Biometric authentication green apple computer learning

Sharbani Bhattacharya
Biometric Authentication
Green Apple Computer Learning
Faridabad

Three Courses
• Biometric Authentication Introduction-free
online course
• Biometric Authentication and Security- Basic
Course
• Design & Development of Biometric
Authentication – Advanced Course
12/8/2016 Green Apple Computer Learning 2

Today’s Topic
Biometric
Authentication
Introduction

Problems with Current Security
Systems
• Based on Passwords, or ID/Swipe cards
• Can be Lost.
• Can be forgotten.
• Worse! Can be stolen and used by a
thief/intruder to access your data, bank
accounts, car etc.

User/Passwords
• With increasing use of IT technology and need to
protect data, we have multiple accounts/passwords.
• We can only remember so many passwords, so we end
up using things we know to create them (birthdays,
wife/girlfriends name, dog, cat…)
• Its is easy to crack passwords, because most of our
passwords are weak!
• If we create strong passwords (that should be
meaningless to us) we will forget them! And there is no
way to remember multiple such passwords

Biometric Authentications
Biometrics are based on the principle of
measurable physiological or behavioral
characteristics such as a fingerprint or a voice
sample or retina or handwriting and so on.

Advantage
The advantage that Biometrics presents is that the
information is unique for each individual and that it
can identify the individual in spite of variations in
the time (it does not matter if the first biometric
sample was taken year ago).
The pillars of e-learning security are:
authentication, privacy (data confidentiality)
authorization (access control), data integrity and
non-repudiation. Biometric is a technique that can
provide all this requirements with quite lot
reliability.

Disadvantage
• It can insecure by any chance the database
hacked here biometrics are stored.
• Encryption may give different results and may
not match sometime.
• Biometrics may be useless when due accident
or mishap the user looses part of body or
organ which is used for biometric
authentication.

Biometrics used in History
China is among the first known to practice
biometrics back in the fourteenth century as
reported by the Portuguese historian Joao de
Barros. It was called member-printing where the
children's palms as well as the footprints were
stamped on paper with ink to identify each
baby.

Alphonse Bertillon, a Paris based anthropologist
and police desk clerk was trying to find a way of
identifying convicts in the 1890s decided to
research on biometrics. He came up with
measuring body lengths and was relevant till it
was proved to be prone to error as many people
shared the same measurement.

The police started using fingerprinting
developed based on the Chinese methods used
century before by Richard Edward Henry, who
was working at the Scotland Yard.

Raina, Orlans and Woodward (2003, p. 25-26)
stated references to biometrics as a concept could
be traced back to over a thousand years in East Asia
where potters placed their fingerprints on their
wares as an early form of brand identity. They also
pointed Egypt's Nile Valley where traders were
formally identified based on physical characteristics
such as eye color, complexion and also height. The
information were used by merchant to identify
trusted traders whom they had successfully
transacted business with in the past.

Biometrics used in Bible
Kapil et al also made references to the Bible,
first pointing to the faith Gileadites had in their
biometric system as reported in The Book of
Judges (12:5-6) that the men of Gilead identified
enemy in their midst by making suspected
Ephraimites say "Shibboleth" for they could not
pronounce it right.

The second reference is to The Book of Genesis
(27:11-28) where Jacob pretended to be Esau by
putting goat skins on his hands and back of his
neck so his skin would feel hairy to his blind,
aged father's touch. This illustrates a case of
biometric spoofing and false acceptance.

Biometric Systems
Biometric systems can be used in two different modes
• Identity verification (also called one-to-one comparison
or authentication) occurs when the user1 claims to be
already enrolled in the system (presents an ID card or
login name); in this case the biometric data obtained
from the user are compared to the user's data already
stored in the database.
• Identification (also called search, recognition or one-to-
many comparison) occurs when identity of the user is a
priori unknown.

