A STUDY ON BIOMETRIC BASED AUTHENTICATION

Sumita Sarkar #1, Abhishek Roy #2

#1 .Assistant Professor Department of Computer Applications Durgapur Society of Management Science (D.S.M.S), W.B, INDIA Email: sumita.sarkar1984@gmail.com #2. Research Scholar Department of Computer Science The University of Burdwan, W.B, INDIA Assistant Professor Department of Computer Applications Durgapur Society of Management Science (D.S.M.S), W.B, INDIA Website https://sites.google.com/site/diaryofaroy Email: roy-abhishek@hotmail.com

Abstract From the cradle of human civilization, necessities got generated for the identification of the individuals. Primarily, this identification was carried out either with the help of facial recognition or voice recognition. But with the advancement of modern technologies the human daily life becomes more complex. To initiate this complex computerized mechanism, requirement of human identification especially based on their biological parameters became the need of the hour. This includes the collection of every minute details of the individuals like signature pattern analysis, thumb impression, palm geometry, retina scan, heart beat scan, etc which further acts as the password of that person. In this paper focus have been made on the comparative study of existing and emerging biometric techniques and the measures undertaken for its implementation. Keywords Authentication, Identification, Biometrics, Pattern Recognition.

greater extent. Again, a biometric authentication combined with identity cards and passwords can provide far better security than any other method alone. Focusing on the advantages of this evolving technique several countries have already adopted national identity cards containing biometric authentications among which Finland, Canada, Netherlands, Singapore, Israel are few to mention. Even India has also taken this initiative in 2009 under a unique identification project named as Aadhaar [30, 31, 32]. Highlighting on the gravity of the topic, in this paper, the authors have tried to make a comparative study amongst the different biometric technologies and discuss the various initiatives undertaken in India for its implementation. The overview of biometrics is given in section- II. The comparative analysis amongst various biometric techniques is mentioned in section- III. Section- IV highlights the governmental and non-governmental initiatives undertaken in India for implementation of biometric authentication. The conclusion drawn from the entire discussion in depicted in section- V. References are cited in section- VI.

I. INTRODUCTION In todays hi-tech society, each and every aspect of our life is being controlled by computerized systems. As a result we need to secure these systems by restricting access to personal confidential data. Since the prime objective of the hackers is the identity theft, this secured information is very much susceptible to unauthorized access. Generally the unauthorised access can be barred by using Personal Identification Number (PIN), Password, Identity Card (ID card), Pass or Token. Even, the distinctive biological characteristics of an individual i.e the Biometric parameters can also be used for preventing this unauthorized access of information. Among all the mentioned techniques, the last option provides better security because a biometric parameter, unlike a password or PIN number, cannot be lost, stolen, copied or cracked since the physical presence of the person to be authenticated becomes mandatory. This eradicates the chances of identity theft to a

II. OVERVIEW OF BIOMETRICS The Greek term biometrics (bio means life and metrics means measurement) [1] refers to technologies related to identifying and verifying a persons physiological or behavioral characteristics. It is the automatic recognition of a person using unique traits. Some examples of biometric technologies based on physiological characteristics are fingerprint identification, iris scan, ear shapes/marks identification, face recognition etc. Some behavioral biometrics includes voice recognition, signature dynamics, keystroke dynamics etc.

There are several factors [2, 3] which affects the selection of the appropriate biometric technique to be implemented in a system, like a.The uniqueness of the biometric trait (uniqueness). b. The presence of this trait in majority of population (universality). c. The stability in trait with change in time (permanence). d. Ease to measure the biometric (measurability or collectability). e. User acceptance of the biometric (user friendliness). f. Accuracy, speed and need for computational resources (performance). g. Sturdiness against fraudulent attacks (circumvention). If all these factors go high, the biometric can be called as a good biometric. A. Working principle of Biometrics The working of a biometric [2, 4, 5, 8] can be illustrated by the following steps: 1. Enrolment: During this phase the system is configured by enrolling the biometric inputs. The inputs are collected from the user for processing and feeding into the system through the remotely located server into a biometric instrument like portable card. The process is conducted into following three steps: Presentation: It is a procedure through which biometric inputs like fingerprint [3], voice [6] etc, of an individual, seeking access to a system, is captured through a biometric sensor like fingerprint scanner, microphone etc. Feature extraction: In this phase, the unique features are extracted from a biometric input by filtering and optimizing it, and then converted into its equivalent digital code (called biometric template). The performance of a biometric system depends highly on the quality of the biometric template created. Storage: The biometric templates, which have been created during feature extraction, are stored in a database. The database can be placed in the biometric system, or in a central repository or in a portable smart card also. 2. Authentication: After the system is ready to use, it is used to authenticate the users of the system. When a user places his biometric data for authentication purpose, it undergoes the phases of presentation and then feature extraction to read the data through a biometric sensor and then to form the template. 3. Comparison: This step involves comparing the template of an individual, created during authentication, with the previously enrolled templates. If a match occurs, then access permission is granted and if no match is found, access is denied.

