6. Authentication
There are 3 traditional way of verifying the
identity of a person:
Possessions (keys, passports, smartcards , …)
Knowledge
Secret (passwords, pass phrases, …)
Non-secret (user Id, mothers maiden name, favorite
color)
Biometrics
Physiological (fingerprints, face, iris, …)
Behavioral (walking, keystroke pattern, talking, …)
7. Authentication
The 3 modes of authentication are sometimes
combined
User id + password
ATM card + password
Passport + face picture and signiture
8. Authentication
There are two different authentication methods in
biometrics
Verification: Is he/she the person who claims he/she
is? Works with id + biometrics. Thus it is based on a
combination of modes.
Identification: Who is this person? Uses only the
biometrics and searches the entire database.
9. Overview of Biometric Systems
There are five important properties of biometric
identifiers:
1. Universality
2. Uniqueness
3. Permanence
4. Collectability
5. Acceptability
11. Overview of Biometric Systems
Biometric Subsystems
Biometric readers (sensors)
Feature extractors
Feature Matchers
12. Overview of Biometric Systems
A generalized diagram of a biometric system is as
follows:
13. Overview of Biometric Systems
Design Issues:
4 basic design specifications of biometric systems are
System accuracy
How often the system accepts an imposter (FAR)
How often the system rejects a genuine user (FRR)
Computational Speed
Exception Handling
Failure to use (FTU)
Failure to enroll (FTE)
Failure to acquire (FTA)
System Cost
14. Overview of Biometric Systems
Engineering Questions
- Trusting people/biometrics?
- Which biometrics is best for a given
application?
- How are the error numbers that are
reported for different biometrics to be
interpreted?
- Are new security holes created because of
the use of the biometrics?
- How to achieve a low exception rate?
- How to acquire the biometrics and how to
do it in a convenient way?
- What feature set is amenable for automatic
matching?
- Given the input data how to extract the
features from it?
- How to define a matching metric that
translates the intuition of “similarity” among
the patterns?
- How to implement the matching metric?
- Organization of the database?
- Methods for searching the database?
- Security?
- Privacy?
16. Biometric Identification
Biometric identification system can be used in
two different modes
• Positive identification
• Authorization of a group without id
• Negative identification
• Most Wanted List
17. Biometric Verification
Biometric verification differs from biometric
identification in that the presented biometric is only
compared with a single enrolled biometric entity
which matches the input id
18. Biometric Verification
There are two possible database configurations for the
verification systems
Centralized Database: As the name suggests the enrollment
information is in a central database. When the token (id/card)
is provided, the corresponding biometrics is retrieved and the
comparison is made with the newly presented biometric
sample. E.g. laptop
Distributed Database: In this case the enrollment template is
usually stored in a device that the user carries. The user
provides the device and his/her biometrics. Then the
comparison is performed between the two. E.g. smart cards
19. Biometric Enrollment
Process of registering subjects in biometric database
Positive Enrollment:
• To create a database of eligible subjects
• Biometric samples and other credentials are stored in the database. An id
(or a smart card) is issued to the subject.
Negative Enrollment:
• To create a database of ineligible subjects
• Often without subject cooperation or even knowledge
20. Biometric System Security
Possible Security Concerns:
Biometric information is presented when the owner is not
present.
Hacking the scanner, feature extractor, matcher, database,
and any other possible module in the system.
23. Descriptions
Authorization: Permission to access a resource
Access Control: A mechanism for limiting the use of some
resource to authorized users
Access Control List: A data structure associated with a
resource that specifies the authorized users and the conditions
for their access
Authenticate: To determine that something is genuine; to
determine reliably the identity of the communicating party
Authentication: Permission to access a resource
24. Secure Authentication Protocols
Characteristics of an authentication protocol:
Established in advance
Mutually agreed
Unambiguous
Complete (Able to handle exceptions)
An authentication protocol itself does “not” guarantee
security
25. Access Control Security Services
Some basic security services that should be offered by
any access control system are:
Authentication
Non-repudiation
Confidentiality
27. Authentication Protocols
Authentication protocol is the tasks the user and the
access point has to perform to be able to determine
whether the user has enough credentials or not.
Part of Authentication Protocols:
Enrollment
Tokens. E.g. T={x1…xn|xi Є (P,K,B)}
Comparison rules. E.g. Matching threshold
Other rules. E.g. “Three strikes and you are out”, or the
order of the presentation of the tokens: “First id number,
then the fingerprint, and than the key”
28. Matching Biometric Samples
Remark:
• P and K are checked by exact comparison;
• B is compared via pattern recognition techniques because of sampling
variations, noise and distortions
Three crucial design aspects of biometric system:
• The biometric sampling or signal acquisition (B=f(ß))
• The similarity function s=s(B1, B2) between two templates
• The decision threshold T that decides on a match or mismatch
29. Matching Biometric Samples
Identification
Only the biometrics is needed (no id is claimed).
• Authorization is granted if d=di
• Multiple di might satisfy the similarity criteria. A secondary
matcher (possible a human expert) tries to narrow it down.
30. Matching Biometric Samples
Screening
• Negative identification.
• Searching whether a subject is in an “interesting” people
database or not. (Most wanted criminals)
• Using biometrics only may result in too many false positives
(or false negatives depending on T). Bad ROC.
• Therefore several tokens P1, B1, K1, P2, K2, B2 etc. should
be matched with the ones in the file.
31. Matching Biometric Samples
Verification
• Id + B is provided. (Sometimes K too)
• The template corresponding the Id is retrieved from
the database
• If s(B,Bi)>T pass, else fail.
32. Matching Biometric Samples
Continuity of Identity
• Are the authenticated and authorized persons
the same?
• Re-establishing the authentication credentials
• Surveillance cameras
33. Verification by Humans
By looking at the biometrics (face, signatures…)
Face verification error rate 1:1000
Signature verification is not very secure
35. Hybrid Methods
More than one identifier is used {P, K, B}
Two Remarks
B with {P, K}. Reduces identification to
verification (from 1:many to 1:1)
B1 with B2. Results in better ROCs than using
only B1 or only B2
Combination of matching scores is an
application specific problem