Biometrics presentation

1,313 views
1,190 views

Published on

full biometric notes

Published in: Technology, Business
1 Comment
1 Like
Statistics
Notes
  • I hear that biometric products, if used with a backup password, are now called a “below-one factor authentication”, since it makes the users less safe than a password-only single factor authentication. It is exactly like a house with two entrances is less safe against burglars than a house with one entrance. This means that biometric products must be used without a backup password if security is wanted. Can it be done? It should help a lot if you have a quick look at http://www.slideshare.net/HitoshiKokumai/blind-spot-in-our-mind-eyecatching-experience
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
1,313
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
71
Comments
1
Likes
1
Embeds 0
No embeds

No notes for slide
  • This is the agenda for this morning.
    I will be showing you at two minute, quick video that talks about biometrics in the news.
    Then I’ll cover an overview of biometrics, its definition, classifications, etc.
    Then I will present all the biometric technologies available, both been used today and under research.
    Then I will be covering the accuracy metrics by which biometric systems are graded and which determine how secure is a biometric system.
    And finally, I will cover bioprivacy, which are privacy concerns with the use of biometrics and how to address them.
  • So, first let’s see the video.
  • Now, let’s get into a Biometrics Overview.
  • The definition of biometrics is, “an automated measurement off physiological and/or behavioral characteristics, to determine or authenticate identity”.
    Let’s spread the definition into it’s three major components, shown in diff. colors on the screen.
    These components will determine what is and what is not a biometric and also its different types and functionalities.
  • Let’s start with the First component of the definition: “Automated measurement”, which means no human intervention or involvement is required.
    Biometrics are automated in as much as the processes involved in sample acquisition, feature extraction, record retrieval, and algorithm-based matching are computerized or machine-based.
    Also the record retrieval and comparison against another measurement must take place in Real-Time.
    So for an instance ,DNA sampling, is NOT a biometric measurement because today it still requires human intervention and it’s NOT done in real time.
  • The second component of the definition : “Physiological and/or behavioral characteristics”, determine the two main biometric categories:
    behavioral and physiological.
    The behavioral characteristics measure the movement of a user, when users walk, speak, type on a keyboard or sign their name.
    The physiological characteristics would be the physical human traits like fingerprints, hand shape, eyes and face, veins, etc.
  • And the last component of the definition is “determine or authenticate identity”, which categorizes the two types of biometric functionalities.
    The first type is identification systems or the systems that answer the question who am I ? and determine the identity of a person.
    The second type is verification systems or systems that answer the question, am I who I claim to be ? and authenticate a person.
    An example of an Identification System using biometrics would be: You approach an ATM with NO card, NO claimed identity, NO PIN.
    The ATM scans your iris and determines who you are and gives you access to your money.
    An example of a Verification System using biometrics would be: You approach an ATM and swipe a card or enter an account number.
    The ATM scans your iris and uses it as a password to authenticate you are the rightful owner of the card and therefore give you access to your money.
  • Verification systems are more accurate, less expensive and faster than Identification systems.
    However, their drawbacks are: they are more limited in function, and they require a lot more effort from the user, to use the system.
  • The benefits of biometrics are:
    Enable security, because it helps protect data at the PC and/or network level.Also it may restrict access to buildings or specific rooms.
    Enforce Accountability, because can improve the audit trail and recordkeeping process. For instance, recent HIPPA regulations require careful audit logs of who access special data and for what reason.
    User Convenience, because users no longer have to memorize passwords or carry keys or badges that can get lost, stolen or forgotten.
    Improve Savings, because Biometric implementers, no longer need to reset passwords or reissue badges, change locks, etc.
