| Date post: | 15-Jan-2016 |
| Category: |
Documents |
| Upload: | stephen-atkins |
| View: | 217 times |
| Download: | 0 times |
Biometrics and Biometrics and Cryptography --- Cryptography --- IntroductionIntroduction
CPSC 415 Biometric and CPSC 415 Biometric and CryptographyCryptography
University of Tennessee at University of Tennessee at ChattanoogaChattanooga
22
Why BiometricsWhy Biometrics
33
Authentication systemAuthentication system
There are several techniques that can be There are several techniques that can be applied for verifying and confirming a applied for verifying and confirming a user’s identity. They can be broadly user’s identity. They can be broadly classified as below:classified as below:– Something the user knows, such as a password Something the user knows, such as a password
or PIN or PIN – Something the user has, such as a smart card Something the user has, such as a smart card
or ATM card or ATM card – Something that’s part of the user, such as a Something that’s part of the user, such as a
fingerprint or iris. The strongest authentication fingerprint or iris. The strongest authentication involves a combination of all three. involves a combination of all three.
44
Background on Passwords & Background on Passwords & BiometricsBiometrics
PasswordsPasswords– Ubiquitous TechnologyUbiquitous Technology– Passwords are one of the oldest Passwords are one of the oldest
authentication methods.authentication methods.– Many organizations and institutions Many organizations and institutions
have used passwords for computer have used passwords for computer accessaccess
55
Biometrics Biometrics – First introduced in the 1970s and early 1980sFirst introduced in the 1970s and early 1980s– A biometric authentication system uses the physiological
(fingerprints, face, hand geometry, iris) and/or behavioral traits (voice, signature, keystroke dynamics) of an individual to identify a person or to verify a claimed identity.
FingerprintFace
HandwritingIris
66
Biometrics Biometrics
2 Categories of Biometrics 2 Categories of Biometrics – Physiological – also known as static Physiological – also known as static
biometrics: Biometrics based on data biometrics: Biometrics based on data derived from derived from the measurement of a part of the measurement of a part of a person’s anatomya person’s anatomy. For example, . For example, fingerprints and iris patterns, as well as fingerprints and iris patterns, as well as facial features, hand geometry and retinal facial features, hand geometry and retinal blood vesselsblood vessels
– Behavioral – biometrics based on data Behavioral – biometrics based on data derived from derived from measurement of an action measurement of an action performed by a personperformed by a person, and distinctively , and distinctively incorporating time as a metric, that is, the incorporating time as a metric, that is, the measured action. For example, voice measured action. For example, voice (speaker verification)(speaker verification)
77
Biometric ApplicationBiometric Application
Biometric technology is used for many Biometric technology is used for many applicationsapplications– Providing time and attendance Providing time and attendance
functionality for a small companyfunctionality for a small company– Ensuring the integrity of a 10 million-Ensuring the integrity of a 10 million-
person voter registration databaseperson voter registration database The benefit of using biometrics include The benefit of using biometrics include
increased security, increased increased security, increased convenience, reduced fraud or delivery convenience, reduced fraud or delivery of enhanced services. of enhanced services.
88
Reasons for BiometricsReasons for Biometrics
Two common reasons for Two common reasons for deploying biometricsdeploying biometrics– The benefit is to have a degree of The benefit is to have a degree of
certainty regarding an individual’s certainty regarding an individual’s identityidentity
– The benefits lead directly or The benefits lead directly or indirectly to cost saving or to indirectly to cost saving or to reduced risk of financial losses for reduced risk of financial losses for an individual or institutionan individual or institution
99
Benefits of Biometrics versus Benefits of Biometrics versus Traditional Authentication Traditional Authentication MethodsMethods
Increased SecurityIncreased Security– Biometrics is used to ensure that Biometrics is used to ensure that
resources are accessible only to resources are accessible only to authorized users andauthorized users and
– Are kept protected from unauthorized Are kept protected from unauthorized usersusers
– Passwords and PINs, used in the traditional Passwords and PINs, used in the traditional methods, are easily guessed or methods, are easily guessed or compromised. compromised.
– Biometrics data can not be guessed or Biometrics data can not be guessed or stolen in the same fashion as a password. stolen in the same fashion as a password.
