HW 1(30)

Introduction

In today's digital infrastructure we have co interact with an increasing number of systems, both in che physical and the virtual worlds. Identity management (IdM), the process of identifying individuals and controlling access co resources based on their associated privileges, is becoming progressively complex. Today IdM has be­ come an inescapable face of life, from logging onco e-mail accounts and accessing corporate networks co boarding a flight. This has brought the spotlight on the im­ portance of an effective and efficient means of ascertaining an individual's identity. Traditional recognition techniques are based on something that you know (i.e., passwords) or something that you possess (i.e., tokens and ID cards). Completing the criad of recognition technologies, shown in Figure 1.1, is biometrics, which is defined as che automated recognition of humans based on biological or behavioral characteristics [1J. Although the use of biometric technologies, such as fingerprint recognition, face recognition, and iris recognition, is a more recent phenomenon, the use of human features for recognition can be traced back co che fifth century B.C. Archeologists have discovered evidence chat indicates chat Babylonian and Chinese civilizations used fingerprints co associate earthen pots with their creators. Since che nineteenth century, fingerprints and their utility in recognition have been studied using scientific methods [2]. Biometrictechnologies have also made appear­ ances in science fiction novels for over half a century-Isaac Asimov referred co che use of human characteristics for identification purposes in his book Foundation and Empire, published in 1952. In che lase two decades there has been a rapid growth of biometric technologies in government, industry, and personal applications as che traditional means of recognition have come under increasing pressure co keep up with today's IdM demands. The always-connected, always-on nature of today's sys­ tems has made it easier for threats co launch attacks, which have led co che demand for strong authentication mechanisms.

Knowledge-based methods such as passwords or passphrases can be forgot­ ten, stolen, or used surreptitiously. Possession-based methods such as tokens and ID cards are also prone co che same vulnerabilities, wich the additional possibility of misplacing them. These vulnerabilities can be exposed by a variety of security threats and expose che owners co financial and legal risk. There are administrative coses of reissuing che password or token, potential legal and regulatory fines, and an adverse impact on the owners' credibility. Nonrepudiation, which is the concept of an individual not having the ability co disown a particular action performed by

1

1/17

2

..··

.l Logìn

l. Password

:

Introduction

"••u••••u•••••••••u .. ,.,.... ,.••

Figure 1.1 Types of recognition methodologies.

the individual, is impossible co determine for systems that use passwords or tokens. The physiological or behavioral characteristics used for biometric recognition can­ not be forgotten or misplaced. Biometric technologies offer a reliable method of recognition in addition co providing nonrepudiation. Biometrics is being increas­ ingly used in government programs such as border control and government-to­ citizen services, along with consumer-facing applications in healthcare and finance sectors. Biometrictechnologies offer reliable and efficient recognition that is neces­ sary as our real and virtual worlds are further enmeshed.

The expectations of what biometric technologies can achieve will grow wich ics increased adoption. Biometrics is nor a silver bullet; it cannot provide 100% security, nor can it provide a reliable solution for every problem. As wich knowl­ edge- and possession-based methods, biometric technologies also have their weak­ nesses. The intention of this book is co serve as a guide co practitioners and applied researchers in the area of biometrics. Various commercially available biometric technologies are discussed in this book, bue rather than focusing on che underlying algorithms, this book focuses on factors that drive the practical implementation of this technology and, in che process, seeks co serve as a bridge between researchers and practitioners. There are several excellent books that cover the underpinnings of biometric sensors and algorithms and are referenced when necessary. This book will focus on development and deployment issues facing biometric technologies and several open questions that need co be answered for increasing ics adoption.

1.1 Basics of Biometrics

The etymology of the word biometrics can be found in the Greek words bios, which means life, and ·metron, which means measure. Biometrictechnologies are based on several different physiological and behavioral characteristics such as fingerprints, face structure, iris patterns, and voice signal. Although there are many human char­ acteristics that are candidates for use in biometric technologies, they musc satisfy

2/17

the following criteria co be useful [3]:

· Universality: They should be presene in che entire normal population.

· Uniqueness: They should be relatively unique and differentiated among every individual of the normal population.

