access control an overview of biometrics. security innovation ©2003 2 1.introduction 2.biometric...

Access ControlAccess Control

An Overview of An Overview of BiometricsBiometrics

SECURITY INNOVATION ©20032

1.1. IntroductionIntroduction

2.2. Biometric identifiersBiometric identifiers

3.3. Classification of biometrics methodsClassification of biometrics methods

4.4. Biometric system architectureBiometric system architecture

5.5. Performance evaluationPerformance evaluation

Contents Biometric Contents Biometric SystemsSystems


6.6. Signature recognitionSignature recognition

7.7. Voice recognitionVoice recognition

8.8. Retinal scanRetinal scan

9.9. Iris scanIris scan

10.10. Face-scan and facial thermographFace-scan and facial thermograph

11.11. Hand geometryHand geometry

Contents Biometric Contents Biometric SystemsSystems


Association of an individual with an Association of an individual with an identity:identity:

• Verification (or authentication): confirms or Verification (or authentication): confirms or denies a claimed identity.denies a claimed identity.

• Identification (or recognition): establishes the Identification (or recognition): establishes the identity of a subject (usually from a set of identity of a subject (usually from a set of enrolled persons). enrolled persons).

Personal IdentificationPersonal Identification


• Token-based: Token-based: “something that “something that you have”you have”

• Knowledge-based: Knowledge-based: “something that “something that you know”you know”

• Biometrics-based: Biometrics-based: “something that “something that you are”you are”

Personal Identification Personal Identification ObjectsObjects


• Bio + metrics:Bio + metrics:– The statistical measurement of The statistical measurement of

biological data.biological data.

• Biometric Consortium definition:Biometric Consortium definition:– Automatically recognizing a person Automatically recognizing a person

using distinguishing traits.using distinguishing traits.

BiometricsBiometrics


• Access controlAccess control– to devices to devices

• cellular phonescellular phones• logging into a computer, laptop, or PDAlogging into a computer, laptop, or PDA• carscars• gunsguns

– to local servicesto local services• money from a ATM machine money from a ATM machine • logging in to computerlogging in to computer• accessing data on smartcard accessing data on smartcard

– to remote servicesto remote services • e-commercee-commerce• e-businesse-business

Application Domains (I)Application Domains (I)


Application Domains (II)Application Domains (II)

• Physical access control Physical access control – to high security areasto high security areas– to public buildings or areasto public buildings or areas

• Time & attendance controlTime & attendance control• IdentificationIdentification

– forensic person investigationforensic person investigation– social services applications, e.g. immigration social services applications, e.g. immigration

or prevention of welfare fraudor prevention of welfare fraud– persopersonal dnal documents, e.g. electronic drivers ocuments, e.g. electronic drivers

license or ID cardlicense or ID card


Ideal PropertiesIdeal Properties• UniversalityUniversality• UniquenessUniqueness• StabilityStability• QuantitativeQuantitative

Considerations• Performance • Acceptability• Forge resistance

Biometric IdentifiersBiometric Identifiers


• Covered in ISO/IEC 27N2949:Covered in ISO/IEC 27N2949:– recognition of signatures,recognition of signatures,– fingerprint analysis,fingerprint analysis,– speaker recognition,speaker recognition,– retinal scan,retinal scan,– iris scan,iris scan,– face recognition,face recognition,– hand geometry.hand geometry.

Biometric TechnologiesBiometric Technologies


• Found in the literature:Found in the literature:– vein recognition (hand),vein recognition (hand),– keystroke dynamics,keystroke dynamics,– palm print,palm print,– gait recognition,gait recognition,– ear shape.ear shape.

Other Biometric MethodsOther Biometric Methods


• Static:Static:– fingerprintfingerprint– retinal scanretinal scan– iris scaniris scan– hand hand

geometrygeometry

• Dynamic:Dynamic:– signature recognitionsignature recognition– speaker recognitionspeaker recognition

Classification of Biometric Classification of Biometric MethodsMethods


• Basic modules of a biometric system:Basic modules of a biometric system:– Data acquisitionData acquisition– Feature extractionFeature extraction– MatchingMatching– DecisionDecision– StorageStorage

Biometric System Biometric System ArchitectureArchitecture


Biometric System ModelBiometric System Model

Raw dataRaw data Extracted Extracted featuresfeatures templatetemplate

Authentication decisionAuthentication decision

Data Data collectioncollection

Signal Signal processingprocessing

matchingmatching

storagestorage

scorescore

decisiondecision

ApplicationApplication


• Reads the biometric info from the user.Reads the biometric info from the user.

