1. IMPLEMENTATION OF BIOMETRICS
BIOMETRIC VOTING SYSTEMS THROUGH COMPUTER NETWORKS
PRITHVIRAJ.A, VIGNESH.R
SASTRA UNIVERSITY
TANJORE.
Email:prithviinfos@gmail.com
ABSTRACT:
Biometrics is the technique of using unique, non
transferable, physical characteristics, such as fingerprints,
to gain entry for personal identification. Since after the
invention of the unique technology it has been being used
in security systems and authentication. Presently, security
fields have three different types of authentication, they
are:
Something we know: a password, PIN, or piece of
personal information
Something we have: a card key, smart card, or token and
Something we are: a BIOMETRIC
Biometric based computer networks and its access in
the internet are the techniques which are known little and
very rarely implemented. This paper deals with the
accessibility of biometrics in a practical application like
polling of votes-‘e-voting’ using a physical entity (finger
print) through computer network (internet).
INTRODUCTION:
Biometrics is best defined as measurable physiological
and or behavioral characteristics that can be utilized to
verify the identity of an individual. Initially, these
techniques were employed primarily in specialist high
security
applications; however we are now seeing their use and
proposed use in a much broader range of public facing
situations. Biometrics measure individual’s unique
physical or behavioral characteristics to recognize or
authenticate their identity. Common physical biometrics
includes fingerprints; hand or palm geometry; and retina,
iris, or facial characteristics .Of this class of biometrics,
technologies for fingerprint is the most developed.
Biometrics are not a future technology, they are a
current technology, with a bigger role in the future.
Biometrics will not to replace passwords, swipe cards, or
pin numbers etc, rather work with them in enhancing
security in a simple, reliable, and cost effective way. It
involves directly the human being for the identification or
verification. Traditionally many security systems employ
the verification technique rather than the identification
which is the main aim of biometrics. Biometrics as said
earlier uses the individual’s physical characteristics to do
its job like hand geometry, retina structure, palm size etc.
Biometrics involves different types of devices for that.
E.g., fingerprint scanner, iris reader etc. It makes use of
the genetic differences between the two persons which is
a universal truth. Every human being on the earth has a
unique identification and that are shown in their different
body organs. Biometrics picks up that particular
peculiarity to distinguish the two bodies, and that makes it
so strong.
PHYSICAL ENTITY IN BIOMETRICS:
Several physical entities are used in biometrics
They are: Iris, fingerprint, face recognition, voice
recognition, retina scan etc.comparision between these
entities are as followed:
IRIS
FACE RECOGNITION
FINGERPRINT
VOICE
RETINA .
COMPARISION BETWEEN VARIOUS BIOMETRIC
ENTITIES:
Characteristi
c
Fingerprint
s
Retina Iris Face Voice
Ease of Use High Low
Mediu
m
Medium High
Error
Dryness,
dirt, age
Glasses
Poor
Lightin
g
Lighting
, age,
glasses,
hair
Noise,
colds,
weather
Accuracy High
Very
High
Very
High
High High
User
acceptance
Medium
Mediu
m
Mediu
m
Medium High
Required
security
level
High High
Very
High
Medium Medium
Long-term
stability
High High High Medium Medium
2. BASED ON USAGE:
finger print
iris
retina
voice
palm
From the above details it is very clear that finger print is
the most EFFICIENT AND ACCURATE one.
FINGER PRINT:
Fingerprint looks at the patterns found on a fingertip.
There are a variety of approaches to fingerprint
verification. Some emulate the traditional police method
of matching minutiae; others use straight pattern-
matching devices; and still others are a bit more unique,
including things like moiréfringe patterns and ultrasonics.
Some verification approaches can detect when a live
finger is presented; some cannot.
Fingerprint verification may be a good choice
for in house systems where adequate explanation and
training can be provided to users and where the system is
operated within a controlled environment. It is not
surprising that the workstation access application area
seems to be based almost exclusively around fingerprints,
due to the relatively low cost, small size (easily integrated
into keyboards) and ease of integration
HOW DOES THE SYSTEM WORKS
Whilst individual biometric devices and systems have
their own operating methodology, there are some
generalizations one can make as to what typically happens
within a biometric systems implementation.
