ABSTRACT

We would like to outline our opinions about the usability of

biometric authentication systems. We outline the position of

biometrics in the current field of computer security in the first

section of the research. The second chapter introduces a more

systematic view of the process of biometric authentication a

layer model (of the biometric authentication process). The third

section discusses the advantages and disadvantages of biometric

authentication systems. We also propose a classification of

biometric systems that would allow us to compare the biometrics

systems reasonably.

We conclude this paper with some suggestions where we would

suggest the use of biometric systems and where not.

1
 CHAPTER ONE

1.0 INTRODUCTION

Biometrics may be described as the science of recognizing an

individual based on his or her physical or behavioral traits, is

beginning to gain acceptance as a legitimate method for

determining an individuals identity. Biometric systems have now

been deployed in various commercial, civilian, and forensic

applications as a means of establishing identity.

Many of the limitations associated with the use of passwords can

be ameliorated by the incorporation of better methods for user

authentication. Biometric authentication or, simply biometrics

refers to establishing identity based on the physical and behavioral

characteristics (also known as traits or identifiers) of an individual

such as face, fingerprint, hand geometry, iris, keystroke,

signature, voice, etc. Biometric systems offer several advantages

over traditional authentication schemes. They are inherently more

reliable than password-based authentication as biometric traits

cannot be lost or forgotten (passwords can be lost or forgotten);

biometric traits are difficult to copy, share, and distribute

2
(passwords can be announced in hacker websites); and they

require the person being authenticated to be present at the time

and point of authentication (conniving users can deny that they

have shared the password). It is difficult to forge biometrics (it

requires more time, money, experience, access privileges) and it is

unlikely for a user to repudiate having accessed the digital content

using biometrics. Thus, a biometrics-based authentication scheme

is a powerful alternative to traditional authentication schemes. In

some instances, biometrics can be used in conjunction with

passwords (or tokens) to enhance the security offered by the

authentication system.

1.1 BACKGROUND TO THE STUDY

Establishing identity is becoming critical in our vastly

interconnected society. Questions such as Is she really who she

claims to be?, Is this person authorized to use this facility?, or

Is he in the watch list posted by the government? are routinely

being posed in a variety of scenarios ranging from issuing a

drivers license to gaining entry into a country. The need for

3
reliable user authentication techniques has increased in the wake

of heightened concerns about security and rapid advancements in

networking, communication, and mobility.

1.2 STATEMENT OF THE PROBLEM

To ascertain the viability and effectiveness of biometric systems in

securing organizations data.

1.3 AIMS AND OBJECTIVES

1) Examining applications where biometrics can solve issues

pertaining to information security.

2) Enumerating the fundamental challenges encountered by

biometric systems in real-world applications.

3) Discussing solutions to address the problems of scalability and

security in large-scale authentication systems.

1.4 SIGNIFICANCE OF STUDY:

In this project, we provide an overview of biometrics and discuss

some of the salient research issues that need to be addressed for

4
making biometric technology an effective tool for providing

information security.

1.5 DEFINITION OF TERMS:

The following terms will consistently appear in this project so it is

best we define them to make for better understanding of the work.

Biometrics: These are automated methods of identity verification

or identification based on the principle of measurable physiological

or behavioural characteristics such as a fingerprint, an iris pattern

or a voice sample.

Encryption: The translation of data into unreadable codes to

maintain security.

Digital rights management: The critical component of a DRM

system is user authentication which determines whether a certain

individual is indeed authorized to access the content available in a

particular digital medium

Information security: sometimes shortened to InfoSec, is the

practice of defending information from unauthorized access, use,

disclosure, disruption, modification, inspection, recording or

5
destruction. It is a general term that can be used regardless of the

form the data may take (e.g. electronic, physical).

Passwords: is a word or string of characters used for

user authentication to prove identity or access approval to gain

access to a resource (example: an access code is a type of

password), which is to be kept secret from those not allowed

access.

Cryptography: Is the practice and study of techniques for secure

communication in the presence of third parties called adversaries.

More generally, cryptography is about constructing and

analyzing protocols that prevent third parties or the public from

reading private messages.

6
 CHAPTER TWO

2.0 LITERATURE REVIEW

Research on biometric methods has gained renewed attention in

recent years brought on by an increase in security concerns. The

recent world attitude towards terrorism has influenced people and

their governments to take action and be more proactive in security

issues. This need for security also extends to the need for

individuals to protect, among other things, their working

environments, homes, personal possessions and assets. Many

biometric techniques have been developed and are being improved

with the most successful being applied in everyday law

enforcement and security applications. Biometric methods include

several state-of-the-art techniques. Among them, fingerprint

recognition is considered to be the most powerful technique for

utmost security authentication. Advances in sensor technology and

an increasing demand for biometrics are driving a burgeoning

biometric industry to develop new technologies. As commercial

incentives increase, many new technologies for person

identification are being developed, each with its own strengths and

7
weaknesses and a potential niche market. This chapter reviews

some well-known biometrics with special emphasis to fingerprint.