Enrolment Biometric data

Presentation

Feature extraction

Database

Result Biometric data

Comparison

Presentation

Feature extraction

Authentication

Figure 1: Working of Biometrics

A biometric system can operate in two possible modes: Verification: Verification [2, 9] is a one-to-one matching procedure. If an individuals biometric parameter is captured and compared against a single pre-enrolled biometric template to verify whether the person is authorized or not, then the system is said to be in verification mode. For example, biometric security for a personal computer uses the verification mode. Identification: It is a one-to-many matching procedure. This method identifies the biometric input, captured for authentication, from the database of all the pre-enrolled biometric templates. Identification [2, 9] is more complex and time consuming process compared to verification. For citation of example, the facial scanning of the Israeli pedestrians in the Gaza Strip can be mentioned. B. Existing and evolving Biometric technologies Biometric techniques can be classified into two categories, which are discussed below: 1. Physiological Biometric techniques: These techniques are related to shape of the body. 2. Behavioural Biometric techniques: These techniques are related to behaviour of an individual. 1)Physiological biometric techniques: Fingerprint identification [3, 4, 7]: It analyses fingertip pattern by taking an image of it, using fingerprint scanner, and comparing its unique ridge patterns with the pre-enrolled templates. As because this method involves direct touch of the fingertip with the fingertip scanner, so the scanner needs to be frequently cleaned and maintained. One more

drawback is that, the identity can be deceived by fake fingerprints. Facial recognition [4, 7]: This technology captures the image of a face using a digital video camera, measures the distance between eyes, nose, mouth and jaw edges and compares these unique values with the stored templates to identify or verify that person. Changes in background of a face to be authenticated, or presence of beards or disguised or fake faces can lead to incorrect authentication results. Hand geometry [4, 7, 10]: This technique involves measurement and recording of the length, width, thickness and surface area of a persons hand while guided on a plate. It captures the silhouette of the hand using a camera, converts it into binary information and then compares it with the enrolled template/s and depending on the match, permits or rejects the access. This method incurs huge hardware cost. Traces of wrinkles or injuries or a fake hand may lead to difficulties in authentication. Iris scan [4, 7, 11]: Iris scan method scans the iris (i.e. the coloured tissue surrounding the pupil of an eye) using infrared camera, converts the unique iris pattern to its equivalent digital code and then compares it with the stored iris patterns. The reflection of light, positioning of iris or obscurity of iris due to eyelashes may cause bad reading of the iris pattern. Retina scan [7, 12, 13]: This type of scanning analyses the blood vessels at the back of the eye (i.e. retina). The retina is first illuminated by a low intensity light source. After that, a coupler is used to read the retina pattern. This pattern is highly unique and is used for authentication. A user facing a retina scan should have to place his eyes very close to the device, without any specs and stare at a point for a certain period of time. Vascular pattern analysis [7, 14]: This biometric technique uses the vein pattern (thickness and location of veins), especially of hand or finger, as a means of authentication. Near-infrared rays, emitted from LEDs, penetrate the subjects finger or hand; the veins absorb these rays and produce a dark image whereas the other areas reflect these rays. This image formed is thereafter digitized to form a template, which can be used for further verification or identification. Medical problems in the users veins can cause difficulties in identification. Ear biometrics [15]: Ear biometrics deals with the ear anatomy. It captures the image of ear using Charge Coupled Device (CCD) camera and processes it to form a template, used for further verification. Its operational mechanism is similar to that of face recognition