1010
Benefits of Biometrics versus Benefits of Biometrics versus Traditional Authentication Traditional Authentication MethodsMethods
Increased convenienceIncreased convenience– Simple password is subject to compromise, Simple password is subject to compromise,
while complex password is easily forgottenwhile complex password is easily forgotten– Biometric are difficult if not impossible to Biometric are difficult if not impossible to
forget, thus offering much greater forget, thus offering much greater convenience than systems based on convenience than systems based on multiple passwords. multiple passwords.
– Biometric authentication also allows for Biometric authentication also allows for association of higher levels of rights and association of higher levels of rights and privileges. privileges.
1111
Benefits of Biometrics versus Benefits of Biometrics versus Traditional Authentication Traditional Authentication MethodsMethods
Increased accountabilityIncreased accountability– The need for strong auditing and reporting The need for strong auditing and reporting
capabilities has grown more pronounced in capabilities has grown more pronounced in the enterprise and customer applicationsthe enterprise and customer applications
– Biometrics provide a high degree of Biometrics provide a high degree of certainty as to what user accessed, what certainty as to what user accessed, what computer and what time. computer and what time.
– The fact that they exit often serves as an The fact that they exit often serves as an effective deterrent. effective deterrent.
1212
Benefits of Biometrics in Benefits of Biometrics in Identification SystemsIdentification Systems
Biometric identification is not replacing Biometric identification is not replacing passwords or PINs – it is providing new passwords or PINs – it is providing new types of fraud-reducing functionality. types of fraud-reducing functionality.
Fraud DetectionFraud Detection– Identification systems are deployed to Identification systems are deployed to
determine whether a person’s biometric info determine whether a person’s biometric info exists more than once in a database, i.e., exists more than once in a database, i.e., obtain multiple driver licenseobtain multiple driver license
Fraud DeterrenceFraud Deterrence– Deter individuals from attempting to enroll Deter individuals from attempting to enroll
multiple times in a public benefit systemmultiple times in a public benefit system– Save the public agency money and ensure the Save the public agency money and ensure the
integrity of its records. integrity of its records.
1313
Key Biometric Terms and Key Biometric Terms and ProcessProcess
1414
What is Biometric?What is Biometric?
Biometrics is the Biometrics is the automated useautomated use of of physiological or behavioral physiological or behavioral characteristicscharacteristics to to determine or verifydetermine or verify identityidentity. .
Automated use means using Automated use means using computers or machines, rather than computers or machines, rather than human beings, to verify or determine human beings, to verify or determine physiological or behavioral physiological or behavioral characteristics. characteristics.
1515
Physiological and Behavioral Physiological and Behavioral CharacteristicsCharacteristics
Physiological or behavioral characteristics are Physiological or behavioral characteristics are distinctivedistinctive, which provide basic measurement , which provide basic measurement of biometrics. of biometrics.
PhysiologicalPhysiological biometrics are based on biometrics are based on direct direct measurements of a part of the human bodymeasurements of a part of the human body, , such as finger-scan, facial-scan, iris-scan, such as finger-scan, facial-scan, iris-scan, hand-scan, and retina-scan. hand-scan, and retina-scan.
BehavioralBehavioral biometrics are based on biometrics are based on measurements and data derived from an measurements and data derived from an actionaction and therefore and therefore indirectlyindirectly measure measure characteristics of the human body, such as characteristics of the human body, such as voice-scan and signature-scan. voice-scan and signature-scan.
The element of The element of timetime is essential to behavioral is essential to behavioral biometrics. biometrics.
1616
Identification versus Identification versus VerificationVerification
Identify versus verify identity Identify versus verify identity represents a fundamental represents a fundamental distinction in biometric usage. distinction in biometric usage. – IdentificationIdentification can determine the can determine the
identity of a person from a biometric identity of a person from a biometric database without that person first database without that person first claiming an identity. claiming an identity.
– VerificationVerification can confirm or deny the can confirm or deny the specific identification claim of a specific identification claim of a person. person.
1717
IdentityIdentity
Identity Identity – An An individualindividual is a singular, unique entity, is a singular, unique entity,
colloquially, a person, which can have colloquially, a person, which can have more than more than one identityone identity. .
– For example, John Doe might have an email For example, John Doe might have an email identity and a work identity. identity and a work identity.
– This identity distinction is important because it This identity distinction is important because it establishes limits on the type of certainty that a establishes limits on the type of certainty that a biometric system can provide. biometric system can provide.