• Examples: video camera, fingerprint Examples: video camera, fingerprint scanner/sensor, microphone, etc.scanner/sensor, microphone, etc.

• All sensors in a given system must be All sensors in a given system must be similar to ensure recognition at any similar to ensure recognition at any location.location.

• Environmental conditions may affect Environmental conditions may affect their performance.their performance.

Data Acquisition ModuleData Acquisition Module


• Discriminating features extracted from Discriminating features extracted from the raw biometric data.the raw biometric data.

• Raw data transformed into small set of Raw data transformed into small set of bytes – storage and matching.bytes – storage and matching.

• Various ways of extracting the features.Various ways of extracting the features.• Pre-processing of raw data usually Pre-processing of raw data usually

necessary.necessary.

Feature Extraction Feature Extraction ModuleModule


• The core of the biometric system.The core of the biometric system.• Measures the similarity of the claimant’s Measures the similarity of the claimant’s

sample with a reference template.sample with a reference template.• Typical methods: distance metrics, Typical methods: distance metrics,

probabilistic measures, neural networks, probabilistic measures, neural networks, etc.etc.

• The result: a number known as match The result: a number known as match score.score.

Matching ModuleMatching Module


• Interprets the match score from the Interprets the match score from the matching module.matching module.

• Typically a binary decision: yes or no.Typically a binary decision: yes or no.• May require more than one submitted May require more than one submitted

samples to reach a decision: 1 out of 3.samples to reach a decision: 1 out of 3.• May reject a legitimate claimant or May reject a legitimate claimant or

accept an impostor.accept an impostor.

Decision ModuleDecision Module


• Maintains the templates for enrolled Maintains the templates for enrolled users.users.

• One or more templates for each user.One or more templates for each user.• The templates may be stored in:The templates may be stored in:

– a special component in the biometric device,a special component in the biometric device,– conventional computer database,conventional computer database,– portable memories such as smartcards.portable memories such as smartcards.

Storage ModuleStorage Module


• Capturing, processing and storing of the Capturing, processing and storing of the biometric template.biometric template.

• Crucial for the system performance.Crucial for the system performance.• Requirements for enrolment:Requirements for enrolment:

– secure enrolment procedure,secure enrolment procedure,– check of template quality and check of template quality and

“matchability”,“matchability”,– binding of the biometric template to the binding of the biometric template to the

person being enrolled.person being enrolled.

EnrolmentEnrolment


• A genuine individual is accepted.A genuine individual is accepted.• A genuine individual is rejected (error).A genuine individual is rejected (error).• An impostor is rejected.An impostor is rejected.• An impostor is accepted (error).An impostor is accepted (error).

Possible Decision Possible Decision OutcomesOutcomes


• Balance needed between 2 types of Balance needed between 2 types of error:error:– Type IType I: system fails to recognize valid user : system fails to recognize valid user

(‘false non-match’ or ‘false rejection’).(‘false non-match’ or ‘false rejection’).– Type IIType II: system accepts impostor (‘false : system accepts impostor (‘false

match’ or ‘false acceptance’).match’ or ‘false acceptance’).

• Application dependent trade-off between Application dependent trade-off between two error types.two error types.

ErrorsErrors


• Error tolerance threshold is crucial and Error tolerance threshold is crucial and application dependent.application dependent.

• Tolerance too large gives Type II error Tolerance too large gives Type II error (admit impostors).(admit impostors).

• Tolerance too small gives Type I errors Tolerance too small gives Type I errors (reject legitimate users).(reject legitimate users).

• Equal error rate for comparison: false Equal error rate for comparison: false non-match equal to false match.non-match equal to false match.