DNA biometrics [16, 17, 18]: This technique is not similar to the other biometric technologies. Here, the input trait is not captured in the form of image or recording, rather by physical sample of blood, saliva, hair, etc (which contains DNA). The authentication cannot be carried out in real time. It does not involve creation of templates or feature extraction; rather it matches the actual DNA sample with the pre-stored sample/s. 2) Behavioural biometric techniques: Voice recognition [6, 7, 19]: In this technique, the user has to pronounce a phrase or text; this phrase is captured with the help of microphone and the unique properties are extracted by filtering out the background noise, which are then compared with the stored templates. Signature dynamics [7, 19]: This is a very old technique used for authentication. This technique can be used in on-line as well as offline mode. For the first case, the user signs on a sensor tablet using a stylus; the signature dynamics like pressure and angle of writing is analysed, and then matched with the database. For the second case, the image of a signature is taken, and the unique features like length, height and loops present in writing are compared with the previously gathered samples. Keystroke dynamics [7, 19]: This biometric uses typing style of a person as a means of authentication. A typist strikes the keys of a keyboard to type a password; this password along with the keystroke dynamics such as, duration of a key press, time between striking successive keys, finger placement etc are compared to the previous records to authenticate him. No extra hardware is required to implement this methodology. Gait recognition [19]: Gait (i.e. manner of walking) recognition uses walking pattern as the means of identifying a person. The sensor based gait device, termed as accelerometer, is attached to the subject and is used to measure the acceleration in three orthogonal directions. Heartbeat scan [19, 20, 21]: A heartbeat ID scanner is used to capture the heartbeat signals, converted into a digital data and compared with the stored records. Odour biometrics [22, 23]: Body odour can also be used as a means of authentication. Human body generates unique patterns of volatile organic compounds, which can be inhaled using an electronic nose [24], and converted to a digital string. Some other biometric technologies like, body salinity identification [22, 25] (measures the salinity level in body), fingernail bed recognition [22, 25] (uses the dermal structure under the nail), brainwave biometrics

[22]

(uses unique brainwave patterns), etc, are also evolving in the field of biometrics. Multimodal biometrics [26]: Other than the above mentioned unimodal biometric systems (i.e. systems which use a single biometric trait for identifying an individual), some multimodal systems also exist. These systems use multiple biometric traits for identifying a single person. Multimodal systems are more secure, accurate and circumvent and thus eradicate the limitations of unimodal systems. C. Performance Analysis of a Biometric technique The performance analysis of a biometric technique is done based on the following criteria [4, 28]: False Acceptance Rate (FAR): False Acceptance Rate is defined as the probability of the matches occurred on unauthorized access to a biometric secured system. False Rejection Rate (FRR): False Rejection Rate is defined as the probability of the rejection of authorized access to a biometric secured system. Failure To Enrol (FTE): Failure To Enrol is defined as the probability of inability of a biometric system to create a template from the users input. It is generally caused due to low quality biometric inputs. Equal Error Rate (EER): Equal Error Rate is the rate at which both FAR and FRR is equal. The mechanism with lower EER, is considered to be more accurate. Its value can be obtained from the Receiver/Relative Operating Characteristic (ROC) curve. Receiver/Relative Operating Characteristic (ROC): Receiver/Relative Operating Characteristic is a graph which visualizes the balance between FAR and FRR. The matching algorithm in a biometric system depends on a threshold value, which determines the level of similarity of the template with the biometric input for considering it as a match. If this threshold value is reduced, the FAR will become high and FRR value will fall. Again, if the threshold value is increased, then the FAR will be low and FRR will be high. D. Application of Biometrics Biometrics is a very fast evolving technique in the field of information security. Currently it is applied to a variety of areas both in governmental and non-governmental sectors and research is on its way to extend its usage to a larger extent. The major biometric applications [4, 9, 27] can be mentioned below: Financial services (ATM card, credit cards, debit cards, etc). Immigration and border control (Passports and visa, Permanent resident card, Border crosser card, etc.)

Social services (biometrics used for authenticating authorised benefit recipients for Government entitlement programs) Health care (medical insurance cards, patient and doctor identity cards, etc.) Physical access control (to permit the entrance of only authorized persons in office building, home, etc.) Time and attendance (to confirm the physical presence of an individual in the office premises) Computer security (personal computer access, e-mail security, security in workstations on LAN and WAN, etc) Telecommunications (phone cards, televised shopping etc.) Law enforcement (National identification cards, driving license, IDs for the prisoners and visitors in Jail, etc.) III. COMPARATIVE ANALYSIS OF THE BIOMETRIC TECHNIQUES The biometric technologies can be compared to one another with the help of the under mentioned seven factors (universality, uniqueness, permanence, collectability, performance, user friendliness and circumvention). TABLE COMPARISON OF BIOMETRIC TECHNIQUES (WHERE H-HIGH, MMEDIUM AND L-LOW) [4, 28, 29]
Biometric technique