Biometric Systems
There are basically two kinds of biometric
systems-
• Automated identification systems operated by
professionals (e.g., police Automated
Fingerprint Identification Systems – AFIS).
• Biometric Authentication Systems

Automated Identification Systems
Automated identification systems operated by
professionals (e.g., police Automated Fingerprint
Identification Systems – AFIS). The purpose of
such systems is to identify an individual in
question or to find an offender of a crime
according to trails left at the crime scene.
Enrolled users do not typically have any access
to such systems and operators of such systems
do not have many reasons to cheat.

Biometric Authentication Systems
Biometric authentication systems used for
access control. These systems are used by
ordinary users to gain a privilege or an access
right. Securing such a system is a much more
complicated task.

Biometric
Biometric characteristics can be divided in two
main classes-
• Physiological are related
• Behavioral are related

Physiological are related
Physiological are related to the shape of the
body and thus it varies from person to person
Fingerprints, Face recognition, hand geometry
and iris recognition are some examples of this
type of Biometric.

Behavioral are related
Behavioral are related to the behavior of a
person. Some examples in this case are
signature, keystroke dynamics and of voice .
Sometimes voice is also considered to be a
physiological biometric as it varies from person
to person.

Accuracy & Cost of Biometric Systems

Comparison of Biometric Methods

What are Biometrics?
The term "biometrics" is derived from the Greek
words bio (life) and metric (to measure).

Future
• A biometric system can provide two functions.
One of which is verification and the other one
is Authentication.
• So, the techniques used for biometric
authentication has to be stringent enough
that they can employ both these
functionalities simultaneously.

Future
• Currently, cognitive biometrics systems are being
developed to use brain response to odor stimuli, facial
perception and mental performance for search at ports
and high security areas.
• Other biometric strategies are being developed such as
those based on gait (way of walking), retina,
• Hand veins, ear canal, facial thermogram , DNA, odor
and scent and palm prints. In the near future, these
biometric techniques can be the solution for the
current threats in world of information security.

Different Biometrics
1. Face
2. Fingerprint
3. Voice
4. Palm print
5. Hand Geometry
6. Hand Vein
7. Iris
8. Retina Scan
9. DNA
10. Ear Shape
11. Signatures
12. Gait
13. Keystroke
14. Body Odr
15. Thermal Imaging

Face
A facial recognition technique is an application of computer
for automatically identifying or verifying a person from a
digital image or a video frame from a video source. It is the
most natural means of biometric identification.
Facial recognition technologies have recently developed into
two areas and they are Facial metric and Eigen faces.
Facial metric technology relies on the manufacture of the
specific facial features (the system usually look for the
positioning of eyes, nose and mouth and distances between
these features).
• The face region is rescaled to a fixed pre-defined size (e.g.
150-100 points).
• This normalized face image is called the canonical image.
Then the facial metrics are computed and stored in a face
template. The typical size of such a template is between 3
and 5 KB.

Strengths of Facial Recognition
• It is capable of leveraging existing image
acquisition equipment.
• It is capable of searching against static image
such as passports and driver's license
photographs.
• It is the only biometric capable of operating
without user cooperation.

Weaknesses of Facial Recognition
• Matching accuracy is reduced by change in
acquisition environment.
• Matching accuracy is also reduced by changes
in physiological characteristics.
• Tendency of privacy abuse is high due to non-
cooperative enrollment and identification
capabilities.

Fingerprint
A fingerprint is an impression of the friction ridges of all or any part of
the finger.
A friction ridge is a raised portion of the on the palmar (palm) or digits
(fingers and toes) or plantar (sole) skin, consisting of one or more
connected ridge units of friction ridge skin. These ridges are
sometimes known as "dermal ridges" or "dermal ". The traditional
method uses the ink to get the finger print onto a piece of paper. This
piece of paper is then scanned using a traditional scanner.
Now in modern approach, live finger print readers are used .These are
based on optical, thermal, silicon or ultrasonic principles. It is the
oldest of all the biometric techniques. Optical finger print reader is the
most common at present. They are based on reflection changes at the
spots where finger papilar lines touch the reader surface.
All the optical fingerprint readers comprise of the source of light, the
light sensor and a special reflection surface that changes the reflection
according to the pressure. Some of the readers are fitted out with the
processing and memory chips as well.

