550 likes | 1.06k Views
Biometrics. Katie Law Perry “Doc” Revlett Bill Rosburg Vicki Walter. Biometrics. http://www.youtube.com/watch?v=fydYXNE6SyA. Welcome To High Five Corp. Bring your Thumb and have some Fun !!. Our Team !. Katie
E N D
Biometrics Katie Law Perry “Doc” Revlett Bill Rosburg Vicki Walter
Biometrics • http://www.youtube.com/watch?v=fydYXNE6SyA
Welcome To High Five Corp. Bring your Thumb and have some Fun !!
Our Team ! • Katie • Vicki • Bill • Doc
Topics to discuss with you! • How High Five can help your Theme Park ? • Keeping your family safe . • Saving you money • What our security team can do for you • What the family will get for doing their thumb print .
Problem • Shared admission passes creates financial losses for the park resulting in increased costs to patrons.
Proposed Solution • Eliminate cards and use hand scans for admission. • Patrons must scan their hands for entrance into the park and then scan themselves out as they leave. • They cannot rescan for entry until they scan out. • Will prevent the passing of cards to friends and family members. • Only the patron may enter with their hand scan.
Family Plan • The cost for the family for a year pass • 10% off of any clothes at the theme park • 30% off of any Food item • Free Drinks [Soda only] • Fast Passes for the rides
BIOMETRICS • Derives its meaning from Greek • “bios and metron” meaning life measure
Background on Biometrics • Biometrics • First introduced in the 1970s and early 1980s • This technology gathers unique physiological or behavioral attributes of a person for storing it in a database or comparing it with one already found in a database. • Reason for biometrics include the positive authentication and verification of a person and ensuring confidentiality of information in storage or in transit
Biometrics • 2 Categories of Biometrics • Physiological – also known as static biometrics: Biometrics based on data derived from the measurement of a part of a person’s anatomy. For example, fingerprints and iris patterns, as well as facial features, hand geometry and retinal blood vessels • Behavioral – biometrics based on data derived from measurement of an action performed by a person and, distinctively, incorporating time as a metric, that is, the measured action. For example, voice (speaker verification)
Biometrics – How do they work? • Although biometric technologies differ, they all work in a similar fashion: • The user submits a sample that is an identifiable, unprocessed image or recording of the physiological or behavioral biometric via an acquisition device (for example, a scanner or camera) • This biometric is then processed to extract information about distinctive features to create a trial template or verification template • Templates are large number sequences. The trial template is the user’s “password.”
Usability issues in Biometrics • User acceptability • Knowledge of technology • Familiarity with biometric characteristic • Experience with device
Biometric solutions • Educate • Train • Explain Interfaces • Use Trainers • Supervised Playtime….PRACTICE
Promise that Biometrics hold for Privacy • Increased Security • Biometric cannot be lost, stolen or forgotten; it cannot be written down and stolen by social re-engineering • By implementing biometrics organizations can positively verify users’ identities, improving personal accountability
Perils that Biometrics hold for Privacy • Privacy is one of the leading inhibitor for biometrics technology. Main issues: • Misuse of Data • Health/Lifestyle – Specific biometric data has been linked with the information beyond which it is set out to be used. Is a person able to control the information gathered on himself/herself? • Function Creep • Law Enforcement – The template database may be available for law enforcement • Credit Reporting – The template database may be cross referenced against other databases including those held in hospitals and the police departments, by a credit reporting agency
Future Trends in Biometrics • Body Odor – Body odor can be digitally recorded for identification. A British company, Mastiff Electronic System Ltd. Is working on such a system • DNA Matching – The is the ultimate biometric technology that can produce proof positive identification of an individual • Keystroke Dynamics – Keystroke dynamics, also referred to as typing rhythms, is an innovative biometric technology
Various Applications for fingerprinting technology • Banking Security - ATM security,card transaction • Physical Access Control (e.g. Airport) • Information System Security • National ID Systems • Passport control (INSPASS) • Prisoner, prison visitors, inmate control • Voting • Identification of Criminals • Identification of missing children
Fingerprinting technology • Strengths: most mature biometric technology accepted reliability many vendors sensors are small-space saving • Perceived weakness: association with criminal justice
Fingerprint Sensors • Optical • Silicon Based Capacitive Sensors • Ultrasound • Thermal
COMMONLY IDENTIFIED DISADVANTAGES OF FINGERPRINTING Problems Solutions Employee Training Hand washing stations Scan both hands Instructional videos provided at entrances and scanners • Dirt , grime and wounds • Placement of finger
Attacks on Biometric Systems………………… Artificially created Biometrics Attack at the Database Attacking Via Input Port
The goal of an attack • Steal data • Blackmail • Bragging rights • Vandalism • Demonstrate vulnerability/satisfy curiosity • Damage company reputation • Get into the park for free!
