SlideShare a Scribd company logo

seminar_report

Download as DOCX, PDF
I
isha ranjan
1 of 35
1 CHAPTER - I INTRODUCTION One of our highest priorities in the world of information security is confirmation that a person accessing sensitive, confidential, or classified information is authorized to do so. Such access is usually accomplished by a person’s proving their identity by the use of some means or method of authentication. Simply put, a person must be able to validate who they say they are before accessing information, and if the person is unable to do so, access will be denied. Generally speaking, a system can identify you as an authorized user in one of three ways – what you know, what you have, or what you are. The most widely used of the three methods is what we know – passwords or other personal information. A more sophisticated method of authentication is what we have – smart cards and tokens. The last method is what we are - biometrics technology. Biometrics systems can identify users based on either physiological or behavioural characteristics. Individuals are concerned that security systems be put in place that would prevent unauthorized access to personal data, and that their identities cannot be stolen and used by other individuals. At present, biometrics technology holds a great deal of promise for doing just that, but is not without its limitations and certainly not without its critics. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. As funding for research has permitted there has been an effort by several tech companies to develop standards for hardware and software that would be used throughout the industry in further development within this area. The purpose of this paper will be to look at the use of biometrics technology to determine how secure it might be in authenticating users, and how the users job function or role would impact the authentication process or protocol. We will also examine personal issues of privacy in the methods used for authentication; the cost of implementing a biometrics authentication system; the efficiency of biometrics authentication; and the potential for false positive or negative recognition of individual users.
2 1.1 Definition: The word “biometrics” comes from the Greek language and is derived from the words bio (life) and metric (to measure). Biometrics as the technologies used to measure and analyze personal characteristics, both physiological and behavioural. These characteristics include fingerprints, voice patterns, hand measurements, irises and others, all used to identify human characteristics and to verify identity. These biometrics or characteristics are tightly connected to an individual and cannot be forgotten, shared, stolen or easily hacked. These characteristics can uniquely identify a person, replacing or supplementing traditional security methods by providing two major improvements: personal biometrics cannot be easily stolen and an individual does not need to memorize passwords or codes. Since biometrics can better solve the problems of access control, fraud and theft, more and more organizations are considering biometrics a solution to their security problems. However, biometrics is not a panacea and has some hurdles to overcome before gaining widespread use. Generally speaking, there are four factors of physical attributes that are used or can be used in user authentication: • Finger print scans, which have been in use for many years by law enforcement and other government agencies and is regarded as a reliable, unique identifier. • Retina or iris scans, which have been used to confirm a person’s identity by analyzing the arrangement of blood vessels in the retina or patterns of colour in the iris • Voice recognition, which uses a voice print that analyses how a person says a particular word or sequence of words unique to that individual. • Facial recognition, which use unique facial features to identify an individual. 1.2 History: The past development of two disciplines, Phrenology and Anthropometry, helped to pave the way for biometrics. Phrenology, the study of the structure of the skull to determine a person's character and mental capacity, was founded by Franz Joseph in early nineteenth century Germany. Gall believed that certain mental characteristics could be aligned with certain cranial shapes and features. This concept was further advanced by an Italian physician named Cesare Lombroso who linked the concepts of phrenology with specific regard to criminal
3 behaviour, trying to relate behaviour patterns with physical and biological characteristics. Although long considered a pseudoscience lacking real scientific merit, Phrenology remained popular, especially in the United States, throughout the 19th century and still has advocates today. Alponse Bertillon, a late nineteenth French police Captain, advanced the idea of Anthropometrics, the study of human body measurement for use in anthropological classification and comparison. A pseudoscience like Phrenology, it was used mainly to classify potential criminals by facial characteristics. For example, Cesare Lombroso's Criminal Anthropology (1895) claimed that murderers have prominent jaws and pickpockets have long hands and scanty beards. Bertillon developed a system of identifying criminals by multiple anatomical measurements, which was widely used in France at the time and named after him (Bertillon age). His system was used by police authorities throughout the world, but then faded when it was discovered that some people shared the same measurements and based on the measurements alone, could be treated as one. While developments in Phrenology and Anthropometry took place, interest was increasing in the areas of finger and hand geometry. In 1823, the Czech Jan Evangelista Purkinje was studying sweat glands in the hand and realized the grooves and depressions that these sweat glands opened up into seemed to be unique to each individual. An extremely reliable method of categorizing and identifying marks in fingerprints was developed by Richard Edward Henry of Scotland yard in the late nineteenth century. Henry made advancements on a fingerprinting method first brought forward by Francis Galton in 1892, and conducted experimental tests in the 1890’s. In the early twentieth century, mainly due to the negative publicity from the Bertillionage failure in 1903, finger printing became the method of choice for police around the world. Today, fingerprinting is the biometric method most people associate when speaking of biometrics.
4 CHAPTER - II ENABLING TECHNOLOGIES 2.1 Technologies for biometric devices: Now we will try to consider, which technologies can be used for biometric purposes. This outlook is based on technologies that can be proposed now, based on actual physical knowledge. It is not possible to predict further development of physics and I will not try to do it. To make this outlook easier, possible technologies will be divided in areas, according to the physical method used and than according to the elements or functions of the body, taken for the recognition: Methods that can be used in biometric devices. A. Optical technologies: Such technologies are used in fingerprint, hand shape, face, iris, veins and also in all other cases, where optical parameters are interesting. Special case is iris and retina recognition – there is no other possibility to make contact less iris or retina recognition. Another special case are techniques for remote temperature sensing. This can be done only with infrared cameras. In all other cases different techniques are possible too. B. Acoustical technologies: Presently the only acoustical technologies that are available are used for voice recognition. Ultrasound technologies are also in use for biometric applications, but on a very limited scale. Given the proper design approach, ultrasound can be used in many other applications, in addition to the existing fingerprint recognition devices. Indeed, a much more versatile implementation of ultrasound scanning for biometric applications has already been demonstrated in a proof of concept prototype. Subsequent testing indicated the possibility of using acoustical holography for shape recognition of hand, face and other body parts, as well as for tracking movements. The resultant technical approach capitalizes upon the inherent power and capabilities associated with conventional ultrasound technologies that are currently used in medical applications. It has the advantage of providing a direct 3D evaluation of biometric attributes, such as fingerprints, palm-prints, bone structure and vein recognition with analysis of internal structures of the subject’s body (e.g. fingers, hands, limbs, etc.). Heretofore unprecedented capabilities, such as persistent authentication, liveness
5 detection and the fusion of multimodal biometrics using a single core technology is now possible through ultrasound. Along with these capabilities, it will be possible to achieve user enrolments approaching 100%, with FAR and FFR approaching zero. C. Microwaves: As far as I know, they are not used in biometric devices now, but especially THz- waves can be used in the future. The ability of these waves to propagate through clothes can allow to use them for body shape recognition. Microwaves are also used for movement tracking. D. Capacitive sensors: Sensors reacting to local capacity changes are used for finger recognition. It is possible to use capacity sensors for tracking movements. E. Pressure (tactile) sensors: Such sensors are used for fingerprint recognition, but also for movement tracking (for example signature recognition). F. X- γ- or particle rays technologies: Their use is not realistic today, because the amount of energy required for techniques would prohibit their use in biometric devices as too dangerous for people. But such possibility cannot be excluded in the future. The development of the technology can especially in the case of x-rays cause, that the use of this technology will be possible. All such techniques can allow to analyze the internal body structures. G. Magnetic fields: Magnetic fields are especially interesting in connection with tomography. It is a technology that from today’s point of view can be considered as unrealistic, but further development of it can cause that especially for the investigation of body parts, such as finger or hands the use of it cannot be excluded. More realistic seems to be the use of specific reaction of man’s body to changing magnetic fields. Such techniques can be surely considered as realistic, although it is not easy to tell, if they will be useful.
6 H. Electric fields: Man’s body is surely reacting to electric fields and creating them. Both phenomena can be used for recognition. Today it is only partially the case in capacitive fingerprint sensors, but there are much more possibilities that can be used. It is not possible to tell now, if this possibilities will occur as useful for recognition of people. I. Chemical emissions: Each living body produces streams of particles, which can be analyzed from the chemical point of view. This is the case with odour, and especially with particles that contains DNA or RNA strains. Disadvantage can be the ease to fool such techniques. But especially odour detection can be useful for example for tracking purposes (in the applications for the market number 6). Body parts or features that can be used for biometric recognition Already used or proposed: a) Fingerprints or other elements of finger, such as veins inside. b) Palms, its prints and/or the whole hand (feet recognition would be also possible, although not very practical in most cases). c) Signature, measures behavioural attributes, such as pressure, stroke and time. d) Keystroke, art of typing. e) Voice. f) Iris, retina, features of eye movements. g) Face, head – its shape, specific movements. h) Other elements of head, such as ears, lip prints. i) Gait, unique manner of walking, such as pace, width of steps and peculiar gait. j) Odour. k) DNA. l) ECG.
7 m) EEG Imaginable today. n) Body shape recognition. o) Investigation of internal structure of body parts and its living structures. p) Analysis of other electrical and magnetic fields, created by man’s body or of its reactions to such fields. q)Analysis of face and head vibrations during speaking. In the case of devices, where authorization (local or remote) is required, it is also necessary to recognize, if the person, who will make such authorization is really willing to do it. It will require that such devices must have the ability to recognize additional actions, which can be caused only by the will expression of the person, wishing authorization. Many possibilities for such action are existing: Signature; Other specific movements of hand, eye or other body parts; Voice commands.
8 CHAPTER - III TECHNICAL DETAILS & WORKING 3.1 Finger-Scan Technology Finger printing or finger-scanning technologies is the oldest of the biometric sciences and utilizes distinctive features of the fingerprint to identify or verify the identity of individuals. Finger-scan technology is the most commonly deployed biometric technology, used in a broad range of physical access and logical access applications. All fingerprints have unique characteristics and patterns. A normal fingerprint pattern is made up of lines and spaces. These lines are called ridges while the spaces between the ridges are called valleys. It is through the pattern of these ridges and valleys that a unique fingerprint is matched for verification and authorization. These unique fingerprint traits are termed “minutiae” and comparisons are made based on these traits. On average, a typical live scan produces 40 “minutiae”. The Federal Bureau of Investigation (FBI) has reported that no more than 8 common minutiae can be shared by two individuals. Fig:3.1 There are five stages involved in finger-scan verification and identification: fingerprint image acquisition, image processing, location of distinctive characteristics, template creation and template matching. A scanner takes a mathematical snapshot of a user's unique biological traits. This snapshot is saved in a fingerprint database as a minutiae file. The first challenge facing a finger-scanning system is to acquire high-quality image of a fingerprint. Image quality is measured in dots per inch (DPI) – more dots per inch means a higher resolution image. Lower DPI found on the market are in the 300-350 DPI, but the standard for forensic- quality fingerprinting is images of 500 DPI. Image acquisition can be a major challenge for
9 finger-scan developers, since the quality of print differs from person to person and from finger to finger. Some populations are more likely than others to have faint or difficult-to- acquire fingerprints, whether due to wear or tear or physiological traits. Taking an image in the cold weather can have an affect also. Oils in the finger help produce a better print. In cold weather, these oils naturally dry up. Pressing harder on the platen (the surface on which the finger is placed, also known as a scanner) can help in this case. Fig:3,2 Image processing is the process of converting the finger image into a usable format. This results in a series of thick black ridges (the raised part of the fingerprint) contrasted to white valleys. At this stage, image features are detected and enhanced for verification against the stored minutia file. Image enhancement is used to reduce any distortion of the fingerprint caused by dirt, cuts, scars, sweat and dry skin. The next stage in the fingerprint process is to locate distinctive characteristics. There is a good deal of information on the average fingerprint and this information tends to remain stable throughout one’s life. Fingerprint ridges and valleys form distinctive patterns, such as swirls, loops, and arches. Most fingerprints have a core, a central point around which swirls, loops, or arches are curved. These ridges and valleys are characterized by irregularities known as minutiae, the distinctive feature upon which finger scanning technologies are based. Many types of minutiae exits, a
10 common one being ridge endings and bifurcation, which is the point at which one ridge divides into two. A typical finger-scan may produce between 15 and 20 minutiae. A template is then created. This is accomplished by mapping minutiae and filtering out distortions and false minutiae. For example, anomalies caused by scars, sweat, or dirt can appear as minutiae. False minutiae must be filtered out before a template is created and is supported differently with vendor specific proprietary algorithms. The tricky part is comparing an enrolment template to a verification template. Positions of a minutia point may change by a few pixels, some minutiae will differ from the enrolment template, and false minutiae may be seen as real. Many finger-scan systems use a smaller portion of the scanned image for matching purposes. One benefit of reducing the comparison area is that there is less chance of false minutiae information, which would confuse the matching process and create errors. Most finger-scan technologies are based on minutiae. Samir Nanavati, author of Biometrics, Identity Verification in a Networked World states that 80 percent of finger-scan technologies are based on minutiae matching but that pattern matching is a leading alternative. This technology bases its feature extraction and template generation on a series of ridges, as opposed to discrete points. The use of multiple ridges reduces dependence on minutiae points, which tend to be affected by wear and tear.18 The downside of pattern matching is the it is more sensitive to the placement of the finger during verification and the created template is several times larger in byte size—approximately 1,000 bytes versus 250 to 500 bytes. Before we leave finger-scanning, let’s discuss some of the advantages and disadvantages of this biometric technology. Finger-scans continue to be the primary means used by law enforcement agencies for positive identification and are used in the commercial and government sectors with a good deal of success. Finger-scan technology is proven and capable of high levels of accuracy. There is a long history of fingerprint identification, classification and analysis. This along with the distinctive features of fingerprints has set the finger-scan apart from other biometric technologies. There are physiological characteristics more distinctive than the fingerprint (the iris and retina, for example) but automated identification technology capable of leveraging these characteristics have been developed only over the past few years. The technology has grown smaller, more capable and with many solutions available. Devices slightly thicker than a coin and an inch square in size are
11 able to capture and process images. Additionally, some may see the large number of finger- scan solutions available today as a disadvantage, many see it as an advantage by ensuring marketplace competition which has resulted in a number of robust solutions for desktop, laptop, physical access, and point-of-sale environments. Another advantage of finger-scan technology is accuracy. Identical matches are nearly impossible since fingerprints contain a large amount of information making it unlikely that two fingerprints would be identical. Even with large databases, it is possible to eliminate false matches and quickly reduce the number of possible matches to a small number because of the high level of data present. Because of the fact that some Fingerprint Imaging Systems use more than one finger image in the match process, the match discrimination process is geometrically increased. Fingerprint technology has another advantage offered by technology; the size of the memory required to store the biometric template is fairly small. There are some weaknesses to finger-scanning, most of which can be mitigated. There is a fraction of the population that is unable to be enrolled. There are certain ethnic groups that have lower quality fingerprints than the general populations. Testing has shown that elderly populations, manual labourers, and some Asian populations are more difficult to be enrolled in some finger-scanning systems. Another problem is that over time, sometimes in as short a period as few months, the fingerprint characteristics of an individual can change, making identification and verification difficult. This problem is seen with manual workers who work extensively with their hands. There are also privacy issues attached to finger-scanning technologies. Some fear that finger-scans may be used to track a person’s activities. Others fear that data collected may be improperly used for forensic purposes. Fig 3.3:-Storage of Master Characteristics
12 Finger-scan technology is deployed throughout the world and provides a capable solution. More commonly seen these days are computer network access and entry devices for building door locks utilizing fingerprint scanning technology. Fingerprint readers are being used by banks for ATM authorization and are becoming more common at grocery stores where they are utilized to automatically recognize a registered customer and bill their credit card or debit account. Finger-scanning technology is being used in a novel way at a middle school in Pennsylvania where some cafeteria purchases are supported by a federal subsidized meal program in which students receive federally subsidized meals and retain the ability to remain anonymous. Paying with a government meal card at checkout instead of with cash would identify the student as a program recipient. The solution was for the school to provide students the option of using a finger-scan peripheral to purchase meals. At the end of each month, a bill is sent to their parents for payment or to the free food program for reconciliation. This use of a finger-scan ensures that there is no way to determine whether their parents or government grants are paying for their meals. 3.2 Facial-Scan Technology Another biometric scan technology is facial recognition. This technology is considered a natural means of biometric identification since the ability to distinguish among individual appearances is possessed by humans. Facial scan systems can range from software-only solutions that process images processed through existing closed-circuit television cameras to fully fledged acquisition and processing systems, including cameras, workstations, and backend processors. With facial recognition technology, a digital video camera image is used to analyze facial characteristics such as the distance between eyes, mouth or nose. These measurements are stored in a database and used to compare with a subject standing before a camera. Facial recognition systems are usually divided into two primary groups. First there is what is referred to as the ‘controlled scene’ group whereby the subject being tested is located in a known environment with a minimal amount of scene variation. In this case, a user might face the camera, standing about two feet from it. The system locates the user’s face and performs matches against the claimed identity or the facial database. It is possible that the user may need to move and reattempt the verification based on his facial position. The system usually comes to a decision in less than 5 seconds. The other group is known as the “random scene” group where the subject to be tested might appear anywhere within the camera scene.
13 Fig 3.4:- Geometric facial scanning Fig 3.5:- Photometric facial scanning This situation might be encountered within a system attempting to identify the presence of an individual within a group or crowd. This situation was evidenced since 11 Sept when security personnel stated that facial scan recognition technology would be used at a Super bowl game. Facial-scan technology is based on the standard biometric sequence of image acquisition, image processing, distinctive characteristic location, template creation, and matching. An optimal image is captured through a high-resolution camera, with moderate lighting and users directly facing a camera. The enrolment images define the facial characteristics to be used in all future verifications, thus a high-quality enrolment is essential. Challenges that occur in the image acquisition process include distance from user, angled acquisition and lighting. Distance from the camera reduces facial size and thus image resolution. Users not looking directly at the camera positioned more than 15 degrees either vertically or horizontally away