Fingerprint

Strengths of Deploying Fingerprint
Technology
• It can be used in a range of environment.
• It is a mature and proven core technology
capable of high level accuracy.
• It employs ergonomic and easy-to-use devices.
• The ability to enroll multiple fingers can
increase system accuracy and flexibility.

Weaknesses of Fingerprint
Technology
• Most devices are unable to enroll some small
percentage of users.
• Performance can deteriorate over time.
• It is associated with forensic applications.

Voice
Voice is also physiological trait because every person has different
pitch, but voice recognition is mainly based on the study of the way a
person speaks, commonly classified as behavioral.
Speaker verification focuses on the vocal characteristics that produce
speech and not on the sound or the pronunciation of speech itself. The
vocal characteristics depend on the dimensions of the vocal tract,
mouth, nasal cavities and the other speech processing mechanism of
the human body. It doesn’t require any special and expensive
hardware.
Speaker recognition uses the acoustic features of speech that have
been found to differ between individuals. These acoustic patterns
reflect both anatomy (e.g. size and shape of the throat and mouth) and
learned behavioral patterns.(e.g. voice pitch, speaking style).
Speaker recognition system employs three styles of spoken input and
they are listed below.
(a) Text dependent (b) Text prompted (c) Text independent
Text dependent involves selection and enrollment of one or more
voice passwords.
Text prompted is used whenever there is concern of imposters.12/8/2016 Green Apple Computer Learning 35

Strengths of Voice-Scan Technology
• It is capable of leveraging telephony
infrastructure.
• It effectively layers with other processes such
as speech recognition and verbal passwords.
• It generally lacks the negative perceptions
associated with other biometrics.

Weaknesses of voice-scan technology
• It is potentially more susceptible to replay
attacks than other biometrics.
• Its accuracy is challenged by low-quality
capture devices, ambient noise, etc.
• The success of voice-scan as a PC solution
requires users to develop new habits.
• The large size of the template limits the
number of potential applications.

Palm print
Palm print verification is a slightly different
implementation of the fingerprint technology.
Palm print scanning uses optical readers that are
very similar to those used for fingerprint
scanning, their size is, however, much bigger and
this is a limiting factor for the use in
workstations or mobile devices.

Hand Geometry
It is based on the fact that nearly every person’s
hand is shaped differently and that the shape of
a person’s hand does not change after certain
age.
These techniques include the estimation of
length, width, thickness and surface area of the
hand. Various method are used to measure the
hands- Mechanical or optical principle.

Hand Geometry

Hand Geometry
There are two sub-categories of optical scanners. Devices
from first category create a black and white bitmap image
of the hand’s shape. This is easily done using a source of
light and a black and white camera. The bitmap image is
processed by the computer software.
Only 2D characteristics of hand can be used in this case.
Hand geometry systems from other category are more
complicated. They use special guide marking to portion
the hand better and have two (both vertical and
horizontal) sensors for the hand shape measurements.
So, sensors from this category handle data of all 3D
features.

Strengths of Hand-Scan Technology
• It is able to operate in challenging
environments.
• It is an established, reliable core technology.
• It is generally perceived as non intrusive.
• It is based on relatively stable physiological
characteristics.

Weaknesses of Hand-Scan Technology
• It has limited accuracy.
• The form factor limits the scope of potential
applications.
• The ergonomic design limits usage by certain
populations.

Hand Vein
Hand vein geometry is based on the fact that the
vein pattern is distinctive for various individuals.
The veins under the skin absorb infrared light and
thus have a darker pattern on the image of the
hand taken by an infrared camera.
The hand vein geometry is still in the stage of
research and development. One such system is
manufactured by British Technology Group. The
device is called Vein check and uses a template with
the size of 50 bytes.

