamic Signature Verification

Dynamic signature verification is an automated method of examining an individual’s signature. It uses a stylus and surface on which a person writes. This technology examines dynamics, such as speed, direction, and pressure of writing; time that the stylus is in and out of contact with the “paper”; total time of the signature; and where the stylus is raised and lowered onto the “paper.” Unfortunately, a signature is one of the least reliable methods of

Identification 8. Forgers have a myriad of ways to reproduce a signature that looks similar to the owner.

 

Keystroke Dynamics

Keystroke dynamics is an automated method of examining an individual’s keystrokes on a keyboard. This technology examines such dynamics as speed and pressure, the total time of typing a particular password, and the time a user takes between hitting certain keys. This technology’s algorithms are still being developed to improve robustness and distinctiveness. One potentially useful application that may emerge is computer access, where this biometric could be used to verify the computer user’s identity continuously.

 

Contactless Biometric Technologies

 

Facial Recognition

 

Facial recognition is an automated method to record the spatial geometry of distinguishing features of the face. Different methods of facial recognition among various vendors all focus on measures of key features. Noncooperative behavior by the user and environmental factors, such as lighting conditions, can degrade performance for facial recognition technologies. Facial recognition has been used in projects designed to identify card counters in casinos, shoplifters in stores, criminals in targeted urban areas, and terrorists overseas.

However, A researcher at the U. of Ottawa 14 has developed an exploit to which most biometric systems are probably vulnerable. He developed an algorithm which allows a fairly high quality image of a person to be regenerated from a face recognition template. Three commercial face rec. algorithms were tested and in all cases the image could masquerade to the algorithm as the target person.

 

Advantages

  • No contact required
  • Commonly available sensors (cameras)
  • Large amounts of existing data to allow background and/or watchlist checks
  • Easy for humans to verify results

 

Disadvantages

  • Face can be obstructed by hair, glasses, hats, scarves, etc.

S* ensitive to changes in lighting, expression, and pose

  • Faces change over time
  • Propensity for users to provide poor-quality video images yet to expect accurate results

 

Currently face recognition is considered to be relatively inaccurate due to the presence of a lot of variability (from 1.39% to more than13% EER ). This is due to changes that occur to people over time, like ageing, or simply related to external environmental conditions (poses, facial expressions, illumination, textured background). Therefore this method’s performance varies considerably, depending on the recording conditions and the context of application (static images or video, with or without a uniform background, or constant lighting conditions).

 

Machines also experience difficulties when they perform facial recognition in a surveillance or watch post scenario. Dr. James L. Wayman, a leading biometrics expert, has explained that performing facial recognition processes with relatively high fidelity and at long distances remains technically challenging for automated systems. At the most basic level, detecting whether a face is present in a given electronic photograph is a difficult technical problem. Dr. Wayman has noted that subjects should ideally be photographed under tightly controlled conditions. For example, each subject should look directly into the

camera and fill the area of the photo for an automated system to reliably identify the individual or even detect his face in the photograph. Thus, while the technology for facial recognition systems shows promise, it is not yet considered fully mature.

 

The “Facial Recognition Vendor Test 2000” study makes clear that the technology is not yet perfected. This comprehensive study of current facial recognition technologies, sponsored by the Department of Defense (DoD) Counterdrug Technology Development Program Office, the Defense Advanced Research Projects Agency (DARPA), and the National Institute of Justice, showed that environmental factors such as differences in camera angle, direction of lighting, facial expression, and other parameters can have significant effects on the ability of the systems to recognize individuals.

 

Facial Thermography

 

Facial thermography employs the use of an infrared camera to capture the emission of heat patterns that are generated by the vascular system of the face. Heat that passes through facial tissue of a human being produces a unique and repeatable pattern (aura). The captured aura is converted into data and then compared to stored auras of authorized individuals, at which point possible matches are generate along with probability percentages. The facial print does not change over time and is accurate than facial geometry identification technologies.