14 from ideal positioning are less likely to have images acquired. Lighting conditions, which cause an image to be underexposed or underexposed, can cause challenges. Additionally, users with a darker skin tone can be difficult to acquire. Select Hispanic, black and Asian individuals can be more difficult to enrol and verify in some facial-scan systems because acquisition devices are not always optimized to acquire darker faces. After the issues with image acquisition are worked out, the process of image processing takes place. Colour images are normally reduced to a black and white and images cropped to emphasize facial characteristics. Images are normalized to account for orientation and distance. Images can be enlarged or reoriented as long as a point between the eyes serves as a point of reference. The processes of characteristic location can then take place. There are several matching methods available for facial scans which attempt to match visible facial features in a fashion similar to the way people recognize one another. Areas of the face not apt to change over time such as sides of the mouth, nose shape and areas around the cheekbones, distinctive characteristics most often used in image matching. Areas likely to change over time, such as ones hairlines are not normally used for verification. Facial-scan technology has its advantages and disadvantages. One major advantage is that facial-scan technology is the only biometric capable of identification at a distance without subject complicity or awareness. This allows police to install facial-scan technology in public places to survey crowds and for security to accomplish the same at a casino house. This capability also quiets those who express concern about a biometric that physically touches them or about touching a device that others may have had contact with. Another advantage of facial-scan technology is the fact that static images can be used to enrol a subject. This can shorten the time to enrol a target population compared to an automated Fingerprint Identification system (AFIS), which can take years to accomplish. The disadvantages include acquisition environment and facial characteristic changes that effect matching accuracy and the potential for privacy abuse. Images are most accurate when taken facing the acquisition camera and not sharp angles. The users face must be lit evenly, preferably from the front. Changes in hairstyle, makeup or the wearing of a hat or sunglasses may pose a problem during the verification process. Facial-scanning technology has a poor record in verifying a subject who has had plastic surgery to alter their appearance. The fact that a biometric facial scan can take place without the knowledge or consent of a subject, raises privacy concerns among many. Two facial-scan deployments in Florida have met with public objections: one aimed to prevent
15 crime in a shopping district and one aimed to catch criminals at the 2001 Super Bowl. Facial- scan technologies have unique advantages over all other biometrics in the areas of surveilling large groups and the ability to use pre-existing static images. Its disadvantages include the falsely non-matching folks when subject appearances change during verification. For implementations where the biometric system must verify users reliably over time, facial-scan can be a very difficult technology to implement successfully. 3.3 Retinal-Scan Technology Retinal-scan technology makes use of the retina, which is the surface on the back of the eye that processes light entering through the pupil. Retinal Scan technology is based on the blood vessel pattern in the retina of the eye. The principle behind the technology is that the blood vessels at the retina provide a unique pattern, which may be used as a tamper-proof personal identifier. Since infrared energy is absorbed faster by blood vessels in the retina than by surrounding tissue, it is used to illuminate the eye retina. Analysis of the enhanced retinal blood vessel image then takes place to find characteristic patterns. Retina-scan devices are used exclusively for physical access applications and are usually used in environments that require high degrees of security such as high-level government military needs. Retina-scan technology was developed in the 1980’s, is well known but probably the least deployed of all the biometric technologies. Additionally, retina-scan technology is still in a prototype development stage and still commercially unavailable. Fig:-3.6
16 Retina-scan technology image acquisition is difficult in that the retina is small and embedded, requiring specific hardware and software. The user positions his eye close to the unit’s embedded lens, with the eye socket resting on the sight. In order for a retinal image to be acquired, the user must gaze directly into the lens and remain still, movement defeats the acquisition process requiring another attempt. A low intensity light source is utilized in order to scan the vascular pattern at the retina. This involves a 360 degree circular scan of the area taking over 400 readings in order to establish the blood vessel pattern. This is then reduced to 192 reference points before being distilled into a digitized 96 byte template and stored in memory for subsequent verification purposes. Normally it takes 3 to 5 acceptable images to ensure enrolment. Because of this, the enrolments process can be lengthy. Enrolments can take over 1 minute with some users not being able to be enrolled at all. It seems the more that a user is acclimated to the process, the faster the enrolment process works. After image acquisition, software is used to compile unique features of the retinal blood vessels into a template. Retina-scan technology possesses robust matching capabilities and is usually configured to do one-to-many identification against a database of users, however, this technology requires a high quality image and will not enrol a user unless a good image is acquired. For this reason, there is a moderately high false reject rate due to the inability to provide adequate data to generate a match template. Retina-scan technology has its advantages and disadvantages. Among its advantages are its resistance to false matching or false positives and the fact that the pupil, like the fingerprint remains a stable physiological trait throughout one’s life. The retina is located deep within one’s eyes and is highly unlikely to be altered by any environmental or temporal condition. Its resistance to false matching is due to the fact that retinal scans produce patterns that have highly distinctive characteristics, sufficient to enable identification. Well-trained users find retina scan capable of reliable identification. Like fingerprints, retina traits remain stable throughout life. Disadvantages include the fact that the technology is difficult to use, users claim discomfort with eye-related technology in general and the fact that retina scan technology has limited uses. Enrolments require prolonged concentration requiring a well-trained and motivated user. Retina-scan enrolments take longer than both iris-scan and fingerprinting. Users claim
17 discomfort with the fact that they must position their eye very close to the device. Users commonly fear that the device itself or the light inside the device can harm their eyes in some way. Many also feel that this retina scans are invasive in that the inability to use the retina can be linked to eye disease. Retina scan has limited uses normally deployed in high security, low volume physical access situations in which inconveniencing users is an acceptable cost of heightened security. Retina scan technology is not apt to become a widely deployed technology any time soon. Other biometrics can provide most if not all the benefits of this technology without the problems. But never discount technology and its advances over time. If future technology allows for retina scanning being easier to use and allow users to enrol from a greater distance from the imaging device, its future will be bright. 3.4 Voice Recognition  It is identification of a person from characteristics of voice.  Characteristics like voice pitch, Speaking style, pauses etc.  Each voice recognition system has two phases: • Enrolment:-The speaker's voice is recorded. A number of features are extracted to form a voice print. • Verification A speech sample or "utterance" is compared against a previously created voice print. Fig:-3.7
18 3.5 Signature Recognition  Signature verification analyzes the way a user signs her name.  Signature measures (dynamic)  Speed  Pressure  Handwriting Style Fig:-3.8  Two types of digital handwritten signature authentication:-  Static: - Comparison between one scanned signature and another scanned signature, or a scanned signature against an ink signature using advance algorithms.  Dynamic: - Data is captured along with the X, Y, T and P Coordinates of the signor from the signing device. To create a biometric template from which dynamic signatures can be authenticated
19 CHAPTER - IV APPLICATIONS & CASE STUDY 4.1 Applications Reading currently published papers and information about biometrics, one can think that the main reason for applying biometric solutions is security. This perspective is supported by politicians, spreading the message that biometric technologies can help in the fight against terrorism, help locate criminals, etc. This is not fundamentally wrong. Indeed, if automatic devices for identity recognition were more prevalent in locations such as airports, police stations and other areas that are sensitive or involve high concentrations of public activity, they would surely make the life of criminals and terrorists much more difficult. However, there are many reasons to believe that biometrics will change the life of people in near future mostly because its use will be much more convenient than other techniques in use today for individual identity authentication. This is already apparent today, especially in connection with applications such as physical and logical access control, transportation, and also in the financial industry. In this presentation I will try to specify new possible markets, with emphasis on markets that will – from my point of view – have the largest impact on future societies: A. Authentication: It is reasonable to expect, that in a relatively short time, all personal documents will contain some form of biometric data. Moreover, in time, we could expect that all such documents will no longer be needed, because, in every instance where this type of authentication would be necessary, biometric readers will be connected to the location via network. This would allow a comparison with stored data to be used in lieu of documentation. B. Access and attendance control: In the relatively near future, biometrics will certainly gain increased acceptance in all kinds of access and attendance control applications. We can expect to see biometrics used for these applications in homes, offices, computers, machines, devices, etc. In fact, this will be probably the largest market for biometric technology in terms of the amount of devices installed. However, for the most part, the use of these devices will only replace existing
20 access control methods and technologies, providing increased convenience and security. There will be no need to carry keys, identity cards, personal documents, etc. Furthermore, this implementation of biometrics will add to the overall security solution: precluding the possibility of theft or unauthorized use of equipment/technologies. Biometric devices will offer new quality to security solutions, but not necessarily new market opportunities or potential. C. Travel control: For a variety of reasons, there is an increasing requirement to have people travelling via planes, ferries, and even trains to be individually registered, with interim checks at multiple locations. Today these requirements are being driven mostly by security concerns, visa regulations and other such reasons. And, because the amount of people travelling is already large and predicted to increase at significant rates, all organizations involved in the management and control of mass transportation industries are very interested in the rationalization and automation of necessary procedures. This is especially the case in International Civil Aviation Organization. The pressure caused by the growing number of passengers is surely one of the largest reasons for the introduction of biometric passports, visas and other controls/documents. This organization recommends very clearly, that “Contracting States should incorporate biometric data in their machine readable passports, visas and other official travel documents, using one or more optional data storage technologies to supplement the machine readable zone, as specified in Doc 9303”1 D. Financial and other transactions requiring authorization: In applications having to do with money it is already apparent, that money in physical form (bank notes and coins) is being replaced more and more by virtual forms of financial transactions – digital transactions via data base entry. Today this happens in form of credit or bank cards, pocket electronic money, etc. However, it is clear that, in most cases, the physical card is not important, because money has an owner and can be 1 http://www.icao.int/cgi/goto_m.pl?/icao/en/download.htm#Misc directly connected to a person. Spreading of biometric authentication in the economic sector (i.e. banking and trade) will decrease the need for physical objects, such as cards – since virtual money can be directly connected to a person (or to the legal person). This will result in a significant change
21 both in the behaviour of people, but also in the abilities that governmental organizations will have in their surveillance of money movements (financial transactions). I would expect two possible developments in response to this situation. First, the attitudes of people can be against the sole use of virtual money or they can also try to change the tax and economic systems to allow them to live exclusively with virtual money. The second development, or solution, will evolve over a longer period of time, but is significantly better. That is, the possibility to authorize all legal transactions through biometric mechanisms will make many of these operations much easier and more convenient. E. Remote voting (authorization): Perhaps the most important change in the society will result from the creation of an entirely new market for biometric devices that I call remote authorization. The merging of existing and future networking developments with biometric solutions will allow people to have the opportunity to authorize a wide range of transactions (e.g. voting, purchasing, accessing, decision-making authorizations, etc.) via the network, from remote locations. No longer will they be required to personally present at a given location in order to authenticate a specific action. Indeed, this is a capability that is partially possible today. However, the viability of remote authorization on a large scale, such as public elections, will not be realistic until appropriate biometric solutions are operating without the major shortcomings that plague existing biometric solutions. From my perspective, it will be necessary to develop new, more robust and capable devices. However, the same devices can also be used for many others purposes, such as computers accessories, access control devices, etc. Even so, it is certain that the existing devices that are in use today cannot provide the degree of accuracy necessary to recognize a person whose biometric identity is only available through a distributed network. The risk of betraying them through identity theft is much too large. However, after more accurate, reliable and cost-effective devices are developed that are not constrained by shortcomings associated with existing technologies, the potential for authenticating remote transactions, such as voting (decision making) can drive major changes in all democratic societies – that is, the idea that direct democratic participation by the public can be realized on a large scale and work at low cost. Necessary democratic decisions can be made practically every day at minimal cost, even in large societies. The possibility of low cost remote voting by the public will not only open up the potential for increased participation, but
22 also for increased frequency in voting activities. It is only speculation today, but I would think that this perspective can lead to some of the largest changes in democratic societies – all facilitated by the introduction of accurate, reliable, high speed biometric technologies that enable remote authentication (voting, et al.) at minimal cost. The corresponding changes in political systems and power structures will provide the potential to have a more representative democracy. In association with changes in banking and money transfer techniques remote voting and authorization can also significantly influence economy and tax system: the control of money transfers will be easier, it will be also easier to compete within the “black economy”, but this can also result in people with a much stronger interested in controlling politicians regarding the questions of spending taxes and lowering the cost incurred by the operation of their governments. The possibility to authorize any transaction remotely will surely cause additional changes in other transactions that require such authorization, which currently implies a personal contact. This is also something that will have impact on life in the near future – it will minimize, or eliminate the need for many personal contacts. Such operations will be easier and can be done automatically (by machines – without clerks operating them, as it is done today). F. Use of automatic working devices: With the help of biometrics it will be easier to track the actions of user of any devices and machines, adapt their functions to his needs and to demand his liability for actions caused. I assume that this can slowly change many areas of life and create a large market for devices that are able to recognize their users and react according to their needs. The development of such machines began already, some devices are working, other are proposed as ideas: The main goal of this development is the creation of machines able to recognize their user or people doing something in their vicinity. This feature can be very important for work in factories, offices, hospitals, for use of cars, home appliances, etc. In all such cases it may be important or convenient, that the machine “knows” who is using it (or try to do it, but shouldn’t). This allows automatic adaptation to the needs of people, but also tracking of their actions and reacting in the case of misuse. Such a feature means naturally, that actions of people will be associated by machines, that can be more useful, more convenient to use, but also allows to control, eventually improve the actions of people. These kind of biometric functions do not require (in most cases) a very high degree of secure recognition, but will
23 require techniques, that are called today multimodal biometrics: face, voice, gait and habits recognition and probably much more. It is already visible today that such functions will be implemented in many devices, because of the convenience, that they are offering. In industrial environment the importance of their use will grow with the percentage of automatic devices. Their use will also offer significant advantages: quicker reaction to the user for example in the form of establishing the environment that suits to the person, actual using the device. It can be a seat that is adjusting its position to the needs of the user, but also the computer desktop, loudness of the speaker, etc. This offers not only a convenience, but also a time gain: adjusting such functions requires some time that must be not lost, if automatically done by the machine. It allows also implementing such functions for correction of specific errors, often made by the user, use of shortcuts that can be adjusted individually. Broad use of such technologies will also support the development of automatic shops and other facilities that can be now operated without employees. I think, that this kind of devices will be developed slowly, with growing amount of functionality and in the future will cause, that many machines will be able to recognize the needs of their users automatically, becoming more and more able to serve people in the similar way as live servants. G. Action control: At the last place I would specify a market that can be seen as a part of previous ones but it has special features and can require specific devices: In the case of potentially dangerous devices it is necessary or would be good to control the use of them - to prevent that unauthorized people can use them or to track, who has used them in a specific situation. This is the case with cars, that shouldn’t be used by people without driving license or drunken, with dangerous machines, that must be used by people with appropriate knowledge, a special case are weapons: it would be very good if every weapon could be used only by authorized person. This would make the use of plundered weapons impossible, but also allow to track, who has used a specific weapon for a crime. This market is specific, because biometric devices for action control must have special features: in the case of weapons they must react in real time (probably quicker than 0.1 second). In practically all cases they must be integrated in such elements as handles, triggers, steering wheels. It is surely not possible for me to specify all possible markets for biometric devices, which can emerge in the future.
24 4.2 Case Study: A brief history of identity cards in the UK: The former Labour government’s proposals for identity cards were not the first instance of an identity program in the UK. Historians note that ID cards were a reality well before former Home Secretary David Blunkett’s pursuit of them. During both the First and Second World Wars, Britain introduced a form of national identity card. Agar (2005) explores these experiences and their relevance to the more recent proposals for the NIS. According to Agar, the first ever national identity card and population register in the UK was a failure. It was introduced during the First World War as a means of determining the extent of the male population in the country. Existing government records were considered incomplete and ineffective for the purposes of developing a policy for conscription. Once the count had been completed and the government knew how many men were available to serve, political interest in national registration and identification cards waned, and the system was soon abandoned. 27 However, as Agar notes, the promise of a national identification system was not forgotten by the civil service, who during the Second World War reintroduced the idea of identity cards, primarily as a way of identifying aliens and managing the allocation of food rations. Crucial to the operation of the second National Register was its intimate connection to the organisation of food rationing. In order to renew a ration book, an identity card would have to be produced for inspection at a local office at regular intervals. Those without an identity card, would within a short period of time no longer be able, legally, to claim rationed food. This intimate connection between two immense administrative systems was vital to the success of the second card - they were not forgotten by members of the public - and provides one of the main historical lessons. (Agar 2005) As identity cards became a facet of everyday life, they started being used for additional purposes (a phenomenon negatively referred to as ‘function creep’), including identity checks by police officers. This use continued even after the war had ended. Eventually, liberal-minded citizens began questioning these practices and, in 1950, a man named Clarence Willcock disputed the police’s routine check of ID cards. Willcock’s legal challenges were not successful, but in the case’s written judgment Lord Goddard (the Lord Chief Justice) criticized the police for abusing identity cards. And by 1952 Parliament had repealed the legislation that made national identity cards a reality in the UK. As many observers have noted, including some civil society groups (Privacy International
