Post on 26-Oct-2015
description
transcript
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
83
Sect
ion
Thre
e
The ‘123’ of Biometric TechnologyWe are so used to recognising people in our daily life that we often take this task for granted. Despite
the often heard problems of fraud in the electronic transactions over the Internet in which lack of
identity authentication is a prime cause, automated identity authentication afforded by biometric
technology is not looked into seriously by most corporations. However, after the September 11 incident,
biometric technology is gaining in popularity. This article will give an overview of this technology, its
potential, issues and challenges to widespread adoption.
Yau Wei YunResearch Manager, Laboratories for Information Technology
Co-Chair, Biometrics Working Group of Security &
Privacy Standards Technical Committee
1. Introduction
One of the remarkable ability of human and most animals is to identify friends from foes. Such
capability is crucial for survival from ancient time till now. Why is it so? Wrongly identifying
a foe as a friend could mean goodwill abused, property or wealth stolen, valuable information
lost to unwanted hands, life of oneself and family members jeopardised or in larger scale, the
society or nation threatened. The reverse will equally cost one dearly in societal and personal
relationship. If you think about it, our capability to recognise people has been developed since
young and is used daily - we recognise our family members, friends and foes, primarily through
face and voice. Our daily transactions, from purchasing things at the nearby convenience
stores, withdrawing small amount of money at the Auto-Teller Machines, entering our house
or office to large monetary transactions at a bank involves our identity and the means of
authenticating it. Indeed, it is pervasive in our daily life.
Even in the current Information Technology (IT) age, identity authentication is very crucial.
IT brings with it capability for electronic transaction where face-to-face or other means of
personal contact is not necessary. The lack of actual contact makes identifying the real user
necessary as well as difficult. Necessary because as the saying goes, in the Internet, even a
monkey can be human! Difficult as it goes beyond the traditional means of identity authentication
and where being anonymous and staying anonymous is the desired feature of the Internet.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
84
Traditional means of identity authentication using tokens such as keys and cards, or
personal identification numbers (PINs) and passwords are ill suited for such a task. For
example, if you would like to purchase anything in the Internet, most likely you will
require a credit card number to authenticate who you are and that you have means
to pay for your goods. However, such a number can be obtained rather easily by hackers,
not to mention the numerous fake credit cards in circulation. Bank cards need PINs to
authenticate one's identity. However, in many situations, the PINs can be obtained
easily either because the users wrote the PINs behind their cards or at some place or
that the PINs were obtained through observation or fraudulent means. Some users have
more than one bank account and thus it is challenging to remember all the PINs on
top of the various PINs/passwords used daily. The most important issue is how to identify
the "real" person without resorting to any complex and troublesome mechanism for
verification. Biometrics is seen as one of the best candidates to solve this problem.
Essentially, biometrics is the automated approach to authenticate the identity of a
person using the individual's unique physiological or behavioural characteristics such
as fingerprint, face, voice, signature etc. Since it is based on a unique trait which is
part of you, you do not have to worry about forgetting it, losing it or leaving it at some
place. Since it is unique to you, it is more difficult for others to copy, duplicate or steal
it. Thus in general, biometrics offers a more secure and friendly way of identity
authentication.
2. Biometrics
There are several biometric technologies in use today with a few more technologies
being investigated in research laboratories worldwide [1, 2]. Nevertheless, all the
technologies share a common process flow as follows:
Figure 1: Common Biometric Process Flow
Processing:Extract Features andGenerate Template
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
85
Sect
ion
Thre
e
A sensor is required to acquire the biometric data that will then be processed by a processor
which could be part of an embedded system or a PC. The processing involves enhancing the
data, removing noise and segmenting out the crucial data. From such conditioned data, the
unique features are then extracted and a template is then generated to represent the biometric
data. This template will be the basis from which the uniqueness of the data is associated with
the identity of the user. If it is the first time the user is using the biometric system, the template
will be stored for future references. Other information associated with the user may be included
as well. User access to the system involves comparing the generated template against the
reference of allowed user(s). If the matching is made against a claimed identity, the matching
process will be a one to one comparison between the generated template and the stored
reference template. Such a matching process is called a verification process. There are many
ways to claim an identity, such as by entering name, telephone number, PIN or password and
using token such as smart card or contactless card.
