b iometric standards a n overview of biometrics and identity management supervisor : ahmed abu...
TRANSCRIPT
UN
IVER
SIT
Y O
F PALE
STIN
E
1
BIOMETRIC STANDARDSAN OVERVIEW OF BIOMETRICS AND IDENTITY MANAGEMENT
Supervisor : Ahmed Abu MosamehPrepared by : Mahmoud Alasi220060035
2
UN
IVER
SIT
Y O
F PALE
STIN
ETHE NEED TO IDENTIFY
Every day we are required to identify ourselves Using a bank card with a PIN at a cash machine A password to log on to a computer Using a key to open a door Punching a code into a keypad to enter the
workplace Using passwords on the Internet Providing a passport and driving licence as proof
of identity We need to be able to accurately IDENTIFY
an individual to minimize current issues and threats
UN
IVER
SIT
Y O
F PALE
STIN
E
3
CURRENT ATTRIBUTES USED TO IDENTIFY
• Name
• Address
• Postcode
• Date of Birth
• Account no.
• Passwords
• PINs
• Phone no.
• Mother’s maiden name
• Passport
• Birth certificate
• Driving licence
• Credit cards
• Utility bills
• Membership cards
• Salary slip
4
UN
IVER
SIT
Y O
F PALE
STIN
EIS BIOMETRICS THE ANSWER?
A biometric is part of the person and is not easily compromised through:TheftCollusionLoss
Simplifies user management resulting in cost savings
Users do not need to remember passwords Users do not need to remember PINs User accounts cannot be shared Easy to use
5
UN
IVER
SIT
Y O
F PALE
STIN
EBIOMETRIC DEFINITION
The automated recognition of individuals based on their behavioural and biological characteristics The general meaning of biometrics encompasses
counting, measuring and statistical analysis of any kind of data in the biological sciences including the relevant medical sciences
The term is derived from the Greek words “bios” meaning life and “metron” meaning measure
6
UN
IVER
SIT
Y O
F PALE
STIN
E
BIOLOGICAL AND BEHAVIOURAL
Biological Fingerprint Face (2D &
3D) Iris Vein pattern Hand
geometry DNA
• Behavioural Signature
Gait
Voice
Keystroke dynamics
7
UN
IVER
SIT
Y O
F PALE
STIN
E
IRIS
Captures the pattern of flecks on the iris Uses conventional cameras Average 2 seconds for identification No physical contact between user and reader
8
UN
IVER
SIT
Y O
F PALE
STIN
E
FACE
Based upon the geometric shape and position of features of the face
Resistant to changes in skin tone, facial hair, hair style, and eyeglasses
No active user involvement required in order to perform identification/verification
Limited success in practical applications
9
UN
IVER
SIT
Y O
F PALE
STIN
E
VOICE
Analyses voice patterns and characteristics of speech e.g. pitch, tone, etc.
High user acceptance – perceived as least intrusive biometric technology
Easy for end users to implement Ideal for telephone systems/mobile
environments
10
UN
IVER
SIT
Y O
F PALE
STIN
E
HAND GEOMETRY
Measures the physical characteristics of the user’s hand and fingers
Low level infrared light and camera used to capture an image
Suited to applications where there is a large user base or users access the system infrequently
Systems are easy to use and robust
11
UN
IVER
SIT
Y O
F PALE
STIN
E
SIGNATURE
Based on analysis of the dynamics of a handwritten signature e.g. shape, speed, stroke order, pen pressure
Generally use pressure sensitive tablets or wired pens
User friendly Non intrusive – minimal public acceptance
issues Captured signature can be used for digitally
signing documents
12
UN
IVER
SIT
Y O
F PALE
STIN
E
KEYSTROKE DYNAMICS
Monitors rate of typing and intervals between letters
Verification based on typing rhythm – intruders may guess password but fail to key in with correct rhythm
Neither enrolment nor verification disturbs the regular flow of work
Low cost – only hardware required is keyboard
13
UN
IVER
SIT
Y O
F PALE
STIN
E
FINGERPRINT
Variety of fingerprint devices available (silicon and optical)
Template constructed by analysing patterns that make the fingerprint (minutiae)
14
UN
IVER
SIT
Y O
F PALE
STIN
E
DNA
Forensic genetics use deoxyribonucleic acid (DNA) profiling in a number of important human identity applications
0.01% of a person's entire genome is unique to each individual This represents 3 million base pairs of DNA 95% of the human genome are non-coding
sequences (called junk DNA) Standard profiling systems only exploit the junk DNA
to maintain the privacy and civil rights of the donor
15
UN
IVER
SIT
Y O
F PALE
STIN
E
MULTIMODAL
Combination of one or more biometrics Algorithmic level Results level
Multimodal is the fusion of results with logic applied
16
UN
IVER
SIT
Y O
F PALE
STIN
E
KEY MULTIMODAL FACTS
Can be used to: Improve reliability Make forgery more difficult Make systems more flexible to user characteristics (decreases failure to enrol) Make systems more complex Promote inclusivity
Input Device
Matching
Result
Input Device
Matching
Result
Fusion
Fusion
Fusion
UN
IVER
SIT
Y O
F PALE
STIN
E
17
VERIFICATION VERSUS IDENTIFICATION
“Are you who you say you are”?
