FIT3105 Biometric based authentication and identity management Lecture 5.

FIT3105FIT3105Biometric based Biometric based

authentication and identity authentication and identity managementmanagement

Lecture 5Lecture 5

FIT3105 - Security and Identity MFIT3105 - Security and Identity Managementanagement

22

Biometric methodBiometric method

Biometrics terminologiesBiometrics terminologies Biometrics propertiesBiometrics properties The importance of biometrics in authentication The importance of biometrics in authentication

and identity managementand identity management Biometrics technologiesBiometrics technologies Authentication and identity systems with Authentication and identity systems with

biometricsbiometrics Biometrics and smart cards.Biometrics and smart cards. Biometrics issuesBiometrics issues Biometrics architectureBiometrics architecture


33

Reading listReading list

http://digital.ni.com/worldwide/singapore.nsf/http://digital.ni.com/worldwide/singapore.nsf/web/all/9C3774162BBC5E7F862571B6000web/all/9C3774162BBC5E7F862571B6000CFA1FCFA1F

http://biometrics.cse.msu.edu/info.htmlhttp://biometrics.cse.msu.edu/info.html (overview and related papers)(overview and related papers)

http://www.springerlink.com/content/http://www.springerlink.com/content/cmxub1padvlua881/cmxub1padvlua881/

http://digital.ni.com/worldwide/singapore.nsf/web/all/9C3774162BBC5E7F862571B6000CFA1F



http://biometrics.cse.msu.edu/info.html


44

DefinitionDefinition

'A Biometric''A Biometric' is a measurable physical or is a measurable physical or behavioural characteristic of a human being -behavioural characteristic of a human being -hence 'biometrics' are measures of people.hence 'biometrics' are measures of people.• A physiological characteristic: fingerprint, iris A physiological characteristic: fingerprint, iris

pattern, form of hand, etc.pattern, form of hand, etc.• A behavioural characteristic: the way you sign, A behavioural characteristic: the way you sign,

the way you speak, etc.the way you speak, etc. Biometric methods are proposed for use in Biometric methods are proposed for use in

recognising identity, or authenticating claims of recognising identity, or authenticating claims of identityidentity


55

Biometrics in ITBiometrics in IT

Biometrics in IT is the measurement and Biometrics in IT is the measurement and statistical analysis of biological data using statistical analysis of biological data using computer and related technologiescomputer and related technologies– Using IT and related technologies to map Using IT and related technologies to map

human characteristics to digitised data for human characteristics to digitised data for identification and authentication purposes.identification and authentication purposes.


66

Biometrics in ITBiometrics in IT

Biometric of each person has to be unique.Biometric of each person has to be unique. We need to find the distinguishing things that We need to find the distinguishing things that

make each person unique and possible way to make each person unique and possible way to store, process and retrieve the information store, process and retrieve the information efficiently and securely.efficiently and securely.– Should the measurements of these distinguishing things Should the measurements of these distinguishing things

for different people be the same or different?for different people be the same or different?– How will these things be measured, digitised and How will these things be measured, digitised and

processed?processed?


77

Biometric questions on identityBiometric questions on identity

Is this the person who she/he claims to be? Has this person’s biometrics been in the system?

– How do we compare the new one and the existing ones?

Should this individual be given access to our computer system?

Is this person on a watch list of attackers? Should this person be allowed to enter your office,

building, etc?


88

Verification of identificationVerification of identification

1:1 match– allows only the person who satisfies the biometric test, with high

degree of certainty, to gain access to the parliament meeting room, or computer server room, or bank offices, etc.

1:Many match:– Ten suspects of this bank robbery case, murder case, vandalism

case, etc.– The person has been issued several licences or authorised

accesses. No match:

– There is no match to this person’s biometric in our system (he/she is not on the watch list or not in the database of suspects).


99

Biometrics’ basic properties for Biometrics’ basic properties for identification and authentocationidentification and authentocation

Universality: the data must be universal.Universality: the data must be universal. Uniqueness: the data must be uniqueUniqueness: the data must be unique Stability: the data should stay in tact over the life time of Stability: the data should stay in tact over the life time of

the entity.the entity. Easy-to-collect: it must be easy to collect and digitize the Easy-to-collect: it must be easy to collect and digitize the

data.data. Performance: computer processing time must not take too Performance: computer processing time must not take too

long.long. Acceptability: the method must be acceptable to the Acceptability: the method must be acceptable to the

industries and government organisations.industries and government organisations. Forge resistance: it must be infeasible to forge the data.Forge resistance: it must be infeasible to forge the data.


