BIOMETRICS

Dr. MVNK Prasad IDRBT

Biometrics
Derived from Greek word Bios (life) and metrikos (measure). It is an Authentication Technology. It is the process of identifying an individual by his/her physiological or behavioral characteristics.

Biometric Characteristics
Universality

Every individual should have it. No two should be the same. It should be permanent or should vary very slowly with time.

Distinctiveness

Permanence

Contd..
Additional requirements in real life applications

Performance

Accuracy, Speed, Robustness. Public acceptance. Should be robust enough to various fraudulent methods. ease of acquisition for measurement

Acceptance

Circumvention

Collectability

Physiological characteristics
Fingerprint Hand geometry Iris Face Palmprint Infrared Thermogram Retina DNA Ear shape Skin Reflection

Behavioral characteristics
Signature Voice Key Stroke Gait Lip Motion

Two types of biometric systems

Identification system Verification system

Identification
Who am I? Identification is one-to-many matching. Identity is different from individual Comparison is done with a large database.

Verification
Am I whom I claim to be? One-to-one matching. User gives his identity and biometric data.

Advantages of Biometrics over Traditional methods

Increased Security Increased Convenience

Fingerprint
It is a pattern of ridges and furrows on the tip of the each finger. Patterns are created by the inked impression on the paper or through digital images captured from the compact sensor. Matching is a process of comparing the minutiae patterns.

Only once during the existence of our solar system will two human beings be born with two similar finger makings Harpers Headline 1910.

Two like fingerprints would be found only once every 1048 years Scientific American 1911.

Fingerprint

Feature Extraction

Existing recognition techniques

Minutiae matching Gabor Filters, Fast Fourier Transforms Wavelets Genetic algorithms Neural Networks and Fuzzy methods

Advantages:
1. 2. 3.

High accuracy Equipment is cheap Easy to use device

Disadvantages:
1. 2. 3.

Fake fingerprints can easily be created. Liveness detection is a great problem. Most devices are not able to enroll small percentage of users due to cuts and bruises on finger.

IRIS
Analyzes features found in the colored ring of tissue that surrounds the pupil. Features identified are textures with striations, contraction furrows, pits, rings and freckles.

IRIS

IRIS samples

IRIS Feature Extraction

Advantages:
1. 2. 3.

Very high levels of accuracy. Each iris is a unique structure. Capable of reliable identification as well as verification.

Disadvantages:
1. 2. 3.

Some users dont accept eye-based technology. High cost capture devices. Any unusual lighting situations may effect the ability of the camera to acquire its subject.

Face
Features identified are size of the eye, distance from eye to mouth, middle of mouth to chin, side of eye to cheek, size of mouth, and feature points.

Face Feature Extraction

Face identification examples

Advantages: 1. Can search against static images such as drivers license photographs. 2. Cheap hardware components and easy to be added to the existing computer systems. 3. Operate without user cooperation. Disadvantages: 1. The accuracy is not satisfied. 2. Cannot handle identical twins. 3. Changes in acquisition environment and physiological characteristics reduce matching accuracy.

3D Hand Geometry
Simple biometric. Features that can be identified are shape and characteristics of finger/hand like size of the palm, finger length, width, area, thick, and their relationship between fingers etc.

Hand image capturing

Hand Feature Extraction

Advantages
1. 2. 3. 4.

Less storage equipment Faster Lower cost More acceptance

Disadvantages
1. 2. 3.

Limited accuracy because of the simple features. Features are invariant over life span Human hand shape is not unique to each individual.

Voice
Utilizes the distinctive aspects of the voice to verify the identity of an individual. Features are frequency, pitch and tone of individuals voice. Least invasive of the biometric recognition technology is speech recognition.

Advantages 1. Capable of leveraging telephony infrastructure. 2. Requires no new hardware--- most PCs already contain a microphone. Disadvantages 1. Large size of the templates limits the number of potential applications. 2. Require long training time. 3. Cannot use in noise environment. 4. Can be mislead by mimicry

Infrared Thermogram
Captures the pattern of heat radiated by the human body with an infrared camera. Like face recognition it must deal with extra issues of 3D space and orientation of the face, hand or hand vein.

Advantages: 1. Pattern is unique for each person. 2. Technology can be used for covert recognition. Disadvantages: 1. Image acquisition is difficult when there are other heat emanating surfaces near the body. 2. Cost is high due to infrared sensors

Palmprint
Features are principal lines, ridges, wrinkles, datum points. New Technology. Automated palmprint authentication technology has been developed since 1996.