Fingerprint Face Hand geometry Iris Retina Vein DNA Voice Signature Keystroke

M H M H H M H M M L

H M M H H M H L L L

H M M H H M H L L L

M H H M L H L M H M

H M M H H M H L L L

M H M L M L L H H L

M M M H H H L H H M

The biometric technique having all the mentioned seven factors with high value is considered as an ideal biometric technique. The choice of a particular biometric technique also depends on some other factors also like intrusiveness, hardware cost, user time and effort, etc, which can be further diagrammatically represented in the following manner:

have replaced the use of PIN by biometrics and made banking services more user friendly to the rural populace. Many Indian software development farms like CMC (developed Fingerprint Analysis and Criminal Tracing System), Axis Technology (developed Biometric retrofit kit), Financial Software and Systems (developed Biometric ATM Interface Solution), etc. are involved in the development of biometric software, which will be installed in ATMs. In India several banks like UBI, Dena Bank, Andhra Bank, Corporation Bank, ICICI, SBI, PNB, Indian Bank [36] have launched biometric ATMs. Even, some of them have issued smart cards (consists of biometric and financial data) which can be used in place of ATM cards. Many E-Governance projects, like Bhoomi [37] (a project in Karnataka, whose purpose is online delivery of land records), are also using biometrics for enhancing the security of their system. Sensing the need of the hour, several public and private schools, colleges and corporate offices are also incorporating biometrics in their attendance systems.
Fig. 2: Comparison of biometric techniques with an ideal biometric [22]

IV. GOVERNMENTAL AND NON-GOVERNMENTAL INITIATIVES IN INDIA Like other countries, India has also stepped forward to implement biometrics for enhancing information security and proper identification among which following are few to mention: Aadhaar project [30, 31, 32]: The Government of India has launched a program named Aadhaar on 29th September, 2010 in Nandurbar district, Maharastra. This project aims to provide a unique identification number to each and every resident of India. Majority of the population of India are below poverty level. They dont have any bank account, driving license, PAN card etc., with the help of which they can identify themselves. Unique Identification Authority of India (UIDAI) have attempted to use demographic information (name, address, gender and date of birth) and biometric information (face photo, two iris scan and ten fingerprints) to create an unique ID (of random numbers) to identify an individual. Using this number, a person can access bank facilities from rural areas also. Biometric smart cards and biometric ATMs [33, 34, 35]: Following the path of the overseas banks, India has also started implementing biometrics in financial sectors. Several Governmental and nongovernmental banks have taken the initiative to issue smart cards and launching biometric ATMs or kiosks especially in the rural areas. Due to poor literacy rate in the rural areas, the usages of various smart card based systems like Personal Identification Number (PIN) based ATM card, etc. becomes difficult for common populace. To solve this problem, banks

V. CONCLUSION In India, considering various constraints, the extensive implementation of biometrics is yet to achieve. So, in spite of the pitfalls like difficulty of the user to interact, economic constraints, transformation of biometric traits with increase in age, hard work or disease, etc., biometric devices need to be used widely. Moreover, various threats to the national security have enhanced the gravity of the situation. To tackle all these serious issues which exist in the real world, the object oriented software engineering of various standard biometric algorithms should be exercised with utmost effort. These efforts will finally explore new dimensions of research works. REFERENCES
[1] [2] [3] [4] http://www.biometrics.gov/Documents/BioHistory.pdf Date of access 02nd Jan, 2012. http://www.globalsecurity.org/security/systems/biometrics.htm Date of access - 02nd Jan, 2012. http://unweary.com/2009/04/fingerprint-biometrics.html Date of access - 02nd Jan, 2012. K.P Tripathi, A comparative study of biometric technologies with reference to human interface, International journal of computer applications(0975-8887), Volume 14-No. 5, January 2011 http://www.weexcel.in/NewsDesc1.aspx?cod=86 Date of access 02nd Jan, 2012. http://en.wikipedia.org/wiki/Speaker_recognition Date of access - 02nd Jan, 2012. SANS Institute Infosec Reading Room, Ryan Hay, Physical Security: A Biometric Approach, SANS- GSEC Practical, Track 1C, November 12, 2003 http://science.howstuffworks.com/biometrics.htm Date of access - 02nd Jan, 2012. Joseph W Lewis, Biometrics for secure identity verification: Trends and developments, A Thesis Presented in Partial Fulfillment of the Requirements for INSS 690 Professional Seminar, University of