· Collectible: They should be captured in real rime without any intrusions on pnvacy.

· Permanence: They should sray relatively stable throughout che period of use of che particular characteristic.

· Performance: They should perform accurately and consistently in real cime.

An implementation of a biometric technology has ro rake into account practi­ cal considerations so char ir can be used effectively in an operacional scenario. From a security perspective, che technology should provide a liveness detection capabil­ ity ro protect against spoofing attacks. Spoofing, which is the ace of presenting a nonlive or fake biometric sample, can render useless che security effectiveness of a biometric technology. Liveness detection and ancispoofing techniques are discussed in derail in Chapter 15. Other practical considerations include:

· Throughput: The system should provide a result in real rime char does nor inconvenience che user or impact the organization's processes.

· Usability: The system should be intuitive ro use and provide a satisfactory experience ro the user.

· Scalability: The system should be capable of handling an increasing amount of dara without any significane impact on performance, throughput, and usability.

· Acceptability: The system should be sensitive ro privacy and cultural con­ cerns of the users.

Nor all biometric technologies satisfy these requirements ro the same degree. The specific application will drive the priority given ro each of these criteria and the final selection of a particular biometric technology, bur they all should be con­ sidered as part of che decision function. Table 1.1 summarizes the selection criteria for biometrics from three different perspectives.

1.2 Types of Biometric Technologies

Over a century of research in biometrics has led to development of recognition technologies based on several physiological mui behavioral traits. Fingerprint recognition, face recognition, iris recognition, and voice

3/17

4 Introduction

recognition have a higher level of public awareness because of consumer-facing applications, media cover­ age, and movies, while there are others such as vein recognition mui keystroke dynamics that are relatively unknoum. Traditional biometrics literature categorizes technologies into two distinct classes based on how the trait being measured is generated. Physiological biometric technologies use anatomical features such as fingerprints, face, and iris structure. Behavioral biometric technologies use actions or mannerisms that are

acquired or learned over time such as signature, gait, mui typing pattern. The process of voice generation is af­ fected by behavioral (intonation, accent) mui physiological (vocal chords, nasal cavity, oral cavity) factors mui so is considered to be a mixture of both. Generally, physical characteristics provide a more consistent reading as they are minimally affected by the behavior of the indiuidual: They are also considered to be more accurate than behavioral biometrics, but research has shown that it is possible to effectively use behavioral biometrics to improve security mui convenience. Table 1.2 lists a summary of existing biometric technologies.

From a system view biometric technologies can be categorized on a continuum where the extreme ends are behavioral and physiological (Figure 1.2), instead of two distinct categories. All biometric technologies require users co interact wich a biometric sensor, which is impacted co a certain degree by che behavior of the individual. So although an underlying fingerprint recognition algorithm uses only physical characteristics, che capture process is impacted by how the user interacts with the fingerprint sensor.

The biometrics domain is an extremely dynamic one with several new tech­ nologies in the research pipeline, some of which will be commercialized in che near future. Keeping in mind che theme of this book, the well-established and commer­ cialized biometric technologies are briefly discussed here.

· Fingerprint recognition uses the pattern found on che skin of fingers co iden­ tify individuals. This is the oldest and most widely adopted biometric tech­ nology and, as a result, is che most mature of all biometric technologies. The fingerprint is rich in detail and several different methods for capturing, processing, and comparing them have been tested successfully. Fingerprint recognition is discussed in detail in Chapter 3.

4/17

· Face recognition uses che structure and che spatial geometry of che features and landmarks such as che nose, eyes, lips, and jawline. This technology has made great improvements in che lase two decades and can be performed on 2-D and 3-D images of che face. Face recognition is discussed in detail in Chapter 4.

· Iris recognition uses che pattern formed by muscle tissue and cell structures in che iris region of che eye. The iris is che circular ring surrounding che pu­ pil and ics main function is co control che size of che pupil and regulate che amount of light entering che eye. The iris image is captured using infrared il­ lumination and a camera, and not using invasive lasers, as is often depicted in media repores and movies. Iris recognition has attracted a loe of commerical and research interese in che lasedecade, and is discussed in detail in Chapter 5.