1010

Biometrics: how it worksBiometrics: how it works

Authentication with biometrics is a two-phase process.Authentication with biometrics is a two-phase process.– In the first phaseIn the first phase, users have to enrol by having their individual , users have to enrol by having their individual

features such as fingerprints or/and irises or/and faces or/and features such as fingerprints or/and irises or/and faces or/and signatures, etc. to be scanned (collected by devices).signatures, etc. to be scanned (collected by devices). Key features are extracted and then converted to unique Key features are extracted and then converted to unique templates templates

which are stored in a database usually in encrypted form.which are stored in a database usually in encrypted form.

– In the second phase, when corresponding features presented by a , when corresponding features presented by a would-be user are compared to the templates in the database.would-be user are compared to the templates in the database. The system tries to find If there is any match and produces a rejection The system tries to find If there is any match and produces a rejection

or acceptance based on criteria and some threshold. The system tries or acceptance based on criteria and some threshold. The system tries to minimise the rate of false rejections or false acceptances.to minimise the rate of false rejections or false acceptances.


1111

Static vs. dynamic biometric Static vs. dynamic biometric methodsmethods

Static biometric methods Static biometric methods – e.g: authentication based on a feature that is e.g: authentication based on a feature that is

always present (what if the feature changes always present (what if the feature changes over the time)over the time)

Dynamic biometric methods Dynamic biometric methods – e.g: authentication based on a certain e.g: authentication based on a certain

behaviour pattern (can this be mimicked by behaviour pattern (can this be mimicked by another person? And How can it be digitised, another person? And How can it be digitised, stored and processed correctly?)stored and processed correctly?)


1212

Biometric technologies (e.g)Biometric technologies (e.g)

Simple biometric technologies Simple biometric technologies – Hand geometry biometrics including fingerprintHand geometry biometrics including fingerprint

– Iris and retinal scanningIris and retinal scanning

– Face recognition using visible or infrared light/ Face recognition using visible or infrared light/ image processing.image processing.

– Signature recognition (identify a person based on Signature recognition (identify a person based on his/her signature)his/her signature)

– Voice recognition (identify a person based on Voice recognition (identify a person based on his/her voice)his/her voice)


1313

Biometric technologies (e.g)Biometric technologies (e.g)

Other possible biometric technologiesOther possible biometric technologies::– Vein recognition (hand)Vein recognition (hand)

– Gait recognitionGait recognition

– Body odour measurementsBody odour measurements

– Ear shapeEar shape

– DNADNA

– Keystroke dynamicsKeystroke dynamics

– Body movementBody movement

– Etc.Etc.


1414

Biometrics with fingerprint Biometrics with fingerprint techniques (e.g)techniques (e.g)

Borrowed from other author


1515

Biometrics with fingerprint (e.g)Biometrics with fingerprint (e.g)

Optical fingerprint sensor Capacitive sensor

Borrowed from other author


1616

Design of biometrics systemsDesign of biometrics systems

Major components of a biometric system:Major components of a biometric system:– Data collectionData collection– ProcessingProcessing– MatchingMatching– DecisionDecision– StorageStorage– Retrieval, Transmission, and comparison.Retrieval, Transmission, and comparison.


1717

Biometric system designBiometric system design

Extractedfeatures Template

Authentication/identification decision

Data collection

Raw Data processing Matching Storage

Matching score

DecisionBiometrics Applications


1818

Data collection/acquisition Data collection/acquisition subsystemsubsystem

Comprises input devices or sensors that Comprises input devices or sensors that read the biometric information from the userread the biometric information from the user

– Eg.; video camera, fingerprint scanner, digital Eg.; video camera, fingerprint scanner, digital tablet, microphone, etc.tablet, microphone, etc.

Converts biometric information into a Converts biometric information into a suitable form for processing by the suitable form for processing by the remainder of the biometric systemremainder of the biometric system


1919

Requirements for data collectionRequirements for data collection

Sampled biometric characteristics must be similar Sampled biometric characteristics must be similar to users’ enrolled templates.to users’ enrolled templates.