– Biometric identity verification and determination Biometric identity verification and determination are only as strong as the initial association of a are only as strong as the initial association of a biometric with an individual. A user who enrolls in biometric with an individual. A user who enrolls in a biometric system under a false identity will a biometric system under a false identity will continue to have this false identity verified with continue to have this false identity verified with every successful biometrics match. every successful biometrics match.
1818
Usage of BiometricUsage of Biometric
Biometric can be used as Biometric can be used as nounnoun when when referring to a single technologyreferring to a single technology– Finger-scan is a commonly used Finger-scan is a commonly used
biometricbiometric Biometric can also be used as an Biometric can also be used as an
adjectiveadjective– A A biometricbiometric system uses integrated system uses integrated
hardware and software to conduct hardware and software to conduct identification or verificationidentification or verification
1919
Discussion: Verification and Discussion: Verification and IdentificationIdentification
Verification system answers the Verification system answers the question: “Am I who I claim to be?”question: “Am I who I claim to be?”
The answer returned by the system is The answer returned by the system is matchmatch or or no matchno match. .
Identification systems answers the Identification systems answers the question: “Who am I”question: “Who am I”
The answer returned by the system isThe answer returned by the system is anan identityidentity such as a name or ID such as a name or ID number. number.
2020
Discussion: Verification and Discussion: Verification and IdentificationIdentification
2121
Positive vs. Negative Positive vs. Negative Identification SystemIdentification System
PositivePositive identification systems identification systems – are designed to find a match for a are designed to find a match for a
user’s biometric information in a user’s biometric information in a database of biometric information. database of biometric information.
– A A matchmatch is returned given biometric is returned given biometric data. data.
NegativeNegative identification systems identification systems – are designed to ensure that a person’s are designed to ensure that a person’s
biometric information is biometric information is not presentnot present in in a databases. a databases.
– This prevents people from enrolling This prevents people from enrolling twice in a system. twice in a system.
2222
When are verification and When are verification and
identification appropriate?identification appropriate? PC and Network Security -- verificationPC and Network Security -- verification Access to buildings and rooms – either Access to buildings and rooms – either
verification (predominant) or identification verification (predominant) or identification Large-scale public benefit programs – Large-scale public benefit programs –
identificationidentification Verification systems are generally faster Verification systems are generally faster
and more accurate than identification and more accurate than identification systems. systems.
However, verification systems cannot However, verification systems cannot determine whether a given person is determine whether a given person is present in a database more than once.present in a database more than once.
2323
When are verification and When are verification and identification appropriate?identification appropriate?
Identification system requires more Identification system requires more computational power than verification computational power than verification systems, and there are more systems, and there are more opportunities for an identification opportunities for an identification system to err. system to err.
As a rule, verification systems are As a rule, verification systems are deployed when identification simply deployed when identification simply does not make sense (to eliminate does not make sense (to eliminate duplicate enrollment, for instance. ) duplicate enrollment, for instance. )
2424
Logical versus Physical AccessLogical versus Physical Access
Two primary uses for biometric system Two primary uses for biometric system are physical access and logical accessare physical access and logical access
Physical access systems monitor, restrict, Physical access systems monitor, restrict, or grant movement of a person or object or grant movement of a person or object into or out of a specific areas such as into or out of a specific areas such as rooms, building, server room, control rooms, building, server room, control towers. towers.
Time and attendance are a common Time and attendance are a common physical access application with an audit physical access application with an audit of when authentication occurred. of when authentication occurred.
2525
Logical versus Physical AccessLogical versus Physical Access
Logical access systems monitor, restrict Logical access systems monitor, restrict or grant access to data or information. or grant access to data or information.
For example, logging into a PC, accessing For example, logging into a PC, accessing data stored on a network, accessing an data stored on a network, accessing an account,, or authenticating a transaction. account,, or authenticating a transaction.
Logical access is a more lucrative Logical access is a more lucrative industry due to value of info and industry due to value of info and transaction value of business-to-business transaction value of business-to-business (B2B) and business-to-consumer (B2C). (B2B) and business-to-consumer (B2C).
2626
How Biometric Matching WorksHow Biometric Matching Works
Process flow includes enrollment, and Process flow includes enrollment, and verification/identification. verification/identification.
EnrollmentEnrollment– A user initially A user initially enrollsenrolls in biometric systems in biometric systems
by providing by providing biometric databiometric data, which is , which is converted into a converted into a templatetemplate. .