Iris
This recognition method uses the iris of the eye which is colored area that
surrounds the pupil. Iris patterns are unique and are obtained through video
based image acquisition system.
Each iris structure is featuring a complex pattern. This can be a combination
of specific characteristics known as corona, crypts, filaments, freckles, pits,
furrows, striations and rings.
The iris pattern is taken by a special gray scale camera in the distance of 10-
40 cm of camera. Once the gray scale image of the eye is obtained then the
software tries to locate the iris within the image. If an iris is found then the
software creates a net of curves covering the iris. Based on the darkness of
the points along the lines the software creates the iris code.
Here, two influences have to take into account. First, the overall darkness of
image is influenced by the lighting condition so the darkness threshold used
to decide whether a given point is dark or bright cannot be static, it must be
dynamically computed according to the overall picture darkness. Secondly,
the size of the iris changes as the size of the pupil changes. Before computing
the iris code, a proper transformation must be done.

Iris
In decision process, the matching software takes two iris
codes and compute the hamming distance based on the
number of different bits. The hamming distances score
(within the range 0 means the same iris codes), which is
then compared with the security threshold to make the
final decision. Computing the hamming distance of two
iris codes is very fast (it is the fact only counting the
number of bits in the exclusive OR of two iris codes).
We can also implement the concept of template
matching in this technique. In template matching, some
statistical calculation is done between a stored iris
template and a produced. Depending on the result
decision is taken.

Strengths of Iris-Scan Technology
• It has the potential for exceptionally high
levels of accuracy.
• It is capable of reliable verification as well as
identification.
• It maintains stability of characteristics over a
lifetime frame.

Weaknesses of Iris-scan Technology
• It has a propensity for false rejection.
• Acquisition of the images requires moderate
attentiveness and training.
• Some users exhibit a certain degree of
discomfort with eye-based technology.
• A proprietary acquisition device is required for
deployment.

Retina Scan
It is based on the blood vessel pattern in the
retina of the eye as the blood vessels at the back
of the eye have a unique pattern, from eye to
eye and person to person. Retina is not directly
visible and so a coherent infrared light source is
necessary to illuminate the retina. The infrared
energy is absorbed faster by blood vessels in the
retina than by the surrounding tissue. The image
of the retina blood vessel pattern is then
analyzed.

Retina
• Retina scans require that the person removes their glasses, place
their eye close to the scanner, stare at a specific point, and remain
still, and focus on a specified location for approximately 10 to 15
seconds while the scan is completed.
• A retinal scan involves the use of a low-intensity coherent light
source, which is projected onto the retina to illuminate the blood
vessels which are then photographed and analyzed.
• A coupler is used to read the blood vessel patterns. A retina scan
cannot be faked as it is currently impossible to forge a human
retina.
• Furthermore, the retina of a deceased person decays too rapidly to
be used to deceive a retinal scan. A retinal scan has an error rate of
1 in 10,000,000, compared to fingerprint identification error being
sometimes as high as 1 in 500.

Strength of Retina Scan
• . A retina scan cannot be faked as it is
currently impossible to forge a human retina.

Weakness of Retina Scan
• The retina of a deceased person decays too
rapidly to be used to deceive a retinal scan.
• Mishap and accidents can be make useless the
method.

DNA
DNA sampling is rather intrusive at present and requires a
form of tissue, blood or other bodily sample. This method
of capture still has to be refined. So far the DNA analysis
has not been sufficiently automatic to rank the DNA
analysis as a biometric technology. The analysis of human
DNA is now possible within 10 minutes.
As soon as the technology advances so that DNA can be
matched automatically in real time, it may become more
significant. At present Biometric Systems DNA is very
entrenched in crime detection and so will remain in the
law enforcement area for the time being.