· Hand recognition uses che contour of che hand, length and thickness of fin­ gers, and spatial distance between ocher landmarks on che hand. This tech­ nology has been around since che 1970s and is heavily favored in physical access control applications. Hand recognition is discussed in detail in Chap­ ter 6.

· Voice recognition uses che vocal characteristics such as pitch, intonation, and vocal speed. The voice of a person is affected by several acquired geocultural factors, as well as physiological factors such as che shape and size of che vo­

5/17

cal chords, che nasal cavity, and che larynx. This technology has attracted a considerable amount of interese from intelligence and surveillance agencies, bue has traditionally seen low adoption in che commercial sector. That is now changing wich che proliferation of mobile devices because a standard micro­ phone is suitable for capturing voice samples. Voice recognition is discussed in detail in Chapter 7.

· Vascular pattern recognition systems use vein patterns for recognition. Veins carry deoxygenated blood from che various parcs of che body back co che heart and research has found che pattern formed from che vascular network is relatively unique and permanent. Commercial produces capture vein pat­ terns using infrared illumination, and currently they focus on che finger, che palm, and che back of che hand. Vascular pattern recognition is discussed in detail in Chapter 8.

· Dynamic signature verification uses features such as che velocity, direction, number of strokes, cime of each stroke, and pressure applied by che user

6 Introduction

during che signing process. The legal tender associated wich a signature makes it an appealing technology for use in identity verification applications. Dynamic signature verification is discussed in detail in Chapter 9.

· Keystroke dynamics uses the typing rhythm of a user on keyboards or other type of input devicesfor authentication. Mose commercial systems use a stan­ dardized keyboard as the input device and do not require any specialized hardware. The accuracy and reliability of this technology are still improving and are currently considered a good complement co password-based systems in a multifactor authentication. Keystroke dynamics is discussed in detail in Chapter 10.

· DNA identification has typically been used in forensic sciences, bue is now being pursued as a biometric technology. There are still technology issues such as invasive daca capture and processing time, which runs in hours and not in seconds. The definition of biometrics specifically refers co automated recognition, and although current DNA analysis is not completely auto­ mated, future advancesin chis technology should not rule out such a possibil­ ity. Its high level of distinctiveness among individuals makes it an extremely promising technology for che future.

There are ocher biometric technologies such as retina recognition, gaie recog­ nition, ear lobe recognition, scene recognition, hand gesture recognition, knuckle recognition, and ochers that are being actively researched by the scientific commu­ nity. These technologies are not discussed in-depth in chis book, as they have not transitioned co real-world deployments. Interested readers are encouraged co read scientific journals and publications co gain a becter understanding of chem.

All of these technologies are unimodal, which means that they use a single trait for recognition. The ability co fuse multiple biometric technologies co enhance performance and eliminate weaknesses has led co che design of multibiometric sys­

6/17

tems. These systems combine multiple craies (e.g., finger and face), multiple unies of the same characteristic (e.g., different fingers), or a variety of other informa­ tion sources. Multibiometrics has received increasing interese as the limitation of unimodal systems in large-scale applications is becoming apparent. Multimodal biometrics is discussed in depth in Chapter 11.

There is no "bese" biometric technology, and one of the goals of this book is co highlight the advantages and disadvantages of different technologies wich respect co different scenarios. The selection criteria for biometric technologies discussed earlier is affected by a variety of factors such as the user population, deployment environment, and requirements of che application. On completing this book, read­ ers will have the necessary cools co make an educated decision using a holistic approach.

1.3 Biometric System

A biometric system is essentially a pattern recognition engine that uses a representa­ tion of human craiesas ics input. A generalized biometric system can be viewed as a functional combination of five subsystems, as shown in Figure 1.3 [4]:

· 1.Acquisition: This subsystem is responsible for capturing the raw biometric sample from a user. Acquisition is typically performed using a sensor chat could require physical interaction with the user. This is the only point of interaction between a user and the biometric system and hence the source of all interaction errors that are injected into the system. Errors introduced here will propagate through the rese of the system and increase the probability of system errors.