Obviously, before we can verify an individuals identity
via a biometric we must first capture a sample of the
chosen biometric. This ‘sample’ is referred to as a
biometric template and is the reference data against which
subsequent samples provided at verification time are
compared. A number of samples are usually captured
during enrolment (typically three) in order to arrive at a
truly representative template via an averaging process.
The template is then referenced against an identifier
(typically a PIN or card number if used in conjunction
with existing access control tokens) in order to recall it
ready for comparison with a live sample at the transaction
point. A poor quality template will often cause
considerable problems for the user, often resulting in a re-
enrolment. These methods of template collection is done
during the time of registering the person as a voter.
Template storage is an area of interest, particularly with
large scale applications which may accommodate many
thousands of individuals. The possible method is:
STORING THE TEMPLATE IN A CENTRAL
REPOSITORY DATABASE
This method is storing the template collected from the
voter in a separate database. . This may work well in a
secure networked environment where there is sufficient
operational speed for template retrieval to be invisible to
the user. However, we must bear in mind that with a large
number of readers working simultaneously there could be
significant data traffic, especially if users are impatient
and submit multiple verification attempts. The size of the
biometric template itself will have some impact on this,
with popular methodologies varying between 9 bytes and
1.5kb. Another aspect to consider is that if the network
fails, the system effectively stops unless there is some sort
of additional local storage. This may be possible to
implement with some devices, using the internal storage
for recent users and instructing the system to search the
central repository if the template cannot be found locally.
VERIFICATION OF THE TEMPLATE AND
ONLINE POLLING.
The verification process requires the user to claim an
identity by either entering a PIN or presenting a token,
and then verify this claim by providing a live biometric to
be compared against the claimed reference template.
There will be a resulting match or no match accordingly
(the parameters involved will be discussed later under
performance measures). A record of this transaction will
then be generated and stored, either locally within the
device or remotely via a network and host (or indeed
both).
With certain devices, you may allow the user a number of
attempts at verification before finally rejecting them if the
templates do not match.
At the time of election , the voter is advised to
login in to the official website of the election commission
3. where public voting takes place. He or she can login with
a particular ration id.no. after login the voter is adviced to
select the political party to which he wants to poll his
vote. After the selection the voter is asked to connect his
BIOMETRIC FINGERPRINT READER, once the reader
is connected the voter is asked to swipe his finger, it is
noted that the voter’s id correspond to his finger template
and he could swipe his finger only once. Once the finger
template is verified the vote is registered and the voter is
automatically directed out of the site.
PERFORMANCE MEASURES:
False accepts, false rejects, equal error rates,
enrolment and verification times - these are the typical
performance measures quoted by device vendors (how
they arrived at them is another matter). But what do they
really mean? Are these performance statistics actually
realized in real systems implementations? Can we accept
them with any degree of confidence?
False accept rates (FAR) indicate the likelihood
that an impostor may be falsely accepted by the system.
False reject rates (FRR) indicate the likelihood
that the genuine user may be rejected by the system. This
measure of template matching can often be manipulated
by the setting of a threshold, which will bias the device
towards one situation or the other. Hence one may bias
the device towards a larger number of false accepts but a
smaller number of false rejects (user friendly) or a larger
number of false rejects but a smaller number of false
accepts (user unfriendly), the two parameters being
mutually exclusive.
Somewhere between the extremes is the equal error point
where the two curves cross and which may represent a
more realistic measure of performance than either FAR or
FRR.
These measures are expressed in percentage (of
error transactions) terms, with an equal error rate of
somewhere around 0.1% being a typical figure. However,
the quoted figures for a given device may not be realized
in practice for a number of reasons. These will include
user discipline, familiarity with the device, user stress,
individual device condition, the user interface, speed of
response and other variables. We must remember that
vendor quoted statistics may be based upon limited tests
under controlled laboratory conditions, supplemented by
mathematical theory. They should only ever be viewed as
a rough guide and not relied upon for actual system
performance expectations.