Attacks-contd.. Spoofing:- “The process of defeating a biometric system through the introduction of fake biometric samples”. Examples of spoof attacks on a fingerprint recognition system are lifted latent fingerprints and artificial fingers. • Examples of spoofed fingers. • Put subject’s finger in impression material and create a mold. • Molds can also be created from latent fingerprints by photographic etching techniques like those used in making of PCB (gummy fingers). • Use play-doh, gelatin, or other suitable material to cast a fake finger. • Worst-case scenario: dead fingers.
Attacks-solutions.. • Hardware Solution • Temperature sensing, detection of pulsation on fingertip, pulse oximetry, electrical conductivity, ECG, etc. • Software Solution (Research going on) • Live fingers as opposed to spoofed or cadaverous fingers show some kind of moisture pattern due to perspiration. • The main idea behind this method is to take two prints after a time frame of say 5 seconds and the algorithm makes a final decision based on the vitality of the fingerprint. Live Dead
Conclusion A balance between Security and Privacy must be achieved!
Your Unique Fingerprint • Fingerprints begin forming in the 10th week of fetal development and are fully determined by week 17 • Ridges and valleys are a result of • The DNA code which determines the way in which the skin of a fetus forms • Environmental factors of the uterus during formation • Position of the fetus • Density and composition of the amniotic fluid • Even identical twins will have variations in fingerprints due to the influence of the environment of the uterus and their random position at the time of formation
Leaving a Print • Each friction ridge contains pores that are attached to sweat glands • These glands produce a water and oil solution that • Coats the ridges • Is transferred to surfaces when touched • Amount of oil can affect the scan • Too much (from hand lotion and the like) can be removed by washing • Too little (from dry skin) can be remedied by rubbing the fingertips across the palm, forehead, or bridge of the nose
Analyzing Fingerprints • Trained analysts can determine the minute differences between two prints • Fingerprint analysts and engineers worked together to develop a system to quickly and easily make comparisons • Scanners to collect fingerprints • Hardware to store the data • Software to make comparisons and calculations of similarities between images
Types of Scanners: Optical • Optical (similar to a digital camera) • A picture is taken with the finger on a glass plate • An array of light sensitive diodes illuminate the ridges and valleys • Overall clarity and definition are checked • Exposure is changed if necessary to correct light/dark contrast or to sharpen edges • Capacitance scanners use electric current instead of light to determine the fingerprint pattern
Types of Scanners: Capacitance • Use tiny electrical chips that measure differences in electric capacitance based on distance • Ridges are closer, while valleys are farther away • The difference in distance creates a difference in voltage and capacitance that can be measured • The processor then uses the differences from each of the chips in the array to develop a picture of the fingerprint • More secure because it requires the actual shape of the ridges and valleys instead of just the pattern
Major Feature Classification • Loops • Begin on one side of the finger, curve around or upward, and exit the other side • 65% of people have loop fingerprints • Arches • Slope upward and then down • More narrow than a loop • 5% of people have arch fingerprints • Whorls • Form a circular or spiral pattern • 30% are whorls • The arrangement, shape, size and number of lines of the same pattern can help to distinguish one from another
Identity Verification • The software uses complex algorithms to compare specific tiny features of the fingerprint (known as minutiae) • To get a match, the system finds a sufficient number of features and minutiae patterns that the two prints have in common • It also verifies that their relative locations are a match • The more points required, the more secure
Distinguishing between Individuals • Examples of identifying features • Loops and rods • Ellipse • Spiral • Tented arch • Island • Bifurcations (branches) • Minutiae such as the intersection of bifurcations, ending points of islands and the center points of sweat glands
Benefits • Comfort • Accuracy • Availability • Costs bromba.com, 2010
Additional Benefits • Reduced financial losses due to shared and stolen passes • Finger scans for fast-pass • Further reduction of wait time • Can be linked to an online cash account so patrons do not need to carry cash or credit cards while in the park • Discounts can be applied to in-park purchases for those who use the finger scan instead of cash or credit; resulting in shorter lines for food and drink.