2. Signal processing: This subsystem is responsible for extracting features that represent the uniqueness of the sample. This module preprocesses che sam­ ple for enhancement, performs quality assessment, and creates a feature representation for subsequent use in either storage or matching. The qual­ ity assessmentcomponent is an extremely important parc of chis subsystem, as it determines if the sample is suita ble for feature extraction or if it needs

co be recaptured. This is a compact representation of the raw signal and is typically designed co be noninvertible (i.e., it is computationally impossible co recreate the raw sample from the feature representation).

3. Data storage: This subsystem scores the feature representationproduced by che signal processing subsystem. This feature representation chat is scored for future use is also called a template in the biometrics domain. Daca storage can either be centralized (i.e., scored on a server) or localized (i.e., scored on a smart card or personal storage media).

4. Matching: This subsystem compares two feature representations and pro­ duces a similarity score. The similarity score is the degree of confidence chat che two original samples are from che same individual. A biometric

matching subsystem is probabilistic in nature-two samples from the same

7/17

probabilistic

individual will never provide a perfect match. In comparison, password and cryptographic techniques require a perfect match in order co declare it successful. Due co human interaction with the acquisition subsystem, successive samples from the same individual are never exactly the same. Instead of providing a binary response, a similarity score is calculated,

Data

storage

Decision

Success Failure

Figure 1.3 Biometric system model.

Introduction

5. Decision making: This subsystem uses the similarity score generated by the matching subsystem and compares it co a threshold value co generate a success or failure decision. The threshold value indicates che variability allowed between two biometric samples for them co be considered from the same source. The threshold value is also a reflection of the acceptable level of risk of the biometric system owner. The threshold value plays an instrumental role in decision errors produced by biometric systems, which are discussed in Chapter 2. The decision about the specific threshold value should be taken after careful discussions among all organizational unies that are affected by che biometric system.

Biometric systems are required co handle variations in samples. A complete biometric system is, in essence, a pattern recognition machine wich che dual goals of maximizing interclass variance and minimizing intraclass variance. Interclass variance is maximized by using features from subjects that are distinct between individuals. Intraclass variance is minimized by using features from subjects that remain stable over time and can be captured consistently. These dual principles of distinctiveness and stability form the underpinnings of any biometric system.

1.4 Biometric System Processes

8/17

Reacquire

Figure 1.4 Enrollment process.

Features

Success Failure

Figure 1.5 Verification process.

9/17

Data

storage

Figure 1.6 Identification process.

applications that operate in the identification mode might ask for a list of the closest matching candidates instead of only the best match. Such a list is called a candidate list and the maximum number of individuals on the list can be defined by the system administrator. Candidate lists are popular in applications that require human inter­ vention such as law enforcement. Take, for example, the process of comparing an unknown fingerprint against a large database of known criminals, which returns a candidate list that is further examined by a human expert. A biometric identification process that does not require any human intervention is called a lights-out process. The eventual goal of all biometric systems is to operate in lights-out mode, but the consequences of mismatch errors will require human intervention for outcomes with legal repercussions.

10/17

1.5 Biometric System Architecture

Any technology system should not be regarded as an island onco itself; today's en­ terprise infrastructure consists of several systems integrated co provide a seamless infrastructure. The possible locations for storage and matching systems provide system designers with the flexibility co create systems based on a variety of architec­ tures, as shown in Figure 1.7. These locations can be categorized into the following centralized server, local workstation, peripheral device, and physical token.

The server is defined as a centrally located system that is ac a different physical location than the requesting client and typically is connected co several clients. The local workstation is where a user initiates interaction with che biometric system. The peripheral device can also be connected with the local workstation using input/ output ports or an embedded device. Physical tokens are smartcards, PCMCIA cards, and other small-scale devices that are capable of scoring daca or matching

Centralized Local Peripheral Token

server workstation device

Figure 1.7 Possible locations for storage and matching.

templates. The INCITS Ml Ad Hoc Group on Biometrics and E-Authentication (AHGBEA) published a report in 2007 that described different biometric architec­ tures based on the location of che storage and matching subsystem [5]. There are 16 (42) configurations possible, illustrated in Figure 1.8, but not all of them are feasible in a practical implementation.