Another possible mode of matching is to compare the generated template against a list of
reference templates of legitimate users. Such a process involves one to many comparisons and
the matching process is called an identification process. The type of matching process used
in a biometric system will depend on the nature of application where the biometric system
is used and the biometric technology involved, as not all biometric technology is suitable for
identification. The following sections will discuss the common biometric technology such as
face, fingerprint, hand geometry, iris, and voice.
3. Face
A face image can be acquired using a normal camera such as an off-the-shelf desktop camera.
As such, it is the most natural biometric for identity authentication. Two main approaches are
used to perform face recognition, namely holistic or global approach and feature-based
approach [3].
Feature-based approach rely on the identification of certain fiducial points on the face which
are less susceptible to alteration, including the points at the eyes, the side of the nose and
the mouth, the points surrounding one's cheekbones etc. The locations of these points are
used to compute the geometrical relationships between the points. The regions surrounding
the points can be analysed locally as well. Results from all the local processing at the fiducial
points are then combined to obtain the overall face recognition. Since detection of feature
points precedes the analysis, such a system is robust to position variations in the image.
However, automatic detection of the fiducial points is not accurate and consistent enough
to yield a high accuracy rate for the face recognition.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
86
Holistic approach processes the entire face image simultaneously without attempting
to localise the individual points. This approach has some variants in the type of
technology used, such as statistical analysis, neural networks or transformations. The
famous examples for statistical analysis are the eigenface technique [5] and local
feature analysis [6] while for neural network is the elastic bunch graph matching
technique [7]. The advantage of holistic approach is that it utilizes the face as a whole
and does not destroy any information by exclusively processing only certain fiducial
points. This generally yields more accurate recognition results. However, such technique
is sensitive to variations in position and scale, and thus requires large training data
sets [3, 4].
Figure 2A: Sample Eigenfaces [8] Figure 2B: Elastic Bunch Graph [9]
Face recognition is generally accepted by the public, easy to use, a covert process,
compact and the cost is rather low. The disadvantage is that the accuracy achievable
it is only suitable for verification, but is still insufficient for identification. The performance
will also be affected by variation in face due to aging, make-up, hair-style, glasses,
pose and lighting condition in addition to not being able to separate twins.
4. Fingerprint
Fingerprint is the oldest method of identity authentication and has been used since
1896 for criminal identification. The fingertips have corrugated skin with line like ridges
flowing from one side of the finger to another. The flow of the ridges is non-continuous
and forms a pattern. The discontinuity in the ridge flow give rise to feature points,
called minutiae, while the pattern of flow give rise to classification pattern such as
arches, whorls and loops. These are the basis of fingerprint recognition.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
87
Sect
ion
Thre
e
In forensic application, the fingerprints of criminal suspects are acquired (traditionally using
the ink-and-roll procedure) and stored centrally. Identity search is then conducted using an
Automated Fingerprint Identification System (AFIS) to narrow the search to one or a few prime
suspects when a crime occurs. For civil applications, the fingerprint is not stored, but acquired
live. The template which represents the fingerprint is stored rather than the image. There are
a few variants of image capture technology available for such commercially oriented fingerprint
sensor, including optical, silicon, ultrasound, thermal and hybrid.