The term Biometrics is derived from the Greek words bio (life)

and metrics (to measure) (Rood and Hornak, 2008). Automated

biometric systems have only become available over the last few

decades, due to the significant advances in the field of computer

and image processing. Although biometric technology seems to

belong in the twenty first century, the history of biometrics goes

back thousands of years. The ancient Egyptians and the Chinese

played a large role in biometrics history. Today, the focus is on

using biometric face recognition, iris recognition, retina recognition

and identifying 34 characteristics to stop terrorism and improve

security measures. This section provides a brief history on

biometric security and fingerprint recognition. During 1858, the

first recorded systematic capture of hand and finger images for

identification purposes was used by Sir William Herschel, Civil

Service of India, who recorded a handprint on the back of a

contract for each worker to distinguish employees (Komarinski,

2004). During 1870, Alphonse Bertillon developed a method of

8
identifying individuals based on detailed records of their body

measurements, physical descriptions and photographs. This

method was termed as Bertillonage or anthropometrics and the

usage was aborted in 1903 when it was discovered that some

people share same measurements and physical characteristics

(State University of New York at Canton, 2003). Sir Francis Galton,

in 1892, developed a classification system for fingerprints using

minutiae characteristics that is being used by researchers and

educationalists even today. Sir Edward Henry, during 1896, paved

way to the success of fingerprint recognition by using Galton's

theory to identify prisoners by their fingerprint impressions. He

devised a classification system that allowed thousands of

fingerprints to be easily filed, searched and traced. He helped in

the first establishment of fingerprint bureau in the same year and

his method gained worldwide acceptance for identifying criminals

(Scottish Criminal Record Office, 2002). The concept of using iris

pattern for identification was first proposed by Ophthalmologist

Frank Burch in 1936 (Iradian Technologies, 2003). During 1960,

the first semi-automatic face recognition system was developed by

9
Woodrow W. Bledsoe, which used the location of eyes, ears, nose

and mouth on the photographs for recognition purposes. In the

same year, the first model of acoustic speech production was

created by a Swedish Professor, Gunnar Fant. His invention is used

in today's speaker recognition system (Woodward et al, 2003). 35

The first automated signature recognition system was developed

by North American Aviation during 1965 (Mauceri, 1965). This

technique was later, in 1969, used by Federal Bureau of

Investigation (FBI) in their investigations to reduce man hours

invested in the analysis of signatures. The year 1970 introduced

face recognition towards authentication. Goldstein et al. (1971)

used 21 specific markers such as hair color, lip thickness to

automate the recognition process. The main disadvantage of such

a system was that all these features were manually identified and

computed. During the same period, Dr. Joseph Perkell produced

the first behavioral components of speech to identify a person

(Woodward et al, 2003). The first commercial hand geometry

system was made available in 1974 for physical access control,

time and attendance and personal identification. The success of

10
this first biometric automated system motivated several funding

agencies like FBI Fund, NIST for the development of scanners and

feature extraction technology (Ratha and Bolle, 2004), which will

finally lead to the development of a perfect human recognizer. This

resulted in the first prototype of speaker recognition system in

1976, which was developed by Texas instruments and was tested

by US Air Force and the MITRE Corporation. In 1996, the hand

geometry was implemented successfully at the Olympic Games and

the system implemented was able to handle the enrollment of over

65,000 people. Drs. Leonard Flom and AranSafir, in 1985, found

out that no two irises are alike and their findings were awarded a

patent during 1986. In the year 1988, the first semi-automated

facial recognition system was deployed by Lakewood Division of

Los Angeles County Sheriff's Department for identifying suspects

(Angela, 2009). This was followed by several land marked

contribution by Sirovich and Kirby (1989), Turk and Pentland

(1991), Philipis et al. (2000) in the field of face recognition. The

next stage in fingerprint automation occurred at the end of 1994

with the Integrated Automated Fingerprint Identification System

11
(IAFIS) 36 competition. The competition identified and investigated

three major challenges: (1) digital fingerprint acquisition (2) local

ridge characteristic extraction and (3) ridge characteristic pattern

matching (David et al., 2005). The first Automated Fingerprint

Identification System (AFIS) was developed by Palm System in

1993. During 1995, the iris biometric was officially released as a

commercial authentication tool by Defense Nuclear Agency and

Iriscan. The year 2000 envisaged the first face recognition vendor

test (FRVT, 2000) sponsored by the US Government agencies and

the same year paved way for the first research paper on the use of

vascular patterns for recognition (Im et al., 2001). During 2003,

ICAO (International civil Aviation Organization) adopted blueprints

for the integration of biometric identification information into

passports and other Machine Readable Travel Documents (MRTDs).

Facial recognition was selected as the globally interoperable

biometric for machine-assisted identity confirmation with MRTDs.

The first statewide automated palm print database was deployed

by the US in 2004. The Face Recognition Grand Challenge (FRGC)

began in the same year to improve the identification problem. In

12
2005, Iris on the move was announced by Biometric Consortium

Conference for enabling the collection of iris images from

individuals walking through a portal.