– Templates are stored in a biometric systems Templates are stored in a biometric systems for the purpose of subsequent comparison. for the purpose of subsequent comparison.
Verification/IdentificationVerification/Identification– In order to be verified or identified after In order to be verified or identified after
enrollment, the user provides biometric enrollment, the user provides biometric data, which is converted into a template. data, which is converted into a template.
2727
How Biometric Matching WorksHow Biometric Matching Works
Verification/IdentificationVerification/Identification– The verification template is compared with The verification template is compared with
one or more enrollment templatesone or more enrollment templates– The result of a comparison between The result of a comparison between
biometric templates is rendered as a score or biometric templates is rendered as a score or confidence level, which is compared to confidence level, which is compared to threshold used for a specific technology, threshold used for a specific technology, system, user, or transaction. system, user, or transaction.
– If score exceeds the If score exceeds the thresholdthreshold, the , the comparison is a match, and that result is comparison is a match, and that result is transmitted. transmitted.
– If the score does not meet the threshold, the If the score does not meet the threshold, the comparison is not a match, and that result is comparison is not a match, and that result is transmitted. transmitted.
2828
The two stages of a biometric The two stages of a biometric systemsystem
2929
Biometric Matching: Process Biometric Matching: Process FlowFlow
The user submits a sample (biometric data) that is an identifiable, unprocessed image or recording of the physiological or behavioral biometric via an acquisition device (for example, a scanner or camera)
This biometric is then processed to extract information about distinctive features to create a trial template or verification template
Templates are large number sequences. The trial template is the user’s “password.”
Trial template is compared against the reference template stored in biometric database.
3030
Enrollment and Template Enrollment and Template CreationCreation
EnrollmentEnrollment is the process by which a is the process by which a user’s user’s biometric databiometric data is initially acquired, is initially acquired, assessed, processed, and stored in the assessed, processed, and stored in the form of a template for ongoing use in a form of a template for ongoing use in a biometric system. biometric system.
Subsequent verification and identification Subsequent verification and identification attempts are conducted against the attempts are conducted against the templatetemplate generated during enrollment. generated during enrollment.
Quality enrollmentQuality enrollment is a critical factor in is a critical factor in the long-term accuracy of biometric the long-term accuracy of biometric system. system.
3131
Enrollment and Template Enrollment and Template CreationCreation
PresentationPresentation is the process by which is the process by which a user provides a user provides biometric databiometric data to an to an acquisition device – the hardware acquisition device – the hardware used to collect biometric data. used to collect biometric data.
For example, looking in the direction For example, looking in the direction of a camera, placing a finger on a of a camera, placing a finger on a platen, or reciting a passphrase. platen, or reciting a passphrase.
3232
Enrollment and Template Enrollment and Template CreationCreation
Biometric dataBiometric data users provide is an users provide is an unprocessed image or recording of a unprocessed image or recording of a characteristic, which is also referred to as characteristic, which is also referred to as raw biometric dataraw biometric data or as a or as a biometric samplebiometric sample. .
Once biometric data has been acquired, Once biometric data has been acquired, biometric templates can be created by a biometric templates can be created by a process of feature extraction. process of feature extraction.
Feature extractionFeature extraction is the automated process is the automated process of locating and encoding distinctive of locating and encoding distinctive characteristics from biometric data in order characteristics from biometric data in order to generate a to generate a templatetemplate. It may remove . It may remove noises and unwanted data, and digitize noises and unwanted data, and digitize biometric traits. biometric traits.
3333
Enrollment and Template Enrollment and Template CreationCreation
A user may need to present biometric A user may need to present biometric data several times in order to enroll. data several times in order to enroll.
Enrollment score or quality score Enrollment score or quality score indicates the enrollment attempt is indicates the enrollment attempt is successful or not. successful or not.
If the user’s biometric data contains If the user’s biometric data contains highly distinctive features or an highly distinctive features or an abundance of features, there will likely abundance of features, there will likely be a high enrollment score. be a high enrollment score.
Vendor’s feature extraction processes Vendor’s feature extraction processes are generally patented and are always are generally patented and are always held secret. held secret.
3434
TemplateTemplate
A template is a small file derived from the A template is a small file derived from the distinctive features of a user’s biometric distinctive features of a user’s biometric data, used to perform biometric matches. data, used to perform biometric matches.
Biometric systems store and compare Biometric systems store and compare biometric templates, not biometric data. biometric templates, not biometric data.