Tolerance ThresholdTolerance Threshold


• Signature recognitionSignature recognition• Voice recognitionVoice recognition• Retinal scanRetinal scan• Iris scanIris scan• Face biometricsFace biometrics• Hand geometryHand geometry

Biometric TechnologiesBiometric Technologies


• Signatures in wide use for many years.Signatures in wide use for many years.• Signature generating process a trained Signature generating process a trained

reflex - imitation difficult especially ‘in reflex - imitation difficult especially ‘in real time’.real time’.

• Automatic signature recognition Automatic signature recognition measures the dynamics of the signing measures the dynamics of the signing process.process.

Signature RecognitionSignature Recognition


• Variety of characteristics can be used:Variety of characteristics can be used:– angle of the pen,angle of the pen,– pressure of the pen,pressure of the pen,– total signing time,total signing time,– velocity and acceleration,velocity and acceleration,– geometry.geometry.

Dynamic Signature Dynamic Signature RecognitionRecognition


Dynamic Signature Dynamic Signature Verification (I)Verification (I)

Electronic pen [LCI-SmartPen]


Dynamic Signature Dynamic Signature Verification (II)Verification (II)

Digitising tablet [Hesy Signature Pad by BS Biometric Systems GmbH]

Digitising tablet by Wacom Technologies


Signature Recognition: Signature Recognition: Advantages / Advantages /

DisadvantagesDisadvantages• Advantages:Advantages:

– Resistance to forgeryResistance to forgery– Widely acceptedWidely accepted– Non-intrusiveNon-intrusive– No record of the signatureNo record of the signature

• Disadvantages:Disadvantages:– Signature inconsistenciesSignature inconsistencies– Difficult to useDifficult to use– Large templates (1K to 3K)Large templates (1K to 3K)


• Ridge patterns on fingers uniquely Ridge patterns on fingers uniquely identify people.identify people.

• Classification scheme devised in 1890s.Classification scheme devised in 1890s.• Major features: arch, loop, whorl.Major features: arch, loop, whorl.• Each fingerprint has at least one of the Each fingerprint has at least one of the

major features and many ‘small’ major features and many ‘small’ features.features.

Fingerprint RecognitionFingerprint Recognition


Features of FingerprintsFeatures of Fingerprints


• In a machine system, reader must In a machine system, reader must minimize image rotation.minimize image rotation.

• Look for minutiae and compare.Look for minutiae and compare.• Minor injuries a problem.Minor injuries a problem.• Automatic systems can not be Automatic systems can not be

defrauded by detached real fingers.defrauded by detached real fingers.

Fingerprint Recognition Fingerprint Recognition (cont.)(cont.)


• Basic steps for fingerprint Basic steps for fingerprint authentication:authentication:– Image acquisition,Image acquisition,– Noise reduction,Noise reduction,– Image enhancement,Image enhancement,– Feature extraction,Feature extraction,– Matching.Matching.

Fingerprint Fingerprint AuthenticationAuthentication


a)a) OriginalOriginal

b)b) OrientationOrientation

c)c) BinarisedBinarised

d)d) ThinnedThinned

e)e) MinutiaeMinutiae

f)f) Minutia Minutia graphgraph

Fingerprint ProcessingFingerprint Processing

aa

ffee

ddcc

bb


Fingerprint RecognitionFingerprint Recognition

• SensorsSensors– optical sensorsoptical sensors– ultrasound sensorsultrasound sensors– chip-based sensorschip-based sensors– thermal sensorsthermal sensors

• Integrated productsIntegrated products– for identification – AFIS systemsfor identification – AFIS systems– for verificationfor verification


Fingerprint Recognition: Fingerprint Recognition: Sensors (I)Sensors (I)

Optical fingerprint sensor[Fingerprint Identification Unit

FIU-001/500 by Sony]

Electro-optical sensor [DELSY® CMOS sensor modul]

Capacitive sensor[FingerTIP™ by Infineon]


Fingerprint Recognition: Fingerprint Recognition: Sensors (II)Sensors (II)

E-Field Sensor[FingerLoc™ by Authentec]

Thermal sensor[FingerChip™ by ATMEL

(was: Thomson CSF)]


Fingerprint Recognition: Fingerprint Recognition: Integrated Systems (I)Integrated Systems (I)