Ear Shape
Identifying individuals by the ear shape is used in
law enforcement applications where ear markings
are found at crime scenes. Whether this technology
will progress to access control applications is yet to
be seen. An ear shape verifier (Optophone) is
produced by a French company ART Techniques. It
is a telephone type handset within which
is a lighting unit and cameras which capture two
images of the ear

Signatures
The signature dynamics recognition is based on the
dynamics of making the signature, rather than a direct
comparison of the signature itself afterwards. The
dynamics is measured as a means of the pressure,
direction, acceleration and the length of the strokes,
dynamics number of strokes and their duration.
The most obvious and important advantage of this is that
a fraudster cannot glean any information on how to write
the signature by simply looking at one that has been
previously written. There are various kinds of devices
used to capture the signature dynamics. These are either
traditional tablets or special purpose devices. Tablets
capture 2D coordinates and the pressure.

Gait
Gait biometrics is a biometrics that is based on
the way the person walks. It should be
mentioned that gait is not affected by the speed
of the person’s walk.
Some scientists differentiate gait from gait
recognition, pointing out that gait can be
considered as a cyclic combination of
movements that results in human locomotion
and gait recognition is recognition of some
property style of walk, pathology, etc. (Bi-
ometric Gait Recognition) .

Gait
• Kinematic parameters such as knee, ankle
movements and angles.
• Spatial-temporal parameters as length and
width of steps, walking speed.
• Correlation between parameters.

Properties of Gait
According to Bertenthal and Pinto there are 3
important properties of human perception of gait:
1. Frequency entertainment: various components of
the gait share a common frequency.
2. Phase locking: the relationships among the
components of the gaits remain stable.
3. Physical plausibility.

Strength of GAIT Technology
• Walking style cannot be copied.
• Every individual have peculiar style of walk
which good source of identification.

Weakness of GAIT Technology
• It may change due time and age.
• Dresses may cause difference in walking style.
Wearing saree , pant and skirt may change
accuracy level.
• Minor accident and mishap may change
identifying and verification process.

Keystroke
Keystroke dynamics is a method of verifying the
identity of an individual by their typing rhythm
which can cope with trained typists as well as
the amateur two-finger typist.
Systems can verify the user at the log-on stage
or they can continually monitor the Biometric
Systems 32 typist. These systems should be
cheap to install as all that is needed is a
software package.

Body Odor
The body odor biometrics is based on the fact that virtually
each human smell is unique. The smell is captured by sensors
that are capable to obtain the odor from nonintrusive parts of
the body such as the back of the hand. Methods of capturing
a person’s smell are being explored by Mastiff Electronic
Systems. Each human smell is made up of chemicals known as
volatiles. They are extracted by the system and converted into
a template.
The use of body odor sensors brings up the privacy issue as
the body odor carries a significant amount of sensitive
personal information. It is possible to diagnose some diseases
or activities in the last hours (like sex, for example) by
analyzing the body odor.

Thermal Imaging
This technology is similar to the hand vein
geometry. It also uses an infrared source of light
and camera to produce an image of the vein
pattern in the face or in the wrist.

Mix and Match of Authentication
Techniques
• The six experimental conditions were as follows:
• Password: Enter an alphanumeric password using the built-in on-screen
keyboard. In the spirit of typical corporate password policies, the easy to
remember 8character password securit3 was used.
• Voice: The user must speak the password phrase“ three five seven nine
three five seven nine”.
• Face: The user must take a photograph of their face using the front-facing
camera.
• Gesture: The user must write ‘35793579’ on the screen with their finger.
• Face+Voice: The user must say “three five seven nine three five seven
nine” while simultaneously lining up their face and taking a photograph.
• Gesture+Voice: The user must say “three five seven nine three five seven
nine”while simultaneously writing the digits ‘35793579’ on the screen
with their finger.

