Post on 25-Feb-2016
description
Biometric standardsAn overview of biometrics and identity management
February 2010
2
The need to identify• Every day we are required to identify ourselves
Using a bank card with a PIN at a cash machine A password to log on to a computer Using a key to open a door Punching a code into a keypad to enter the workplace Using passwords on the Internet Providing a passport and driving licence as proof of
identity• We need to be able to accurately IDENTIFY an
individual to minimize current issues and threats
3
Current attributes used to identify
• Name• Address• Postcode• Date of Birth• Account no.• Passwords• PINs• Phone no.
• Mother’s maiden name• Passport• Birth certificate• Driving licence• Credit cards• Utility bills• Membership cards• Salary slip
4
Is biometrics the answer?• A biometric is part of the person and is not easily
compromised through: Theft Collusion Loss
• Simplifies user management resulting in cost savings• Users do not need to remember passwords• Users do not need to remember PINs• User accounts cannot be shared• Easy to use
5
Biometric definition• The automated recognition of individuals based on
their behavioural and biological characteristics The general meaning of biometrics encompasses
counting, measuring and statistical analysis of any kind of data in the biological sciences including the relevant medical sciences
• The term is derived from the Greek words “bios” meaning life and “metron” meaning measure
6
Biological and behavioural• Biological
Fingerprint Face (2D & 3D) Iris Vein pattern Hand geometry DNA
• Behavioural Signature Gait Voice Keystroke dynamics
7
Iris• Captures the pattern of flecks on the iris• Uses conventional cameras• Average 2 seconds for identification• No physical contact between user and reader
8
Face• Based upon the geometric shape and position of
features of the face• Resistant to changes in skin tone, facial hair, hair
style, and eyeglasses• No active user involvement required in order to
perform identification/verification• Limited success in practical applications
9
Voice• Analyses voice patterns and characteristics of
speech e.g. pitch, tone, etc.• High user acceptance – perceived as least
intrusive biometric technology• Easy for end users to implement• Ideal for telephone systems/mobile environments
10
Hand geometry• Measures the physical characteristics of the user’s
hand and fingers• Low level infrared light and camera used to capture an
image• Suited to applications where there is a large user base
or users access the system infrequently• Systems are easy to use and robust
11
Signature• Based on analysis of the dynamics of a handwritten
signature e.g. shape, speed, stroke order, pen pressure
• Generally use pressure sensitive tablets or wired pens• User friendly• Non intrusive – minimal public acceptance issues• Captured signature can be used for digitally signing
documents
12
Keystroke dynamics• Monitors rate of typing and intervals between letters• Verification based on typing rhythm – intruders may
guess password but fail to key in with correct rhythm• Neither enrolment nor verification disturbs the regular
flow of work• Low cost – only hardware required is keyboard
13
Fingerprint• Variety of fingerprint devices available (silicon and
optical)• Template constructed by analysing patterns that make
the fingerprint (minutiae)
14
DNA• Forensic genetics use deoxyribonucleic acid (DNA) profiling in a number
of important human identity applications• 0.01% of a person's entire genome is unique to each individual
This represents 3 million base pairs of DNA 95% of the human genome are non-coding sequences (called junk DNA)
• Standard profiling systems only exploit the junk DNA to maintain the privacy and civil rights of the donor
15
Multimodal• Combination of one or more
biometrics Algorithmic level Results level
• Multimodal is the fusion of results with logic applied
16
Key multimodal facts
Can be used to:• Improve reliability• Make forgery more difficult• Make systems more flexible to
user characteristics (decreases failure to enrol)
• Make systems more complex• Promote inclusivity
Input Device
Matching
Result
Input Device
Matching
Result
Fusion
Fusion
Fusion
17
Verification versus Identification
“Are you who you say you are?”
“Who are you?”
NOT
18
Verification and Identification• Verification
Involves confirming or denying a person’s claimed identity – Are you who you claim to be?
Biometric sample captured and compared with the previously stored template for that user
One-to-one comparison Are you who you say you
are? “I am who I say I am”
• Identification Means establishing a
person’s identity from an already established list – Who are you from this list?
Biometric sample presented to a system which searches the existing (enrolled) subjects
One-to-many comparison Do I know you? “I am not known to you
already”
19
Identification before verification• To establish a ‘clean’ database of individuals each
individual first needs to be identified One-to-many match is performed against the central
database to ensure the individual does not already exist under correct name or any other aliases
• Once identity is established it can be sufficient to verify the individual as proof of identity only One-to-one match is performed at the point of interface
without the need to check back to the central database
20
Key Consideration in a biometric system
Current & Future
Technology
Risk & Requirement
Analysis
Research & Development
User Perception
Accuracy & Throughput
IntegrationPerformanceBusiness Process
Strategy
21
Considerations of adding a biometric system
• Not all biometrics technologies suit all people• In many cases additional hardware is required• User co-operation is usually necessary• Privacy concerns must be addressed• Cost of personal devices in large systems can be
significant• User education is required• Biometric revocation must be considered as
biometric data is not secret
22
Capture the legal and political imperatives
• Ask what additional considerations are there with a biometric application as opposed to any other IT deliverable Privacy? Data access considerations (who and why)? Sensitivity of data? Legislative limitations? User acceptance? Standards compliance?
23
ISO/IEC JTC1 SC 37 Biometrics• Currently 25 participating countries and 7 observer countries• Liaisons with:
JTC 1/SC 17 Cards and Personal Identification. JTC 1/SC 24 Computer Graphics and Imaging JTC 1/SC 27 Information Technology Security Techniques. JTC 1/SC 29 Coding of Audio, Picture and Multimedia and Hypermedia Information. JTC 1/SC 31 Automatic Identification and Data Capture Techniques JTC 1/SC 32 Data Management and Interchange JTC 1/SC 36 Information Technology for Learning, Education and Training. ITU-T SG17 Telecommunication Standardization Sector Study Group on Data
Networks and Telecommunications Software. BioAPI Consortium IBIA International Biometrics Industry Association (IBIA) ILO International Labour Office of the UN
24
The benefits of standards for biometrics
• They foster wide spread utilization of the technology
• They are a sign of industry maturity• They reduce time-to-market• They facilitate interchange and/or interoperability• They reduce risk to integrators and end users• They reduce vendor “lock-in” effect
25