[BioMouse™ Plus by American Biometric Company]

Physical Access Control System [BioGate Tower by Bergdata]

[ID Mouse by Siemens]


Fingerprint Recognition: Fingerprint Recognition: Integrated Systems (II)Integrated Systems (II)

[TravelMate 740 by Compaq und Acer]

Keyboard [G 81-12000 by Cherry]

System including fingerprint sensor,smartcard reader anddisplay by DELSY


Fingerprint Recognition: Fingerprint Recognition: Advantages / Advantages /


– Mature technologyMature technology– Easy to use/non-intrusiveEasy to use/non-intrusive– High accuracyHigh accuracy– Long-term stabilityLong-term stability– Ability to enrol multiple fingersAbility to enrol multiple fingers

• Disadvantages:Disadvantages:– Inability to enrol some usersInability to enrol some users– Affected by skin conditionAffected by skin condition– Association with forensic applicationsAssociation with forensic applications


• Linguistic and speaker dependent Linguistic and speaker dependent acoustic patterns.acoustic patterns.

• Speaker’s patterns reflect:Speaker’s patterns reflect:– anatomy (size and shape of mouth and anatomy (size and shape of mouth and

throat),throat),– behavioral (voice pitch, speaking style).behavioral (voice pitch, speaking style).

• Heavy signal processing involved Heavy signal processing involved (spectral analysis, periodicity, etc)(spectral analysis, periodicity, etc)

Speech RecognitionSpeech Recognition


• Text-dependent: predetermined set of Text-dependent: predetermined set of phrases for enrolment and identification.phrases for enrolment and identification.

• Text-prompted: fixed set of words, but Text-prompted: fixed set of words, but user prompted to avoid recorded user prompted to avoid recorded attacks. attacks.

• Text-independent: free speech, more Text-independent: free speech, more difficult to accomplish.difficult to accomplish.

Speaker Recognition Speaker Recognition SystemsSystems


Speaker Recognition: Speaker Recognition: Advantages/ Advantages/


– Use of existing telephony infrastructureUse of existing telephony infrastructure– Easy to use/non-intrusive/hands freeEasy to use/non-intrusive/hands free– No negative associationNo negative association

• Disadvantages:Disadvantages:– Pre-recorded attackPre-recorded attack– Variability of the voiceVariability of the voice– Affected by noiseAffected by noise– Large template (5K to 10K)Large template (5K to 10K)


Eye BiometricEye Biometric

• Retina:Retina:– back inside of the eye ball.back inside of the eye ball.– pattern of blood vessels used for pattern of blood vessels used for

identificationidentification

• Iris:Iris:– colored portion of the eye surrounding the colored portion of the eye surrounding the

pupil.pupil.– complex iris pattern used for identificationcomplex iris pattern used for identification..


• Accurate biometric measure.Accurate biometric measure.• Genetically independent: identical twins Genetically independent: identical twins

have different retinal pattern.have different retinal pattern.• Highly protected, internal organ of the Highly protected, internal organ of the

eye.eye.• May change during the life of a person.May change during the life of a person.

Retinal PatternRetinal Pattern


Retinal RecognitionRetinal Recognition

Retinal recognition system [Icam 2001 by Eyedentify]


Retinal Scan: Retinal Scan: Advantages / Advantages /


– High accuracyHigh accuracy– Long-term stabilityLong-term stability– Fast verificationFast verification

• Disadvantages:Disadvantages:– Difficult to useDifficult to use– IntrusiveIntrusive– Limited applicationsLimited applications


• Iris pattern possesses a high degree of Iris pattern possesses a high degree of randomness: extremely accurate biometric.randomness: extremely accurate biometric.

• Genetically independent: identical twins have Genetically independent: identical twins have different iris pattern.different iris pattern.

• Stable throughout life.Stable throughout life.• Highly protected, internal organ of the eye.Highly protected, internal organ of the eye.• Patterns can be acquired from a distance (1m).Patterns can be acquired from a distance (1m).• Patterns can be encoded into 256 bytes.Patterns can be encoded into 256 bytes.

Iris PropertiesIris Properties


• Iris code developed by John Daugman at Iris code developed by John Daugman at Cambridge.Cambridge.