There are two main technical approaches for fingerprint recognition: minutia matching and
pattern matching. The former approach locates all the minutiae in the fingerprint consisting
mainly ridge ending (where the ridge ends) and bifurcation (where the ridge branches into
two). Other possible minutiae include dot (very short ridge), island (two nearby bifurcations),
crossover (two ridges crossing each other) and pore. From the geometric information, type,
direction and relationship of the minutiae, comparisons can be made in order to establish
whether the two minutia template matched or not. The latter approach utilizes the region
surrounding a minutiae or other distinct mark and extrapolates data from the series of ridges
in this region. For matching, the same area need to be found and compared and methods to
handle deformation in the pattern is devised. Typically, the template size of the pattern matching
approach is 2-3 times larger than in minutia approach [1]. It is almost impossible to recreate
the fingerprint image from the minutia based template but this cannot be said for the pattern
matching approach. In addition, all the AFIS system used in forensic applications is minutia
based and is an accepted approach in a court of law. Thus majority of the fingerprint recognition
system uses the minutia approach.
Figure 3: A Sample Fingerprint Image
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
88
In general, fingerprint recognition can achieve good accuracy sufficient for both
verification and identification. It is low cost and compact and is getting popular as
consumer products. However, not everyone has fingerprints that can be recognised.
The sensor is also not able to capture acceptable quality fingerprint images for people
with very wet and very dry skin. In addition, the sensor needs to be maintained properly
in order to get consistent performance. The Spring 2002 international developer survey
conducted by Evans Data recently has concluded that fingerprints have the most
potential in terms of user authentication.
5. Hand Geometry
The hand image is obtained using a camera looking from the top when the user placed
his or her hand at a specified surface. The hand can be aligned using pegs or reference
marks. Two views are usually taken in a single image, the top view and the side view.
The side view is usually taken by the top camera as well using a side mirror. From the
hand image, the fingers are located and the length, width, thickness, curvatures and
their relative geometry measured.
The hand geometry template size can be very small. It has acceptable accuracy for
verification but not sufficient for identification. The major advantage is that most
people can use it and as such, the acceptance rate is good. However, the system is
rather bulky and may have problems with aging and health condition such as arthritis.
Figure 4: Measurements of Typical Hand Geometry System [10]
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
89
Sect
ion
Thre
e
6. Iris
Iris, the coloured part of the eye, is composed of a type of tissue called trabecular meshwork
which gives the appearance of layered radial lines or mesh when the iris is examined closely.
The visible mesh consists of characteristics such as striations, rings, crypts, furrows etc. giving
the iris a unique pattern. The iris pattern is stable throughout the lifespan and is different for
twins as well since the pattern is independent of genetic makeup. The iris image is usually
acquired using a monochrome camera with visible and near infra red light (700 - 900nm) [1].
In the processing stage, the eye is located and then the iris is segmented, leaving out the pupil
and other noisy areas caused by reflection of light. Based on the efficient algorithm invented
by Prof. John Daugman of Cambridge University, England, the iris is divided into rims [11]. For
each rim, 2-D Gabor wavelets (a type of filter) are applied sequentially throughout the rim
to extract the iris feature into numerical data, called the IrisCode(tm). The algorithm is able
to reveal 266 independent degrees-of-freedom of textural variation, making it a very accurate
biometric [12]. The IrisCode takes up 256 bytes of memory storage and can be efficiently
matched by computing the fraction of mismatched bits relative to matched bits of two IrisCodes,
called the Hamming distance [11].
Iris recognition is very accurate with very low false acceptance rate (wrongly identifying the
impostor as the genuine user) and can be applied to both verification and identification. The
identification speed is also very fast and it is relatively easy to verify whether the iris is from
a living subject. However, the cost of the system is somewhat high and not compact. It also
suffers from poor lighting, reflection and possibly glasses and may not be suitable for people
with cataract and young children. In addition, some imaging system will require the user to
be motionless for a while.
Figure 5: A Sample Segmented Iris with IrisCode at Top Left Corner [11]
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
90
7. Voice
Voice authentication or speaker recognition uses a microphone to record the voice of
a person. The recorded voice is digitised and then used for authentication. The speech
can be acquired from the user enunciating a known text (text dependent) or speaking
(text independent). In the former case, the text can be fixed or prompted by the system.
