White Paper

Biometrics and Security

Philippe Robin, Thales Security Systems

BIOMETRICS AND IDENTIFICATION

1. INTRODUCTION
Biometrics refers to automated methods of identifying people based on their physiological or behavioural characteristics. Throughout recorded history, the human brain has shown an enormous capacity to recognise and distinguish among the people around us. We all recognise people not only by their faces, but also by the sounds of their voices, their gaits, or their signatures. Fingerprints have also been used in identity recognition for centuries. Historians believe the Chinese used impressions of fingerprints to sign official documents more than a thousand years ago. In the modern age, Sir William Herschel (17381822), a British government official in India, used fingerprint identification to compel Bengali suppliers to respect their contracts. More recently still, Alphonse Bertillon (1853-1914) set up an anthropometric technique to identify people for the Paris Police Department. Nowadays the need for personal identification or authentication measures is becoming more and more important to confirm legal or commercial contracts and other documents, to control access to reserved areas or equipment, or to regulate the provision of services in industries like banking and finance. The challenge for biometric technologies is to develop ways in which machines can reproduce the identification capabilities of the human brain.

By what he/she possesses Badges and identity cards are widely used to access buildings and reserved areas. By who he/she is Without biometrics, we commonly recognise people through their physiological features: face, fingerprints, DNA structure, iris patterns, personal behaviour, signature, or the sound of their voice (e.g. on the telephone). Biometric technologies analyse behavioural or physiological characteristics to determine or verify identity. Examples of human traits used for biometric recognition include fingerprints, vocal patterns, iris and retina patterns, hand and finger geometry, and facial structure.

3 BIOMETRIC METHODS
All biometric systems incorporate three specific processes: data acquisition, data codification, and matching the results with a given database. Acquiring the data Data is captured via a camera for face, hand or iris recognition, via a microphone for voice recognition, or via a fingerprint sensor. Coding the data In order to be able to perform efficient comparisons, a template is extracted from the data. The template records the users characteristic biometric features: Fingerprints: minutiae, characteristics, and patterns Face: distance between eyes, roughness of the skin, etc. Voice: frequency and modulation

2 IDENTIFICATION
There are three ways we can identify a person: By what he/she knows The memorisation of PIN codes and passwords is the most widespread automated identification method in use today.
May 2003

BIOMETRICS AND IDENTIFICATION

Matching the results Biometric methods can identify or verify. Identification requires that the template be compared with those in a database to establish the users identity. For verification, the template is compared only with the template established when the user first enrolled. Matching algorithms are used to calculate a similarity score indicating the degree of correlation between the new template and the enrolment template. By comparing this score to a pre-determined threshold, the system can determine the success of the attempt. If the score is below the threshold, the match is rejected, if it is above, the match is accepted. Biometric data acquisition, coding and matching technologies depend on the particular traits to be used for identification. 3.1 Fingerprints The essential characteristics of fingerprints have been recognised for over a century. A number of biometric systems to identify fingerprints are based on close analysis of minutiae, the smallest traits of a fingerprint. This work was initiated by F. Galton (1822-1911), who first described the composite curve segments of fingerprints. Minutiae points are ridge characteristics that occur at ridge endings or bifurcations. Four elements are recorded for each minutia: x and y location coordinates, orientation and type (e.g. ending ridge or bifurcation).

Once the user is enrolled in the system, his or her template may be stored in the system memory or on a personal identity card. A fingerprint template (recording 30 to 80 minutiae, or around 300 bytes of data) can be stored in a two-dimensional barcode printed on the card or in a memory chip incorporated into the card.

2D bar code 3.2 Facial Recognition Facial recognition systems use a camera (still or video) to capture an image, or images, of a given face. A codification algorithm is then used to evaluate its relevant biometric features. Each vendor uses different techniques to establish a template measuring aspects like the length of the nose, skin texture, the distance between the eyes, or a resemblance coefficient that has been calculated against a prerecorded database (eigenfaces). These techniques are quite new and have not yet been standardised. One drawback of facial recognition systems is their sensitivity to changes in lighting and camera angle. 3.3 Iris Scanning The unique characteristics and patterns of the human iris the coloured part of the eye surrounding the pupil offer a highly accurate means of identification. The iris is recorded by taking a high-resolution image of the eye with a camera. This requires some cooperation on the part of the user.

ENDING

RIDGES

BIFURCATION

As minutiae templates are used by a great number of biometrics vendors, fingerprint templates have become reasonably standardised. An ink impression or an optical or silicon sensor records the fingerprint images. A wide range of fingerprint sensors is available. Archiving accurate results requires an image resolution of at least 500 dpi.