25 1997), the civil service has since been regularly captivated by the 28 idea of re-introducing national identity cards in the UK, with the aim of solving a diversity of policy problems, ranging from streamlining tax administration to ‘fixing’ immigration, among others. By the early 2000s they had tried again. In 2002, the Labour government, under Prime Minister Tony Blair, proposed a new national ‘entitlement card’ scheme. This proposal was then re- branded as a national ‘identity card’ scheme in 2004. Following failed attempts to pass the legislation, as well as a general election in the UK (in which the Labour party was again victorious), Parliament passed the Identity Cards Act 2006 on 30 March, which enabled the first national identity card program since the Second World War. However, this new Scheme was different from previous ones in several ways. The proposals were for a system of unprecedented size and complexity, comprising a centralized National Identity Register (NIR) (the electronic database on which the population’s identity data would be held), the collection and recording of over 50 pieces of personal information from individuals, and the issuing of identity cards and passports based on a new technology called “biometrics”. Moreover, a number of features distinguished this Scheme from those in other countries. These features included the extensive use of biometrics both for enrolment (to ensure that no individual was entered onto the Register more 29 than once) and verification; the proposed use of a single identification number across government and the private sector (Otjacques et al. 2007); and an ‘audit trail’ that was expected to record details of every instance that an identity was verified against information stored on the Register.4 The successful implementation of the Scheme, therefore, would have required technological expertise in the development of large scale, highly secure databases, advanced computer chip technologies for ID cards, sophisticated data collection mechanisms for the ‘biographical footprint’ checking during the enrolment process, system integration skills to combine all the different aspects of the Scheme, and specialist skills in biometric enrolment and verification. The government’s program for identity cards went through various transformations after the Bill became law. The configuration of the NIR, for example, underwent several changes. In its original conception, the NIR was to be a brand new, central store of data. This changed in December 2006 when the Identity and Passport Service (IPS) – the sub-department of the Home Office responsible for implementing the Scheme – released its Strategic Action Plan and set out a revised database schema for the Register. The idea was to separate the biographic, biometric, and administrative information. This requirement for a personal audit
26 trail would prove to be particularly controversial amongst activists, who viewed it as a dangerous tracking device. 30 store them on different databases. The stated reasons for this segregation were to improve security and make use of “the strengths of existing systems” (IPS 2006c, p.10). However, some argued that this change was a poorly disguised attempt to reduce costs. The government’s proposals for ID cards went through various other changes over the course of Scheme’s lifespan, primarily motivated by concerns about managing costs and achieving observable successes. I will return to this discussion in chapter 5, focusing in particular on the history of biometrics in the Scheme, as these are the main focus of the analysis. For now it suffices to observe how impressive and audacious the government’s plans were for the Scheme and biometrics. The collection of multiple biometrics, including fingerprints and irises, from tens of millions of citizens and foreigners was a project that had not been undertaken before as part of a national identity system. The plans for real-time, on- line biometric identification against a centralized, government-managed database were also a major innovation. While other countries already operated their own national ID systems, the proposed use of these biometrics, in this way – and on this scale – was something that had not been attempted before. Before outlining the structure of the research thesis, I want to provide a brief overview of the wider social and political context in which the debates on, and 31 activities for, the National Identity Scheme took place. This discussion exposes some important external factors that affected the trajectory of discourses in the case.
27 CHAPTER - V CHALLENGES & ISSUES 5.1 Biometrics and Privacy Issues There are two ways to examine this concern among users. One has to do with the actual steps necessary to authenticate the individual user, and the other with the overall concern for privacy and how unique identifiers will be used. Face recognition and retinal scans are areas that have the potential for making users feel very uncomfortable when used for the purpose of authentication. We tend to think of this technology in terms of the ability of a system to match a photograph or the eye to a particular individual, and indeed that is the premise. However, in order to do this, the system may require an individual to come in very close contact with a camera or a scanner during the authentication process. Some people find this method of authentication too intrusive of their personal space. Although this method of authentication feels very intrusive to some, it is not a major concern for the majority of users. The majority of expressed concerns relate to privacy issues of the individual user. Specifically, users are concerned with how and where information is stored; who can access it; how it can be used; and the reliability of its usage. These concerns are certainly valid for persons who view biometrics technology in its most broad sense, but are not as valid when applied to user authentication. The difference is in how this technology is used. For the purpose of authenticating an individual user, the system does not try to determine the user's identity – only to confirm it. It will only allow access by a user to a particular application or network when a match is confirmed. The method of storage is also different from an actual finger print or photograph that might be on file. For user authentication purposes, data is stored as a mathematical representation that cannot, in and of itself, recreate the original image. Storage of unique identifiers is also a concern to some individuals. Information can be stored locally which provides for easier access and control, and lessens the concern about network attack. Another method of storage is centralization of data, which can make the information more vulnerable to outside attack. Smart card storage of data is another method of storage,
28 and puts the information within the control of the user. While this may feel more comfortable to the individual, it poses a number of security risks and should not be used by itself for authentication purposes when accessing sensitive, confidential, or classified information. Interestingly enough, laws in some countries require that the information be stored on tokens or smart cards. 5.2 Biometrics Efficiency Biometrics technology is without a doubt a more efficient way of authentication than the more common use of pass words, smart cards, or a combination of the two. Potentially, the user would not have to remember a password or a series of passwords to access information. Passwords also have expiration dates that require new assignment of passwords and more work for technical support staff. Businesses, corporations, and medical providers have found that too many times users cannot remember their pass words, and trying to navigate through a series of steps to access needed information becomes cumbersome and time consuming. Technical support staff can be kept busy providing instruction to individual users who have difficulty with the technology associated with even some of the more basic procedures of signing on or logging on to a particular application or network. Biometrics is a promising technology that is being touted as the solution to these problems. In systems that use single sign-on, this particular technology would be a very efficient way to authenticate the user. You save time and resources when you have “the ability to authenticate just once and be properly recognized.” This approach “consolidates multiple user identities into a single identity that can be used everywhere. That means each user has access to multiple networks and applications after logging in once.” More and more businesses and corporations are recognizing the efficiency of such an application. In hospital settings for instance, there is more and more interest in using biometrics for user authentication to assure the confidentiality, privacy, of patient information. There is also a down side to the question of efficiency in the use of biometrics in the authentication process. Research has shown that no system is perfect and biometrics in its present stage of development is no exception. Although false positive and negative identification will be discussed as a separate security issue, it also has implications to the user who needs to sign-in or log on and is locked out because the system does not recognize the
29 user as being legitimate. When this occurs, time can be lost both by the individual user and the technical support staff in identifying and rectifying the problem(s). When different products were tested to determine how securely and efficiently they could authenticate users, varying results were obtained. For instance, face recognition systems could be fooled by the use of a mask. With some systems tested, it was necessary to increase them confidence levels to prevent unauthorized access. The downside according to the researchers was that "an increase in the certainty threshold translated into a longer authentication process and an increase in the frequency of false rejections." This would decrease some of the benefits related to efficiency, but would not be a compelling reason to discount its overall benefits. What the biometric industry is working toward is a "complete replacement for your password and cards." While this statement was not directly related to user authentication, it certainly applies. Companies involved in research and development would indeed like to develop a system that completely replaces passwords and cards while insuring the integrity of sensitive data and information. 5.3 Biometric Security Issues Although there has been substantial research related to security issues there is still more to be done. We have mentioned some of the security issues previously as they relate to privacy for the individual user as well as the efficiency of biometrics in user authentication. A more in- depth examination would indicate that there are areas that warrant concern. For instance, we need to understand how vulnerable data are to theft or abuse; how the data are to be retained to optimize the security of the data; whether the information can be tampered with; and how much of an error factor in the authentication process is acceptable. In an article published in PC Magazine (on line) in February 1999, biometrics security was examined. Benchmark testing results of finger print recognition, face recognition, and voice recognition were reviewed. Efforts were made to determine how secure the factors were in authenticating users by subjecting products to various test scenarios. Finger print recognition proved to be the most secure of the products subjected to the testing and there was no success in any of the efforts made to fool the device. Face recognition systems could be fooled with a mask at the default settings, but as the threshold levels were increased to above 96 percent confidence, no system tested allowed
30 entry. As previously stated, legitimate users were locked out when the higher threshold level was used. Only two voice recognition products were tested and one allowed an unauthorized user to get in. However, the testing result of that particular product is somewhat questionable. They did not use the microphone voice crypt recommended for the test because it was not in stock. A biometrics integration and consulting firm known as International Biometrics Group has worked with the private sector, with government, and with medical professionals in evaluating various biometrics technologies. They have conducted comparison testing in fingerprint, facial recognition, iris recognition, and voice recognition. One of the systems evaluated was the face recognition system developed by a corporation in Burlington, Ontario. When tested, their system had a 0 percent False Acceptance Rate and a 3.1 percent False Negative Rate. This rate of failure of a system to authenticate authorized users may be an acceptable rate for some but not for others. Clearly it would depend on your job function as to how problematic this might be, and how much time would be lost when this occurs. This same corporation has an exclusive license for the use of a very sophisticated technology known as Holographic Quantum Neural Technology that is to be used in future face recognition technology. The International Biometrics Group has also evaluated the effectiveness of Iris and Retinal scan technology. This technology is not new and has been in use for approximately (15) fifteen years. Testing of products indicate that retinal scans are not easily fooled. Although it would be difficult to replicate the retina, it is possible to gain unauthorized access by such an act. In one discussion about retinal scans, it was mentioned that removal of the eye would be another way to breach security. Both of these risks would be effectively eliminated by using a thermal scanner that measures heat. This type of scanner is often used with the fingerprints. Iris scans are also a very effective way of authenticating a user, but there are issues which affect this particular technology. For instance, the eye must have a certain degree of lighting to allow the camera to capture the iris. There is potential for failure when enough light is not available. We have to remember that in real world applications of any technology, environments in which work is performed can be very different and in some cases make a particular method of user authentication contraindicated. Lighting issues notwithstanding,
31 the iris scan technology is viewed as a very reliable method of authentication when subjected to testing. Biometrics technology does not in and of itself protect against internal or external attacks in user authentication systems. In order to guard against such attacks, steps should be taken to protect authentication information. Systems that store biometrics data and credentials should do so in encrypted format by using a Public Key Infrastructure. Audit logs should also be kept with a high degree of detail required. Such logs should be able to detect if a user does something that is questionable, and that would compromise security. Standards should also be in place that would prevent one person from compromising the system’s ability to identify a user who has committed an inappropriate act. Finally, security is enhanced when the software that performs the authentication function is not located at the users work station. The data should be entered at the workstation, but then passed on to a secure server for authentication. This decreases the possibility that the data can be tampered with. 5.3 Biometrics and Job Function/Roles When using biometrics technology, or any other technology for the purpose of verifying a user's identity, it is important to understand that not everyone within an organization or department needs access to all information. While biometrics is considered the most reliable form of user authentication, we must remember that user authentication is complex, especially when applied to a network where one person may need to have access to various applications or systems. People within organizations who need access to sensitive, confidential, or classified information will need the strongest form of authentication - three-factor authentication. This level of authentication will necessitate use of passwords, smart cards or tokens, and personal identifiers. Those who need to have rapid access to a particular application or system might need to use a smart card or token. A password may be the only authentication needed for those with minimal security needs. A person's specific job duties or work environment will also impact user authentication. For example, in a manufacturing environment where noise levels are high or heavy glovers are being worn voice scans or finger print scans would not be appropriate. The point is this -
32 there is a need for flexibility in any authentication protocol that can accommodate different workplace constraints. 5.4 Biometrics and Cost As biometrics technology moves from research and development to implementation in the market place, cost to users of the technology has to be a concern. All of the issues related to Y2K meant that many organizations, corporation, and government entities had to expend a major portion of their Information Management budgets to upgrade their systems prior to the year 2000. A security evaluation may reveal user authentication as one of the vulnerable areas needing to be upgraded. Biometrics technology may be considered as a solution to stronger user authentication in such a scenario. Most products are designed to integrate with existing systems without having to replace all of the existing hardware and/or software. Certainly any upgrades would not require the kind of capital expenditures associated with Y2K. One of the advantages to using biometrics technology for user authentication is its low cost with finger print technology costing as low as $100.00. However, the cost of using a retina scan device can be $2,000.00 - $2,500.00 and puts it at the other extreme of the cost spectrum. This has proven to be one of the factors that make this type of technology less attractive to most potential users, even though it is highly reliable. One has to also factor in the cost of not making a change to biometrics technology in calculating help desk time for users who simply have forgotten their passwords, and this happens a lot. According to one source, such calls can cost “upwards to $35 a shot.” (8) Other cost factors for technical support staff include reassigning passwords that have expired when the system does not assign the password for the user. There is also a cost factor if passwords are stolen and there is a breech in security. Stolen passwords can result in loss of money and while biometrics technology may not completely solve all of the cost related problems, it will certainly decrease it.
33 CHAPTER - VI CONCLUSION & FUTURE SCOPE 6.1 Why biometrics – possible future markets: Reading currently published papers and information about biometrics, one can think that the main reason for applying biometric solutions is security. This perspective is supported by politicians, spreading the message that biometric technologies can help in the fight against terrorism, help locate criminals, etc. This is not fundamentally wrong. Indeed, if automatic devices for identity recognition were more prevalent in locations such as airports, police stations and other areas that are sensitive or involve high concentrations of public activity, they would surely make the life of criminals and terrorists much more difficult. However, there are many reasons to believe that biometrics will change the life of people in near future mostly because its use will be much more convenient than other techniques in use today for individual identity authentication. This is already apparent today, especially in connection with applications such as physical and logical access control, transportation, and also in the financial industry. In this presentation I will try to specify new possible markets, with emphasis on markets that will – from my point of view – have the largest impact on future societies. 6.2 Conclusion: There seem to exist more disadvantages than advantages for using biometric authentication systems. This is one reason why such systems are not yet widely used. But the advantages mentioned above are so important and people want to benefit from them that the disadvantes will be more and more reduced in the future. However, some sort of trade-offs, like between the FA rate and the FR rate will always need to be made. The discussion above shows that biometric authentication is an interesting topic that a lot of research is going on in this area and that it can be used for secure systems despite all disadvantages. At the moment it is recommended to combine biometric authentication with any other authentication technology. Such multi-factor authentication systems are always more secure and it is also common practice to use combinations of different authentication
34 methods. ATMs require for example a PIN and a bank card with additional authentication information saved on a chip. When talking about biometric data questions about the privacy of personal data come up automatically. This paper has not considered this topic but there are many article dealing with these concerns. It is a difficult topic but it is obvious that biometric authentication systems have to store the biometric samples in a secure way and it has 11 to be ensured that such data cannot be used otherwise. The best would be if biometric data is kept under the control of the person to which it belongs. This could be done for example by saving the biometric sample only on a smart card which is used in combination with the biometric in an authentication process. To sum up it can be clearly said that the usage of biometric authentication will increase more and more in the future. This will be supported among other things by the steady improvement of the technologies and the reduction of the prices for hardware and software. Biometric authentication can and probably will be used in many areas, for example ATMs, access to Personal Computers, PDAs and mobile phones, DRM systems, access to buildings and cars and many more we can’t even think about.
35 REFERENCES 1. Julian Ashbourn, “Biometrics: Advanced Identity Verification”, London: Springer - Verlag, (2002), page no. 5. 2. Robert Todd Carroll, “The Skeptics Dictionary: Phrenology”. 3. Robert Todd Carroll, “The Skeptics Dictionary: Anthropometry”. 4. Samir Nanvati, “Biometrics: Identity Verification in a Networked World”, (2002) 5. Biometrics, Aidan Dysart http://www.zdnet.com/pcmag/features/biometrics/bench.html 6. The Challenge of User Authentication http://www.ankari.com/whitepapers.asp 7. NMAS Implementation scenarios http://developer.novell.com/research/appnotes/2001/july/01/a0107015.html 8. Benchmark Test http://www.zdnet.com/pcmag/features/biometrics/bench.html 9. Body may be key to foolproof ID http://www.usatoday.com/life/cyber/tech/ctc447.html