This situation is not because vendors are trying
to mislead you (in most cases anyway) but because it is
almost impossible to give an accurate indication of how a
device will perform in a limitless variety of real world
conditions.
Similarly, actual enrolment times will depend
upon a number of variables inherent in your enrolment
procedure. Are the users pre-educated? Have they used
the device before? What information are you gathering?
Are you using custom software? How well trained is the
enrolling administrator? How many enrolment points will
you be operating? What other processes are involved?
And so on. The vendors cannot possibly understand these
variables for every system and their quoted figure will
again be based upon their own in house experiences under
controlled conditions.
Verification time is often misunderstood as vendors will
typically describe the average time taken for the actual
verification process, which will not typically include the
time taken to present the live sample or undertake other
processes such as the presentation of a token or keying of
a PIN. Consider also an average time for user error and
system response and it will be apparent that the end to end
verification transaction time will be nothing like the
quoted figure.
THE BLOCK DIAGRAM OF BIOMETRIC VOTING
SYSTEM IS AS FOLLOWS:
ACCURACY:
There are two parameters to judge the accuracy of the
biometrics system :false acceptance rate and false-
rejection rate. Both methods focus on the system's ability
to allow limited entry to authorized users. However, these
measures can vary significantly, depending on how you
adjust the sensitivity of the mechanism that matches the
biometric. For example, you can require a tighter match
between the measurements of hand geometry and the
STEP 7:IF
BOTH
MATHCES,
VOTE IS
SUCCESFULLY
POLLED
STEP.5:STORING
OF USER
TEMPLATE
TEMPERORILY
STEP 3:THE
VOTER’S
TEMPLATE IS
RETRIEVED
FROM
DATABASE .
STEP 1.
VOTER
LOGINS
USING HIS
ID.
STEP 2.a
TEMPLATE
DATAB ASE
OF VOTERS
STEP4:VOTER
INPUTS HIS
FINGER PRINT-
biometric
STEP
6:CHECKING
THE USER
TEMPLATE
STEP 8:DIRECTED
OUT OF WEBSITE
STEP.2b
PARTY
SELECTIO
N
4. user's template (increase the sensitivity). This will
probably decrease the false-acceptance rate, but at the
same time can increase the false-rejection rate. So be
careful to understand how vendors arrive at quoted values
of FAR and FRR.
Technology leaning toward the false reject protect any
unauthorized acceptance and hence become more widely
taken while in the case of false-acceptance sometimes an
unauthorized person may got the access permission which
may be dangerous. Hence based on these two variables
the accuracy of the installed technology is measured.
ADVANTAGES:
It is time efficient.
no proxy votes are polled
human power and money spent over elections could be
saved.
loss of lives at election riots could be prevented as the
system is safe and secure.
sick and handicapped could be benifitted.
votes polled by NRIs could be collected quickly
DISADVANTAGES:
It is difficult for the illiterate people to understand the
technology
the technology implemented is costly.
Maximum database security should be given for
prevention against ethical hacking.
.FAR (False acceptance rate) is probability by which
system can accept imposter as genuine individual.
.FRR (false rejection rate) is probability by which system
can reject a genuine individual.
COMPARISION BETWEEN USUAL VOTING AND
BIOMETRIC VOTING:
0
10
20
30
40
50
60
70
80
90
p c e t r
usual voting
biometric
voting
p-price ,c-cost ,e-efficiency ,t-time ,r-reach to people
OTHER APPLICATIONS OF BIOMETRICS:
Virtual Access:
For a long time, biometric-based network and computer
access were areas often discussed but rarely implemented.
Analysts see virtual access as the application that will
provide the critical mass to move biometrics for network
and computer access from the realm of science-fiction
devices to regular system components. passwords are
currently the most popular way to protect data on a
network. Biometrics, however, can increase a company's
ability to protect its data by implementing a more secure
key than a password. Using biometrics also allows a
hierarchical structure of data protection, making the data
even more secure: Passwords supply a minimal level of
access to network data; biometrics, the next level. You
can even layer biometric technologies to enhance security
levels.