Recognition Techniques
Edge Detection and line detection techniques Gabor Filters, Fast Fourier Transforms Wavelets Genetic algorithms Neural Networks and Fuzzy methods

Advantages 1. Provides a larger surface area compared with the fingerprint, so that more features can be extracted. 2. High accuracy. 3. High user acceptance. Disadvantages 1. Since it is new biometric technology, there is not confidence from the public to use it. 2. Size of the device is bulky.

Vein Pattern Recognition

Hand is positioned over a scanner, which illuminates the palm with infrared light. Hemoglobin in the veins absorbs the light, making the web of veins appear black. The vein pattern is extracted from the image and compared to the stored template.

Vein Feature Extraction

Vein pattern recognition disadvantages

Injuries or deformations to the hand may cause failure to enroll. Systems which require contact may be considered invasive/unhygienic.

DNA
Advantages
1. 2.

Most reliable biometrics. Unique for each person.

Disadvantages:
1. 2. 3.

Contamination and it is easy to steal a piece of DNA from an individual and use it for ulterior purpose. Real time application is not possible. Privacy issues since DNA sample taken from an individual is likely to show susceptibility of a person to some diseases.

Retina
Creates an eye signature from the vascular configuration of the retina which is supposed to be a characteristic of each individual and each eye, respectively.

Advantages:
1. 2. 1. 2.

Most secure biometric because it is protected in an eye itself. Equipment is costly. Retinal scan reveals some medical conditions and as such public acceptance is questionable. Not suitable for real time applications.

Disadvantages:

Signature
A simple, concrete expression of the unique variations in human hand geometry. The way a person signs his or her name is known to be characteristic of that individual.

Advantages:
1. 2. 3.

Easy to collect samples. Less cost. Easily suitable for real time applications. Behavioral biometric that change over a period of time. Influenced by physical and emotional conditions of the subject.

Disadvantages:
1. 2.

Keystroke
Keystroke dynamics is a behavioral characteristic of an individual. Advantage is that keystrokes of a person using a system could be monitored unobtrusively as that person is the keying information. Disadvantage is that it is not very distinctive.

Newer technology and is yet to be researched. It is a peculiar way one walks and it is a complex spatio-temporal biometrics. Advantage is easy acceptance and easy acquisition. It is suitable for low security applications. Disadvantage is that it may not remain the same over a long period of time due to change in body weight or serious brain damage.

Gait

Factors for selecting biometrics

1. 2. 3. 4.

Cost Size of database Acceptance Accuracy

Comparison of various biometrics

Biometric system evaluation

Limitations of biometrics using single biometric characteristic

Noise in sensed data Distinctiveness Non-universality Spoof attacks

Multimodal biometrics
Limitations of unimodal biometric systems can be overcome by using multimodal biometrics. Allows integration of two or more biometrics.

Biometrics in Banking
Current Authentication systems Online authentication
Name

and Password based

Bank Authentication
Token
ID

card

Signature

Gateways for Biometrics

Transaction Security

Securing client transactions and protect their privacy either remotely or onsite. Security of the banks infrastructure, controls what activities specific individuals or job functions have access to Protecting the physical security of facilities (vaults, safety deposit boxes) Protect against internal fraud and illegal transactions with applicant background checks.

Network Security

Access control

Background Checks

Fingerprint (Transaction Security)

Goal: enable clients to authenticate themselves before any transactions are made on their account Enroll customers when the account is created with their fingerprint. When wishing to access their account, they must first provide their fingerprint to be verified No ID card is needed Provides non-repudiation Uses

In bank, ATM, kiosk, online

Fingerprint (Network Security)

Protect against internal fraud (employees tampering with the system) Enroll and authenticate bank employees before they can access the banks network to perform a transaction

Example
Bank of Central Asia (BCA) in Indonesia has around 8 million customers throughout the country Incorporated Identix fingerprint systems to secure the processing of high-value electronic fund transactions

Fingerprint (Access Security)

Instead of using a key or card to for access, use a fingerprint Access to the bank, vaults, safety deposit boxes

Example
Deutche bank is a European financial service provider with ~65,000 employees Installed AC Controls security to establish biometric access to their building
Fingerprint

readers determine who can enter their offices and also restricts what areas each person can access

Fingerprint (Background Checks)