  • Recent primary drivers for the use of biometrics are:
    Size and cost of biometric devices have decreased dramatically, with hardware getting smaller, faster and cheaper.
    All types of Biometric systems have Improved their accuracy and reliability by improving on their metrics, like false acceptance rate, false rejection rate and failure to enroll rate which I will cover later on and explain what they are.
    We can find today much more Mature standards and APIs (like BioAPI and BAPI) that have made it easier and less expensive to develop Biometric Applications.
    And finally, recently there has been more public awareness of Biometric uses and their convenience.
  • Now let’s take a look at the different Biometric Technologies out there.
  • There are two major classifications of biometric technologies:
    Those that do identification and verification (like Finger scan, Iris scan, Retina scan and Facial scan) and those that do verification only (like Hand Geometry, Voice Print, Keystroke Behavior and Signature).
    This classification is driven by the # of distinctive characteristics each technology is able to consistently measure.
    Therefore biometric technologies that do Identification and verification will have more distinctive characteristics to work with, than the ones that only do verification.
    There are also other Biometric Technologies in the making, at Universities and Colleges, which I will cover later on.
  • In the case of finger scan, It measures unique characteristics in a fingerprint.
    These characteristics or minutiae (as they are called), are crossover, core, bifurcations, ridge ending, island, delta and Pores.
    Fingerprint samples like the one you’re looking at, typically don’t have all the minutiae types available.
    It is desirable but not always possible.
    Today we may find many automated fingerprint identification systems or AFIS, because of the high quality scanners available.
    This technique is used mostly for forensic and background checks and is being used in both logical and physical security.
    Logical security costs are aprox. $50 - $200 and physical security costs aprox. $500 – $1,000 per device.
  • In the case of iris scan, It measures unique characteristics of the colored part of the eye also known as the Iris.
    These characteristics are: Ridges or rings , Furrows and Straitions or freckles.
    This technique just like finger scan is being used in both logical and physical security.
  • In the case of Retina scan, It measures unique characteristics of the back of the eye, which is called the Retina.
    These characteristics are: Blood vessel patterns and Vein patterns.
    Retina scan requires significant more effort to use than Iris scan, and it is more challenging because the slightest movement causes rejection by the system. It also needs more sophisticated cameras than Iris scan.
  • In the case of facial scan, It measures facial features like the Distance between the eyes And Distance between the eyes and nose ridge, Angle of a cheek, Slope of the nose, thickness of the lips, or facial temperatures.
    Is the most common Biometric technique used to obtain a personal identification.
    Facial scan has many challenges like changes in lightning, changes in camera angles, etc.
    This technique is used at all US embassies worldwide, and government agencies.
    Also used to guarantee uniqueness against an image databases usually to prevent identity theft.
    Many ATMs and casinos around the country, use this techniques to identify users.
    Very recent uses of this technique have been super bowl 35 to compare facial scans against known criminals.
    Or at Ybor City, Florida in the west coast (for citizen surveillance in public streets).
  • In the case of hand scan, It measures the top and side of the hand, not the Palm as it is commonly thought.
    It is typically known as the hand geometry. (Finger lengths, widths, curves etc)
    Is the most widely used technique for physical access and their price ranges from $1,200 – $1,500 per door.
    Recent uses include the I. N. S. pass System, which scans a hand of frequent travelers, so instead of presenting a passport for authentication these frequent travelers swipe a card and do a hand scan. It is both convenient to consumers and frees up human resources to attend for more higher risk passengers.
  • In the case of Voice scan, It measures the sound waves of human speech.
    Voice scan could be based on either text-dependent or text-independent speech input.
    If it is text-dependent, user talks to a microphone a passphrase and will repeat the same pass phrase when needed to be authenticated.