In ancient Babylon and China, fingerprints were impressed on clay

tablets and seals. The use of fingerprints as a unique human

identifier dates back to second century B.C. China, where the

identity of the sender of an important document could be verified

by his fingerprint impression in the wax seal (Ruggles, 1996). In

fourteenth-century Persia fingerprints were impressed on various

official papers. At that time, a governmental official observed that

no two fingerprints were exactly alike. Using the newly invented

microscope, Professor Marcello Malpighi at the University of

Bologna noted ridges on the surface of fingers in 1686. He

described them as loops and spirals but did not note their value as

a means of personal identification. Later, in 1823 at the University

of Breslau, Professor John Evangelist Purkinje published his thesis

proposing a system of classification based on 9 different fingerprint

patterns. This was the first step towards the modern study of

fingerprints. The first modern use of fingerprints occurred in 1856

13
when Sir William Herschel, the Chief Magistrate of the Hooghly

district in Jungipoor, India, had a local businessman,

RajyadharKonai, impress his handprint on the back of a contract.

Later, the right index and middle fingers were printed next to the

signature on all contracts made with the locals. The purpose was

to frighten the signer of repudiating the contract because the locals

believed that personal contact with the document made it more

binding. As his fingerprint collection grew, Sir Herschel began to

realize that fingerprints could prove or disprove identity. Despite

his lack of scientific knowledge in fingerprinting he was convinced

that fingerprints are unique and permanent throughout life.

From the review, it is understood that the fingerprint recognition

technique is a dominant technology in the biometric market. In

relation to the research study, the review study also reveals the

fact that even though several success stories are published with

relation to complete fingerprint recognition, a perfect partial

fingerprint recognition system is not yet eminent and still requires

careful examination in terms of accuracy, speed, memory

utilization and cost.

14
 CHAPTER THREE

3.0 PROGRAM ANALYSIS AND DESIGN

3.1 BIOMETRIC AUTHENTICATION

Many different aspects of human physiology, chemistry or behavior

can be used for biometric authentication. The selection of a

particular biometric for use in a specific application involves a

weighting of several factors. Jain et al. (1999) identified seven

such factors to be used when assessing the suitability of any trait

for use in biometric authentication.

1. Universality means that every person using a system should

possess the trait.

2. Uniqueness means the trait should be sufficiently different for

individuals in the relevant population such that they can be

distinguished from one another.

3. Permanence relates to the manner will be reasonably

invariant over time with respect to the specific matching

algorithm.

4. Measurability (collectability) relates to the ease of acquisition

or measurement of the trait. In addition, acquired data should

15
 be in a form that permits subsequent processing and

extraction of the relevant feature sets.

5. Performance relates to the accuracy, speed, and robustness

of technology used performance.

6. Acceptability relates to how well individuals in the relevant

population accept the technology such that they are willing to

have their biometric trait captured and assessed.

7. Circumvention relates to the ease with which a trait might be

imitated using an artifact or substitute.

Proper biometric use is very application dependent. Certain

biometrics will be better than others based on the required levels

of convenience and security. No single biometric will meet all the

requirements of every possible application.

16
RESEARCH METHODOLGY

3.2 AUTHENTICATION METHODS

3.2.1 Fingerprints

A fingerprint looks at the patterns found on a fingertip. There are a

variety of approaches to fingerprint verification. Some emulate the

traditional police method of matching minutiae, others use straight

pattern-matching devices; and still others are a bit more unique,

including things like moir fringe patterns and ultrasonics. Some

verification approaches can detect when a live finger is presented;

some cannot. A greater variety of fingerprint devices is available

than for any other biometric. As the prices of these devices and

processing costs fall, using fingerprints for user verification is

gaining acceptance despite the common criminal stigma.

Fingerprint verification may be a good choice for in-house systems,

where you can give users adequate explanation and training, and

where the system operates in a controlled environment. It is not

surprising that the workstation access application area seems to be

based almost exclusively on fingerprints, due to the relatively low

17
cost, small size, and ease of integration of fingerprint

authentication devices.

3.2.2 Hand geometry

Hand geometry involves analyzing and measuring the shape of the

hand. This biometric offer a good balance of performance

characteristics and is relatively easy to use. It might be suitable

where there are more users or where users access the system

infrequently and are perhaps less disciplined in their approach to

the system. Accuracy can be very high if desired and flexible

performance tuning and configuration can accommodate a wide

range of applications. Organizations are using hand geometry

readers in various scenarios, including time and attendance

recording, where they have proved extremely popular. Ease of

integration into other systems and processes, coupled with ease of

use, makes hand geometry an obvious first step for many

biometric projects.

18
3.2.3 Retina

A retina-based biometric involves analyzing the layer of blood

vessels situated at the back of the eye. An established technology,

this technique involves using a low intensity light source through

an optical coupler to scan the unique patterns of the retina. Retinal

scanning can be quite accurate but does require the user to look

into a receptacle and focus on a given point. This is not particularly

convenient if you wear glasses or are concerned about having

close contact with the reading device. For these reasons, retinal

scanning is not warmly accepted by all users, even though the

technology itself can work well.