The architecture of all biometric system deployments will belong co one of these possible configurations. Severalfingerprint recognition produces are available that replace password authentication in an active directory with fingerprint recog­ nition in enterprise network applications. These produces, which are an example of distributed acquisition and centralized storage/matching architecture, allow orga­

11/17

nizations co centralize the IdM processes. The Seafarers' Identity Document (SID), which is issued by countries who are members of the International Labor Orga­ nization (ILO), contains che owner's fingerprint template on the card itself. For verification the seafarer provides his or her fingerprint sample co a kiosk along with the template scored on his or her card. In chis scenario che card aces as the storage location and che matching occurs on che machine in the kiosk. This is an example of architecture that uses a physical token for storage and a local workstation for matching.

Along wich technical feasibility, the final architecture is also driven by a mix­ ture of user concerns and performance metrics required by the system administra­ tors. The primary user concern is privacy of information and sharing of daca with third parties. In addition, maintaining confidentiality and integrity of the biometric daca and preventing unauthorized individuals from accessing chis daca should be a priority for system administrators. Daca protection laws also have co be fol­ lowed due co che financial and reputational ramifications of daca breach incidents.

Matching

Server Workstation Peripheral Token

Server

Figure 1.8 Biometric architectures and example applications.

12 Introduction

Chapeer 14 discusses in detail the design consideration for solution architects and program managers.

1.6 Applications of Biometric Technologies

12/17

Biometric applications are seen as a mechanism co counter the risks of identity fraud and escablish a strong link wich the identity credentials. By removing the need co remember passwords or carry physical tokens, biometric technologies enhance user convenience and improve security. There are several candidate domains for applications of biometric technologies, and they are discussed here. Figure 1.9 il­ lustrates the trade-off between accuracy and convenience for the various domains of applications.

· 1. Government applications account for the maximum number of biomet­ ric deployments. Among chem, law enforcement has been the forerunner in adopting biometric technologies, with the first use dating back co 1892 for prisoner identification using fingerprints [6]. Biometrics is increasingly con­ sidered for government-co-government and government-co-citizen applica­ tions chat require citizen identity management. Biometric national ID cards have been introduced in che Philippines and Malaysia, and Bangladesh has

implemented voter identification based on biometrics. Severalcountries have biometrics-based IdM for border control, welfare disbursement, and other

. . .

governrnent-to-cinzenservices.

2. Commercial applications in banking, retail, healthcare, and other sectors have used biometrics for over a decade, bue che adoption and usage race have not kept up with che pace of government applications. While gov­ ernment applications can focus on accuracy ac che expense of user conve­ nience, commercial applications have co balance accuracy and user conve­ nience. Adoption of biometrics in commercial applications will primarily be driven by che demands of meeting industry-specific regulations along with an increased focus on user experience and convenience.

Higher

accuracy

._. Law Enforcement,

•• Border Control

··,-, ,, .

Financial •...

applications -,-,

E-ma;;······+

access ..

•••• Context-aware

.... applications

~

Higher convenience

Figure 1.9 Security versus convenience.

3. Forensic applications are a natural extension of biometric technologies, as their underlying principles have a lor of overlap. Although chis is nor

13/17

related ro previous two categories in terms of security and convenience, forensic examinations such as dead body identification is possible using fingerprints, DNA, and ocher biometric traies.

4. Personalization/context-awareapplications represent a new class of appli­ cations char can rake advantage of biometric technologies. This class of applications is nor designed for che purpose of access control, bur instead for personalizing settings or configurations for using a particular device or service in a specificcontext. For example, a personalized application based on face recognition can be used in a car ro recognize che driver and adjust che height of che sear and che steering wheel ro che settings defined by che driver.

According ro a marker research report by che International Biometric Group (IBG), che marker for biometric technologies is expected ro grow from $3.4 billion in 2009 ro $9.3 billion in 2014, as illustrated in Figure 1.10 (7]. Ir is expected char fingerprint recognition will contribute ro a majority of che growth, along wich face, iris, voice, and vein recognition as significane contributors as well. The need ro reduce identity fra ud, increase border security, and improve convenience for users will be che biggest drivers of growth.