• Extremely low error rates.Extremely low error rates.• Fast processing.Fast processing.• Monitoring of pupils oscillation to prevent Monitoring of pupils oscillation to prevent

fraud.fraud.• Monitoring of reflections from the moist cornea Monitoring of reflections from the moist cornea

of the living eye.of the living eye.

Iris RecognitionIris Recognition


The Iris CodeThe Iris Code


Iris RecognitionIris Recognition

System for active iris recognition by IrisScan

System for passive iris recognition by Sensar


Iris Recognition: Iris Recognition: Advantages / Advantages /


– High accuracyHigh accuracy– Long term stabilityLong term stability– Nearly non-intrusiveNearly non-intrusive– Fast processingFast processing

• Disadvantages:Disadvantages:– Not exactly easy to useNot exactly easy to use– High false non-match ratesHigh false non-match rates– High costHigh cost


• Static controlled or dynamic uncontrolled Static controlled or dynamic uncontrolled shots.shots.

• Visible spectrum or infrared Visible spectrum or infrared (thermographs).(thermographs).

• Non-invasive, hands-free, and widely Non-invasive, hands-free, and widely accepted.accepted.

• Questionable discriminatory capability.Questionable discriminatory capability.

Face-scan and Facial Face-scan and Facial ThermographsThermographs


• Visible spectrum: inexpensive.Visible spectrum: inexpensive.• Most popular approaches:Most popular approaches:

– eigen faces,eigen faces,– Local feature analysis.Local feature analysis.

• Affected by pose, expression, hairstyle, Affected by pose, expression, hairstyle, make-up, lighting, eyeglasses.make-up, lighting, eyeglasses.

• Not a reliable biometric measure.Not a reliable biometric measure.

Face RecognitionFace Recognition


Face RecognitionFace Recognition

Face recognition system[One-to-One™ by Biometric Access Corporation]

Face recognition system [TrueFace Engine by Miros]


Face Recognition: Face Recognition: Advantages / Advantages /


– Non-intrusiveNon-intrusive– Low costLow cost– Ability to operate covertlyAbility to operate covertly

• Disadvantages:Disadvantages:– Affected by appearance/environmentAffected by appearance/environment– High false non-match ratesHigh false non-match rates– Identical twins attackIdentical twins attack– Potential for privacy abusePotential for privacy abuse


• Captures the heat emission patterns Captures the heat emission patterns derived from the blood vessels under derived from the blood vessels under the skin.the skin.

• Infrared camera: unaffected by external Infrared camera: unaffected by external changes (even plastic surgery!) or changes (even plastic surgery!) or lighting. lighting.

• Unique but accuracy questionable.Unique but accuracy questionable.• Affected by emotional and health state.Affected by emotional and health state.

Facial ThermographFacial Thermograph


Facial Thermograph: Facial Thermograph: Advantages / Advantages /


– Non-intrusiveNon-intrusive– StableStable– Not affected by external changesNot affected by external changes– Identical twins resistantIdentical twins resistant– Ability to operate covertlyAbility to operate covertly

• Disadvantages:Disadvantages:– High cost (infrared camera)High cost (infrared camera)– New technologyNew technology– Potential for privacy abusePotential for privacy abuse


• Features: dimensions and shape of the Features: dimensions and shape of the hand, fingers, and knuckles as well as hand, fingers, and knuckles as well as their relative locations.their relative locations.

• Two images taken: one from the top and Two images taken: one from the top and one from the side.one from the side.

Hand GeometryHand Geometry


Hand Geometry ReadingHand Geometry Reading

Hand geometry reader by Recognition Systems

Hand geometry reader for two finger recognition by BioMet Partners


Hand Geometry: Hand Geometry: Advantages / Advantages /


– Not affected by environmentNot affected by environment– Mature technologyMature technology– Non-intrusiveNon-intrusive– Relatively stableRelatively stable

• Disadvantages:Disadvantages:– Low accuracyLow accuracy– High costHigh cost– Relatively large readersRelatively large readers– Difficult to use for some users (Difficult to use for some users (arthritis, arthritis,

missing fingers or large hands)missing fingers or large hands)


Multimodal Biometric Multimodal Biometric SystemsSystems

• Combination of biometric technologies Combination of biometric technologies – Fingerprint and face recognitionFingerprint and face recognition– Face recognition and lip movementFace recognition and lip movement– Fingerprint recognition and dynamic Fingerprint recognition and dynamic

signature verificationsignature verification

• Increase the level of security achieved Increase the level of security achieved by the systemby the system

• Enlarge the user baseEnlarge the user base


How good are biometric How good are biometric products?products?