3.2.4 Iris

An iris-based biometric, on the other hand, involves analyzing

features found in the colored ring of tissue that surrounds the

pupil. Iris scanning, undoubtedly the less intrusive of the eye

related biometrics, uses a fairly conventional camera element and

requires no close contact between the user and the reader. In

addition, it has the potential for higher than average template-

19
matching performance. Iris biometrics work with glasses in place

and is one of the few devices that can work well in identification

mode. Ease of use and system integration have not traditionally

been strong points with iris scanning devices, but you can expect

improvements in these areas as new products emerge.

3.2.5 Face

Face recognition analyzes facial characteristics. It requires a

digital camera to develop a facial image of the user for

authentication. This technique has attracted considerable interest,

although many people dont completely understand its capabilities.

Some vendors have made extravagant claimswhich are very

difficult, if not impossible, to substantiate in practicefor facial

recognition devices. Because facial scanning needs an extra

peripheral not customarily included with basic PCs, it is more of a

niche market for network authentication. However, the casino

industry has capitalized on this technology to create a facial

database of scam artists for quick detection by security personnel.

20
3.2.6 Signature

Signature verification analyzes the way a user signs her name.

Signing features such as speed, velocity, and pressure are as

important as the finished signatures static shape. Signature

verification enjoys a synergy with existing processes that other

biometrics do not. People are used to signatures as a means of

transaction-related identity verification, and most would see

nothing unusual in extending this to encompass biometrics.

Signature verification devices are reasonably accurate in operation

and obviously lend themselves to applications where a signature is

an accepted identifier.

3.2.7 Voice

Voice authentication is not based on voice recognition but on

voice-to-print authentication, where complex technology

transforms voice into text. Voice biometrics has the most potential

for growth, because it requires no new hardwaremost PCs

already contain a microphone. However, poor quality and ambient

noise can affect verification. In addition, the enrollment procedure

21
has often been more complicated than with other biometrics,

leading to the perception that voice verification is not user friendly.

Therefore, voice authentication software needs improvement. One

day, voice may become an additive technology to finger-scan

technology. Because many people see finger scanning as a higher

authentication form, voice biometrics will most likely be relegated

to replacing or enhancing PINs, passwords, or account names.

Fig. 1. Examples of biometric characteristics: (a) face, (b)

ngerprint, (c) hand geometry, (d) iris, (e) keystroke, (f)

signature, and (g) voice.

22
TABLE I

EXAMPLES OF COMMONLY USED REPRESENTATION AND

MATCHING SCHEMES FOR FIVE DIFFERENT BIOMETRIC TRAITS.

ADVANCEMENTS IN STATISTICAL PATTERN RECOGNITION,

SIGNAL PROCESSING, AND COMPUTER VISION HAVE RESULTED

IN OTHER SOPHISTICATED SCHEMES NOT INDICATED HERE

3.3 FUNCTIONALITIES AND USES OF A BIOMETRIC SYSTEM

Security systems use biometrics for two basic purposes: to verify

or to identify users. Identification tends to be the more difficult of

the two uses because a system must search a database of enrolled

users to find a match (a one-to-many search). The biometric that a

23
security system employs depends in part on what the system is

protecting and what it is trying to protect against. Physical access

for decades, many highly secure environments have used

biometric technology for entry access. Today, the primary

application of biometrics is in physical security: to control access to

secure locations (rooms or buildings). Unlike photo identification

cards, which a security guard must verify, biometrics permits

unmanned access control. Biometric devices, typically hand

geometry readers, are in office buildings, hospitals, casinos, health

clubs, and even schools.

Biometrics is useful for high-volume access control. For example,

biometrics controlled access of 65,000 people during the 1996

Olympic Games, and Disney World uses a fingerprint scanner to

verify season-pass holders entering the theme park.

Engineers are developing several promising prototype biometric

applications to support the International Air Transport Associations

Simplifying Passenger Travel (SPT) initiatives. One such program is

24
Eye Ticket, which Charlotte/Douglas International Airport in North

Carolina and Flughafen Frankfurt/Main Airport in Germany are

evaluating. Eye Ticket links a passengers frequent-flyer number to

an iris scan. After the passenger enrolls in the system, unmanned

kiosks perform ticketing and check-in (without luggage).

The US Immigration and Naturalization Services Passenger

Accelerated Service System uses hand geometry to identify and

process preen rolled, low-risk frequent travelers through an

automated immigration system. Currently deployed in nine

international airports, including Washington Dulles International,

this system uses an unmanned kiosk to perform citizenship-

verification functions.

Virtual access: For a long time, biometric-based network and

computer access were areas often discussed but rarely

implemented. Recently, however, the unit price of biometric

devices has fallen dramatically, and several designs aimed

squarely at this application are on the market. Analysts see virtual

25
access as the application that will provide the critical mass to move

biometrics for network and computer access from the realm of

science-fiction devices to regular system components. At the same

time, user demands for virtual access will raise public awareness of

the security risks and lower resistance to the use of biometrics.