Recommended

Biometrics
BiometricsBiometrics
BiometricsNA000000
 
Using Biometrics to address Voter Authentication
Using Biometrics to address Voter AuthenticationUsing Biometrics to address Voter Authentication
Using Biometrics to address Voter Authentication'Femi Akin-Laguda
 
Biometrics Report ppt
Biometrics Report pptBiometrics Report ppt
Biometrics Report pptsarthkee waghchaure
 
Introduction to Biometric lectures... Prepared by Dr.Abbas
Introduction to Biometric lectures... Prepared by Dr.AbbasIntroduction to Biometric lectures... Prepared by Dr.Abbas
Introduction to Biometric lectures... Prepared by Dr.AbbasBasra University, Iraq
 
Introduction of Biometrics
Introduction of BiometricsIntroduction of Biometrics
Introduction of BiometricsAnit Thapaliya
 
Biometric technology .pptx
Biometric technology .pptxBiometric technology .pptx
Biometric technology .pptxvineeth chepuri
 
Biometric slideshare
Biometric slideshareBiometric slideshare
Biometric slideshareprachi
 
Biometric of technology.ppt
Biometric of technology.pptBiometric of technology.ppt
Biometric of technology.pptpalsantosh
 

Recommended

Biometrics
BiometricsBiometrics
BiometricsNA000000
 
Using Biometrics to address Voter Authentication
Using Biometrics to address Voter AuthenticationUsing Biometrics to address Voter Authentication
Using Biometrics to address Voter Authentication'Femi Akin-Laguda
 
Biometrics Report ppt
Biometrics Report pptBiometrics Report ppt
Biometrics Report pptsarthkee waghchaure
 
Introduction to Biometric lectures... Prepared by Dr.Abbas
Introduction to Biometric lectures... Prepared by Dr.AbbasIntroduction to Biometric lectures... Prepared by Dr.Abbas
Introduction to Biometric lectures... Prepared by Dr.AbbasBasra University, Iraq
 
Introduction of Biometrics
Introduction of BiometricsIntroduction of Biometrics
Introduction of BiometricsAnit Thapaliya
 
Biometric technology .pptx
Biometric technology .pptxBiometric technology .pptx
Biometric technology .pptxvineeth chepuri
 
Biometric slideshare
Biometric slideshareBiometric slideshare
Biometric slideshareprachi
 
Biometric of technology.ppt
Biometric of technology.pptBiometric of technology.ppt
Biometric of technology.pptpalsantosh
 
Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition pptBhartiJain29
 
Dip applications
Dip applicationsDip applications
Dip applicationsmoramvenkat
 
Biometrics
BiometricsBiometrics
Biometricsmeeravali shaik
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
Slide-show on Biometrics
Slide-show on BiometricsSlide-show on Biometrics
Slide-show on BiometricsPathik504
 
Biometric authentication
Biometric authenticationBiometric authentication
Biometric authenticationmahtabrasheed195
 
Biometrics For Security Systems
Biometrics For Security SystemsBiometrics For Security Systems
Biometrics For Security SystemsSuhas Deshpande
 
Ict Biometrics & Authentication
Ict Biometrics & AuthenticationIct Biometrics & Authentication
Ict Biometrics & Authentication'Atikah Khalil
 
Biometric ppt
Biometric pptBiometric ppt
Biometric pptajith chandran
 
Biometrics Technology by Capt Awal
Biometrics Technology by Capt AwalBiometrics Technology by Capt Awal
Biometrics Technology by Capt AwalAwal
 
Biomatric technology
Biomatric technologyBiomatric technology
Biomatric technologypalsantosh
 
biometrics
biometricsbiometrics
biometricsAkhil Kumar
 
Biometrics clear presentation by Adduri kalyan(AK)
Biometrics clear presentation by Adduri kalyan(AK)Biometrics clear presentation by Adduri kalyan(AK)
Biometrics clear presentation by Adduri kalyan(AK)kalyanAdduri
 
Spattern matching using biometric techniques
Spattern matching using biometric techniquesSpattern matching using biometric techniques
Spattern matching using biometric techniquesPresentaionslive.blogspot.com
 
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...Emmanuel Rodríguez
 
Evaluation Question 1
Evaluation Question 1Evaluation Question 1
Evaluation Question 1corneliousharnett
 
Traabajo ana 4 eso
Traabajo ana 4 esoTraabajo ana 4 eso
Traabajo ana 4 esoDavid Lopez Fernandez
 
Geo 7
Geo 7Geo 7
Geo 7Ana Torres
 
Ecosystem pic
Ecosystem picEcosystem pic
Ecosystem picwinaxfe
 
Marília AC
Marília ACMarília AC
Marília ACTDDtiago
 
Resume #1
Resume #1Resume #1
Resume #1Javan Talley
 
ΙΚΑ Εγκύκλιος 48/16
ΙΚΑ Εγκύκλιος 48/16ΙΚΑ Εγκύκλιος 48/16
ΙΚΑ Εγκύκλιος 48/16Panayotis Sofianopoulos
 