Templates, also called Templates, also called prototypeprototype, is , is calculated during enrollment or calculated during enrollment or verification phase. The template be verification phase. The template be understood as a compact representation understood as a compact representation of the collected feature data, where of the collected feature data, where useless or redundant information is useless or redundant information is discarded.discarded.
3535
TemplateTemplate
Most template occupy less than 1 Most template occupy less than 1 kilobyte, and some of them are as small kilobyte, and some of them are as small as 9 bytes; size of template differs from as 9 bytes; size of template differs from vendor to vendor. vendor to vendor.
Templates are proprietary to each Templates are proprietary to each vendor and each technology, and there vendor and each technology, and there is no common biometric template is no common biometric template format. This is beneficial from a privacy format. This is beneficial from a privacy perspective, but the lack of perspective, but the lack of interoperability deterred some would-be interoperability deterred some would-be users. users.
3636
TemplatesTemplates
Biometric data such as finger prints and facial Biometric data such as finger prints and facial images cannot be reconstructed from images cannot be reconstructed from biometric templates. biometric templates.
Templates are extractions of distinctive Templates are extractions of distinctive features and not adequate to reconstruct the features and not adequate to reconstruct the full biometric image or data. full biometric image or data.
Unique templates are generated every time a Unique templates are generated every time a user presents biometric data. user presents biometric data.
Two immediately successive placement of a Two immediately successive placement of a finger on a biometric device genernate entirely finger on a biometric device genernate entirely different templates which are processed by different templates which are processed by vendor’s algorithm and recognizable as being vendor’s algorithm and recognizable as being from the same person, but are not identical. from the same person, but are not identical.
3737
Biometric Templates versus Biometric Templates versus Identifiable Biometric DataIdentifiable Biometric Data
Depending on when they are generated, templates can be referred to as enrollment templates or match templates.
3838
Template ManagementTemplate Management
UpdatesUpdates Event loggingEvent logging StorageStorage
– LocalLocal– NetworkNetwork– Portable devicePortable device– Type affects template managementType affects template management
Database size and architectureDatabase size and architecture
3939
A A biometric algorithmbiometric algorithm is a recipe is a recipe for turning for turning raw dataraw data - like physical - like physical traits – into a digital representation traits – into a digital representation in the form of a template. It also in the form of a template. It also allows the matching of an enrolled allows the matching of an enrolled template with a new template just template with a new template just created for verifying an identity, created for verifying an identity, called the called the live templatelive template..
Biometric AlgorithmBiometric Algorithm
4040
Biometric MatchingBiometric Matching
Matching is the comparison of enrolled Matching is the comparison of enrolled biometric templates with a new biometric templates with a new template just created for verification to template just created for verification to determine their degree of similarity or determine their degree of similarity or correlation. correlation.
The process of matching biometric The process of matching biometric templates results in a score, which is templates results in a score, which is compared against a threshold to compared against a threshold to determine how closely they match. determine how closely they match.
If the score exceeds the threshold (the If the score exceeds the threshold (the match is close enough), the result is a match is close enough), the result is a match and nonmathc otherwise. match and nonmathc otherwise.
4141
Biometric MatchingBiometric Matching
In In verification verification systems, a systems, a verification templateverification template is matched is matched against a user’s against a user’s enrollment enrollment template or templatestemplate or templates (multiple). (multiple).
In In IdentificationIdentification systems, the systems, the verification templateverification template is matched is matched against dozens, thousands, even against dozens, thousands, even millions of millions of enrollment templatesenrollment templates. .
4242
Biometric Matching – ScoringBiometric Matching – Scoring
Biometric systems utilize proprietary Biometric systems utilize proprietary algorithms to process templates and algorithms to process templates and generate scores. generate scores.
Some of them use a scale of 1 to 100, Some of them use a scale of 1 to 100, others use a scale of -1 to 1. others use a scale of -1 to 1.
Traditional authentication methods Traditional authentication methods such as password offer on a yes’/no such as password offer on a yes’/no response. response.
In biometric system, there is no 100 In biometric system, there is no 100 percent correlation between percent correlation between enrollment and verification templates. enrollment and verification templates.
4343
Biometric Matching - -Biometric Matching - -ThresholdThreshold
A threshold is a predefined number, which A threshold is a predefined number, which establishes the degree of correlation establishes the degree of correlation necessary for a comparison to be deemed a necessary for a comparison to be deemed a match. match.