Physical lock-downs can protect hardware, and passwords are

currently the most popular way to protect data on a network.

Biometrics, however, can increase a companys ability to protect

its data by implementing a more secure key than a password.

Using biometrics also allows a hierarchical structure of data

protection, making the data even more secure.

Passwords supply a minimal level of access to network data;

biometrics, the next level. You can even layer biometric

technologies to enhance security levels.

Biometrics is not only a fascinating pattern recognition research

problem but, if carefully used, could also be an enabling

26
technology with the potential to make our society safer, reduce

fraud, and lead to user convenience (user friendly man-machine

interface) by broadly providing the following three functionalities.

Biometrics can verify with high certainty the authenticity of a

claimed enrollment based on the input biometric sample. For

example, a person claims that he or she is known as John Doe

within the authentication system and offers his or her fingerprint;

the system then either accepts or rejects the claim based on a

comparison performed between the offered pattern and the

enrolled pattern associated with the claimed identity. Commercial

applications, such as computer network logon, electronic data

security, ATMs, credit-card purchases, physical

access control, cellular phones, personal digital assistants (PDAs),

medical records management, and distance learning are sample

authentication applications.

Authentication applications are typically cost sensitive with a

strong incentive for being user friendly.

27
Given an input biometric sample, identification determines if the

input biometric sample is associated with any of a large number

(e.g., millions) of enrolled identities. Typical identification

applications include welfare disbursement, national ID cards,

border control, voter ID cards, drivers license, criminal

investigation, corpse identification, parenthood determination,

missing children identification, etc. These identification applications

require a large sustainable throughput with as little human

supervision as possible.

Screening applications determine whether a person belongs to a

watch list of identities. Examples of screening applications could

include airport security, security at public events, and other

surveillance applications. The screening watch list consists of a

moderate (e.g., a few hundred) number of identities. By their very

nature, the screening applications: 1) do not have a well-defined

user enrollment phase; 2) can expect only minimal control over

their subjects and imaging conditions; 3) require large sustainable

throughput with as little human supervision as possible. Screening

28
cannot be accomplished without biometrics (e.g., by using token-

based or knowledge-based identification).

Biometric systems are being increasingly deployed in civilian

applications that have several thousand enrolled users. The

Schiphol Privium scheme at the Amsterdam airport, for example,

employs iris scan cards to speed up the passport and visa control

procedures. Passengers enrolled in this scheme insert their card at

the gate and look into a camera; the camera acquires the eye

image of the traveler, processes it to locate the iris, and computes

the Iris Code; the computed Iris Code is compared with the data

residing in the card to complete user verification. A similar scheme

is also being used to verify the identity of Schiphol airport

employees working in high-security areas. Thus, biometric systems

can be used to enhance user convenience while improving security.

3.4 SELECTING A BIOMETRIC TECHNOLOGY

Biometric technology is one area that no segment of the IT

industry can afford to ignore. Biometrics provide security benefits

29
across the spectrum, from IT vendors to end users, and from

security system developers to security system users. All these

industry sectors must evaluate the costs and benefits of

implementing such security measures. Different technologies may

be appropriate for different applications, depending on perceived

user profiles, the need to interface with other systems or

databases, environmental conditions, and a host of other

application-specific parameters.

3.4.1 Ease of use

Some biometric devices are not user friendly. For example, users

without proper training may experience difficulty aligning their

head with a device for enrolling and matching facial templates.

3.4.2 Error incidence

Two primary causes of errors affect biometric data: time and

environmental conditions. Biometrics may change as an individual

ages. Environmental conditions may either alter the biometric

directly (for example, if a finger is cut and scarred) or interfere

30
with the data collection (for instance, background noise when

using a voice biometric).

3.4.3 Accuracy

Vendors often use two different methods to rate biometric

accuracy: false-acceptance rate or false-rejection rate. Both

methods focus on the systems ability to allow limited entry to

authorized users. However, these measures can vary significantly,

depending on how you adjust the sensitivity of the mechanism that

matches the biometric. For example, you can require a tighter

match between the measurements of hand geometry and the

users template (increase the sensitivity).This will probably

decrease the false-acceptance rate, but at the same time can

increase the false-rejection rate. So be careful to understand how

vendors arrive at quoted values of FAR and FRR. Because FAR and

FRR are interdependent, it is more meaningful to plot them against

each other. Generally, physical biometrics are more accurate than

behavioral biometrics.

31
3.4.4 Cost

Cost components include

biometric capture hardware;

back-end processing power to maintain the database;

research and testing of the biometric system;

installation, including implementation team salaries;

mounting, installation, connection, and user system integration

costs;

user education, often conducted through marketing campaigns;

exception processing, or handling users who cannot submit

readable images because of missing appendages or unreadable

prints;

productivity losses due to the implementation learning curve;

and

system maintenance.

3.4.5 User acceptance

Generally speaking, the less intrusive the biometric, the more

readily it is accepted. However, certain user groups some

32
religious and civil-liberties groupshave rejected biometric

technologies because of privacy concerns.