More Related Content

What's hot

Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition pptBhartiJain29
 
Dip applications
Dip applicationsDip applications
Dip applicationsmoramvenkat
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningAnkit Gupta
 
Slide-show on Biometrics
Slide-show on BiometricsSlide-show on Biometrics
Slide-show on BiometricsPathik504
 
Biometrics For Security Systems
Biometrics For Security SystemsBiometrics For Security Systems
Biometrics For Security SystemsSuhas Deshpande
 
Ict Biometrics & Authentication
Ict Biometrics & AuthenticationIct Biometrics & Authentication
Ict Biometrics & Authentication'Atikah Khalil
 
Biometrics Technology by Capt Awal
Biometrics Technology by Capt AwalBiometrics Technology by Capt Awal
Biometrics Technology by Capt AwalAwal
 
Biomatric technology
Biomatric technologyBiomatric technology
Biomatric technologypalsantosh
 
Biometrics clear presentation by Adduri kalyan(AK)
Biometrics clear presentation by Adduri kalyan(AK)Biometrics clear presentation by Adduri kalyan(AK)
Biometrics clear presentation by Adduri kalyan(AK)kalyanAdduri
 

What's hot (14)

Face recognition ppt
Face recognition pptFace recognition ppt
Face recognition ppt
 
Dip applications
Dip applicationsDip applications
Dip applications
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learningBiometricstechnology in iot and machine learning
Biometricstechnology in iot and machine learning
 
Slide-show on Biometrics
Slide-show on BiometricsSlide-show on Biometrics
Slide-show on Biometrics
 
Biometric authentication
Biometric authenticationBiometric authentication
Biometric authentication
 
Biometrics For Security Systems
Biometrics For Security SystemsBiometrics For Security Systems
Biometrics For Security Systems
 
Ict Biometrics & Authentication
Ict Biometrics & AuthenticationIct Biometrics & Authentication
Ict Biometrics & Authentication
 
Biometric ppt
Biometric pptBiometric ppt
Biometric ppt
 
Biometrics Technology by Capt Awal
Biometrics Technology by Capt AwalBiometrics Technology by Capt Awal
Biometrics Technology by Capt Awal
 
Biomatric technology
Biomatric technologyBiomatric technology
Biomatric technology
 
biometrics
biometricsbiometrics
biometrics
 
Biometrics clear presentation by Adduri kalyan(AK)
Biometrics clear presentation by Adduri kalyan(AK)Biometrics clear presentation by Adduri kalyan(AK)
Biometrics clear presentation by Adduri kalyan(AK)
 
Spattern matching using biometric techniques
Spattern matching using biometric techniquesSpattern matching using biometric techniques
Spattern matching using biometric techniques
 

Viewers also liked

Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...Emmanuel Rodríguez
 
Ecosystem pic
Ecosystem picEcosystem pic
Ecosystem picwinaxfe
 
Marília AC
Marília ACMarília AC
Marília ACTDDtiago
 
Links with the GCC
Links with the GCCLinks with the GCC
Links with the GCCRichard Nunn
 
Conception dun centre de prelevement biologique
Conception dun centre de prelevement biologiqueConception dun centre de prelevement biologique
Conception dun centre de prelevement biologiqueDJAMEL AMRANE
 
Mapa conceptual, esquema y red de ideas
Mapa conceptual, esquema y red de ideasMapa conceptual, esquema y red de ideas
Mapa conceptual, esquema y red de ideasCindy Vega Arce
 
Эффективность и отдаленные последствия ПГД
Эффективность и отдаленные последствия ПГДЭффективность и отдаленные последствия ПГД
Эффективность и отдаленные последствия ПГДJulia Loginova
 
Spotlightly work Proposal
Spotlightly work ProposalSpotlightly work Proposal
Spotlightly work Proposalmkyun1
 
Literatura española en la actualidad
Literatura española en la actualidadLiteratura española en la actualidad
Literatura española en la actualidadClara García
 
Exercícios resistor equivalente resolução
Exercícios resistor equivalente resoluçãoExercícios resistor equivalente resolução
Exercícios resistor equivalente resoluçãoApóllo UFRRJ
 

Viewers also liked (20)

Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
Paragdigmas tecnoeconómicos" los paradigmas tecnoeconómicos,las oleadas de de...
 
Evaluation Question 1
Evaluation Question 1Evaluation Question 1
Evaluation Question 1
 
Traabajo ana 4 eso
Traabajo ana 4 esoTraabajo ana 4 eso
Traabajo ana 4 eso
 
Geo 7
Geo 7Geo 7
Geo 7
 
Ecosystem pic
Ecosystem picEcosystem pic
Ecosystem pic
 
Marília AC
Marília ACMarília AC
Marília AC
 
Resume #1
Resume #1Resume #1
Resume #1
 
ΙΚΑ Εγκύκλιος 48/16
ΙΚΑ Εγκύκλιος 48/16ΙΚΑ Εγκύκλιος 48/16
ΙΚΑ Εγκύκλιος 48/16
 
document
documentdocument
document
 
Event Portfolio
Event PortfolioEvent Portfolio
Event Portfolio
 
Links with the GCC
Links with the GCCLinks with the GCC
Links with the GCC
 
Conception dun centre de prelevement biologique
Conception dun centre de prelevement biologiqueConception dun centre de prelevement biologique
Conception dun centre de prelevement biologique
 
Mapa conceptual, esquema y red de ideas
Mapa conceptual, esquema y red de ideasMapa conceptual, esquema y red de ideas
Mapa conceptual, esquema y red de ideas
 
Эффективность и отдаленные последствия ПГД
Эффективность и отдаленные последствия ПГДЭффективность и отдаленные последствия ПГД
Эффективность и отдаленные последствия ПГД
 
Spotlightly work Proposal
Spotlightly work ProposalSpotlightly work Proposal
Spotlightly work Proposal
 
10_Mini
10_Mini10_Mini
10_Mini
 
Literatura española en la actualidad
Literatura española en la actualidadLiteratura española en la actualidad
Literatura española en la actualidad
 
Exercícios resistor equivalente resolução
Exercícios resistor equivalente resoluçãoExercícios resistor equivalente resolução
Exercícios resistor equivalente resolução
 
Ink&Dye_Comprof_LR
Ink&Dye_Comprof_LRInk&Dye_Comprof_LR
Ink&Dye_Comprof_LR
 
a5lookbookii
a5lookbookiia5lookbookii
a5lookbookii
 

Similar to seminar_report

Biometric technologies and applications
Biometric technologies and applicationsBiometric technologies and applications
Biometric technologies and applicationsBrainware University
 
HW 11. List the main modules of a biometric system.A) Sensor M
HW 11. List the main modules of a biometric system.A) Sensor MHW 11. List the main modules of a biometric system.A) Sensor M
HW 11. List the main modules of a biometric system.A) Sensor MNarcisaBrandenburg70
 
Biometric Class Attendace System
Biometric Class Attendace SystemBiometric Class Attendace System
Biometric Class Attendace SystemAgbona Azeez
 
Chapters 3 4
Chapters 3 4Chapters 3 4
Chapters 3 4sakshi_20
 
Jss academy of technical education
Jss academy of technical educationJss academy of technical education
Jss academy of technical educationArhind Gautam
 
Cell Phones and Biometrics- Where Are They Now (2)
Cell Phones and Biometrics- Where Are They Now (2)Cell Phones and Biometrics- Where Are They Now (2)
Cell Phones and Biometrics- Where Are They Now (2)Courtney Dayter
 
2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptxTrushaKyada
 
4.report (biometric security system)
4.report (biometric security system)4.report (biometric security system)
4.report (biometric security system)JIEMS Akkalkuwa
 
Biometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxBiometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxNareshKireedula
 
Biometrics Technology PPT
Biometrics Technology PPTBiometrics Technology PPT
Biometrics Technology PPTPavan Kumar MT
 
Biometrics.pptx
Biometrics.pptxBiometrics.pptx
Biometrics.pptxBryCunal
 
hand vein structure authentication
hand vein structure authenticationhand vein structure authentication
hand vein structure authenticationKumar Goud
 

Similar to seminar_report (20)

Biometric technologies and applications
Biometric technologies and applicationsBiometric technologies and applications
Biometric technologies and applications
 
Mis biometrics version 2
Mis biometrics version 2Mis biometrics version 2
Mis biometrics version 2
 
HW 11. List the main modules of a biometric system.A) Sensor M
HW 11. List the main modules of a biometric system.A) Sensor MHW 11. List the main modules of a biometric system.A) Sensor M
HW 11. List the main modules of a biometric system.A) Sensor M
 
E0364024030
E0364024030E0364024030
E0364024030
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometrics Essay
Biometrics EssayBiometrics Essay
Biometrics Essay
 
Poster on biometrics
Poster on biometricsPoster on biometrics
Poster on biometrics
 
Biometrics
BiometricsBiometrics
Biometrics
 
Biometric Class Attendace System
Biometric Class Attendace SystemBiometric Class Attendace System
Biometric Class Attendace System
 
Chapters 3 4
Chapters 3 4Chapters 3 4
Chapters 3 4
 
Jss academy of technical education
Jss academy of technical educationJss academy of technical education
Jss academy of technical education
 
Cell Phones and Biometrics- Where Are They Now (2)
Cell Phones and Biometrics- Where Are They Now (2)Cell Phones and Biometrics- Where Are They Now (2)
Cell Phones and Biometrics- Where Are They Now (2)
 
2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx2019001791_Fingerprint_Authentication.pptx
2019001791_Fingerprint_Authentication.pptx
 
Ai
AiAi
Ai
 
4.report (biometric security system)
4.report (biometric security system)4.report (biometric security system)
4.report (biometric security system)
 
Biometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptxBiometrics - Chapter 1 Introduction.pptx
Biometrics - Chapter 1 Introduction.pptx
 
Biometrics Technology PPT
Biometrics Technology PPTBiometrics Technology PPT
Biometrics Technology PPT
 
Biometrics.pptx
Biometrics.pptxBiometrics.pptx
Biometrics.pptx
 
hand vein structure authentication
hand vein structure authenticationhand vein structure authentication
hand vein structure authentication
 