Thresholds can vary from user to user, from Thresholds can vary from user to user, from transaction to transaction, and from transaction to transaction, and from verification to verification attempt. verification to verification attempt.
System can be either highly secure for System can be either highly secure for valuable transaction or less secure for low-valuable transaction or less secure for low-value transaction, depending on their value transaction, depending on their threshold settings. threshold settings.
Traditional authentication can not offer such Traditional authentication can not offer such flexibility. flexibility.
4444
Biometric Matching -- DecisionBiometric Matching -- Decision
The result of the comparison The result of the comparison between the sore and the between the sore and the threshold is a decision. threshold is a decision.
The decisions a biometric system The decisions a biometric system can make include can make include matchmatch, , nonmatchnonmatch, and , and inconclusiveinconclusive. .
4545
Overview of BiometricsOverview of Biometrics
Biometric Acquisition Device Sample Feature Extracted
Iris Infrared-enabled video camera, PC camera
Black and white iris image Furrows and striations of iris
Fingerprint Desktop peripheral, PC card, mouse chip or reader embedded in keyboard
Fingerprint image (optical, silicon, ultrasound or touchless)
Location and direction of ridge endings and bifurcations on fingerprint, minutiae
Voice Microphone, telephone Voice Recording Frequency, cadence and duration of vocal pattern
Signature Signature Tablet, Motion-sensitive stylus
Image of Signature and record of related dynamics measurement
Speed, stroke order, pressure and appearance of signature
Face Video Camera, PC camera, single-image camera
Facial image (optical or thermal)
Relative position and shape of nose, position of cheekbones
Hand Proprietary Wall-mounted unit 3-D image of top and sides of hand
Height and width of bones and joints in hands and fingers
Retina Proprietary desktop or wall mountable unit
Retina Image Blood vessel patterns and retina
4646
Strengths, Weaknesses and Strengths, Weaknesses and Usability of BiometricsUsability of Biometrics
Biometric Strengths Weakness Usability
Iris Very stable over time Uniqueness
Potential user resistance Requires user training Dependant on a single
vendor’s technology
Information security access control, especially for
Federal Institutions and government agencies
Physical access control (FIs and government)
Kiosks (ATMs and airline tickets)
Fingerprint Most mature biometric technology
Accepted reliability Many vendors Small template (less
than 500 bytes) Small sensors that can
be built into mice, keyboards or portable devices
Physical contact required (a problem in some cultures)
Association with criminal justice
Vendor incompatibility Hampered by temporary
physical injury
IS access control Physical access
control Automotive
Optical Most proven over time Temperature stable
Large physical size Latent prints CCD coating erodes with age Durability unproven
4747
Strengths, Weaknesses and Strengths, Weaknesses and Usability of BiometricsUsability of Biometrics
Biometrics Strengths Weakness Usability
Silicon Small physical size Cost is declining
Requires careful enrollment Unproven in sub optimal
conditions
Ultrasound Most accurate in sub optimal conditions
New technology, few implementations
Unproven long term performance
Voice Good user acceptance
Low training Microphone can be
built into PC or mobile device
Unstable over time Changes with time, illness
stress or injury Different microphones
generate different samples Large template unsuitable
for recognition
Mobile phones Telephone banking
and other automated call centers
Signatures High user acceptance Minimal training
Unstable over time Occasional erratic
variability Changes with illness, stress
or injury Enrollment takes times
Portable devices with stylus input
Applications where a “wet signature” ordinarily would be used.
4848
Strengths, Weaknesses and Strengths, Weaknesses and Usability of BiometricsUsability of Biometrics
Biometrics
Strengths Weakness Usability
Face Universally present
Cannot distinguish identical siblings
Religious or cultural prohibitions
Physical access control
Hand Small template (approximately 10 bytes)
Low failure to enroll rate
Unaffected by skin condition
Physical size of acquisition device
Physical contact required
Juvenile finger growth Hampered by temporary
physical injury
Physical access control
Time and attendance
Retina Stable over time Uniqueness
Requires user training and cooperation
High user resistance Slow read time Dependent on a single
vendor’s technology
IS access control, especially for high security government agencies
Physical access control (same as IS access control)
4949
Review: Process Flow of Review: Process Flow of Biometric MatchingBiometric Matching
Accuracy in Biometric Accuracy in Biometric SystemsSystems
5151
How to Evaluate Performance How to Evaluate Performance of a Specific Technology?of a Specific Technology?