The text can also be read discretely or the entire text read out continuously. The captured
speech is then enhanced and unique features extracted to form a voice template. There
are two types of templates: stochastic templates and model templates. Stochastic
templates require probabilistic matching techniques such as the popular Hidden Markov
Model and results in a measure of likelihood of the observation given the template.
For model templates, the matching techniques used are deterministic. The observation
is assumed to be similar to the model, albeit some distortion. Matching result is obtained
by measuring the minimum error distance when the observation is aligned to the model.
The matching techniques popularly used for model templates include Dynamic Time
Warping algorithm, Vector Quantisation and Nearest Neighbours algorithm [13].
As voice is a common means of communication, and with an extensive telephone
network, a microphone becomes rather common and as such the cost of voice
authentication can be very low and compact. Furthermore, it is relatively easy to use.
However, voice varies with age and there can be drastic change from childhood to
adolescence. Also illness and emotion may affect the voice as well as room acoustics
and environmental noise. Variation in microphones and channel mismatch (use of
different type and quality of microphones) is also a major problem for the widespread
use of this biometric technology.
8. Other Biometric Technologies
There are other biometric technologies including signature, retinal scan, DNA typing,
vein pattern (such as within the wrist, palm or dorsal surfaces of the hand), thermal
pattern of the face (facial thermogram), keystroke dynamics, gait pattern, body odour
and ear shape. Instead of relying on only one technology, a multi-modal system which
combines several biometric technologies to increase the likelihood of finding a match
will be increasingly feasible as hardware and system cost decreases to an attractive
level.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
91
Sect
ion
Thre
e
Table I: Comparison of Biometric Technologies [14]
Biometrics Univer- Unique- Perma- Collect- Perfor- Accept- Circum-sality ness nence ability mance ability vention
Face H L M H L H L
Fingerprint M H H M H M H
Hand Geometry M M M H M M M
Keystroke L L L M L M MDynamics
Hand vein M M M M M M H
Iris H H H M H L H
Retina H H M L H L H
Signature L L L H L H L
Voice M L L M L H L
Facial H H L H M H HThermogram
DNA H H H L H L L
H=High, M=Medium, L=Low
Table I below shows a comparison amongst the various biometric technologies discussed.
In the above table, universality indicates how common the biometric is found in each person;
uniqueness indicates how well the biometric separates one person from the other; permanence
indicates how well the biometric resist the effect of aging; while collectability measures how
easy it is to acquire the biometric for processing. Performance indicates the achievable accuracy,
speed and robustness of the biometrics while acceptability indicates the degree of acceptance
of the technology by the public in their daily life and circumvention indicates the level of
difficulty to circumvent or fool the system into accepting an impostor.
In the PIN or password based system, the matching between the input data against the stored
data is straight forward and the outcome is either "yes" or "no". If the result is not a match,
you will usually blame yourself for providing the wrong input. However, for a biometric system,
the extracted data is never an exact replica of the stored biometric data due to the many
variability factors involved. Thus, the matching algorithm is more complex, and the outcome
of the comparison is usually a degree of confidence that the input biometric data is from the
same person as the registered data. There is a tolerance involved. However, the user will usually
blame the system if he or she is rejected but at the same time, high level of security is needed
to avoid wrongly accepting an impostor. In order to compare the performance of biometric
technologies, there are several key measures that need to be understood:
1.False Acceptance Rate (FAR)This is also known as Type I error. It measures the percentage of impostors being
incorrectly accepted as genuine user. Since almost all biometric systems aim to achieve
correct identity authentication, this number should be as low as possible.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
92
2.False Rejection Rate (FRR)Also known as Type II error, this measures the percentage of genuine users being
incorrectly rejected. In order to minimise inconveniences (or embarrassment) to
the genuine user, this number should also be low. Nevertheless, in general, this
error is more acceptable as usually the user can make a second attempt.
3.Equal Error Rate (EER)FAR and FRR are related. A stringent requirement for FAR (as low as possible)
will inadvertently increase the FRR. The point where the FAR is equal to FRR is
given by this measure. The smaller the EER, the better is the system as it indicates
a good balance in the sensitivity of the system.