 

Depiction of Facial Thermography Pattern Biometric

Source: www.msu.edu in 8

 

Voice Recognition

 

Voice recognition is an automated method of using vocal characteristics to identify individuals using a pass-phrase. The technology itself is not well-developed, partly because background noise affects its performance. Additionally, it is unclear whether the technologies actually recognize the voice or just the pronunciation of the pass-phrase (password) used to identify the user. The telecommunications industry and the National Security Agency (NSA) continue to work to improve voice recognition reliability. A telephone or microphone can serve as a sensor, which makes this a relatively cheap and easily deployable technology.

 

Advantages

  • Public acceptance
  • No contact required
  • Commonly available sensors (telephones, microphones)

 

Disadvantages

  • Difficult to control sensor and channel variances that significantly impact capabilities
  • Not sufficiently distinctive for identification over large databases

 

Retinal Scan

Retinal scans measure the blood vessel patterns in the back of the eye. The device involves a light source shined into the eye of a user who must stand very still within inches of the device. Because the retina can change with certain medical conditions, such as pregnancy, high blood pressure, and AIDS, this biometric has the potential to reveal more about individuals than only their identity. Because users perceive the technology to be intrusive, retinal scanning has lost popularity with end-users.

 

Source: http://www.retinaltech.com/Twin2l.jpg

 

Iris Scan

 

Working on completely different principles from retinal scanning, iris recognition is far more user friendly and offers very high accuracy. Furthermore, iris scanning has been adopted under license by certain high profile electronics companies who are able to develop good quality, interesting products and have existing marketing options for their distribution. 26

 

Because the iris is a protected internal organ whose random texture is stable throughout life, it can serve as a kind of living passport or a living password that one need not remember but can always present 13. Being that the iris is an internal organ of the eye, the iris is immune (unlike fingerprints) to environmental influences, except for its papillary response to light.

Iris scanning measures the iris pattern in the colored part of the eye (although the color has nothing to do with the scan). Iris patterns are formed randomly. This means no two iris patterns are the same; the iris pattern of one’s left eye is different from the iris pattern of the right eye. Iris scans can be used for both identification and verification applications. ATMs (“Eye-TMs”), grocery stores (for checking out), and the Charlotte/Douglas International Airport (physical access) use iris scanning in test applications. During the 1998 Winter Olympic Games in Nagano, Japan, an iris scanning identification system controlled access to the rifles used in the biathlon. According to Dogman, iris recognition is the most reliable method of authentication.

However, this method is relatively expensive and unavoidably involves the scanning of the eye, which can initially prove off putting to users. Its reliability, however, means it can be successfully used both for identification and authentication (verification), an advantage which few other techniques can offer.

 

There are several advantages and disadvantages in using Iris for identification 7:

 

Advantages

  • No contact required
  • Protected internal organ; less prone to injury
  • Believed to be highly stable over lifetime
  • Highly protected, internal organ of the eye
  • Externally visible; patterns imaged from a distance
  • Iris patterns possess a high degree of randomness

variability: 244 degrees-of-freedom

entropy: 3.2 bits per square-millimeter

uniqueness: set by combinatorial complexity

  • Changing pupil size confirms natural physiology
  • Pre-natal morphogenesis (7th month of gestation)
  • Limited genetic penetrance of iris patterns
  • Patterns apparently stable throughout life
  • Encoding and decision-making are tractable
  • Image analysis and encoding time: 1 second
  • Decidability index (d-prime): d' = 7.3 to 11.4
  • Search speed: 100,000 IrisCodes per second on 300MHz CPU

 