seminar_report

  • 1. 1 CHAPTER - I INTRODUCTION One of our highest priorities in the world of information security is confirmation that a person accessing sensitive, confidential, or classified information is authorized to do so. Such access is usually accomplished by a person’s proving their identity by the use of some means or method of authentication. Simply put, a person must be able to validate who they say they are before accessing information, and if the person is unable to do so, access will be denied. Generally speaking, a system can identify you as an authorized user in one of three ways – what you know, what you have, or what you are. The most widely used of the three methods is what we know – passwords or other personal information. A more sophisticated method of authentication is what we have – smart cards and tokens. The last method is what we are - biometrics technology. Biometrics systems can identify users based on either physiological or behavioural characteristics. Individuals are concerned that security systems be put in place that would prevent unauthorized access to personal data, and that their identities cannot be stolen and used by other individuals. At present, biometrics technology holds a great deal of promise for doing just that, but is not without its limitations and certainly not without its critics. Biometrics is a field of technology which has been and is being used in the identification of individuals based on some physical attribute. As funding for research has permitted there has been an effort by several tech companies to develop standards for hardware and software that would be used throughout the industry in further development within this area. The purpose of this paper will be to look at the use of biometrics technology to determine how secure it might be in authenticating users, and how the users job function or role would impact the authentication process or protocol. We will also examine personal issues of privacy in the methods used for authentication; the cost of implementing a biometrics authentication system; the efficiency of biometrics authentication; and the potential for false positive or negative recognition of individual users.
  • 2. 2 1.1 Definition: The word “biometrics” comes from the Greek language and is derived from the words bio (life) and metric (to measure). Biometrics as the technologies used to measure and analyze personal characteristics, both physiological and behavioural. These characteristics include fingerprints, voice patterns, hand measurements, irises and others, all used to identify human characteristics and to verify identity. These biometrics or characteristics are tightly connected to an individual and cannot be forgotten, shared, stolen or easily hacked. These characteristics can uniquely identify a person, replacing or supplementing traditional security methods by providing two major improvements: personal biometrics cannot be easily stolen and an individual does not need to memorize passwords or codes. Since biometrics can better solve the problems of access control, fraud and theft, more and more organizations are considering biometrics a solution to their security problems. However, biometrics is not a panacea and has some hurdles to overcome before gaining widespread use. Generally speaking, there are four factors of physical attributes that are used or can be used in user authentication: • Finger print scans, which have been in use for many years by law enforcement and other government agencies and is regarded as a reliable, unique identifier. • Retina or iris scans, which have been used to confirm a person’s identity by analyzing the arrangement of blood vessels in the retina or patterns of colour in the iris • Voice recognition, which uses a voice print that analyses how a person says a particular word or sequence of words unique to that individual. • Facial recognition, which use unique facial features to identify an individual. 1.2 History: The past development of two disciplines, Phrenology and Anthropometry, helped to pave the way for biometrics. Phrenology, the study of the structure of the skull to determine a person's character and mental capacity, was founded by Franz Joseph in early nineteenth century Germany. Gall believed that certain mental characteristics could be aligned with certain cranial shapes and features. This concept was further advanced by an Italian physician named Cesare Lombroso who linked the concepts of phrenology with specific regard to criminal
  • 3. 3 behaviour, trying to relate behaviour patterns with physical and biological characteristics. Although long considered a pseudoscience lacking real scientific merit, Phrenology remained popular, especially in the United States, throughout the 19th century and still has advocates today. Alponse Bertillon, a late nineteenth French police Captain, advanced the idea of Anthropometrics, the study of human body measurement for use in anthropological classification and comparison. A pseudoscience like Phrenology, it was used mainly to classify potential criminals by facial characteristics. For example, Cesare Lombroso's Criminal Anthropology (1895) claimed that murderers have prominent jaws and pickpockets have long hands and scanty beards. Bertillon developed a system of identifying criminals by multiple anatomical measurements, which was widely used in France at the time and named after him (Bertillon age). His system was used by police authorities throughout the world, but then faded when it was discovered that some people shared the same measurements and based on the measurements alone, could be treated as one. While developments in Phrenology and Anthropometry took place, interest was increasing in the areas of finger and hand geometry. In 1823, the Czech Jan Evangelista Purkinje was studying sweat glands in the hand and realized the grooves and depressions that these sweat glands opened up into seemed to be unique to each individual. An extremely reliable method of categorizing and identifying marks in fingerprints was developed by Richard Edward Henry of Scotland yard in the late nineteenth century. Henry made advancements on a fingerprinting method first brought forward by Francis Galton in 1892, and conducted experimental tests in the 1890’s. In the early twentieth century, mainly due to the negative publicity from the Bertillionage failure in 1903, finger printing became the method of choice for police around the world. Today, fingerprinting is the biometric method most people associate when speaking of biometrics.
  • 4. 4 CHAPTER - II ENABLING TECHNOLOGIES 2.1 Technologies for biometric devices: Now we will try to consider, which technologies can be used for biometric purposes. This outlook is based on technologies that can be proposed now, based on actual physical knowledge. It is not possible to predict further development of physics and I will not try to do it. To make this outlook easier, possible technologies will be divided in areas, according to the physical method used and than according to the elements or functions of the body, taken for the recognition: Methods that can be used in biometric devices. A. Optical technologies: Such technologies are used in fingerprint, hand shape, face, iris, veins and also in all other cases, where optical parameters are interesting. Special case is iris and retina recognition – there is no other possibility to make contact less iris or retina recognition. Another special case are techniques for remote temperature sensing. This can be done only with infrared cameras. In all other cases different techniques are possible too. B. Acoustical technologies: Presently the only acoustical technologies that are available are used for voice recognition. Ultrasound technologies are also in use for biometric applications, but on a very limited scale. Given the proper design approach, ultrasound can be used in many other applications, in addition to the existing fingerprint recognition devices. Indeed, a much more versatile implementation of ultrasound scanning for biometric applications has already been demonstrated in a proof of concept prototype. Subsequent testing indicated the possibility of using acoustical holography for shape recognition of hand, face and other body parts, as well as for tracking movements. The resultant technical approach capitalizes upon the inherent power and capabilities associated with conventional ultrasound technologies that are currently used in medical applications. It has the advantage of providing a direct 3D evaluation of biometric attributes, such as fingerprints, palm-prints, bone structure and vein recognition with analysis of internal structures of the subject’s body (e.g. fingers, hands, limbs, etc.). Heretofore unprecedented capabilities, such as persistent authentication, liveness
  • 5. 5 detection and the fusion of multimodal biometrics using a single core technology is now possible through ultrasound. Along with these capabilities, it will be possible to achieve user enrolments approaching 100%, with FAR and FFR approaching zero. C. Microwaves: As far as I know, they are not used in biometric devices now, but especially THz- waves can be used in the future. The ability of these waves to propagate through clothes can allow to use them for body shape recognition. Microwaves are also used for movement tracking. D. Capacitive sensors: Sensors reacting to local capacity changes are used for finger recognition. It is possible to use capacity sensors for tracking movements. E. Pressure (tactile) sensors: Such sensors are used for fingerprint recognition, but also for movement tracking (for example signature recognition). F. X- γ- or particle rays technologies: Their use is not realistic today, because the amount of energy required for techniques would prohibit their use in biometric devices as too dangerous for people. But such possibility cannot be excluded in the future. The development of the technology can especially in the case of x-rays cause, that the use of this technology will be possible. All such techniques can allow to analyze the internal body structures. G. Magnetic fields: Magnetic fields are especially interesting in connection with tomography. It is a technology that from today’s point of view can be considered as unrealistic, but further development of it can cause that especially for the investigation of body parts, such as finger or hands the use of it cannot be excluded. More realistic seems to be the use of specific reaction of man’s body to changing magnetic fields. Such techniques can be surely considered as realistic, although it is not easy to tell, if they will be useful.
  • 6. 6 H. Electric fields: Man’s body is surely reacting to electric fields and creating them. Both phenomena can be used for recognition. Today it is only partially the case in capacitive fingerprint sensors, but there are much more possibilities that can be used. It is not possible to tell now, if this possibilities will occur as useful for recognition of people. I. Chemical emissions: Each living body produces streams of particles, which can be analyzed from the chemical point of view. This is the case with odour, and especially with particles that contains DNA or RNA strains. Disadvantage can be the ease to fool such techniques. But especially odour detection can be useful for example for tracking purposes (in the applications for the market number 6). Body parts or features that can be used for biometric recognition Already used or proposed: a) Fingerprints or other elements of finger, such as veins inside. b) Palms, its prints and/or the whole hand (feet recognition would be also possible, although not very practical in most cases). c) Signature, measures behavioural attributes, such as pressure, stroke and time. d) Keystroke, art of typing. e) Voice. f) Iris, retina, features of eye movements. g) Face, head – its shape, specific movements. h) Other elements of head, such as ears, lip prints. i) Gait, unique manner of walking, such as pace, width of steps and peculiar gait. j) Odour. k) DNA. l) ECG.
  • 7. 7 m) EEG Imaginable today. n) Body shape recognition. o) Investigation of internal structure of body parts and its living structures. p) Analysis of other electrical and magnetic fields, created by man’s body or of its reactions to such fields. q)Analysis of face and head vibrations during speaking. In the case of devices, where authorization (local or remote) is required, it is also necessary to recognize, if the person, who will make such authorization is really willing to do it. It will require that such devices must have the ability to recognize additional actions, which can be caused only by the will expression of the person, wishing authorization. Many possibilities for such action are existing: Signature; Other specific movements of hand, eye or other body parts; Voice commands.
  • 8. 8 CHAPTER - III TECHNICAL DETAILS & WORKING 3.1 Finger-Scan Technology Finger printing or finger-scanning technologies is the oldest of the biometric sciences and utilizes distinctive features of the fingerprint to identify or verify the identity of individuals. Finger-scan technology is the most commonly deployed biometric technology, used in a broad range of physical access and logical access applications. All fingerprints have unique characteristics and patterns. A normal fingerprint pattern is made up of lines and spaces. These lines are called ridges while the spaces between the ridges are called valleys. It is through the pattern of these ridges and valleys that a unique fingerprint is matched for verification and authorization. These unique fingerprint traits are termed “minutiae” and comparisons are made based on these traits. On average, a typical live scan produces 40 “minutiae”. The Federal Bureau of Investigation (FBI) has reported that no more than 8 common minutiae can be shared by two individuals. Fig:3.1 There are five stages involved in finger-scan verification and identification: fingerprint image acquisition, image processing, location of distinctive characteristics, template creation and template matching. A scanner takes a mathematical snapshot of a user's unique biological traits. This snapshot is saved in a fingerprint database as a minutiae file. The first challenge facing a finger-scanning system is to acquire high-quality image of a fingerprint. Image quality is measured in dots per inch (DPI) – more dots per inch means a higher resolution image. Lower DPI found on the market are in the 300-350 DPI, but the standard for forensic- quality fingerprinting is images of 500 DPI. Image acquisition can be a major challenge for
  • 9. 9 finger-scan developers, since the quality of print differs from person to person and from finger to finger. Some populations are more likely than others to have faint or difficult-to- acquire fingerprints, whether due to wear or tear or physiological traits. Taking an image in the cold weather can have an affect also. Oils in the finger help produce a better print. In cold weather, these oils naturally dry up. Pressing harder on the platen (the surface on which the finger is placed, also known as a scanner) can help in this case. Fig:3,2 Image processing is the process of converting the finger image into a usable format. This results in a series of thick black ridges (the raised part of the fingerprint) contrasted to white valleys. At this stage, image features are detected and enhanced for verification against the stored minutia file. Image enhancement is used to reduce any distortion of the fingerprint caused by dirt, cuts, scars, sweat and dry skin. The next stage in the fingerprint process is to locate distinctive characteristics. There is a good deal of information on the average fingerprint and this information tends to remain stable throughout one’s life. Fingerprint ridges and valleys form distinctive patterns, such as swirls, loops, and arches. Most fingerprints have a core, a central point around which swirls, loops, or arches are curved. These ridges and valleys are characterized by irregularities known as minutiae, the distinctive feature upon which finger scanning technologies are based. Many types of minutiae exits, a
  • 10. 10 common one being ridge endings and bifurcation, which is the point at which one ridge divides into two. A typical finger-scan may produce between 15 and 20 minutiae. A template is then created. This is accomplished by mapping minutiae and filtering out distortions and false minutiae. For example, anomalies caused by scars, sweat, or dirt can appear as minutiae. False minutiae must be filtered out before a template is created and is supported differently with vendor specific proprietary algorithms. The tricky part is comparing an enrolment template to a verification template. Positions of a minutia point may change by a few pixels, some minutiae will differ from the enrolment template, and false minutiae may be seen as real. Many finger-scan systems use a smaller portion of the scanned image for matching purposes. One benefit of reducing the comparison area is that there is less chance of false minutiae information, which would confuse the matching process and create errors. Most finger-scan technologies are based on minutiae. Samir Nanavati, author of Biometrics, Identity Verification in a Networked World states that 80 percent of finger-scan technologies are based on minutiae matching but that pattern matching is a leading alternative. This technology bases its feature extraction and template generation on a series of ridges, as opposed to discrete points. The use of multiple ridges reduces dependence on minutiae points, which tend to be affected by wear and tear.18 The downside of pattern matching is the it is more sensitive to the placement of the finger during verification and the created template is several times larger in byte size—approximately 1,000 bytes versus 250 to 500 bytes. Before we leave finger-scanning, let’s discuss some of the advantages and disadvantages of this biometric technology. Finger-scans continue to be the primary means used by law enforcement agencies for positive identification and are used in the commercial and government sectors with a good deal of success. Finger-scan technology is proven and capable of high levels of accuracy. There is a long history of fingerprint identification, classification and analysis. This along with the distinctive features of fingerprints has set the finger-scan apart from other biometric technologies. There are physiological characteristics more distinctive than the fingerprint (the iris and retina, for example) but automated identification technology capable of leveraging these characteristics have been developed only over the past few years. The technology has grown smaller, more capable and with many solutions available. Devices slightly thicker than a coin and an inch square in size are
  • 11. 11 able to capture and process images. Additionally, some may see the large number of finger- scan solutions available today as a disadvantage, many see it as an advantage by ensuring marketplace competition which has resulted in a number of robust solutions for desktop, laptop, physical access, and point-of-sale environments. Another advantage of finger-scan technology is accuracy. Identical matches are nearly impossible since fingerprints contain a large amount of information making it unlikely that two fingerprints would be identical. Even with large databases, it is possible to eliminate false matches and quickly reduce the number of possible matches to a small number because of the high level of data present. Because of the fact that some Fingerprint Imaging Systems use more than one finger image in the match process, the match discrimination process is geometrically increased. Fingerprint technology has another advantage offered by technology; the size of the memory required to store the biometric template is fairly small. There are some weaknesses to finger-scanning, most of which can be mitigated. There is a fraction of the population that is unable to be enrolled. There are certain ethnic groups that have lower quality fingerprints than the general populations. Testing has shown that elderly populations, manual labourers, and some Asian populations are more difficult to be enrolled in some finger-scanning systems. Another problem is that over time, sometimes in as short a period as few months, the fingerprint characteristics of an individual can change, making identification and verification difficult. This problem is seen with manual workers who work extensively with their hands. There are also privacy issues attached to finger-scanning technologies. Some fear that finger-scans may be used to track a person’s activities. Others fear that data collected may be improperly used for forensic purposes. Fig 3.3:-Storage of Master Characteristics