The above measures can be found in almost all biometric product brochures. However,
these values typically apply to specific (usually controlled laboratory) settings and these
measures are dependent on the quality of the database used. The dependency on the
database needs to be highlighted as the degree of imperfection in the biometric data
of the database used will greatly influence the achievable rate for these measures.
Such degree of imperfection or distortion will usually arise in the actual use of the
system and is also dependent on how familiar the users are to the system. As such,
these measures are meant more as a guide than as an absolute metrics for comparison.
If these measures are to be used for product comparison, then a "best practice" or
standard is needed to validate these measures. Such standard is still lacking currently.
In addition, the actual achievable rate experienced by the user when the biometric
system is used will depend on the scenario, environment and application context of
the system. For example, installing a voice authentication system at the airport exposed
to the loud aircraft noise will drastically reduce the performance of the voice authentication
system.
9. Issues and Challenges
With the basics of biometric technology, we now consider the issues, potential and
challenges faced by biometric technology. In selecting a specific biometric technology,
the following should be considered:
1. Size of user group.
2. Place of use and the nature of use (such as needs for mobility).
3. Ease of use and user training required.
4. Error incidence such as due to age, environment and health condition.
5. Security and accuracy requirement needed.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
93
Sect
ion
Thre
e
6.User acceptance level, privacy and anonymity.
7.Long term stability including technology maturity, standard, interoperability and
technical support.
8.Cost.
Despite the long list above, one should not be disheartened by it. The Jan/Feb 2001 issue of
MIT Technology Review identified biometrics amongst the 10 emerging technologies that will
change the world. Analysis by Frost & Sullivan, a strategic market consulting and training
company in San Antonio, Texas, in "World Biometric Technologies Markets" indicates the total
biometrics market generated $66 million in 2000 and is expected to reach $900 million by
2006 [15]. Just recently (14 June 2002), a report from the Cutter Consortium reveals that the
use of biometric-based technology is increasing. According to the report, a survey of business
technology professionals revealed that biometric systems have been implemented by six percent
of the companies interviewed. In addition, according to the Biometric Market Report 2003,
Biometric revenues are expected to grow from $399m in 2000 to $1.9b by 2005 and that
revenues attributable to large-scale public sector biometric usage, currently 70% of the
biometric market will drop to under 30% by 2005. Furthermore, finger-scan and biometric
middleware will emerge as two critical technologies for the desktop, together comprising
approximately 40% of the biometric market by 2005 [16].
Figure 6: Total Biometric Revenues from 1999 to 2005 (US$m) [16]
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
94
Other motivating factors for biometrics include the report by Asian Wall Street Journal
in 2001 indicating that online transaction is only 5% of the total credit card transactions
but makes up 50% of all credit card fraud, the fear by consumers that shopping online
will allow their credit card data to be seized by hackers and the terrorist attack on the
World Trade Center in the United States. All these increase the awareness and demand
for biometrics as a better and more secure means of identity authentication. Coupled
to that, the cost of biometric solutions is decreasing.
There are numerous applications for biometric systems. Most applications currently
concentrate on security related physical and logical access control. These include the
following areas:
1. Banking/Financial services such as ATMs, payment terminals, cashless payment,
automated cheque cashing etc.
2. Computer & IT Security such as Internet transactions, PC login etc.
3. Healthcare such as privacy concern, patient information control, drug
control etc.
4. Immigration such as border control, frequent travelers, asylum seekers etc.
5. Law and Order such as public ID card, voting, gun control, prison, parole etc.
6. Gatekeeper/Door Access Control such as secure installations, military, hotel,
building management etc.
7. Telecommunication such as telephony, mobile phone, subscription fraud, call
center, games etc.
8. Time and Attendance such as school and company attendance,
9. Welfare, including health care services and benefit payments
10.Consumer Products such as automated service machines, vault, lock-set,
PDA etc.
