370 likes | 395 Views
GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz. Chapter I Introduction. Outline. Descriptions Authentication Overview of Biometric Systems Biometric Identification Biometric Verification Biometric Enrollment Biometric System Security. Descriptions.
E N D
GUIDE TO BIOMETRICS CHAPTER I & II September 7th 2005 Presentation by Tamer Uz
Outline • Descriptions • Authentication • Overview of Biometric Systems • Biometric Identification • Biometric Verification • Biometric Enrollment • Biometric System Security
Descriptions • Biometrics: Science of identifying, or verifying the identity of, a person based on physiological or behavioral characteristics.
Descriptions • Authentication: Validating or figuring out the identity of a person. • Authorization: Permission or approval.
Authentication • There are 3 traditional way of verifying the identity of a person: • Possessions (keys, passports, smartcards , …) • Knowledge • Secret (passwords, pass phrases, …) • Non-secret (user Id, mothers maiden name, favorite color) • Biometrics • Physiological (fingerprints, face, iris, …) • Behavioral (walking, keystroke pattern, talking, …)
Authentication • The 3 modes of authentication are sometimes combined • User id + password • ATM card + password • Passport + face picture and signiture
Authentication There are two different authentication methods in biometrics • Verification: Is he/she the person who claims he/she is? Works with id + biometrics. Thus it is based on a combination of modes. • Identification: Who is this person? Uses only the biometrics and searches the entire database.
Overview of Biometric Systems There are five important properties of biometric identifiers: 1. Universality 2. Uniqueness 3. Permanence 4. Collectability 5. Acceptability
Overview of Biometric Systems Biometric Identifiers
Overview of Biometric Systems Biometric Subsystems • Biometric readers (sensors) • Feature extractors • Feature Matchers
Overview of Biometric Systems A generalized diagram of a biometric system is as follows:
Overview of Biometric Systems Design Issues: 4 basic design specifications of biometric systems are • System accuracy • How often the system accepts an imposter (FAR) • How often the system rejects a genuine user (FRR) • Computational Speed • Exception Handling • Failure to use (FTU) • Failure to enroll (FTE) • Failure to acquire (FTA) • System Cost
Overview of Biometric Systems • What feature set is amenable for automatic matching? • Given the input data how to extract the features from it? • How to define a matching metric that translates the intuition of “similarity” among the patterns? • How to implement the matching metric? • Organization of the database? • Methods for searching the database? • Security? • Privacy? Engineering Questions • Trusting people/biometrics? • Which biometrics is best for a given application? • How are the error numbers that are reported for different biometrics to be interpreted? • Are new security holes created because of the use of the biometrics? • How to achieve a low exception rate? • How to acquire the biometrics and how to do it in a convenient way?
Biometric Identification Biometric identification is based only on biometric credentials.
Biometric Identification Biometric identification system can be used in two different modes • Positive identification • Authorization of a group without id • Negative identification • Most Wanted List
Biometric Verification Biometric verification differs from biometric identification in that the presented biometric is only compared with a single enrolled biometric entity which matches the input id
Biometric Verification There are two possible database configurations for the verification systems Centralized Database: As the name suggests the enrollment information is in a central database. When the token (id/card) is provided, the corresponding biometrics is retrieved and the comparison is made with the newly presented biometric sample. E.g. laptop Distributed Database: In this case the enrollment template is usually stored in a device that the user carries. The user provides the device and his/her biometrics. Then the comparison is performed between the two. E.g. smart cards
Biometric Enrollment Process of registering subjects in biometric database Positive Enrollment: • To create a database of eligible subjects • Biometric samples and other credentials are stored in the database. An id (or a smart card) is issued to the subject. Negative Enrollment: • To create a database of ineligible subjects • Often without subject cooperation or even knowledge
Biometric System Security • Possible Security Concerns: • Biometric information is presented when the owner is not present. • Hacking the scanner, feature extractor, matcher, database, and any other possible module in the system.
Outline • Descriptions • Secure Authentication Protocols • Access Control Security Services • Authentication Methods • Authentication Protocols • Matching Biometric Samples • Verification by Humans • Passwords vs. Biometrics • Hybrid Methods
Descriptions • Authorization: Permission to access a resource • Access Control: A mechanism for limiting the use of some resource to authorized users • Access Control List: A data structure associated with a resource that specifies the authorized users and the conditions for their access • Authenticate: To determine that something is genuine; to determine reliably the identity of the communicating party • Authentication: Permission to access a resource
Secure Authentication Protocols Characteristics of an authentication protocol: • Established in advance • Mutually agreed • Unambiguous • Complete (Able to handle exceptions) An authentication protocol itself does “not” guarantee security
Access Control Security Services Some basic security services that should be offered by any access control system are: • Authentication • Non-repudiation • Confidentiality
Authentication Methods Possession (P) Knowledge (K) Biometrics (B)
Authentication Protocols Authentication protocol is the tasks the user and the access point has to perform to be able to determine whether the user has enough credentials or not. Part of Authentication Protocols: • Enrollment • Tokens. E.g. T={x1…xn|xiЄ (P,K,B)} • Comparison rules. E.g. Matching threshold • Other rules. E.g. “Three strikes and you are out”, or the order of the presentation of the tokens: “First id number, then the fingerprint, and than the key”
Matching Biometric Samples Remark: • P and K are checked by exact comparison; • B is compared via pattern recognition techniques because of sampling variations, noise and distortions Three crucial design aspects of biometric system: • The biometric sampling or signal acquisition (B=f(ß)) • The similarity function s=s(B1, B2) between two templates • The decision threshold T that decides on a match or mismatch
Matching Biometric Samples • Identification Only the biometrics is needed (no id is claimed). • Authorization is granted if d=di • Multiple di might satisfy the similarity criteria. A secondary matcher (possible a human expert) tries to narrow it down.
Matching Biometric Samples • Screening • Negative identification. • Searching whether a subject is in an “interesting” people database or not. (Most wanted criminals) • Using biometrics only may result in too many false positives (or false negatives depending on T). Bad ROC. • Therefore several tokens P1, B1, K1, P2, K2, B2 etc. should be matched with the ones in the file.
Matching Biometric Samples • Verification • Id + B is provided. (Sometimes K too) • The template corresponding the Id is retrieved from the database • If s(B,Bi)>T pass, else fail.
Matching Biometric Samples • Continuity of Identity • Are the authenticated and authorized persons the same? • Re-establishing the authentication credentials • Surveillance cameras
Verification by Humans • By looking at the biometrics (face, signatures…) • Face verification error rate 1:1000 • Signature verification is not very secure
Passwords versus Biometrics • Passwords: Exact match • Biometrics: Probabilistic match • FAR, FRR
Hybrid Methods • More than one identifier is used {P, K, B} • Two Remarks • B with {P, K}. Reduces identification to verification (from 1:many to 1:1) • B1 with B2. Results in better ROCs than using only B1 or only B2 • Combination of matching scores is an application specific problem