May 2003

BIOMETRICS AND IDENTIFICATION

4 ACCURACY
4.1 Measuring Accuracy The accuracy of biometric techniques varies greatly. In measuring and comparing accuracy, three factors must be considered: False-Acceptance Rate (FAR): the probability that an impostor is falsely accepted by the system False-Rejection Rate (FRR): the probability that a valid user is falsely rejected by the system False-Enrolment Rate (FER): the probability that a user cannot be enrolled into the system (for example, blind people, or people with injured or missing hands or fingers) In practice, these three parameters are closely related to each other. If the system is very secure, the FAR is low but the FRR may be high, so that valid users may be rejected. A more friendly system may present a low FRR (no genuine users are refused) but a high FAR, increasing the odds that an impostor could be accepted. For greatest accuracy and security, a high-quality system aims to keep the FAR and FRR simultaneously low. FAR and FRR values are generally plotted as a function of the matching score. If the decision threshold (th1) is low, the FRR is very good (low) but the FAR is higher. (see graph below)

The iris is then coded by analysing the microstructure of the image. This is a fairly new technique that has recently been attracting a lot of attention. 3.4 Voice Verification A microphone is used to record the subjects voice. For some voice verification systems, users are asked to pronounce a password, in others they may be required to read a prompted text. A template is then extracted from this data using complex frequency analysis. 3.5 Others In addition to fingerprints, facial characteristics, iris scans and voice verification, other biometric systems record hand and finger geometry, handwriting and signatures, or retina images.

This is the reverse if the decision threshold is high (th2).

th 1

th 2

May 2003

BIOMETRICS AND IDENTIFICATION

Fingerprint

Face

Iris

Hand Geometry

Voice

Pin Code

FAR FFR Sensor cost

1 over 106 < 8% Low: 1570$

2% 10-40% Medium because lighting $100500

1 over 106? < 2%? High $1000

? ? Low

3 over 104 24%

Public acceptance Market share (IBG report 2001) Speed of matching (with a 2GHz PC) Interoperability

Medium

High

Low

Medium

50%

15%

5%

10%

Up to 104 matches per second

More than 104 matches per second no

High template with minutiae

Proprietary

Table 1 A Comparison of Biometric Techniques

4.2 Improving Accuracy The performance of a biometric system can be optimised in several ways: Enrolment The quality of the enrolment is essential. For example, fingerprint images recorded in ink may present numerous defects that the system cannot correct. With a live-capture enrolment, the system may accept or reject the capture, or ask the person to do it again. Codification and Matching The software used to code the data and to match it against other templates is the central part of any biometric system. This software must be flexible enough to cope with any potential differences in enrolment conditions, such as finger deformation or rotation on the fingerprint sensor, or lighting or angle differences when photographing hands and faces.

Multiple Acquisitions Most fingerprint-identification systems enroll more than one finger usually either two or ten fingers are enrolled. This decreases the FER, for if one finger is absent, the system can use another. Multiple enrolment also improves the systems performance, as (FAR for n fingers) = (FAR for one finger)n. Multiple-Modal Biometry Combining several biometric technologies allows a system to greatly increase its efficiency and accuracy. For example, facial recognition could assist in choosing between a set of possible fingerprint matches if no human fingerprint expert were available.

May 2003

BIOMETRICS AND IDENTIFICATION

5 APPLYING BIOMETRIC TECHNIQUES

Applications of biometric technologies fall into two broad categories: identification (or recognition) and authentication (or verification). Although some biometric systems are closed and have only a limited number of enrolments, much larger databases may be involved for other purposes. 5.1 Identification Identification systems determine identities by matching a persons features against a database of biometric templates. These systems are often referred to as one-to-many or 1:n systems (with n being the number of people in the database). Large Populations Large-population identification applications use databases of anything from 500,000 to 5,0106 people for example, government authorities may need to determine whether a person applying for an identity card has not previously been issued a card using another name. Fingerprint biometry systems are currently used for such large populations. Automatic Fingerprint Identification Systems (AFIS) are among the most accurate and most familiar techniques available today. These systems use multi-finger enrolment to reduce FAR, FRR and FER. A database server and highspeed computers are used for the codification and matching processes. For large populations, employing classification techniques can increase the global speed of the AFIS, so that the prints are finally matched against certain sections of the database only. E.R Henry (1850-1931) developed one such typology, based on five classes of fingerprints: Right loop (R), Left loop (L), Whorl (w), Arch (A) and Tented Arch (T). The full images of the fingerprint are stored in the database to allow experts to make a final visual comparison if necessary. Small Populations Access control is one example of identification for small populations. The number of people in a building-access database is quite low (one hundred to one thousand). These systems usually use fingerprint, facial or iris recognition. The two most important parameters here are the time that the system takes to enroll, code and match each user before arriving at a decision and the systems resistance to fraudulent use (as there is a no administrator present to monitor the enrolment).