E-Commerce:
E-commerce developers are exploring the use of
biometrics and smart cards to more accurately verify a
trading party's identity. For example, many banks are
interested in this combination to better authenticate
customers and ensure nonrepudiation of online banking,
trading, and purchasing transactions. Some are using
biometrics to obtain secure services over the telephone
through voice authentication. Developed by Nuance
Communications, voice authentication systems are
currently deployed nationwide by the Home Shopping
Network.
FUTURE OF BIOMETRICS
Although companies are using
biometrics for authentication in a variety of situations, the
industry is still evolving and emerging.
Standardization:
Standards are emerging to provide a common software
interface, to allow sharing of biometric templates, and to
permit effective comparison and evaluation of different
biometric technologies.
The BioAPI standard released at
the conference, defines a common method for interfacing
with a given biometric application. BioAPI is an open-
systems standard developed by a consortium of more than
60 vendors and government agencies. Written in C, it
consists of a set of function calls to perform basic actions
common to all biometric technologies, such as
*enroll user,
*verifyassertedidentity(authentication),and
* discover identity.
Another draft standard is the Common Biometric
Exchange File Format, which defines a common means of
exchanging and storing templates collected from a variety
of biometric devices.
Hybrid Technology:
One of the more interesting uses of biometrics involves
combining biometrics with smart cards and public-key
infrastructure (PKI). Vendors enhance security by placing
more biometric functions directly on the smart card. Some
vendors have built a fingerprint sensor directly into the
smart card reader, which in turn passes the biometric to
the smart card for verification. PKI uses public- and
5. private-key cryptography for user identification and
authentication. It is mathematically more secure, and it
can be used across the Internet.
CONCLUSION
At its infancy, current biometric
technology is still considered immature to completely
replace password and other authentication schemes.
Security wise, biometric technology shows vulnerabilities
that can be easily exploited for wrongful purposes.
Biometrics itself is by nature complicated and
distinctively secured to each unique identity. Hence, to
achieve higher security performance, the design of
biometric system should take into consideration the
possible vulnerabilities of the processes and algorithms of
the system for the whole life cycle, namely data
collection, data transmission, storage, templates
comparison and susceptibility of the system to physical
human attack.
Another challenge confronting biometrics is the fact
that people are not ready to accept the technology in its
entirety. Due to the far-reaching impact of biometric data
misuse, any irresponsible use of the technology could be
destructive to the society and would certainly compromise
the privacy rights of people. Thus, regulations are needed
to control and manage the implementation of biometrics.
3-factors authentication, microchip implantation and
DNA profiling are among the many that deserve attention.
Although the challenges confronting
biometrics are many, none of these is going to stop the
progress of biometrics being used as authentication and
identification tools. This is not the time to argue whether
biometrics should be used widely or not in the future.
6. private-key cryptography for user identification and
authentication. It is mathematically more secure, and it
can be used across the Internet.
CONCLUSION
At its infancy, current biometric
technology is still considered immature to completely
replace password and other authentication schemes.
Security wise, biometric technology shows vulnerabilities
that can be easily exploited for wrongful purposes.
Biometrics itself is by nature complicated and
distinctively secured to each unique identity. Hence, to
achieve higher security performance, the design of
biometric system should take into consideration the
possible vulnerabilities of the processes and algorithms of
the system for the whole life cycle, namely data
collection, data transmission, storage, templates
comparison and susceptibility of the system to physical
human attack.
Another challenge confronting biometrics is the fact
that people are not ready to accept the technology in its
entirety. Due to the far-reaching impact of biometric data
misuse, any irresponsible use of the technology could be
destructive to the society and would certainly compromise
the privacy rights of people. Thus, regulations are needed
to control and manage the implementation of biometrics.
3-factors authentication, microchip implantation and
DNA profiling are among the many that deserve attention.
Although the challenges confronting
biometrics are many, none of these is going to stop the
progress of biometrics being used as authentication and
identification tools. This is not the time to argue whether
biometrics should be used widely or not in the future.