Disadvantages

  • Difficult to capture for some individuals
  • Easily obscured by eyelashes, eyelids, lens and reflections from the cornea
  • Public myths and fears related to “scanning” the eye with a light source
  • Acquisition of an iris image requires more training and attentiveness than most biometrics
  • Lack of existing data deters ability to use for background or watch list checks
  • Cannot be verified by a human
  • Small target (1 cm) to acquire from a distance (1 m)
  • Moving target ...within another... on yet another
  • Located behind a curved, wet, reflecting surface
  • Obscured by eyelashes, lenses, reflections
  • Partially occluded by eyelids, often drooping
  • Deforms non-elastically as pupil changes size
  • Illumination should not be visible or bright
  • Some negative (Orwellian) connotations

 

 

Emerging Biometric Technologies

 

An emerging biometric is a biometric that is in the infancy stages of proven technological maturation. Once proven, an emerging biometric will evolve in to that of an established biometric.

 

Vein pattern image.

 

The vein (vascular) pattern image of an individual's hand can be captured by radiation of near-infrared rays. It can be done by using the reflection method to photograph the veins in the hand by illuminating the palm and photographing the reflected light from the back of the palm.

 

Source: www.neusciences.com/biometrics/images/Techno9.gif

 

DNA

 

Except for identical twins, each person’s DNA is unique. It can thus be considered a ‘perfect’ modality for identity verification. DNA identification techniques look at specific areas within the long human DNA sequence, which are known to vary widely between people. The accuracy of this technique is thus very high, and allows both identification and verification. Enrolment can be done from any cell that contains a nucleus; for instance taken from blood, semen, saliva or hair samples which is considered intrusive by many users. However, DNA as a biometric for identification uses a very small amount of non-coding genetic information which does not allow deciphering a person’s initial genetic heritage. At present, DNA analysis is performed in specialized laboratories and is expensive and time-consuming (roughly 4 or 5 hours for the whole procedure). Moreover, the complete lack of standardization means interoperable systems are a long way off. Moreover, DNA techniques are currently being used by Law enforcement. Thus, any wider deployment of DNA-based biometric techniques in the future, if these do indeed become quicker and cheaper, will always face acceptability problems.

 

It seems, therefore, that it will be a long time before DNA printing becomes a real-time biometric authentication method. However, a Canadian laboratory recently announced a proprietary DNA extraction process which takes only 15 minutes and needs only simple equipment. According to (Crow, 2001), who foresees that DNA analysis could be done in real time, future technical improvements will be of two types: firstly more automation and more accuracy in the existing processes, and secondly the building of new systems (that only require very small amounts of material to provide an identification).

 

Brainwave Biometric 8

 

Brainwaves resolve into nothing more then recognizable patterns. If we could identify at least one pattern that was unique, unchanging, and monotonous, then we would have a security protocol of peerless supremacy (J. Gunkleman, personal communication, May 1, 2002). Such a solution could not be stolen or easily duplicated and could theoretical be applied to all people, to include mobility challenged individuals (i.e. amputees, paraplegics, quadriplegics).

While it is true that a person has the ability to alter most of their own brain wave patterns, through the use of drugs or other external elements. It is hypothesized that they cannot alter what is referred to as their baseline brain-wave pattern (Woodward, Orlans, & Higgins, 2003).

 

 

Depiction of EEG Brain waveforms

Source: www.eegspectrum.com

 

Body Odor Recognition

 

Body odor recognition is a contactless physical biometric that attempts too confirm a person’s identity by analyzing the olfactory properties of the human body scent. According to the university of Cambridge (http://www.cam.ac.uk) the sensors that they have developed are capable of capturing the body scent from non-intrusive body parts, such as the hand. Each chemical of the human scent is extracted by the biometric system and converted into a unique data string 8.

 

Fingernail Bed Recognition

 

AIMS (http://www.nail-id.com) is a U.S. based company that has been developing a system which scans the dermal structure under the fingernail. The human nail bed is a unique longitudinal structure that is made up of nearly parallel rows of vascular rich skin with parallel dermal structures in between narrow channels.