Another major area which has received little attention is the opportunity for personalisation
services. For example, a TV remote control with biometric capability can automatically
select the channel of interest of the user together with the preferred volume and
brightness settings. Similarly, a mobile phone with biometric capability is able to
customise the user interface, ring tone, phone diary, speed dial etc. Imagine entering
a members-only golf club reception with the automated system calling your name -
it will surely impress you and your guests!
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
95
Sect
ion
Thre
e
There are major challenges to the wide roll-out and adoption of biometric systems, such as
lack of user education, especially since there are several biometric technologies to choose but
not every technology is suitable for all application scenarios and the impact to privacy on the
use of such technology. Over expectation, either due to ignorance of the users or exaggerated
by the over-zealous sellers in the capability of biometric will also slow the market adoption
as the system will not perform as "expected" in the eye of the users, causing lack of trust in
the technology. Lack of interoperability and standard is also a challenge preventing wide-scale
adoption since users especially corporations will not want to invest in a technology that will
soon obsolete or lack technical support. In this area, several international standardisation
efforts have been pursued, including the BioAPI for biometrics application programming
interface, CBEFF for common biometric data exchange format and very recently, the formation
of groups at ISO/IEC to look into biometric standardisation. Some of the biometric technology
is also less mature and will need more time for research and trial testing before its performance
can be enhanced to suit the market requirements.
10.Conclusion
Biometric is an emerging area with many opportunities for growth. The technology will continue
to improve and challenges such as interoperability solved through standardisation. This will
lead to increase in the market adoption rate and the technology will proliferate. Possibly in
the near future, you will not have to remember PINs and passwords and keys in your bags or
pockets will be things of the past.
11.References
[1] International Biometric Group website,
http://www.biometricgroup.com/biometric_technology_overview.htm
[2] ISO/IEC JTC1/SC17 N1793, "Usability of Biometrics in Relation to Electronic Signatures
v1.0."
[3] R. Chellappa et al., "Human and Machine Recognition of Faces: A Survey", Technical Report
CAR-TR-731, University of Maryland Computer Vision Laboratory, 1994.
[4] MIT Media Lab Website, http://web.media.mit.edu/~jebara/uthesis/node8.html.
[5] M. Turk and A. Pentland, "Eigenfaces for Recognition", Journal of Cognitive Neuroscience,
Vol. 3, pp. 72-86, 1991.
[6] Visionics website, http://www.visionics.com/faceit/tech/lfa.html
[7] L. Wiskott, J.M. Fellous and C. von der Malsburg, "Face Recognition by Elastic Bunch Graph
Matching", IEEE Trans. on Pattern Analysis and Machine Intelligence, Vol. 19, pp. 775-
779, 1997.
The
‘123
’ of
Biom
etric
Tec
hnol
ogy
96
[8] Eigenfaces Demo website, MIT:
http://www-white.media.mit.edu/vismod/demos/facerec/basic.html.
[9] Face Recognition by Elastic Bunch Graph Matching website, Bochum University:
http://www.neuroinformatik.ruhr-uni-
bochum.de/VDM/research/computerVision/graphMatching/identification/face
Recognition/contents.html.
[10] Biometric Systems Lab website, Bologna University:
http://bias.csr.unibo.it/research/biolab/bio_tree.html.
[11] John Daugman's website, http://www.cl.cam.ac.uk/users/jgd1000.
[12] M. Negin et al., "An Iris Biometric System for Public and Personal Use", Computer,
Vol. 33, No. 2, pp. 77-75, 2000.
[13] J.P. Campbell Jr., "Speaker Recognition: A Tutorial", Proceedings of The IEEE,
Vol. 85, No. 9, pp. 1437 - 1462, 1997.
[14] A Jain, R. Bolle, S. Pankanti, "Biometrics: Personal Identification in Networked
Society", Kluwer, 1999.
[15] CNN Tech News, July 20, 2001.
[16] International Biometric Group "Biometric Market Report 2003" website:
http://www.ibgweb.com/reports/public/market_report.html