3.4.6 Required security level

Organizations should determine the level of security needed for the

specific application: low, moderate, or high. This decision will

greatly impact which biometric is most appropriate. Generally,

behavioral biometrics are sufficient for low-to-moderate security

applications; physical biometrics, for high-security applications.

3.4.7 Long-term stability

Organizations should consider a biometrics stability, including

maturity of the technology, degree of standardization, level of

vendor and government support, market share, and other support

factors. Mature and standardized technologies usually have

stronger stability. Biometric technology has been around for

decades but has mainly been for highly secretive environments

with extreme security measures. The technologies behind

biometrics are still emerging. This project gives a snapshot of the

33
dynamics under way in this emerging biometric market, and we

hope it will help you consider all the possible alternatives when

acquiring new biometric technologies.

3.5 BIOMETRIC VARIANCE

Password-based authentication systems do not involve any

complex pattern recognition techniques (passwords have to match

exactly) and, hence, they almost always perform accurately as

intended by their system designers. On the other hand, biometric

signals and their representations (e.g., facial image and eigen-

coefficients of facial image) of a person vary dramatically

depending on the acquisition method, acquisition environment,

users interaction with the acquisition device, and(in some cases)

variation in the traits due to various patho-physiological

phenomena. Below, we present some of the common reasons for

biometric signal/representation variations.

34
3.5.1 Inconsistent Presentation:

The signal captured by the sensor from a biometric identifier

depends upon both the intrinsic biometric identifier characteristic

as well as the way the biometric identifier was presented. Thus, an

acquired biometric signal is a nondeterministic composition of a

physical biometric trait, the user characteristic behavior, and the

user interaction facilitated by the acquisition interface. For

example, the three-dimensional (3-D) shape of the finger gets

mapped onto the two-dimensional (2 D) surface of the sensor

surface.

As the finger is not a rigid object and since the process of

projecting the finger surface onto the sensor surface is not

precisely controlled, different impressions of a finger are related to

each other by various transformations. Further, each impression of

a finger may possibly depict a different portion of its surface. In

case of face acquisition, different acquisitions may represent

different poses of the face.

Hand geometry measurements may be based on different

projections of hand on a planar surface. Different iris/retina

35
acquisitions may correspond to different non frontal projections of

iris/retina on to the image planes.

3.5.2 Irreproducible Presentation:

Unlike the synthetic identifiers [e.g., radio-frequency identification

(RFID)], biometric identifiers represent measurements of a

biological trait or behavior. These identifiers are prone to wear-

and-tear, accidental injuries, malfunctions, and pathophysiological

development. Manual work, accidents, etc., inflict injuries to the

nger, thereby changing the ridge structure of the finger either

permanently or semi permanently. Wearing different kinds of

jewelry (e.g., rings) may affect hand geometry measurements in

an irreproducible way. Facial hair growth (e.g., sideburns and

mustache), accidents (e.g., broken nose), attachments (e.g.,

eyeglasses and jewelry), makeup, swellings, cyst growth, and

different hairstyles may all correspond to irreproducible face

depictions. Retinal measurements can change in some pathological

developments (e.g., diabetic retinopathy). Inebriation results in

erratic signatures. The common cold changes a persons voice. All

36
of these phenomena contribute to dramatic variations in the

biometric identifier signal captured at different acquisitions.

Fig. 2. Imperfect acquisition: three different impressions of a

subjects finger exhibiting poor quality ridges possibly due to

extreme finger dryness.

3.5.3 Imperfect Signal/Representational Acquisition:

The signal acquisition conditions in practical situations are not

perfect and cause extraneous variations in the acquired biometric

signal. For example, non uniform contact results in poor quality

fingerprint acquisition. That is, the ridge structure of a finger

would be completely captured only if ridges belonging to the part

of the finger being imaged are in complete physical/optical contact

with the image acquisition surface and the valleys do not make any

37
contact with the image acquisition surface. However, the dryness

of the skin, shallow/worn-out ridges (due to aging/genetics), skin

disease, sweat, dirt, and humidity in the air all confound the

situation resulting in a non ideal contact situation. In the case of

inked fingerprints, inappropriate in king of the finger often results

in noisy low contrast(poor quality) images, which lead to either

spurious or missing fingerprint features (i.e., minutiae). Different

illuminations cause conspicuous differences in the facial

appearance. Backlit illumination may render image acquisition

virtually useless in many applications. Depending upon ergonomic

conditions, the signature may vary significantly. The channel

bandwidth characteristics affect the voice signal.

Further, the feature extraction algorithm is imperfect and

introduces measurement errors. Various image processing

operations might introduce inconsistent biases to perturb feature

localization. A particular biometric identifier of two different people

can be very similar because of the inherent lack of distinctive

information in it or because of the inadequate representation used

for the identifier. As a result of these complex variations in the

38
biometric signal/representations, determining whether two

presentations of a biometric identifier are the same typically

involves complex pattern recognition and decision making.