    The most common use of voice scan biometric systems is where a telephone is already being used.
    For instance home arrest verification is a very common use. Any time of the day or night a computer calls the home of a person under home arrest, and that person has to answer the phone and speak a passphrase to be authenticated.
    Voice scan Biometrics is currently restricted to low security applications because of high variability in an individual’s voice (depends on the user mood) and poor accuracy performance of a typical speech-based authentication system (affected by background noise).
  • In the case of keystroke scan, It Measures the time between strokes and duration of key pressed.
    Most commonly used in systems where keyboard is already being used.
  • In the case of signature scan, It measures the speed, pressure, stroke order and image of a signature.
    So it’s not only the signature image as it is commonly believed.
    If a signature from a user is already captured, this biometric technology adds an extra level of security with non-repudiation.
    Typically signature scan devices go for $50.00 or less.
  • To compare the different biometric techniques I will use the Zephyr chart analysis.
    In this chart the further away the characteristic is from the center, the better is the biometric technique.
    So for instance keystroke scan and signature scan are low cost, require very little effort, and are not intrusive at all, however they are not distinctive.
    On the other end of the spectrum, retina scan and iris scan, provide very high distinctiveness, however they are both expensive, and intrusive.
  • Now let’s talk about some of the accuracy metrics in biometric systems.
  • False Acceptance Rate (FAR): Measures how often imposters would be let in into the system. (Type II Error)
    False Rejection Rate (FRR): Measures how often legitimate users will be rejected by the system. (Type I Error )
    Now all biometric systems have threshold levels to minimize the FAR and FRR as necessary depending on the application.
    Failure To Enroll Rate (FTE): Measures the percentage of the population that are unable to enroll in the system (not only handicapped people), but for one reason or the other the user cannot enroll in the system.
    Ability To Verify (AVT) is a metric based on FTE and FRR.
    This metric usually characterizes user experience, cost of the system and level of security.
    The higher this ATV metric the more users are able to be processed, the less number of exceptions, making criminals easier to identify.
    Both AVT and FAR are excellent measures of a biometric system’s level of security.
  • Finally let’s cover some of the bioprivacy concerns.
  • There are two main categories of biometric privacy concerns: as informational privacy concerns and personal privacy concerns
    Just like your name and address, biometric information can be sold, so there are valid concerns about the use of this information.
    These concerns can be addressed through careful system design and careful audit.
    Personal privacy concerns create inherent discomfort because of cultural or religious beliefs.
    These concerns can be address by educating the users.
  • To help mitigate both informational privacy concerns and personal privacy concerns the bioprivacy framework was created and layouts the 25 best practices.
    These bioprivacy best practices have been broken down into four main categories.
    Scope & Capabilities, Data Protection, User Control of Personal Data and Disclosure, Auditing and Accountability.
  • The first category of bioprivacy best practices is scope and capabilities:
    includes limiting the system scope (slight expansion may have significant privacy implications)
    limit storage of the identifiable biometric data (actual Images and recordings should be discarded whenever possible).
    The second category is data protection:
    Use security tools to protect biometric information. These tools include encryption, private networks and secure facilities.
    System access should be limited to the smallest number of operators to prevent internal compromise.
  • The third category of bioprivacy best practices is user control of personal data :
    Systems should allow for the un-enrollment of a user in a voluntarily way.
    System should allow user to view, correct and update Information stored in the system.
    The last category of bioprivacy best practices is “Disclosure, Auditing and Accountability”:
    Explain The purpose of The system to operators and enrollees.
    Provisions should be made for third party auditing.
  • And now I will answer any questions you might have.
  • Biometrics presentation