  • 12. 12 Finger-scan technology is deployed throughout the world and provides a capable solution. More commonly seen these days are computer network access and entry devices for building door locks utilizing fingerprint scanning technology. Fingerprint readers are being used by banks for ATM authorization and are becoming more common at grocery stores where they are utilized to automatically recognize a registered customer and bill their credit card or debit account. Finger-scanning technology is being used in a novel way at a middle school in Pennsylvania where some cafeteria purchases are supported by a federal subsidized meal program in which students receive federally subsidized meals and retain the ability to remain anonymous. Paying with a government meal card at checkout instead of with cash would identify the student as a program recipient. The solution was for the school to provide students the option of using a finger-scan peripheral to purchase meals. At the end of each month, a bill is sent to their parents for payment or to the free food program for reconciliation. This use of a finger-scan ensures that there is no way to determine whether their parents or government grants are paying for their meals. 3.2 Facial-Scan Technology Another biometric scan technology is facial recognition. This technology is considered a natural means of biometric identification since the ability to distinguish among individual appearances is possessed by humans. Facial scan systems can range from software-only solutions that process images processed through existing closed-circuit television cameras to fully fledged acquisition and processing systems, including cameras, workstations, and backend processors. With facial recognition technology, a digital video camera image is used to analyze facial characteristics such as the distance between eyes, mouth or nose. These measurements are stored in a database and used to compare with a subject standing before a camera. Facial recognition systems are usually divided into two primary groups. First there is what is referred to as the ‘controlled scene’ group whereby the subject being tested is located in a known environment with a minimal amount of scene variation. In this case, a user might face the camera, standing about two feet from it. The system locates the user’s face and performs matches against the claimed identity or the facial database. It is possible that the user may need to move and reattempt the verification based on his facial position. The system usually comes to a decision in less than 5 seconds. The other group is known as the “random scene” group where the subject to be tested might appear anywhere within the camera scene.
  • 13. 13 Fig 3.4:- Geometric facial scanning Fig 3.5:- Photometric facial scanning This situation might be encountered within a system attempting to identify the presence of an individual within a group or crowd. This situation was evidenced since 11 Sept when security personnel stated that facial scan recognition technology would be used at a Super bowl game. Facial-scan technology is based on the standard biometric sequence of image acquisition, image processing, distinctive characteristic location, template creation, and matching. An optimal image is captured through a high-resolution camera, with moderate lighting and users directly facing a camera. The enrolment images define the facial characteristics to be used in all future verifications, thus a high-quality enrolment is essential. Challenges that occur in the image acquisition process include distance from user, angled acquisition and lighting. Distance from the camera reduces facial size and thus image resolution. Users not looking directly at the camera positioned more than 15 degrees either vertically or horizontally away
  • 14. 14 from ideal positioning are less likely to have images acquired. Lighting conditions, which cause an image to be underexposed or underexposed, can cause challenges. Additionally, users with a darker skin tone can be difficult to acquire. Select Hispanic, black and Asian individuals can be more difficult to enrol and verify in some facial-scan systems because acquisition devices are not always optimized to acquire darker faces. After the issues with image acquisition are worked out, the process of image processing takes place. Colour images are normally reduced to a black and white and images cropped to emphasize facial characteristics. Images are normalized to account for orientation and distance. Images can be enlarged or reoriented as long as a point between the eyes serves as a point of reference. The processes of characteristic location can then take place. There are several matching methods available for facial scans which attempt to match visible facial features in a fashion similar to the way people recognize one another. Areas of the face not apt to change over time such as sides of the mouth, nose shape and areas around the cheekbones, distinctive characteristics most often used in image matching. Areas likely to change over time, such as ones hairlines are not normally used for verification. Facial-scan technology has its advantages and disadvantages. One major advantage is that facial-scan technology is the only biometric capable of identification at a distance without subject complicity or awareness. This allows police to install facial-scan technology in public places to survey crowds and for security to accomplish the same at a casino house. This capability also quiets those who express concern about a biometric that physically touches them or about touching a device that others may have had contact with. Another advantage of facial-scan technology is the fact that static images can be used to enrol a subject. This can shorten the time to enrol a target population compared to an automated Fingerprint Identification system (AFIS), which can take years to accomplish. The disadvantages include acquisition environment and facial characteristic changes that effect matching accuracy and the potential for privacy abuse. Images are most accurate when taken facing the acquisition camera and not sharp angles. The users face must be lit evenly, preferably from the front. Changes in hairstyle, makeup or the wearing of a hat or sunglasses may pose a problem during the verification process. Facial-scanning technology has a poor record in verifying a subject who has had plastic surgery to alter their appearance. The fact that a biometric facial scan can take place without the knowledge or consent of a subject, raises privacy concerns among many. Two facial-scan deployments in Florida have met with public objections: one aimed to prevent
  • 15. 15 crime in a shopping district and one aimed to catch criminals at the 2001 Super Bowl. Facial- scan technologies have unique advantages over all other biometrics in the areas of surveilling large groups and the ability to use pre-existing static images. Its disadvantages include the falsely non-matching folks when subject appearances change during verification. For implementations where the biometric system must verify users reliably over time, facial-scan can be a very difficult technology to implement successfully. 3.3 Retinal-Scan Technology Retinal-scan technology makes use of the retina, which is the surface on the back of the eye that processes light entering through the pupil. Retinal Scan technology is based on the blood vessel pattern in the retina of the eye. The principle behind the technology is that the blood vessels at the retina provide a unique pattern, which may be used as a tamper-proof personal identifier. Since infrared energy is absorbed faster by blood vessels in the retina than by surrounding tissue, it is used to illuminate the eye retina. Analysis of the enhanced retinal blood vessel image then takes place to find characteristic patterns. Retina-scan devices are used exclusively for physical access applications and are usually used in environments that require high degrees of security such as high-level government military needs. Retina-scan technology was developed in the 1980’s, is well known but probably the least deployed of all the biometric technologies. Additionally, retina-scan technology is still in a prototype development stage and still commercially unavailable. Fig:-3.6
  • 16. 16 Retina-scan technology image acquisition is difficult in that the retina is small and embedded, requiring specific hardware and software. The user positions his eye close to the unit’s embedded lens, with the eye socket resting on the sight. In order for a retinal image to be acquired, the user must gaze directly into the lens and remain still, movement defeats the acquisition process requiring another attempt. A low intensity light source is utilized in order to scan the vascular pattern at the retina. This involves a 360 degree circular scan of the area taking over 400 readings in order to establish the blood vessel pattern. This is then reduced to 192 reference points before being distilled into a digitized 96 byte template and stored in memory for subsequent verification purposes. Normally it takes 3 to 5 acceptable images to ensure enrolment. Because of this, the enrolments process can be lengthy. Enrolments can take over 1 minute with some users not being able to be enrolled at all. It seems the more that a user is acclimated to the process, the faster the enrolment process works. After image acquisition, software is used to compile unique features of the retinal blood vessels into a template. Retina-scan technology possesses robust matching capabilities and is usually configured to do one-to-many identification against a database of users, however, this technology requires a high quality image and will not enrol a user unless a good image is acquired. For this reason, there is a moderately high false reject rate due to the inability to provide adequate data to generate a match template. Retina-scan technology has its advantages and disadvantages. Among its advantages are its resistance to false matching or false positives and the fact that the pupil, like the fingerprint remains a stable physiological trait throughout one’s life. The retina is located deep within one’s eyes and is highly unlikely to be altered by any environmental or temporal condition. Its resistance to false matching is due to the fact that retinal scans produce patterns that have highly distinctive characteristics, sufficient to enable identification. Well-trained users find retina scan capable of reliable identification. Like fingerprints, retina traits remain stable throughout life. Disadvantages include the fact that the technology is difficult to use, users claim discomfort with eye-related technology in general and the fact that retina scan technology has limited uses. Enrolments require prolonged concentration requiring a well-trained and motivated user. Retina-scan enrolments take longer than both iris-scan and fingerprinting. Users claim
  • 17. 17 discomfort with the fact that they must position their eye very close to the device. Users commonly fear that the device itself or the light inside the device can harm their eyes in some way. Many also feel that this retina scans are invasive in that the inability to use the retina can be linked to eye disease. Retina scan has limited uses normally deployed in high security, low volume physical access situations in which inconveniencing users is an acceptable cost of heightened security. Retina scan technology is not apt to become a widely deployed technology any time soon. Other biometrics can provide most if not all the benefits of this technology without the problems. But never discount technology and its advances over time. If future technology allows for retina scanning being easier to use and allow users to enrol from a greater distance from the imaging device, its future will be bright. 3.4 Voice Recognition  It is identification of a person from characteristics of voice.  Characteristics like voice pitch, Speaking style, pauses etc.  Each voice recognition system has two phases: • Enrolment:-The speaker's voice is recorded. A number of features are extracted to form a voice print. • Verification A speech sample or "utterance" is compared against a previously created voice print. Fig:-3.7
  • 18. 18 3.5 Signature Recognition  Signature verification analyzes the way a user signs her name.  Signature measures (dynamic)  Speed  Pressure  Handwriting Style Fig:-3.8  Two types of digital handwritten signature authentication:-  Static: - Comparison between one scanned signature and another scanned signature, or a scanned signature against an ink signature using advance algorithms.  Dynamic: - Data is captured along with the X, Y, T and P Coordinates of the signor from the signing device. To create a biometric template from which dynamic signatures can be authenticated
  • 19. 19 CHAPTER - IV APPLICATIONS & CASE STUDY 4.1 Applications Reading currently published papers and information about biometrics, one can think that the main reason for applying biometric solutions is security. This perspective is supported by politicians, spreading the message that biometric technologies can help in the fight against terrorism, help locate criminals, etc. This is not fundamentally wrong. Indeed, if automatic devices for identity recognition were more prevalent in locations such as airports, police stations and other areas that are sensitive or involve high concentrations of public activity, they would surely make the life of criminals and terrorists much more difficult. However, there are many reasons to believe that biometrics will change the life of people in near future mostly because its use will be much more convenient than other techniques in use today for individual identity authentication. This is already apparent today, especially in connection with applications such as physical and logical access control, transportation, and also in the financial industry. In this presentation I will try to specify new possible markets, with emphasis on markets that will – from my point of view – have the largest impact on future societies: A. Authentication: It is reasonable to expect, that in a relatively short time, all personal documents will contain some form of biometric data. Moreover, in time, we could expect that all such documents will no longer be needed, because, in every instance where this type of authentication would be necessary, biometric readers will be connected to the location via network. This would allow a comparison with stored data to be used in lieu of documentation. B. Access and attendance control: In the relatively near future, biometrics will certainly gain increased acceptance in all kinds of access and attendance control applications. We can expect to see biometrics used for these applications in homes, offices, computers, machines, devices, etc. In fact, this will be probably the largest market for biometric technology in terms of the amount of devices installed. However, for the most part, the use of these devices will only replace existing
  • 20. 20 access control methods and technologies, providing increased convenience and security. There will be no need to carry keys, identity cards, personal documents, etc. Furthermore, this implementation of biometrics will add to the overall security solution: precluding the possibility of theft or unauthorized use of equipment/technologies. Biometric devices will offer new quality to security solutions, but not necessarily new market opportunities or potential. C. Travel control: For a variety of reasons, there is an increasing requirement to have people travelling via planes, ferries, and even trains to be individually registered, with interim checks at multiple locations. Today these requirements are being driven mostly by security concerns, visa regulations and other such reasons. And, because the amount of people travelling is already large and predicted to increase at significant rates, all organizations involved in the management and control of mass transportation industries are very interested in the rationalization and automation of necessary procedures. This is especially the case in International Civil Aviation Organization. The pressure caused by the growing number of passengers is surely one of the largest reasons for the introduction of biometric passports, visas and other controls/documents. This organization recommends very clearly, that “Contracting States should incorporate biometric data in their machine readable passports, visas and other official travel documents, using one or more optional data storage technologies to supplement the machine readable zone, as specified in Doc 9303”1 D. Financial and other transactions requiring authorization: In applications having to do with money it is already apparent, that money in physical form (bank notes and coins) is being replaced more and more by virtual forms of financial transactions – digital transactions via data base entry. Today this happens in form of credit or bank cards, pocket electronic money, etc. However, it is clear that, in most cases, the physical card is not important, because money has an owner and can be 1 http://www.icao.int/cgi/goto_m.pl?/icao/en/download.htm#Misc directly connected to a person. Spreading of biometric authentication in the economic sector (i.e. banking and trade) will decrease the need for physical objects, such as cards – since virtual money can be directly connected to a person (or to the legal person). This will result in a significant change
  • 21. 21 both in the behaviour of people, but also in the abilities that governmental organizations will have in their surveillance of money movements (financial transactions). I would expect two possible developments in response to this situation. First, the attitudes of people can be against the sole use of virtual money or they can also try to change the tax and economic systems to allow them to live exclusively with virtual money. The second development, or solution, will evolve over a longer period of time, but is significantly better. That is, the possibility to authorize all legal transactions through biometric mechanisms will make many of these operations much easier and more convenient. E. Remote voting (authorization): Perhaps the most important change in the society will result from the creation of an entirely new market for biometric devices that I call remote authorization. The merging of existing and future networking developments with biometric solutions will allow people to have the opportunity to authorize a wide range of transactions (e.g. voting, purchasing, accessing, decision-making authorizations, etc.) via the network, from remote locations. No longer will they be required to personally present at a given location in order to authenticate a specific action. Indeed, this is a capability that is partially possible today. However, the viability of remote authorization on a large scale, such as public elections, will not be realistic until appropriate biometric solutions are operating without the major shortcomings that plague existing biometric solutions. From my perspective, it will be necessary to develop new, more robust and capable devices. However, the same devices can also be used for many others purposes, such as computers accessories, access control devices, etc. Even so, it is certain that the existing devices that are in use today cannot provide the degree of accuracy necessary to recognize a person whose biometric identity is only available through a distributed network. The risk of betraying them through identity theft is much too large. However, after more accurate, reliable and cost-effective devices are developed that are not constrained by shortcomings associated with existing technologies, the potential for authenticating remote transactions, such as voting (decision making) can drive major changes in all democratic societies – that is, the idea that direct democratic participation by the public can be realized on a large scale and work at low cost. Necessary democratic decisions can be made practically every day at minimal cost, even in large societies. The possibility of low cost remote voting by the public will not only open up the potential for increased participation, but
  • 22. 22 also for increased frequency in voting activities. It is only speculation today, but I would think that this perspective can lead to some of the largest changes in democratic societies – all facilitated by the introduction of accurate, reliable, high speed biometric technologies that enable remote authentication (voting, et al.) at minimal cost. The corresponding changes in political systems and power structures will provide the potential to have a more representative democracy. In association with changes in banking and money transfer techniques remote voting and authorization can also significantly influence economy and tax system: the control of money transfers will be easier, it will be also easier to compete within the “black economy”, but this can also result in people with a much stronger interested in controlling politicians regarding the questions of spending taxes and lowering the cost incurred by the operation of their governments. The possibility to authorize any transaction remotely will surely cause additional changes in other transactions that require such authorization, which currently implies a personal contact. This is also something that will have impact on life in the near future – it will minimize, or eliminate the need for many personal contacts. Such operations will be easier and can be done automatically (by machines – without clerks operating them, as it is done today). F. Use of automatic working devices: With the help of biometrics it will be easier to track the actions of user of any devices and machines, adapt their functions to his needs and to demand his liability for actions caused. I assume that this can slowly change many areas of life and create a large market for devices that are able to recognize their users and react according to their needs. The development of such machines began already, some devices are working, other are proposed as ideas: The main goal of this development is the creation of machines able to recognize their user or people doing something in their vicinity. This feature can be very important for work in factories, offices, hospitals, for use of cars, home appliances, etc. In all such cases it may be important or convenient, that the machine “knows” who is using it (or try to do it, but shouldn’t). This allows automatic adaptation to the needs of people, but also tracking of their actions and reacting in the case of misuse. Such a feature means naturally, that actions of people will be associated by machines, that can be more useful, more convenient to use, but also allows to control, eventually improve the actions of people. These kind of biometric functions do not require (in most cases) a very high degree of secure recognition, but will