39
 CHAPTER FOUR

OPERATION OF A BIOMETRIC SYSTEM

A biometric system may be viewed as a signal detection system

with a pattern recognition architecture that senses a raw biometric

signal, processes this signal to extract a salient set of features,

compares these features against the feature sets residing in the

database, and either validates a claimed identity or determines the

identity associated with the signal. Biometric systems attempt to

elicit repeatable and distinctive human presentations, and consist

(in theory, if not in actual practice) of user-friendly, intuitive

interfaces for guiding the user in presenting the necessary traits.

In the context of biometric systems, sensing consists of a

biometric sensor (e.g., fingerprint sensor or charge-coupled device

(CCD) camera), which scans the biometric characteristic of an

individual to produce a digital representation of the characteristic.

A quality check is generally performed to ensure that the acquired

sample can be reliably processed by successive stages. In order to

facilitate matching, the input digital representation is usually

further processed by a feature extractor to generate a compact but

40
expressive representation called a feature set which can be stored

as a template for future comparison. The feature extraction stage

discards the unnecessary and extraneous information from the

sensed measurements and gleans useful information necessary for

matching.

4.2 MODULES OF A BIOMETRIC SYSTEM

Any biometric system is basically made of the following

components:

Portal

Its purpose is to protect some assets. An example of a portal is the

gate at an entrance of a building. If the user has been successfully

authenticated and is authorized to access an object then access is

granted.

Central controlling unit

This receives the authentication request, controls the biometric

authentication process and returns the result of user

authentication.

41
Input device

The aim of the input device is biometric data acquisition. During

the acquisition process users liveness and quality of the sample

may be verified.

Feature extraction module

Processes the biometric data. The output of the module is a set of

extracted features suitable for the matching algorithm. During the

feature extraction process the module may also evaluate quality of

the input biometric data.

Storage of biometric templates.

This will typically be some kind of a database. Biometric templates

can also be stored on a user-held medium (e.g., smartcard). In

that case a link between the user and her biometric template must

exist (e.g., in the form of an attribute certificate).

The biometric matching algorithm

This compares the current biometric features with the stored

template. The desired security threshold level may be a parameter

of the matching process. In this case the result of the matching

will be a yes/no answer. Otherwise a score representing the

42
similarity between the template and the current biometric sample

is returned. The central unit then makes the yes/no decision.

4.3 BIOMETRIS SYSTEM FLOWCHART

Fig 3: Two modes of combining biometrics with cryptography: (a)

key release and (b) key generation

43
4.4 RESEARCH CHALLENGES INBIOMETRIC RECOGNITION

There are several reasons underlying imperfect accuracy

performance of a biometric system. A number of challenging

research problems in biometric matcher design need to be

addressed before the performance hiatus can be effectively closed.

Effective Representation and Matching: The biometric system

design challenge is to be able to arrive at a realistic

representational/invariance model of the identifier from a few

samples acquired under possibly inconsistent conditions, and then,

formally estimate the inherent discriminatory information (e.g.,

individuality) in the signal from the samples. This is especially

difficult in a large-scale identification system where the number of

classes/identities is huge (e.g., in the millions).

Further, the representation/model of a user has to be updated over

a period of time (i.e., the template update problem in order to

account for temporal/permanent changes in the users biometric

trait. The problem of seamlessly integrating multiple biometric

cues to provide effective identification across the entire population

44
is also very challenging given the variety of scenarios that are

possible.

Performance Modeling (i.e., Biometric Individuality):One of

the most fundamental questions one would like to ask about any

practical biometric authentication system is: what is the inherent

discriminable information available in the input signal?

Unfortunately, this question, if at all, has been answered in a very

limited setting for most biometrics modalities. The inherent signal

capacity issue is of enormous complexity as it involves modeling

both the composition of the population as well as the interaction

between the behavioral and physiological attributes at different

scales of time and space. Nevertheless, a first-order approximation

to the answers to these questions will have a significant bearing on

the acceptance of (biometrics-based) personal identification

systems into our society as well as determining the upper bounds

on scalability of deployments of such systems.

Characterizing Signal Quality and Enhancement: For a

particular biometric to be effective, it should be universal: every

individual in the target population should possess the biometric

45
and every acquisition of the biometric from an individual should

provide useful information for personal identity recognition. In

practice, adverse signal acquisition conditions and inconsistent

presentations of the signal often result in unusable or nearly

unusable biometric signals (biometric samples). This is confounded

by the problem that the underlying individual biometric signal can

vary over time due to (for example) aging.

Hence, poor quality of a biometric sample constitutes the single

most cause of inferior matching accuracy in biometric systems.

Therefore, it is important to quantify the quality of the signal for

either seeking a better representation of the signal or for

subjecting the poor signal to alternative methods of processing. In

situations involving non cooperative individuals, where it may not

be feasible to acquire a good quality biometric signal, it is critical

that the procured signal be suitably enhanced in order to permit

accurate processing of the data. Indeed, biometric signal

enhancement is an important research problem that has to be

pursued in a systematic manner.