Biometrics Are not Used Somewhere
• Biometrics offer great amount of benefits in
safeguarding systems and is perceived as more reliable
than other security techniques (traditional security
methods). However, biometric technologies are not the
perfect security to be deployed for every application
and in some cases biometric authentication is just not
the right solution."
• One of the major challenges facing the biometric
industry is defining those environments in which
biometrics offer the strongest benefits to both
individuals and institutions, and then showing that the
benefits of deployment outweigh the risk as well as the
costs

Security
Since biometric characteristics cannot be guessed or
stolen, biometric systems offer a higher degree of
security than typical authentication methods (passwords
or tokens).
Efficient passwords are traditionally characterized by a
long and alternated sequence of numbers and symbols.
Therefore, they are sometimes difficult to remember.
Tokens, on their hand, may be stolen or loosed.
Regardless of their authentication type, passwords or
tokens can be shared. In this sense, there is no certainty
of who is the actual user. Since biometric characteristics
are not shared, this shortcoming is almost solved.

Accountibility
One important benefit of using biometric-based
authentication systems is that they are able to
keep track of the user's activities, e.g. it is
possible to know who has been doing what at a
given time (when).
These benefits are not available in traditional
authentication systems, since users may share
their identification cues, being not possible, for
example, to know who is the actual user.

Convenience
Biometrics systems are convenient in environments where
access privileges are necessary. Traditionally, in many
authentication environments, a user may have different
tokens or passwords. In these cases, biometrics can be used to
simplify the authentication process since the multiple
passwords or tokens can be replaced by a single biometric
characteristics.
Furthermore, another benefit is that biometric systems are
easily scalable. Depending on the security level desired, more
sophisticated biometric characteristics could be used. At a
bottom level, one could use for example, characteristics that
are not very discriminative. If more discriminable properties
are desired in the system, biometric characteristics with
higher distinctive properties may be used.

Application
• The operational goals of biometric applications are just as variable as the
technologies: some systems search for known individuals; some search
for unknown individuals.
• Some verify a claimed identity; some verify an unclaimed identity; and
some verify that the individual has no identity in the system at all.
• Some systems search one or multiple submitted samples against a large
database of millions of previously stored “templates” – the biometric
data given at the time of enrollment.
• Some systems search one or multiple samples against a database of a
few “models” – mathematical representations of the signal generation
process created at the time of enrollment.
• Some systems compare submitted samples against models of both the
claimed identity and impostor identities. Some systems search one or
multiple samples against only one “template” or “model”.

Application
The application environments can vary greatly –
outdoors or indoors, supervised or
unsupervised, with people trained or not trained
in the use of the acquisition device.

Biometric System
A biometric system can be designed to test one of
only two possible hypotheses:
(1) that the submitted samples are from an
individual known to the system; or
(2) that the submitted samples are from an
individual not known to the system.
Applications to test the first hypothesis are called
“positive identification” systems (verifying a
positive claim of enrollment), while applications
testing the latter are “negative identification”
systems (verifying a claim of no enrollment)

Application
• “Positive” and “negative” identification are
“duals” of each other.
• Positive identification systems generally serve
to prevent multiple users of a single identity,
while negative identification systems serve to
prevent multiple identities of a single user.

Application
Use of biometrics in negative identification
systems must be mandatory for all users
because no alternative methods exist for
verifying a claim of no known identity.

Overt Versus Covert
The first partition is “overt/covert”. If the user is
aware that a biometric identifier is being
measured, the use is overt. If unaware, the use
is covert. Almost all conceivable access control
and non-forensic applications are overt. Forensic
applications can be covert.

Habituated Versus Non-Habituated
The second partition, “habituated/non-habituated”,
applies to the intended users of the application. Users
presenting a biometric trait on a daily basis can be
considered habituated after a short period of time. Users
who have not presented the trait recently can be
considered “non-habituated”.
A more precise definition will be possible after we have
better information relating system performance to
frequency of use for a wide population over a wide field
of devices. If all the intended users are “habituated”, the
application is considered a “habituated” application. If all
the intended users are “non-habituated”, the application
is considered “non habituated”.