The users and data collectors may require training The users and data collectors may require training to be able to get the input data as accurate as to be able to get the input data as accurate as possible.possible.

Adaptation of users’ templates or re-enrolments Adaptation of users’ templates or re-enrolments may be necessary to accommodate changes in may be necessary to accommodate changes in physiological characteristics.physiological characteristics.

Sensors must be similar/standard so that biometric Sensors must be similar/standard so that biometric features are measured consistently.features are measured consistently.


2020

Raw data processing subsystemRaw data processing subsystem

This subsystem receives raw biometric data This subsystem receives raw biometric data from the data collection subsystem, thenfrom the data collection subsystem, then

Transforms the data into the form required Transforms the data into the form required by matching subsystemby matching subsystem

This subsystem may use filters to remove This subsystem may use filters to remove possible noise.possible noise.

It carries out the feature extraction from the It carries out the feature extraction from the raw biometric data for further processingraw biometric data for further processing


2121

Matching subsystemMatching subsystem

Receives processed biometric data from raw data Receives processed biometric data from raw data processing subsystem and biometric template processing subsystem and biometric template from storage subsystem.from storage subsystem.

Measures the similarity of the claimant’s sample Measures the similarity of the claimant’s sample with the reference template.with the reference template.– methods: distance metrics, probabilistic measures, methods: distance metrics, probabilistic measures,

neural networks, etc.neural networks, etc. The result should be a number known as The result should be a number known as match match

scorescore


2222

Storage subsystemStorage subsystem

Keeps the templates of enrolled users (One or Keeps the templates of enrolled users (One or more templates for each user are stored in more templates for each user are stored in storage).storage).

For different applications: the templates can be For different applications: the templates can be stored in:stored in:– physically protected storage within the biometric devicephysically protected storage within the biometric device– Digital databaseDigital database– portable devices such as smart cards, palm devices, portable devices such as smart cards, palm devices,

mobile phones, etc.mobile phones, etc.


2323

Decision subsystemDecision subsystem

Interprets the match score from the Interprets the match score from the matching subsystem (Eg: a matching subsystem (Eg: a thresholdthreshold is is defined. If the score is above the threshold, defined. If the score is above the threshold, the user is authenticated. If it is below, the the user is authenticated. If it is below, the user is rejected).user is rejected).

May require more than one submitted May require more than one submitted samples to reach a decision.samples to reach a decision.

May produce false positive or negative.May produce false positive or negative.


2424

Biometrics applicationsBiometrics applications

Physical access control Physical access control – To high security areasTo high security areas– To public buildings or areasTo public buildings or areas

Time & attendance controlTime & attendance control IdentificationIdentification

– Forensic person investigationForensic person investigation– Social services applications, e.g. immigration or Social services applications, e.g. immigration or

prevention of welfare fraudprevention of welfare fraud– Personal documents, e.g. electronic drivers license or Personal documents, e.g. electronic drivers license or

ID cardID card


2525

Biometrics for identificationBiometrics for identification

Positive identification: Is this the person who claims to be? – Yes: Provide access or log-in access to a valid user– No: do not provide access or log-in access

Negative identification: Is this the person who denies to be? – Yes: prevent multiple authorisations to the system.

It is hard to be transferred, forgotten, lost or copied Hopefully eliminate repudiation claims Automatic personalisation of user interfaces


2626

Biometrics and IdentificationBiometrics and Identification

Many countries apply biometrics for Many countries apply biometrics for identification cards:identification cards:– ID Cards include basic personal information, a ID Cards include basic personal information, a

digital photo and a biometric identifier (facial digital photo and a biometric identifier (facial recognition, iris scan, fingerprint).recognition, iris scan, fingerprint).


2727

Authentication and identification with Authentication and identification with biometrics - conclusionbiometrics - conclusion

Biometrics information must be reliable.Biometrics information must be reliable. It also must not be forgeable.It also must not be forgeable. Algorithms used for computer processing. Algorithms used for computer processing.

(retrieving, processing and comparing) have (retrieving, processing and comparing) have to be accurate.to be accurate.

Authentication for biometrics systems must Authentication for biometrics systems must be strong enough to protect privacy and be strong enough to protect privacy and maintain security.maintain security.

FIT3105 Biometric based authentication and identity management Lecture 5.

Documents

Transcript of FIT3105 Biometric based authentication and identity management Lecture 5.