46
Empirical Performance Measurement: Performance assessment

plays a crucial role in determining whether the given biometric

system is acceptable or needs further improvement. Obtaining

reliable performance estimation is very challenging. This is

especially true when the system is already operational or when the

system is being tested against adversarial attacks.

How does one reliably predict the performance (accuracy, speed,

and vulnerability) of a large-scale biometric system that has

several million identities enrolled in it? Besides the problems

enumerated above, issues related to privacy, security, integrity

and liveness detection will also have to be addressed.

47
Fig.4. Biometric system characterization. The accuracy axis

represents the

Intrinsic 1:1 (verification) accuracy of the matcher.

48
 CHAPTER FIVE

CONCLUSION

Biometrics presents important technical, policy, and system

challenges that must be solved because there is no substitute for

this technology for addressing many critical information security

problems. Considering the recent government mandates for

national and international use of biometrics in delivering crucial

societal functions, there is urgency to further develop basic

biometric capabilities, and to integrate them into practical

applications. Because biometrics cannot be easily shared,

misplaced, or forged, the resultant security is more reliable than

current password systems and does not encumber the end user

with remembering long cryptographically strong passwords.

Biometric-based system administrator access to sensitive user

information affords effective accountability.

While biometric technology appears to be well suited to provide a

user-convenient component of secure person-identity linkage,

there may be cultural, societal, and religious resistance toward

acceptance of this technology. On the other hand, the hyperbole

49
underlying biometric technology has created the expectation that

biometric is the panacea for all of our security and identity theft

problems and not merely one of the several complementary

technologies (e.g., RFID, conventional security, process

engineering) that need to be integrated in a way that remains to

be well defined. For example, one of the fundamental sources of

identity theft problem is the critical reliance on the linkages to and

information in legacy identity management systems. While

biometric technology can mitigate some of the enrollment

problems (e.g., multiple identities), it cannot solve the problem of

having to rely on imperfect legacy identity management systems.

One may have to rely on process engineering (e.g., ensuring

enrollment at birth as is currently done in local birth registers and

the U.S. Social Security System) for several generations before we

could ensure perfect enrollment. Meanwhile, we may have to rely

on a delicate balance of deterrence and detection of identity fraud

guidedby sound public policy. A poorly implemented biometric

system can be the cause of complacence, disaster, and a further

basis for resistance. On the other hand, a well-implemented

50
biometrics system with sufficient privacy safeguards may be a

clear requirement in the quick response to natural or man-made

disasters. Much remains to be accomplished in terms of general

education of the end users, system administrators, integrators,

and most important, public policy makers. The limitations of the

current state of the biometric technology should not be construed

to imply that it is not currently useful in many applications. In fact,

there are a large number of biometric solutions that have been

successfully deployed to provide useful value in practical

applications. For example, the hand geometry system has served

as a good access control solution in many deployments such as

university dorms, building entrance, and time and attendance

applications. AFIS systems have been providing terrific value to

society (since their inception in the U.S. in the late 1960s),

integrating automatic and manual processes. Disney World uses

the finger geometry information of individuals to ensure that a

season pass is not shared among multiple individuals. Further

iterative cycles of technology development, application to new

domains, realistic performance evaluation, and standardization

51
efforts will facilitate the cycle of build-test-share for transforming

the technology into business solutions. The complexity of designing

a biometric system based on three main factors (accuracy, scale or

size of the database, and usability). Many application domains

require a biometric system to operate on the extreme of only one

of the three axes in Fig. 4 and such systems have been

successfully deployed. The grand challenge is to design a system

that would operate on the extremes of all of these three axes

simultaneously. This will entail overcoming the fundamental

barriers that have been cleverly avoided in designing the currently

successful niche biometric solutions. Addressing these core

research problems in the opinion of the authors will significantly

advance the state of the art and make biometric systems more

secure, robust, and cost-effective. This, we believe, will promote

adoption of biometric systems, resulting in potentially broad

economic and social impact.

As biometric technology matures, there will be increasing

interaction among the market, the technologies, and the

applications. This interaction will be influenced by the additional

52
value of the technology, user acceptance, and the credibility of the

service provider. It is too early to predict exactly where and how

biometric technology will evolve and into which particular

applications it will become embedded. But it is certain that

biometric-based recognition will have a profound influence on the

way we conduct our daily business because of the inherent

potential for effectively linking people to records, thereby ensuring

information security.

53
 REFERENCES

Advanced encryption standard (AES), Federal Information

Processing

Standards Publication 197 National Institute of Standards and

Technology,

2001 [Online]. Available: http://csrc.nist.gov/publications/ps/

ps197/ps-197.pdf

A. K. Jain, R. Bolle, and S. Pankanti, Biometrics: Personal

Identication

in Networked Society. Norwell, MA: Kluwer, 1999.

Manseld, T. (2001) Biometric Product Testing Final Report,

National PhysicalLaboratory, 2001, http://www.npl.co.uk/.

Matyas, V.,Riha, Z. (2000). Biometric Authentication

Systems.Technical

report.http://www.ecommonitor.com/papers/biometricsTR2000.pdf

Newham, E. (1995). The biometric report. SBJ Services.

54