GUIDE TO BIOMETRICS CHAPTER I II September

GUIDE TO BIOMETRICS CHAPTER I & II September 7 th 2005 Presentation by Tamer Uz

Chapter I Introduction

Outline n n n n Descriptions Authentication Overview of Biometric Systems Biometric Identification Biometric Verification Biometric Enrollment Biometric System Security

Descriptions n Biometrics: Science of identifying, or verifying the identity of, a person based on physiological or behavioral characteristics.

Descriptions n Authorization: Permission or approval. n Authentication: Validating or figuring out the identity of a person.

Authentication n There are 3 traditional way of verifying the identity of a person: n n Possessions (keys, passports, smartcards , …) Knowledge Secret (passwords, pass phrases, …) n Non-secret (user Id, mothers maiden name, favorite color) n n Biometrics Physiological (fingerprints, face, iris, …) n Behavioral (walking, keystroke pattern, talking, …) n

Authentication n The 3 modes of authentication are sometimes combined n n n User id + password ATM card + password Passport + face picture and signiture

Authentication There are two different authentication methods in biometrics n n Verification: Is he/she the person who claims he/she is? Works with id + biometrics. Thus it is based on a combination of modes. Identification: Who is this person? Uses only the biometrics and searches the entire database.

Overview of Biometric Systems There are five important properties of biometric identifiers: 1. Universality 2. Uniqueness 3. Permanence 4. Collectability 5. Acceptability

Overview of Biometric Systems Biometric Identifiers

Overview of Biometric Systems Biometric Subsystems n Biometric readers (sensors) n Feature extractors n Feature Matchers

Overview of Biometric Systems A generalized diagram of a biometric system is as follows:

Overview of Biometric Systems Design Issues: 4 basic design specifications of biometric systems are § System accuracy n n How often the system accepts an imposter (FAR) How often the system rejects a genuine user (FRR) § Computational Speed § Exception Handling n n n § Failure to use (FTU) Failure to enroll (FTE) Failure to acquire (FTA) System Cost

Overview of Biometric Systems Engineering Questions - - - - What feature set is amenable for automatic matching? Trusting people/biometrics? Which biometrics is best for a given application? How are the error numbers that are reported for different biometrics to be interpreted? Are new security holes created because of the biometrics? - - Given the input data how to extract the features from it? How to define a matching metric that translates the intuition of “similarity” among the patterns? - How to implement the matching metric? How to achieve a low exception rate? - Organization of the database? How to acquire the biometrics and how to do it in a convenient way? - Methods for searching the database? - Security? - Privacy?

Biometric Identification Biometric identification is based only on biometric credentials.

Biometric Identification Biometric identification system can be used in two different modes • Positive identification • • Authorization of a group without id Negative identification • Most Wanted List

Biometric Verification Biometric verification differs from biometric identification in that the presented biometric is only compared with a single enrolled biometric entity which matches the input id

Biometric Verification There are two possible database configurations for the verification systems Centralized Database: As the name suggests the enrollment information is in a central database. When the token (id/card) is provided, the corresponding biometrics is retrieved and the comparison is made with the newly presented biometric sample. E. g. laptop Distributed Database: In this case the enrollment template is usually stored in a device that the user carries. The user provides the device and his/her biometrics. Then the comparison is performed between the two. E. g. smart cards

Biometric Enrollment Process of registering subjects in biometric database Positive Enrollment: • • To create a database of eligible subjects Biometric samples and other credentials are stored in the database. An id (or a smart card) is issued to the subject. Negative Enrollment: • • To create a database of ineligible subjects Often without subject cooperation or even knowledge

Biometric System Security n Possible Security Concerns: n n Biometric information is presented when the owner is not present. Hacking the scanner, feature extractor, matcher, database, and any other possible module in the system.

Chapter II Authentication and Biometrics

Outline n n n n n Descriptions Secure Authentication Protocols Access Control Security Services Authentication Methods Authentication Protocols Matching Biometric Samples Verification by Humans Passwords vs. Biometrics Hybrid Methods

Descriptions n n n Authorization: Permission to access a resource Access Control: A mechanism for limiting the use of some resource to authorized users Access Control List: A data structure associated with a resource that specifies the authorized users and the conditions for their access Authenticate: To determine that something is genuine; to determine reliably the identity of the communicating party Authentication: Permission to access a resource

Secure Authentication Protocols Characteristics of an authentication protocol: n Established in advance n Mutually agreed n Unambiguous n Complete (Able to handle exceptions) An authentication protocol itself does “not” guarantee security

Access Control Security Services Some basic security services that should be offered by any access control system are: n Authentication n Non-repudiation n Confidentiality

Authentication Methods Possession (P) Knowledge (K) Biometrics (B)

Authentication Protocols Authentication protocol is the tasks the user and the access point has to perform to be able to determine whether the user has enough credentials or not. Part of Authentication Protocols: n n Enrollment Tokens. E. g. T={x 1…xn|xi Є (P, K, B)} Comparison rules. E. g. Matching threshold Other rules. E. g. “Three strikes and you are out”, or the order of the presentation of the tokens: “First id number, then the fingerprint, and than the key”

Matching Biometric Samples Remark: • P and K are checked by exact comparison; • B is compared via pattern recognition techniques because of sampling variations, noise and distortions Three crucial design aspects of biometric system: • The biometric sampling or signal acquisition (B=f(ß)) • The similarity function s=s(B 1, B 2) between two templates • The decision threshold T that decides on a match or mismatch

Matching Biometric Samples Identification Only the biometrics is needed (no id is claimed). n • • Authorization is granted if d=di Multiple di might satisfy the similarity criteria. A secondary matcher (possible a human expert) tries to narrow it down.

Matching Biometric Samples n Screening • Negative identification. • • • Searching whether a subject is in an “interesting” people database or not. (Most wanted criminals) Using biometrics only may result in too many false positives (or false negatives depending on T). Bad ROC. Therefore several tokens P 1, B 1, K 1, P 2, K 2, B 2 etc. should be matched with the ones in the file.

Matching Biometric Samples n • • • Verification Id + B is provided. (Sometimes K too) The template corresponding the Id is retrieved from the database If s(B, Bi)>T pass, else fail.

Matching Biometric Samples n • Continuity of Identity Are the authenticated and authorized persons the same? • Re-establishing the authentication credentials • Surveillance cameras

Verification by Humans n n n By looking at the biometrics (face, signatures…) Face verification error rate 1: 1000 Signature verification is not very secure

Passwords versus Biometrics n n Passwords: Exact match Biometrics: Probabilistic match n FAR, FRR

Hybrid Methods n n More than one identifier is used {P, K, B} Two Remarks n n n B with {P, K}. Reduces identification to verification (from 1: many to 1: 1) B 1 with B 2. Results in better ROCs than using only B 1 or only B 2 Combination of matching scores is an application specific problem

QUESTIONS?