• How can we find out, how good a How can we find out, how good a biometric product is?biometric product is?– Empirical tests of the productEmpirical tests of the product

• There have been independent tests on a There have been independent tests on a series of biometric productsseries of biometric products– in Japanin Japan– in Germanyin Germany


Different Threat Different Threat ScenariosScenarios

1.1. Regular biometric Regular biometric sensor using sensor using artificially artificially generated generated biometric data biometric data

2.2. Replay attack of Replay attack of eavesdropped eavesdropped biometric databiometric data

3.3. Manipulation of Manipulation of stored biometric stored biometric reference datareference data


Japanese TestJapanese Test• Tsutomu Matsumoto, a Japanese Tsutomu Matsumoto, a Japanese

cryptographer working at Yokohama cryptographer working at Yokohama National University National University

• 11 state-of-the-art fingerprint sensors11 state-of-the-art fingerprint sensors• 2 different processes to make gummy 2 different processes to make gummy

fingersfingers– from live finger from live finger – from latent fingerprint from latent fingerprint

Gummy fingers fooled fingerprint Gummy fingers fooled fingerprint sensors 80% of the timesensors 80% of the time


Test in Germany (I)Test in Germany (I)• 11 biometric sensors 11 biometric sensors

– 9 fingerprint sensors, 9 fingerprint sensors, – 1 face recognition system, and 1 face recognition system, and – 1 iris scanner1 iris scanner

• Fingerprint sensors – Fingerprint sensors – – reactivate latent fingerprints (optical and capacitive reactivate latent fingerprints (optical and capacitive

sensors)sensors)– apply latex finger (thermal sensor)apply latex finger (thermal sensor)

• Face recognition system – Face recognition system – – down- (up-) load biometric reference data from (to) down- (up-) load biometric reference data from (to)

hard diskhard disk– no or only weak life detectionno or only weak life detection


Test in Germany (II)Test in Germany (II)

• Iris recognition – Iris recognition – – picture of iris of enrolled person with cut-out picture of iris of enrolled person with cut-out

pupil, where a real pupil is displayedpupil, where a real pupil is displayed

All tested biometric systems could be All tested biometric systems could be fooled, but the effort differed fooled, but the effort differed

considerablyconsiderably


• Does the application need identification Does the application need identification or authentication?or authentication?

• Is the collection point attended or Is the collection point attended or unattended?unattended?

• Are the users used to the biometrics?Are the users used to the biometrics?• Is the application covert or overt?Is the application covert or overt?

Choosing the BiometricsChoosing the Biometrics


• Are the subjects cooperative or non-Are the subjects cooperative or non-cooperative?cooperative?

• What are the storage requirement What are the storage requirement constraints?constraints?

• How strict are the performance How strict are the performance requirements?requirements?

• What types of biometrics are acceptable What types of biometrics are acceptable to the users?to the users?

Choosing the Biometrics Choosing the Biometrics (cont.)(cont.)


ConclusionsConclusions

• Biometric technology has great potentialBiometric technology has great potential• There are many biometric products There are many biometric products

around, regarding the different biometric around, regarding the different biometric technologiestechnologies

• Shortcomings of biometric systems due to Shortcomings of biometric systems due to – manufacturers ignorance of security concernsmanufacturers ignorance of security concerns– lack of quality controllack of quality control– standardisation problemsstandardisation problems

• Biometric technology is very promising Biometric technology is very promising • Manufacturers have to take security Manufacturers have to take security

concerns seriousconcerns serious

access control an overview of biometrics. security innovation ©2003 2 1.introduction 2.biometric...

Documents

security innovation

biometric technologies

face recognition

gait recognition

recognition of signatures

voice recognition

high security areas

vein recognition hand