Attended Versus Non-Attended
A third partition is “attended/unattended”, and
refers to whether the use of the biometric
device during operation will be observed and
guided by system management. Non-
cooperative applications will generally require
supervised operation, while cooperative
operation may or may not.
Nearly, all systems supervise the enrollment
process, although some do not.

Standard Versus Non-Standard Environment
A fourth partition is “standard/non-standard
operating environment”. If the application will take
place indoors at standard temperature
(20°C),pressure (1 atm), and other environmental
conditions, particularly where lighting conditions
can be controlled, it is considered a “standard
environment” application. Outdoor systems, and
perhaps some unusual indoor systems, are
considered “non-standard environment”
applications.

Public Versus Private
A fifth partition is “public/private”. Will the users
of the system be customers of the system
management (public) or employees (private)?
Clearly, attitudes toward usage of the devices,
which will directly affect performance, vary
depending upon the relationship between the
end-users and system management.

Open Versus Closed
A sixth partition is “open/closed”. Will the system
be required, now or in the future, to exchange data
with other biometric systems run by other
management?
For instance, some US state social services agencies
want to be able to exchange biometric information
with other states. If a system is to be open, data
collection, compression and format standards are
required. A closed system can operate perfectly
well on completely proprietary formats.

Biometrics and Privacy.
1. Unlike more common forms of identification, biometric measures contain no
personal information and are more difficult to forge or steal.
2. Biometric measures can be used in place of a name or Social Security number to
secure anonymous transactions.
3. Some biometric measures (face images, voice signals and “latent” fingerprints left
on surfaces) can be taken without a person’s knowledge, but cannot be linked to an
identity without a pre-existing invertible database.
4. A Social Security or credit card number, and sometimes even a legal name, can
identify a person in a large population. This capability has not been demonstrated
using any single biometric measure.
5. Like telephone and credit card information, biometric databases can be searched
outside of their intended purpose by court order.
6. Unlike credit card, telephone or Social Security numbers, biometric characteristics
change from one measurement to the next.
7. Searching for personal data based on biometric measures is not as reliable or
efficient as using better identifiers, like legal name or Social Security number.
8. Biometric measures are not always secret, but are sometimes publicly observable
and cannot be revoked if compromised.12/8/2016 Green Apple Computer Learning 80

Adhaar Card

Template Security Requirements
The main challenge in developing a biometric
template protection scheme is to achieve an
acceptable tradeoff among three requirements
• Non-invertibility
• Discriminability
• Revocability

Non-invertibility
It must be computationally hard to recover the
biometric features from the stored template.
This prevents the adversary from replaying the
biometric features gleaned from the template or
creating physical spoofs of the biometric trait.

Discriminability
The template protection scheme shouldn’t
degrade the biometric system’s authentication
accuracy.

Revocability
It should be possible to create multiple secure
templates from the same biometric data that
aren’t linkable to that data. This property not
only enables the biometric system to revoke and
reissue new biometric templates if the database
is compromised, but it also prevents cross-
matching across databases, thereby preserving
the user’s privacy.

Template Security Approaches
• Biometric Feature Transformation
• Biometric Cryptosystems

Biometric Feature Transformation
The secure template is derived by applying a
noninvertible or one-way transformation
function to the original template; this
transformation is typically based on user-specific
parameters.
During authentication, the system applies the
same trans-formation function to the query and
matching occurs in the transformed domain.

Biometric Cryptosystems
It store only a fraction of the information
derived from the biometric template known as
the secure sketch. While the secure sketch in
itself is insufficient to reconstruct the original
template, it does contain sufficient data to
recover the template in the presence of another
biometric sample that closely matches the
enrollment sample.

Why we need Biometric Standards
Stapleton (2003, p. 167) defined a standard in a
general term as "a published document,
developed by a recognized authority, which
defines a set of policies and practices, technical
or security requirements, techniques or
mechanisms, or describes some other abstract
concept or model."