False acceptance rateFalse acceptance rate False rejection rateFalse rejection rate Failure-to-enroll rateFailure-to-enroll rate No single metric indicates how well No single metric indicates how well
a biometric system or device a biometric system or device performs: Analysis of all three performs: Analysis of all three metrics is necessary to assess the metrics is necessary to assess the performance of a specific performance of a specific technology. technology.
5252
False Acceptance RateFalse Acceptance Rate
If John Smith enters Jane Doe’s username or If John Smith enters Jane Doe’s username or ID, presents biometric data, and successfully ID, presents biometric data, and successfully matching as Jane Doe. matching as Jane Doe.
This is classified as This is classified as false acceptancefalse acceptance. . The probability of this happening is referred The probability of this happening is referred
to as to as false acceptance ratefalse acceptance rate (FAR)[ stated as: (FAR)[ stated as: percentage, fraction]percentage, fraction]
This is because two people have This is because two people have similar similar enough biometric characteristicsenough biometric characteristics – a – a fingerprint, a voice, or a face – that the fingerprint, a voice, or a face – that the system finds a system finds a high degree of correlationhigh degree of correlation between the users’ template.between the users’ template.
5353
False Acceptance RateFalse Acceptance Rate
FAR can be FAR can be reducedreduced by adjusting the thresholds by adjusting the thresholds but the false rejection rate will increase.but the false rejection rate will increase.
A system with a false acceptance rate of A system with a false acceptance rate of 00 percentpercent, but false rejection rate of , but false rejection rate of 50 percent50 percent, , is secure but unusable. is secure but unusable.
False acceptance rate is the most critical False acceptance rate is the most critical accuracy metric because an imposter break-in accuracy metric because an imposter break-in will certainly be a more attention-getting event will certainly be a more attention-getting event than other failings of a biometric system. than other failings of a biometric system.
The most important false match metric in real-The most important false match metric in real-world deployments is the world deployments is the system false match system false match raterate. .
5454
False Rejection RateFalse Rejection Rate
If John Smith enters his username or ID, If John Smith enters his username or ID, presents his biometric data to a biometric presents his biometric data to a biometric system, and fails to match.system, and fails to match.
This is classified as This is classified as false rejectionfalse rejection. . The probability of this happening is the The probability of this happening is the false false
rejection raterejection rate (FRR). (FRR). This can be attributed to changes in user’s This can be attributed to changes in user’s
biometric data, changes in how a user biometric data, changes in how a user presents biometric data, and changes in the presents biometric data, and changes in the environment in which data is presented. environment in which data is presented.
High FRR will result in lost productivity, High FRR will result in lost productivity, frustrated users, and an increased burden on frustrated users, and an increased burden on help desk or support personnel. help desk or support personnel.
5555
Reasons of FRRReasons of FRR
Changes in user’s biometric dataChanges in user’s biometric data– Voice-scan system is influenced by Voice-scan system is influenced by
sore throatssore throats– Facial-scan system is affected by Facial-scan system is affected by
changes in weightchanges in weight– Fingerprint change over time, scars, Fingerprint change over time, scars,
aging and general wear. aging and general wear.
5656
Acceptance and RejectionsAcceptance and Rejections
If someone else is trying to verify as If someone else is trying to verify as you, the system would try to match the you, the system would try to match the two templates.two templates.– If the two templates were to match – this is If the two templates were to match – this is
classified as classified as false acceptancefalse acceptance. . – If your authentication template fails to If your authentication template fails to
match your enrolled template, then this is match your enrolled template, then this is referred to as a referred to as a false rejectionfalse rejection. .
– If you are new and fail to enroll to a If you are new and fail to enroll to a biometric system, this is called – biometric system, this is called – failure to failure to enrollenroll (FTE). (FTE).
5757
Accuracy RatesAccuracy Rates
Single False Acceptance Rate vs. Single False Acceptance Rate vs. System False Acceptance RateSystem False Acceptance Rate– If the FAR is 1/10,000 but you have If the FAR is 1/10,000 but you have
10,000 templates on file — odds of a 10,000 templates on file — odds of a match are very highmatch are very high
Ability to Verify (ATV) rate:Ability to Verify (ATV) rate:– % of user population that can be % of user population that can be
verifiedverified– ATV = (1-FTE)(1-FRR)ATV = (1-FTE)(1-FRR)