 

Body Salinity Identification 8

 

An individual’s salinity level of salt in the body is believed to be unique. This technology passing a tiny electrical current through the body in order to analysis the salt content. The more salt in the body, the more conductive the body becomes to electricity. An unexpected benefit of this technology is that as the electrical current passes through the body it can also carry data at a transfer rates equivalent to a 2400-baud modem. Many researchers Michigan State University, Indiana University, Purdue University) have speculated that this technology could be used to facilitate communication between devices (i.e. watches or cell phones).

 

Ear Pattern Recognition 8

The shape of the outer ear, lobes, bone structure and the size are unique to each person. Ear pattern recognition is employed as a physical contactless biometric (Carreira-Perpinan & Sanchez-Calle, 1995) and uses an Optophone to verify the shape of the ear. A French company, ART Techniques, developed the Optophone and the process. It is a telephone type handset, which is comprised of two components (lighting source and cameras). Much like the minutiae points of a palm print or fingerprint the outer ear has many detailed features that can be measured and compared to a biometric template.

 

Infrared Fingertip Imaging and Pattern Recognition

 

The technology 8 concepts imposed for this biometric is very similar in most respects to the concepts that are used by facial thermography. With both facial thermography and infrared fingertip imagine use thermal mapping to identify patterns. The primary difference the way in which the thermal mapping is acquired. Facial thermography involves the taking of a picture with an infrared camera, while the infrared fingertip imaging and pattern recognition biometric involves the comparing the relative differences in thermal energy being observed by an infrared detector. A further contrasting comparison is that the infrared fingertip imaging and pattern recognition biometric is a contact biometric, while facial thermography is contactless (M. Wilmore, personal communication, February 5, 2003)

 

Gait recognition

 

This technique aims to recognise individuals by their distinctive gait, providing the promise of

identity verification from a distance. There has been some good research undertaken into this area with demonstrations which suggest the technique has some merit. However, this has not yet been developed to the same level as other biometrics 26.

 

Multibiometrics

 

Multimodal systems are those which combine more than one biometric identifier. For example, it is currently planned to use face and fingerprints in EU border control systems. Research initiatives have been launched on the application of multimodal biometrics in mobile communications (e.g. mobile telephones and other devices). However researchers need more test data to work with and there is still much work to be done.

 

A biometric system which relies only on a single biometric identifier is often not able to meet the desired performance requirements. Lin Hong, Yatin Kulkarni, Arun Ross and Anil Jain propose 10 a multimodal biometric system, which integrates face recognition, fingerprint verification, and speaker verification in making a personal identification.

 

However, Daugman J. 11 argues that a strong biometric is better used alone than in combination with a weaker one.

Besides, developing multimodal databases is more complicated, time consuming and expensive than developing unimodal ones and as a result such databases contain the data of only a few hundred individuals. This in turn makes it difficult to extrapolate the success or failure of a multimodal algorithm or method which is tested to be used in large-scale deployment (thousands or millions of people). Furthermore, current data protection legislation limits the cross-border sharing of such data.

 

BIOMETRICS TECHNOLOGIES 15

 

Like most authentication technologies there are several flavours of biometric technology: from the advanced handwriting and facial character recognition systems to the more common fingerprint scanners and quite a few technologies in between (iris, retina, and palm scanners).

 

APC has a Biopod Biometric password manager. Designed for use with a desktop machine connected via USB the administrator can enroll up to 20 separate users or 20 fingers (if one is lucky enough to have four arms, that is).

 

The software that is bundled with the device is very straightforward and easy to use. Whenever an application or Web site is visited that requires a user to login, a small system tray resident applet pops up and indicates that it has detected a username/password field and invites the user to register that password to be used with the fingerprint scanner. Two options exist, one which automatically submits the stored login credentials every time the application is opened or the site browsed to, and the second which prompts the user for their fingerprint upon detection of a previously registered application or site.