5.2 Authentication Authentication systems verify that people are who they say they are. A biometric system may, for example, issue users with cards onto which their biometric templates are encrypted. The system has only to verify that the biometric features of the person are the same as those encrypted on the card. This is a one-to-one comparison. A fingerprint template (recording 30 to 80 minutiae) can be stored in a two-dimensional barcode printed on a card, or in a small computer chip embedded in the card. But for security reasons it is sometimes preferable that the template not be stored on the card itself because of the risk of interception and fraud. Microprocessor cards are more secure because the matching operation is done inside the chip. The chip gives only the result (yes or no). This is called on-card matching. 5.3 Interoperability Interoperability is not a major issue for building access control, as the number of enrolment sensors is low and the system is a closed loop in a private domain. But the situation is completely different for a biometric passport control system, where the encrypted templates recorded on the passport by the issuing country have to be recognised by other countries. As a result of their long history of acceptance, fingerprint identification techniques based on minutiae codification are at the forefront of biometric technologies in use today. International bodies such as the International Civil Aviation Organisation (ICAO) recommend the implementation of standardised formats to record these minutiae. Facial recognition is quite new, however, and at present each biometrics company using facial recognition techniques has developed its own codification to establish user templates. These templates are not interoperable. The only way that face recognition systems can be interoperable as yet is by recording and retaining the full facial image rather than the proprietary templates. These images need to be at least 8K in size, for which expensive memory-chip cards need to be used, rather than cards incorporating twodimensional barcode inscriptions. 5.4 Areas of Application Established biometric techniques such as AFIS have been accepted for many purposes. For example, Thales has set up such a system for driving licenses in Namibia. With the users template recorded on the licence, police can readily verify the cardholders identity through a oneto-one matching operation. Thales has developed a portable terminal (Artema ID) that is able to check someones identity by comparing a fingerprint captured by the

May 2003

BIOMETRICS AND IDENTIFICATION

The five basic Henry classes of fingerprints (ref: book Intelligent biometric techniques in fingerprint and face recognition Edited by L.C. Jan U.Halici I.Hayashi S.B. Lee S.Tsutsui)

sensor with the fingerprint template recorded on an identity card or drivers licence. Some other areas in which biometrics techniques are relevant are: Building access control Biometry can secure access to a building. These techniques can ensure that only authorised people gain entry, refusing entry to an unauthorised person who has stolen or acquired an ID badge. A biometric system can check the identity of a person against an authorised list or against that persons personal templates as recorded in a barcode or a memory chip on an ID badge. Thales has already applied fingerprint recognition to secure building access. Border control More and more, countries want to monitor who enters their national territory. The ICAO recommends that biometric features be recorded on passports. Several parameters have to be taken into account when choosing whether to use single or combined biometric techniques; for example, the price of the system, the speed of the identification process, its interoperability, and the efficiency of the system in terms of the security requirements. PC access, network access, electronic signatures PC access is usually secured by password, although passwords can be easily lost, stolen or forgotten. Biometric methods have been proposed more recently to overcome these problems. Templates could be recorded onto the hard drive of the PC, but it is more secure to record this data on a personal card that can itself match the data against the biometric information the cardholder presents. By using smart cards, on-card matching (no personal templates can be drawn from the card) can work with electronic signatures that use Public Key Infrastructure (PKI) technologies. Facial recognition software can be a cheap solution for low-security access, as digital cameras have already been integrated into consumer mobile telephones and portable computer systems. Electronic fund transfer terminals Transactions made through such terminals are usually secured by entering a PIN code. A biometric evaluation (fingerprint analysis, for example) would be more secure (as PIN codes can be stolen) and more convenient (as PIN codes can be lost or forgotten). 5.5 Protection of the biometric data If the use of biometric technologies is the state of the art in increasing security in many domains (access control, payment, identity control, etc.), then biometric data must

May 2003

BIOMETRICS AND IDENTIFICATION

be thoroughly protected from any fraudulent use. If your biometric data has been stolen and fraudulently reproduced, you cannot change yourself to have other biometric data like you can change passwords or declare badges and access cards null if they have been stolen. This means that if biometry brings security to a system, the system must be very secure to protect the biometric data. Biometry with on-card matching is a secure solution to avoid the malicious interception of biometric data.

6 THALES EXPERTISE
Security is at the heart of the Thales expertise in Defence, Aerospace and Information Technologies and Services (IT&S). Thales Security Systems has developed software called AFIS for population databases already operational in Namibia and nearly operational in Kenya. A biometric portable terminal Artema ID has been developed with Thales e-Transactions. Originally proposed for ID projects, these terminals can increase the security of e-payment. As for access control and surveillance, Thales Security Systems has an expertise in the installation of such systems. In this field, the high technical level of Thales work results from collaboration with universities and the labs of Thales Research and Technology.

The Artema ID

May 2003

THALES 173, boulevard Haussmann 75415 Paris Cedex 08 France PH: +33 (1) 53 77 80 00 www.thalesgroup.com/security