“Who are you”?
NOT
UN
IVER
SIT
Y O
F PALE
STIN
E
18
VERIFICATION AND IDENTIFICATION
Verification Involves confirming or
denying a person’s claimed identity – Are you who you claim to be?
Biometric sample captured and compared with the previously stored template for that user
One-to-one comparison Are you who you say
you are? “I am who I say I am”
• Identification Means establishing a
person’s identity from an already established list – Who are you from this list?
Biometric sample presented to a system which searches the existing (enrolled) subjects
One-to-many comparison
Do I know you?
“I am not known to you already”
19
UN
IVER
SIT
Y O
F PALE
STIN
E
IDENTIFICATION BEFORE VERIFICATION
To establish a ‘clean’ database of individuals each individual first needs to be identified One-to-many match is performed against the
central database to ensure the individual does not already exist under correct name or any other aliases
Once identity is established it can be sufficient to verify the individual as proof of identity only One-to-one match is performed at the point of
interface without the need to check back to the central database
20
UN
IVER
SIT
Y O
F PALE
STIN
E
KEY CONSIDERATION IN A BIOMETRIC SYSTEM
Current & Future
Technology
Risk & Requirement
Analysis
Research & Developmen
t
User Perception
Accuracy & Throughput
IntegrationPerformanceBusiness Process
Strategy
21
UN
IVER
SIT
Y O
F PALE
STIN
ECONSIDERATIONS OF ADDING A BIOMETRIC SYSTEM
Not all biometrics technologies suit all people In many cases additional hardware is
required User co-operation is usually necessary Privacy concerns must be addressed Cost of personal devices in large systems can
be significant User education is required Biometric revocation must be considered as
biometric data is not secret
22
UN
IVER
SIT
Y O
F PALE
STIN
E
CAPTURE THE LEGAL AND POLITICAL IMPERATIVES
Ask what additional considerations are there with a biometric application as opposed to any other IT deliverable Privacy? Data access considerations (who and why)? Sensitivity of data? Legislative limitations? User acceptance? Standards compliance?
23
UN
IVER
SIT
Y O
F PALE
STIN
E
ISO/IEC JTC1 SC 37 BIOMETRICS
Currently 25 participating countries and 7 observer countries Liaisons with:
JTC 1/SC 17 Cards and Personal Identification. JTC 1/SC 24 Computer Graphics and Imaging JTC 1/SC 27 Information Technology Security Techniques. JTC 1/SC 29 Coding of Audio, Picture and Multimedia and
Hypermedia Information. JTC 1/SC 31 Automatic Identification and Data Capture
Techniques JTC 1/SC 32 Data Management and Interchange JTC 1/SC 36 Information Technology for Learning,
Education and Training. ITU-T SG17 Telecommunication Standardization Sector
Study Group on Data Networks and Telecommunications Software.
BioAPI Consortium IBIA International Biometrics Industry Association (IBIA) ILO International Labour Office of the UN
24
UN
IVER
SIT
Y O
F PALE
STIN
E
THE BENEFITS OF STANDARDS FOR BIOMETRICS
They foster wide spread utilization of the technology
They are a sign of industry maturity They reduce time-to-market They facilitate interchange and/or
interoperability They reduce risk to integrators and end users They reduce vendor “lock-in” effect