[5]
[6] [7] [8] [9]

[10] [11] [12] [13] [14] [15]

[16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26]

[27] [28] [29] [30] [31] [32] [33] [34] [35] [36] [37]

Maryland Bowie State University, Term 3, 2001-2002, Approved by: Professor John G. Meinke, January 26, 2002. http://www.biometrics.gov/documents/handgeometry.pdf Date of access - 02nd Jan, 2012. http://www.biometrics.gov/Documents/irisrec.pdf Date of access - 02nd Jan, 2012. http://terrorism.about.com/od/controversialtechnologies/g/RetinalScans .htm Date of access - 02nd Jan, 2012. http://www.biometricnewsportal.com/retina_biometrics.asp Date of access - 02nd Jan, 2012. http://www.biometrics.gov/Documents/vascularpatternrec.pdf Date of access - 02nd Jan, 2012. K.H. Pun, Y.S. Moon, Recent Advances in Ear Biometrics, Proceedings of the Sixth IEEE International Conference on Automatic Face and Gesture Recognition (FGR04), 0-7695-2122-3/04 $ 20.00 2004 IEEE http://techbiometric.com/articles/dna-biometrics-issues-concerns-andlatest-developments/ Date of access - 02nd Jan, 2012. http://www.biometricnewsportal.com/dna_biometrics.asp Date of access - 02nd Jan, 2012. Sandra Maestre, Sean Nichols, DNA Biometrics, ISM 4320-001 Kenneth Revett, Behavioral Biometrics: A Remote Access Approach, Chapter 1: Introduction to behavioral biometrics, 2008 John Wiley & Sons, Ltd. http://contest.techbriefs.com/safety-and-security-2011/1599 Date of access - 02nd Jan, 2012. http://blog.cytrap.eu/2006/09/21/heartbeat-id-a-new-way-forbiometrics-to-identify-the-authorized-user/ Date of access - 02nd Jan, 2012. http://biometrics.pbworks.com/w/page/14811351/Authentication %20technologies#BodyOdorRecognition Date of access - 02nd Jan, 2012. http://sites.google.com/site/engb2s/research-lines/biosignals Date of access - 02nd Jan, 2012. Chatchawal Wongchoosuk , Mario Lutz and Teerakiat Kerdcharoen, Detection and Classification of Human Body Odor Using an Electronic Nose, Sensors 2009, 9, 7234-7249; doi:10.3390/s90907234 John R Vacca, Biometric technologies and verification systems. Arun Ross and Anil K. Jain, MULTIMODAL BIOMETRICS: AN OVERVIEW, Appeared in Proc. of 12th European Signal Processing Conference (EUSIPCO), (Vienna, Austria), pp. 1221-1224, September 2004. http://biometrics.pbworks.com/w/page/14811351/Authentication %20technologies#BIOMETRICAPPLICATIONS Date of access - 02nd Jan, 2012. Manivannan, Padma,Comparative and analysis of Biometric systems, International Journal on Computer Science and Engineering (IJCSE), Vol. 3 No. 5, ISSN: 0975-3397, May 2011. E. Sridevi, B. Aruna, P. Sowjanja, An exploration of vascular biometrics, ISSN : 2230-7109(Online) | ISSN : 2230-9543(Print), IJECT Vol. 2, SP-1, Dec . 2011 Aadhaar-Flattening India, designed by Unique Identification Authority of India, November 19, 2011. www.uidai.gov.in Date of access - 02nd Jan, 2012. http://www.wired.com/magazine/2011/08/ff_indiaid/all/1 Date of access - 02nd Jan, 2012. http://www.expresscomputeronline.com/20070312/technology01.shtml Date of access - 02nd Jan, 2012. http://www.banknetindia.com/atm_press2.htm Date of access - 02nd Jan, 2012. Aneesha Rastogi, IT-Enabled Financial Inclusion Initiatives of Various Banks in Delhi: A Comparative Analysis, CAB CALLING, April - June, 2009 http://www.diebold.com/casestudies/PDFs/Indian_Bank_Case_Study.p df Date of access - 02nd Jan, 2012. http://arc.gov.in/11threp/ARC_11thReport_Ch4.pdf Date of access 02nd Jan, 2012.