    1. 1. Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns by Alvaro E. Escobar 1
    2. 2. Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns by Alvaro E. Escobar 2
    3. 3. Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns by Alvaro E. Escobar 3
    4. 4. Biometrics Definition: “Automated measurement of Physiological and/or behavioral characteristics to determine or authenticate identity ” by Alvaro E. Escobar 4
    5. 5. Biometrics “Automated measurement” No human involvement. Comparison takes place in Real-Time. –DNA is not a Biometric by Alvaro E. Escobar 5
    6. 6. Biometrics “Physiological and/or behavioral characteristics “ 1. Behavioral: – – – 2. User speaks. Types on a keyboard. Signs name. – – – – Fingerprint Hand Eyes Face Physiological: by Alvaro E. Escobar 6
    7. 7. Biometrics “determine or authenticate identity ”  Identification Systems: – –  Who am I? Determine Identity Verification Systems: – – Am I who I claim to be? Authenticate Identity by Alvaro E. Escobar 7
    8. 8. Biometrics “determine or authenticate identity ”  Verification Systems (cont): – – – – – More accurate. Less expensive. Faster. More limited in function. Requires more effort by user. by Alvaro E. Escobar 8
    9. 9. Biometrics  Benefits: – Security   – Accountability   – – PC, Network, Web Physical access to Buildings/Rooms Audit Trails Recordkeeping Convenience Savings by Alvaro E. Escobar 9
    10. 10. Biometrics  Primary drivers: – – – Size and cost decreased. Improved FAR, FRR & FTE Mature standards   – BioAPI BAPI Public awareness by Alvaro E. Escobar 10
    11. 11. Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns by Alvaro E. Escobar 11
    12. 12. Biometrics Identification and verification:  – – – – Finger scan Iris scan Retina scan Facial scan (optical and infrared) – – – – Hand Geometry Voice Print Keystroke Behavior Signature Verification only:   Other Biometric Technologies in the making. by Alvaro E. Escobar 12
    13. 13. Biometrics Finger scan: Measures unique characteristics in a fingerprint (minutiae)  – – – – – – – Crossover Core Bifurcations Ridge ending Island Delta Pore by Alvaro E. Escobar 13
    14. 14. Biometrics  Iris scan: Measures unique characteristics of the iris – – – Ridges (rings) Furrows Straitions (freckles) by Alvaro E. Escobar 14
    15. 15. Biometrics  Retina scan: Measures unique characteristics of the retina. – – Blood vessel patterns Vein patterns by Alvaro E. Escobar 15
    16. 16. Biometrics Facial scan: Uses off-the-shelf camera to measure the following facial features:  – – – – – Distance between the eyes. Distance between the eyes and nose ridge. Angle of a cheek. Slope of the nose. Facial Temperatures. by Alvaro E. Escobar 16
    17. 17. Biometrics  Hand scan: measures the top and side of the hand, not the Palm. – – – Hand Geometry. Most widely used technique for physical access. INSpass system by Alvaro E. Escobar 17
    18. 18. Biometrics  Voice scan: Measures the sound waves of human speech. – – user talks to a microphone a passphrase. Voice print is compared to a previous one by Alvaro E. Escobar 18
    19. 19. Biometrics  Keystroke scan: Measures the time between strokes and duration of key pressed. – Most commonly used in systems where keyboard is already being used. by Alvaro E. Escobar 19
    20. 20. Biometrics  Signature scan: Measures speed, pressure, stroke order an image of signature. – Non-repudiation by Alvaro E. Escobar 20
    21. 21. Biometrics  Biometric techniques still in the drawing board – – Vein scan : vein pattern in back of the hand. Lip movement : camera captures images of how user lips move while user speaks a passphrase. by Alvaro E. Escobar 21
    22. 22. Biometrics by Alvaro E. Escobar 22
    23. 23. Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns by Alvaro E. Escobar 23
    24. 24. Biometrics False Acceptance Rate (FAR) False Rejection Rate (FRR) Failure To Enroll Rate (FTE) Ability To Verify (AVT)     – AVT = (1 - FTE)(1 - FRR) by Alvaro E. Escobar 24
    25. 25. Biometrics Agenda I. Video II. Biometric Overview III. Biometric Technologies IV. Accuracy Metrics V. BioPrivacy Concerns by Alvaro E. Escobar 25
    26. 26. Biometrics  Informational privacy concerns: – – Misuse Addressed by:    System Design Careful Audit Personal privacy concerns – cultural or religious beliefs by Alvaro E. Escobar 26
    27. 27. Biometrics  Bioprivacy Framework (25 best practices) – – – – Scope & Capabilities Data Protection User Control of Personal Data disclosure, auditing and accountability. by Alvaro E. Escobar 27
    28. 28. Biometrics  Scope & Capabilities: – –  Limit system scope. Limit storage of identifiable biometric data. Data Protection: – Security Tools:    – Encryption private networks secure facilities Limited System Access by Alvaro E. Escobar 28
    29. 29. Biometrics  User Control of Personal Data : – –  Allow user un-enrollment (voluntarily) Allow user view, correct and update data Disclosure, Auditing and Accountability: – – Explain system purpose Third party auditing by Alvaro E. Escobar 29
    30. 30. Biometrics  Q&A by Alvaro E. Escobar 30

    ×