 

The BQT Solutions mib-BT913U device clearly provides for very strong authentication in one device, combining up to three factor authenticatio -- something one knows, something one has and something one is. The hardware component of this solution is a robust contactless card reader/writer with a biometric fingerprint scanner built into it.

 

The BioEncode 3.1 software runs on Windows NT, 2000, and XP. The card reader is setup as a USB serial device.

 

Once registered the fingerprint is stored on the card, which is a worry if the card is lost as someone potentially has your fingerprint, however it is preferable to someone cracking a server and getting a database of all employees fingerprints. It also helps in remote or distributed locations where individual authentication terminals may not be hooked into the central authentication information database system or the authentication data may need to travel across potentially hostile or compromised networks.

 

ComSec Enterprises shipped us a 128MB USB v1.1 flash memory key with an embedded fingerprint scanner. Enrolment took quite some time. But once we were registered the device worked well. Larger capacity and USB 2.0 would be nice, but it is still a step ahead, in the security stakes, of the normal (easy to lose) memory keys.

 

The Digital Persona U.are.U 4000 Sensor is quite a neat compact optical USB fingerprint scanner. The distributor Automa shipped us both the workstation and server versions of the application software. The workstation Pro 3.1 for Active Directory software runs on Windows XP, 2003, 2000, ME and even Windows 98. This solution provides for Windows machine login replacing the usual Windows username/password authentication system.

 

Microsoft submitted a device called the Fingerprint Reader which is manufactured by Digital Persona and internally appears to be the same as the Digital Persona device but has a trendy pearlescent paint job. The device drivers/application however is limited to use with the Microsoft Windows XP operating system only.

 

Recently the lab has also seen embedded biometric fingerprint scanners in portable devices such as Fujitsu and IBM notebooks and HP PDAs.

 

The Fujitsu sported a traditional fingerprint-sized pad while the IBM notebook and the HP PDA had a small strip scanner that the user runs his or her finger over.

 

An important tip when using fingerprint scanners is once authentication is complete, the finger must be slid off the scanning window to smudge the print. It has been known that some scanners return false positive IDs when a breath of air is blown onto the device or bag of water applied to a scanner with a residual imprint.

 

There are various other ways of "tricking" a fingerprint scanner and Steve Turvey sums these up in his biometric review in the February 2004 edition of T&B. Another problem is remembering which finger was used during the registration process.

 

When considering the biometric route look at a vendor's crossover error rate. This is the point where the rejection of legitimate users intersects with the false acceptance of unauthorised users. If a system is configured too tighty then legitimate user frustration can result in too many rejections/re-authentication requests coming through.

 

PERFORMANCE. COMPARATION. COSTS

 

The usefulness of biometrics varies from application to application. To determine its true benefit, one must first develop and understand the operational requirements of the application. Biometrics can provide an automated means for identification of an individual or verification of a claimed identity. Before making a decision, one must ensure this task will meet the determined operational needs. Biometrics can potentially provide cost savings through relocating security resources or diminishing the expenses associated with password maintenance, or it could cause extra costs by highlighting problems that were previously missed. The cost benefits vary from application to application as well.

 

The effectiveness of a biometric technology is dependent on the how and where it is used. Each biometric modality has its own strengths and weaknesses that should be evaluated in relation to the application before implementation. Key decision factors for selecting a biometric technology include evaluating the environment, throughput needs, population size and demographics, ergonomics, interoperability with existing systems, user considerations, etc. For instance, an access control system to a coal mine, where individuals will have very worn and dirty fingerprints, will not be a suitable environment for a fingerprint reader. The careful evaluation of the key decision factors plays a crucial role in the success of the selected technology.

 

"Zephyr Analysis" 24 ranks eight common technologies (keystroke dynamics, face geometry, retina scan, iris scan, speaker verification, finger scan, dynamic signature, and hand geometry) according to four criteria: perceived intrusiveness, user time and effort, accuracy (false acceptances and rejections), and hardware cost.

Comments (0)

You don't have permission to comment on this page.