Accuracy • Most researched and developed of all biometric options • Low error rate • The fingerprint identification process has a 98%+ identification rate and the false positive identification rate is less than 1%. • Within a typical fingerprint image obtained by a live scan device, there is an average of 30-40 minutiae. • The Federal Bureau of Investigation (FBI) has shown that no two individuals can have more than 8 common minutiae.” • The U.S. Court system has consistently allowed testimony based on 12 matching minutiae; in some courts, a lower number of matching minutiae have been allowed. Bioconsulting.com, 1996
User Acceptability • Has a high user acceptability rating • CA DMV study showed that there was a 96.48% favorable public response to Fingerprints vs. a 93.44% favorable response for Retinal Scan. • CA DMV study notes that, of all the people approached to participate in the DMV project, 2,515 refused to participate in Retinal Scan while only 619 refused to participate in Fingerprint. Bioconsulting.com, 1996
Other Biometrics • Retinal scans may not work because of ambient light • Voice recognition may not work because of ambient noise • Facial recognition will not work due to levels of scans • DNA is too hazardous and too slow
Success Story • Who: 24-Hour Fitness • What: Enter 10 digit check in code, scan finger • Why: • Convenience-no cards or cash required • Security-eliminates lost and stolen cards, only members can access gyms • Green focus: eliminates a lot of paper and plastic waste from card production • How: Scan both index fingers in case one hand is occupied or injured 24hourfitness.com, 2011
Success Story • They do not store clients’ finger prints, instead they partnered with MorphoTrak, a leader in the biometric industry, to develop this convenientnew way to check into their clubs. • By scanning the client’s finger, they chart the distance between a few distinct points that are unique to each individual and come up with an identifying number based on those distances. • They donot store a fingerprint, nor can the data they store be re-created into a fingerprint image. 24hourfitness.com, 2011
Success Story 24hourfitness.com, 2011
Sources • 24 Hour Fitness. FAQ’s [homepage on the Internet]. (CA): 24 Hour Fitness; n.d. [date accessed 2011 July 9]. Available from: http://www.24hourfitness.com/company/faq/. • Britt R R. Lasting Impressions: How Fingerprints are Created [homepage on the Internet]. Live Science; 2004 Nov. 2. [date accessed 2011 July 10]. Available from: http://www.livescience.com/30-lasting-impression-fingerprints-created.html. • Bromba M U. Biometrics FAQ [homepage on the Internet]. Dr. Manfred Bromba; 2010 Dec. 24. [date accessed 2011 July 9]. Available from: http://www.bromba.com/faq/biofaqe.htm#Besten. • Fingerprint Facts [homepage on the Internet]. Sense Technologies; 2001. [date accessed 2011 July 10]. Available from: http://www.senseme.com/scripts/biometrics/fingerprints.htm. • Harbour K. WV BIOMETRICS: Fertile ground for innovation [homepage on the Internet]. Charleston (WV): West Virginia Department of Commerce; 2011. [date accessed 2011 July 9]. Available from: http://www.wvcommerce.org/business/industries/biometrics/fertileground.aspx. • Harris T. How Fingerprint Scanners Work [homepage on the Internet]. How Stuff Works, Inc.; n.d. [date accessed 2011 July 9]. Available from: http://computer.howstuffworks.com/fingerprint-scanner.htm. • IBGweb, Find Biometrics. Fingerprint Recognition [homepage on the Internet]. BiometricsInfo.org; n.d. [date accessed 2011 July 9]. Available from: http://www.biometricsinfo.org/fingerprintrecognition.htm. • Kirubanandan S. Biometrics and Authentication [homepage on the Internet]. n.d. [date accessed 2011 July 9]. Available from: cups.cs.cmu.edu/courses/ups-sp07/slides/070327-biometrics.ppt. • Podio F L, Dunn J S. Biometric Authentication Technology: From the Movies to Your [homepage on the Internet]. National Institute of Standards and Technology; n.d. [date accessed 2011 July 10]. Available from: http://www.itl.nist.gov/div893/biometrics/Biometricsfromthemovies.pdf. • Ruggles T. Comparison of Biometric Techniques [homepage on the Internet]. 2002 July 10. [date accessed 2011 July 9]. Available from: http://www.bioconsulting.com/bio.htm. • Tynan D. Biometrics: From Reel to Real [homepage on the Internet]. PC World Magazine; 2011. [date accessed 2011 July 9]. Available from: http://pcworld.about.com/news/May182005id120889.htm.. • Watson S. How Fingerprinting Works [homepage on the Internet]. How Stuff Works, Inc.; n.d. [date accessed 2011 July 9]. Available from: http://science.howstuffworks.com/fingerprinting.htm. • Wilson O. Privacy & Identity - Security and Usability: The Viability of Passwords & Biometrics [homepage on the Internet]. Chicago (IL): n.d. [date accessed 2011 July 9]. Available from: facweb.cs.depaul.edu/research/vc/ciplit2004/ppt/Orville_Wilson.ppt. • Wilson T V. How Biometrics Works [homepage on the Internet]. How Stuff Works, Inc; n.d. [date accessed 2011 July 9]. Available from: http://science.howstuffworks.com/biometrics2.htm.