Submit requests for backgrounds electronically. Background checks ensure the integrity of the employee base

Example
ING Direct installed live-scan fingerprint readers that channel electronic submissions to the FBI IAFIS database (Identix)

Before background checks took 4-5 weeks

While waiting, the prospective employee would be trained If the results effect the hiring, much money was wasted during training

Now, checks can be done in 4-5 days

Able to wait this period before training

Voice biometric
Main advantage over fingerprints:

Works remotely (by phone), without special readers Used for transaction security Verifying the customer is the rightful owner Can be affected by outside noise

Disadvantage:

Example
Banco Bradesco, South Americas largest private bank Incorporated Nuance technology to deploy a speech-enabled bill payment system

Can handle more than 300 simultaneous callers Enroll: (account number) Verify: Speak their account number Read the 48 digit bar code on the bill Then the system, extracts the payee, customer name, due date, and the payment amount Able to recognize accents and dialects of all Portuguese speakers in Brazil

Bill Payment

Signature
One of the most ancient forms of identification. Non-invasive, universal, and highly unique to all users Fast and easy to enroll and verify users no need to learn new skills

Pen Flow System

Analyzes speed, pressure, acceleration, and rhythm. Able to adapt to the dynamic nature of the signature and update the users profile. Performs 40 verifications per second. Storage size of less than 1KB.

Pen Flow system at Bank Hapoalim

Increases security by verifying customers prior to transactions. Allows customers to be verified at any branch or remote location. Applications will be extended for use with PDA s, home computers, and other remote locations.

Fujitsu Vein Pattern Scanner

Contact less design Lighting, positioning, and height tolerant

Fujitsu Technology
Three snapshots of the palm are taken in near infrared light. In the image produced the veins show up as dark patterns. This data forms the basis for security system. This data can be loaded onto a smart cash card and used at cash machines to identify the user of the card. Suruga Bank has already installed the system and it has been in operation since June 2005. The Bank of Tokyo-Mitsubishi plans to deploy the system.

Biometric applications in banking

Biometrics are already being used in banks around the world:

North and South America, Europe, and Asia Fingerprints Signature Vein Pattern Hand Geometry

Biometrics being used include:

These systems can be applied to virtually every aspect of the banking industry:

Transaction Security Employee attendance Network and Database Security Access facilities.

ISO/IEC 19794 : Information technology Biometric data interchange formats

1 Framework 2 Finger Minutia Data 3 Finger pattern spectral data 4 Finger Image Data 5 Face image data 6 Iris image data 7 Signature/sign time series data 8 Finger pattern skeletal data 9 Vascular image data 10 Hand geometry silhouette data

ISO/IEC 19795 : Information technology Biometric performance testing and reporting

1 Principles and framework

2 Testing methodologies for technology and scenario evaluation 3 Modality-specific testing

Finger Image Data

Gray scale finger image data in WSQ format Image acquisition setting Level 31 as defined in the ISO/IEC 19794-4
Scan resolution pixels/centimeter (ppcm) 197 Scan resolution pixels/inch (ppi) 500 Pixel depth (bits) Dynamic range (gray levels) 200

Setting level

Certification

31

EFTS

Image size 250x300 pixels

Finger Image Data

Live scan plain finger impression Number of fingers of which images needs to be taken should at least be two fingers, preferably index fingers. nevertheless, the number may decided by the banks taking into consideration their business requirements

Finger minutiae Data

Normal size finger minutiae format
x-coordinate 2 bytes y-coordinate 2 bytes angle 1 byte

Compact size finger minutiae format

x-coordinate 1 byte y-coordinate 1 byte angle 1 byte

Number of minutiae
The recommended minimum number of minutiae required for enrollment is 16 and for verification is 12. The maximum number of minutiae to be sent to a card is implementation dependent and related to:
Transmission time Memory resources Execution time Security aspects

Issues
Scalability Security Interoperability

Interoperability test
S. No. Vendor 1 2 3 4 5 6 7 8 Geodesic Scanner Suprema SFM33 Biomin Scanner Type Resolution Optical Optical Capacitive Spectral Capacitive Spectral Spectral Optical Optical 500 500 548 500 500 500 500 500

Track RF Link Footonics FS80 Linkewell Integra Analogics FINO Smart Chip Upek ICON 710 Lumidigm Upek Lumidigm venus series Lumidigm venus series Secugen Hamster 4

STJ ElectronicsSagem MSO 300

THANK YOU