1.7 Classification of Biometric Applications

An IdM can be classified along several dimensions based on che requirements of che application and che operational environment. These dimensions are also referred ro as Wayman's Taxonomy [8]:

· 1. Overt or covert: This refers ro che user's awarenessand approval for having his or her sample captured and processed by a biometric system. Although most biometric applications are overt, surveillance applications might oper­ are in covert mode.

Biometric industry

($U.S. billion)

10

9

8

Q) 7

:::,

e 6

Q)

> 5

Q)

o:: 4

3

2

1

o

2009 2010 2012 2014

Year

Figure 1.10 Biometric market growth($ billion) [6].

14/17

2. Cooperative or noncooperatiue: This refers co che behavior of an intruder who is interacting wich a biometric system. The objective of the intruder is co circumvent the security procedure. Depending on positive or negative identification, the intruder will determine his or her specific behavior. ln negative identification an intruder who is on the lise does not wane co be detected. ln such a case it is in his or her beseinterese co be noncooperative and avoid detection. ln a positive identification application the intruder wanes co be positively identified, albeit as another individual. ln this case it is in his or her beseinterese co cooperate and increase his or her probability of getting accepted.

3. Habituated or nonhabituated:This refers co how often a user interacts wich a biometric system and level of training required for proper functioning of the system. Mosesystems will initially have co cater co nonhabituared users who will gradually become habituated wich repetitive use.

4. Supervised or nonsuperoised: Certain biometric systems have an operator or supervisor who oversees the system processes and intervenes if required. Bese practices suggest chat enrollment should be supervised for optimal results, and verification or identification should be nonsupervised based on application requirements. Law enforcement and border control applica­ tions are classic examples of supervised systems. Noncooperative systems should be operated in a supervised mode for it co be effective.

5. Standardized or nonstandardized environment: This refers co the consis­ tency of the environment throughout the entire deployment. Biometric sys­ tems are affected by external factors such as background and illumination, and keeping chem consistent is one way of improving performance of the system.

6. Closed or open systems: This refers co the requirement of the system co share daca with other systems. Law enforcement applications are an ex­ ample of an open system, whereas an enterprise log-on system is likely co be a closed system.

7. Public or private: This refers co che relationship between che user and the system owners. Government applications such as border control and wel­ fare disbursements are examples of public systems, whereas network log­ on for employee verification is an example of a private system. User con­ cerns have co be addressed differently based on che public or private nature of che system.

Table 1.3 applies the attribute lise co two operational biometric systems, US­ YISIT and Priviurn [9], co illustrate the classification methodology.

1.8 Summary

Recognition methods that enhance the security of the system and convenience of users have acquired increased importance in today's digital world. Traditional rec­ ognition methods based on memorizing secrets or possession of tokens, although still used predominantly, are facing serious operational challenges. Biometric

15/17

1.8 Summa 15

Table 1.3 Application Classifications

US-VISIT Privùm1 System

Overt Overt

Noncooperative Cooperative

Nonhabituated Nonhabituated

Supervised Nonsupervised

Nonstandardized Standardized

Open Closed

Public Private

technologies provide an additional levelof security and convenience, bue chis should not be interpreted as biometrics being the perfect solution. Biometric technologies also have limitations. Human interaction plays a significane role in determining the performance of biometric systems, and it has only lately started receiving the attention it deserves. Social acceptance based on geoculcural conditions will chal­ lenge the user confidence in che technology. Ensuring user privacy is a key factor in increasing the adoption of biometric systems. Biometric systems are not immune co mismatch errors, which are influenced by a variety of factors, including deploy­ ment environment, user interaction, and the strength of the underlying biometric matching algorithm. A perfectly secure system has never existed and never will. All systems have vulnerabilities, and a well-designed system should use appropri­ ate combination of knowledge-based, token-based, and biometric technologies co reduce these vulnerabilities. Biometric technologies will play an increasingly larger role in our daily lives, and the rese of this book discusses ics various technical as­ pects, potencialapplications, challenges, and solutions.

References

16/17

17/17