Due to this absence of biometric standards,
some institutions have been concerned of being
tied into technologies they actually believed as
not mature or even developmental.

• These include the desire for reducing the overall
cost of deploying biometrics technologies and
optimize the reliability of biometric systems.
• To reduce the risk of deploying solutions to
biometric problems.
• To ensure in the area of encryption and file
format, that the basic building blocks of biometric
data management have been developed based
on best practice by industry professionals.

“Standards ensure that, in the future, biometric
technology will be developed and deployed in
accordance with generally accepted principles of
information technology.“
---- By Nanavati (2002 p. 278)

BRITISH BIOMETRICS STANDARDS
• BS ISO/IEC 19784-2:2007
• BS ISO/IEC 19795-2:2006
• BS ISO/IEC 24709-1:2007
• BS ISO/IEC 24709-2:2007

BS ISO/IEC 19784-2:2007
This standard defines the interface to an archive
Biometric Function Provider (BFP). The interface
assumes that the collected biometrics data will
be managed as a database, irrespective of its
physical realization. Crosier (2008, p. 24) defined
the physical realization as "smartcards, token,
memory sticks, files on hard drives and any
other kind of memory can be handled via an
abstraction layer presenting a database
interface.)"

BS ISO/IEC 19795-2:2006
According to Shoniregun (2008, p. 25), this
standard provides recommendations and
requirements on collection of data, analysis as
well as reporting specific to two types of
evaluation (scenario evaluation and technology
evaluation). BS ISO/IEC 19795-2:2006 further
specifies the requirements in the development
and full description of protocols for scenario and
technology evaluations and also, in executing
and reporting biometric evaluations.

BS ISO/IEC 24709-1:2007
"ISO/IEC 24709-1:2007 specifies the concepts,
framework, test methods and criteria required
to test conformity of biometric products
claiming conformance to BioAPI (ISO/IEC 19784-
1)." (www.iso.org). Crosier (2008, p. 25) stated
ISO/IEC 24709-1:2007 specifies three
conformance testing models which allows
conformance testing of each of the BioAPI
components mainly a framework, an application
and a BSP.

BS ISO/IEC 24709-2:2007
The standard BS ISO/IEC 247 defines a number
of test assertions composed in the assertion
language explicitly required in ISO/IEC 24709-1.
The assertions allow a user to test the
conformance of any biometric server producer
(BSP) "that claims to be a conforming
implementation of that International Standard"
to ISO/IEC 19784-1 (BioAPI 2.0) (www.iso.org).

References
1. Vashek Matyáš 1, Zdeněk Říha, “Security of Biometric Authentication Systems”, International Journal of Computer Information Systems and
Industrial Management Applications ISSN 2150-7988 Volume 3 (2011) pp. 174-184 © MIR Labs, www.mirlabs.net/ijcisim/index.html
2. Aleksandra Babich , “Biometric Authentication. Types of biometric identifiers” ,Haaga-Helia University of Applied Science.
3. Debnath Bhattacharyya, Rahul Ranjan,Farkhod Alisherov,, Choi Minkyu , “Biometric Authentication: A Review”, International Journal of u- and e-
Service, Science and Technology, Vol. 2, No. 3, September, 2009.
4. James Wayman, Anil Jain, Davide Maltoni and Dario Maio, “An Introduction to Biometric Authentication Systems”,
5. Anil K. Jain, Karthik Nandakumar, “ Biometric Authentication: System Security and User Privacy” , Published by the IEEE Computer Society
NOVEMBER 2012 , Page 87.

Internet Connection required to run
video
Video
THANK YOU

Biometric authentication green apple computer learning

More Related Content

Viewers also liked (6)

Similar to Biometric authentication green apple computer learning (20)

More from Sharbani Bhattacharya (20)

Recently uploaded (20)

Biometric authentication green apple computer learning