  • 23. 23 require techniques, that are called today multimodal biometrics: face, voice, gait and habits recognition and probably much more. It is already visible today that such functions will be implemented in many devices, because of the convenience, that they are offering. In industrial environment the importance of their use will grow with the percentage of automatic devices. Their use will also offer significant advantages: quicker reaction to the user for example in the form of establishing the environment that suits to the person, actual using the device. It can be a seat that is adjusting its position to the needs of the user, but also the computer desktop, loudness of the speaker, etc. This offers not only a convenience, but also a time gain: adjusting such functions requires some time that must be not lost, if automatically done by the machine. It allows also implementing such functions for correction of specific errors, often made by the user, use of shortcuts that can be adjusted individually. Broad use of such technologies will also support the development of automatic shops and other facilities that can be now operated without employees. I think, that this kind of devices will be developed slowly, with growing amount of functionality and in the future will cause, that many machines will be able to recognize the needs of their users automatically, becoming more and more able to serve people in the similar way as live servants. G. Action control: At the last place I would specify a market that can be seen as a part of previous ones but it has special features and can require specific devices: In the case of potentially dangerous devices it is necessary or would be good to control the use of them - to prevent that unauthorized people can use them or to track, who has used them in a specific situation. This is the case with cars, that shouldn’t be used by people without driving license or drunken, with dangerous machines, that must be used by people with appropriate knowledge, a special case are weapons: it would be very good if every weapon could be used only by authorized person. This would make the use of plundered weapons impossible, but also allow to track, who has used a specific weapon for a crime. This market is specific, because biometric devices for action control must have special features: in the case of weapons they must react in real time (probably quicker than 0.1 second). In practically all cases they must be integrated in such elements as handles, triggers, steering wheels. It is surely not possible for me to specify all possible markets for biometric devices, which can emerge in the future.
  • 24. 24 4.2 Case Study: A brief history of identity cards in the UK: The former Labour government’s proposals for identity cards were not the first instance of an identity program in the UK. Historians note that ID cards were a reality well before former Home Secretary David Blunkett’s pursuit of them. During both the First and Second World Wars, Britain introduced a form of national identity card. Agar (2005) explores these experiences and their relevance to the more recent proposals for the NIS. According to Agar, the first ever national identity card and population register in the UK was a failure. It was introduced during the First World War as a means of determining the extent of the male population in the country. Existing government records were considered incomplete and ineffective for the purposes of developing a policy for conscription. Once the count had been completed and the government knew how many men were available to serve, political interest in national registration and identification cards waned, and the system was soon abandoned. 27 However, as Agar notes, the promise of a national identification system was not forgotten by the civil service, who during the Second World War reintroduced the idea of identity cards, primarily as a way of identifying aliens and managing the allocation of food rations. Crucial to the operation of the second National Register was its intimate connection to the organisation of food rationing. In order to renew a ration book, an identity card would have to be produced for inspection at a local office at regular intervals. Those without an identity card, would within a short period of time no longer be able, legally, to claim rationed food. This intimate connection between two immense administrative systems was vital to the success of the second card - they were not forgotten by members of the public - and provides one of the main historical lessons. (Agar 2005) As identity cards became a facet of everyday life, they started being used for additional purposes (a phenomenon negatively referred to as ‘function creep’), including identity checks by police officers. This use continued even after the war had ended. Eventually, liberal-minded citizens began questioning these practices and, in 1950, a man named Clarence Willcock disputed the police’s routine check of ID cards. Willcock’s legal challenges were not successful, but in the case’s written judgment Lord Goddard (the Lord Chief Justice) criticized the police for abusing identity cards. And by 1952 Parliament had repealed the legislation that made national identity cards a reality in the UK. As many observers have noted, including some civil society groups (Privacy International
  • 25. 25 1997), the civil service has since been regularly captivated by the 28 idea of re-introducing national identity cards in the UK, with the aim of solving a diversity of policy problems, ranging from streamlining tax administration to ‘fixing’ immigration, among others. By the early 2000s they had tried again. In 2002, the Labour government, under Prime Minister Tony Blair, proposed a new national ‘entitlement card’ scheme. This proposal was then re- branded as a national ‘identity card’ scheme in 2004. Following failed attempts to pass the legislation, as well as a general election in the UK (in which the Labour party was again victorious), Parliament passed the Identity Cards Act 2006 on 30 March, which enabled the first national identity card program since the Second World War. However, this new Scheme was different from previous ones in several ways. The proposals were for a system of unprecedented size and complexity, comprising a centralized National Identity Register (NIR) (the electronic database on which the population’s identity data would be held), the collection and recording of over 50 pieces of personal information from individuals, and the issuing of identity cards and passports based on a new technology called “biometrics”. Moreover, a number of features distinguished this Scheme from those in other countries. These features included the extensive use of biometrics both for enrolment (to ensure that no individual was entered onto the Register more 29 than once) and verification; the proposed use of a single identification number across government and the private sector (Otjacques et al. 2007); and an ‘audit trail’ that was expected to record details of every instance that an identity was verified against information stored on the Register.4 The successful implementation of the Scheme, therefore, would have required technological expertise in the development of large scale, highly secure databases, advanced computer chip technologies for ID cards, sophisticated data collection mechanisms for the ‘biographical footprint’ checking during the enrolment process, system integration skills to combine all the different aspects of the Scheme, and specialist skills in biometric enrolment and verification. The government’s program for identity cards went through various transformations after the Bill became law. The configuration of the NIR, for example, underwent several changes. In its original conception, the NIR was to be a brand new, central store of data. This changed in December 2006 when the Identity and Passport Service (IPS) – the sub-department of the Home Office responsible for implementing the Scheme – released its Strategic Action Plan and set out a revised database schema for the Register. The idea was to separate the biographic, biometric, and administrative information. This requirement for a personal audit
  • 26. 26 trail would prove to be particularly controversial amongst activists, who viewed it as a dangerous tracking device. 30 store them on different databases. The stated reasons for this segregation were to improve security and make use of “the strengths of existing systems” (IPS 2006c, p.10). However, some argued that this change was a poorly disguised attempt to reduce costs. The government’s proposals for ID cards went through various other changes over the course of Scheme’s lifespan, primarily motivated by concerns about managing costs and achieving observable successes. I will return to this discussion in chapter 5, focusing in particular on the history of biometrics in the Scheme, as these are the main focus of the analysis. For now it suffices to observe how impressive and audacious the government’s plans were for the Scheme and biometrics. The collection of multiple biometrics, including fingerprints and irises, from tens of millions of citizens and foreigners was a project that had not been undertaken before as part of a national identity system. The plans for real-time, on- line biometric identification against a centralized, government-managed database were also a major innovation. While other countries already operated their own national ID systems, the proposed use of these biometrics, in this way – and on this scale – was something that had not been attempted before. Before outlining the structure of the research thesis, I want to provide a brief overview of the wider social and political context in which the debates on, and 31 activities for, the National Identity Scheme took place. This discussion exposes some important external factors that affected the trajectory of discourses in the case.
  • 27. 27 CHAPTER - V CHALLENGES & ISSUES 5.1 Biometrics and Privacy Issues There are two ways to examine this concern among users. One has to do with the actual steps necessary to authenticate the individual user, and the other with the overall concern for privacy and how unique identifiers will be used. Face recognition and retinal scans are areas that have the potential for making users feel very uncomfortable when used for the purpose of authentication. We tend to think of this technology in terms of the ability of a system to match a photograph or the eye to a particular individual, and indeed that is the premise. However, in order to do this, the system may require an individual to come in very close contact with a camera or a scanner during the authentication process. Some people find this method of authentication too intrusive of their personal space. Although this method of authentication feels very intrusive to some, it is not a major concern for the majority of users. The majority of expressed concerns relate to privacy issues of the individual user. Specifically, users are concerned with how and where information is stored; who can access it; how it can be used; and the reliability of its usage. These concerns are certainly valid for persons who view biometrics technology in its most broad sense, but are not as valid when applied to user authentication. The difference is in how this technology is used. For the purpose of authenticating an individual user, the system does not try to determine the user's identity – only to confirm it. It will only allow access by a user to a particular application or network when a match is confirmed. The method of storage is also different from an actual finger print or photograph that might be on file. For user authentication purposes, data is stored as a mathematical representation that cannot, in and of itself, recreate the original image. Storage of unique identifiers is also a concern to some individuals. Information can be stored locally which provides for easier access and control, and lessens the concern about network attack. Another method of storage is centralization of data, which can make the information more vulnerable to outside attack. Smart card storage of data is another method of storage,
  • 28. 28 and puts the information within the control of the user. While this may feel more comfortable to the individual, it poses a number of security risks and should not be used by itself for authentication purposes when accessing sensitive, confidential, or classified information. Interestingly enough, laws in some countries require that the information be stored on tokens or smart cards. 5.2 Biometrics Efficiency Biometrics technology is without a doubt a more efficient way of authentication than the more common use of pass words, smart cards, or a combination of the two. Potentially, the user would not have to remember a password or a series of passwords to access information. Passwords also have expiration dates that require new assignment of passwords and more work for technical support staff. Businesses, corporations, and medical providers have found that too many times users cannot remember their pass words, and trying to navigate through a series of steps to access needed information becomes cumbersome and time consuming. Technical support staff can be kept busy providing instruction to individual users who have difficulty with the technology associated with even some of the more basic procedures of signing on or logging on to a particular application or network. Biometrics is a promising technology that is being touted as the solution to these problems. In systems that use single sign-on, this particular technology would be a very efficient way to authenticate the user. You save time and resources when you have “the ability to authenticate just once and be properly recognized.” This approach “consolidates multiple user identities into a single identity that can be used everywhere. That means each user has access to multiple networks and applications after logging in once.” More and more businesses and corporations are recognizing the efficiency of such an application. In hospital settings for instance, there is more and more interest in using biometrics for user authentication to assure the confidentiality, privacy, of patient information. There is also a down side to the question of efficiency in the use of biometrics in the authentication process. Research has shown that no system is perfect and biometrics in its present stage of development is no exception. Although false positive and negative identification will be discussed as a separate security issue, it also has implications to the user who needs to sign-in or log on and is locked out because the system does not recognize the
  • 29. 29 user as being legitimate. When this occurs, time can be lost both by the individual user and the technical support staff in identifying and rectifying the problem(s). When different products were tested to determine how securely and efficiently they could authenticate users, varying results were obtained. For instance, face recognition systems could be fooled by the use of a mask. With some systems tested, it was necessary to increase them confidence levels to prevent unauthorized access. The downside according to the researchers was that "an increase in the certainty threshold translated into a longer authentication process and an increase in the frequency of false rejections." This would decrease some of the benefits related to efficiency, but would not be a compelling reason to discount its overall benefits. What the biometric industry is working toward is a "complete replacement for your password and cards." While this statement was not directly related to user authentication, it certainly applies. Companies involved in research and development would indeed like to develop a system that completely replaces passwords and cards while insuring the integrity of sensitive data and information. 5.3 Biometric Security Issues Although there has been substantial research related to security issues there is still more to be done. We have mentioned some of the security issues previously as they relate to privacy for the individual user as well as the efficiency of biometrics in user authentication. A more in- depth examination would indicate that there are areas that warrant concern. For instance, we need to understand how vulnerable data are to theft or abuse; how the data are to be retained to optimize the security of the data; whether the information can be tampered with; and how much of an error factor in the authentication process is acceptable. In an article published in PC Magazine (on line) in February 1999, biometrics security was examined. Benchmark testing results of finger print recognition, face recognition, and voice recognition were reviewed. Efforts were made to determine how secure the factors were in authenticating users by subjecting products to various test scenarios. Finger print recognition proved to be the most secure of the products subjected to the testing and there was no success in any of the efforts made to fool the device. Face recognition systems could be fooled with a mask at the default settings, but as the threshold levels were increased to above 96 percent confidence, no system tested allowed
  • 30. 30 entry. As previously stated, legitimate users were locked out when the higher threshold level was used. Only two voice recognition products were tested and one allowed an unauthorized user to get in. However, the testing result of that particular product is somewhat questionable. They did not use the microphone voice crypt recommended for the test because it was not in stock. A biometrics integration and consulting firm known as International Biometrics Group has worked with the private sector, with government, and with medical professionals in evaluating various biometrics technologies. They have conducted comparison testing in fingerprint, facial recognition, iris recognition, and voice recognition. One of the systems evaluated was the face recognition system developed by a corporation in Burlington, Ontario. When tested, their system had a 0 percent False Acceptance Rate and a 3.1 percent False Negative Rate. This rate of failure of a system to authenticate authorized users may be an acceptable rate for some but not for others. Clearly it would depend on your job function as to how problematic this might be, and how much time would be lost when this occurs. This same corporation has an exclusive license for the use of a very sophisticated technology known as Holographic Quantum Neural Technology that is to be used in future face recognition technology. The International Biometrics Group has also evaluated the effectiveness of Iris and Retinal scan technology. This technology is not new and has been in use for approximately (15) fifteen years. Testing of products indicate that retinal scans are not easily fooled. Although it would be difficult to replicate the retina, it is possible to gain unauthorized access by such an act. In one discussion about retinal scans, it was mentioned that removal of the eye would be another way to breach security. Both of these risks would be effectively eliminated by using a thermal scanner that measures heat. This type of scanner is often used with the fingerprints. Iris scans are also a very effective way of authenticating a user, but there are issues which affect this particular technology. For instance, the eye must have a certain degree of lighting to allow the camera to capture the iris. There is potential for failure when enough light is not available. We have to remember that in real world applications of any technology, environments in which work is performed can be very different and in some cases make a particular method of user authentication contraindicated. Lighting issues notwithstanding,
  • 31. 31 the iris scan technology is viewed as a very reliable method of authentication when subjected to testing. Biometrics technology does not in and of itself protect against internal or external attacks in user authentication systems. In order to guard against such attacks, steps should be taken to protect authentication information. Systems that store biometrics data and credentials should do so in encrypted format by using a Public Key Infrastructure. Audit logs should also be kept with a high degree of detail required. Such logs should be able to detect if a user does something that is questionable, and that would compromise security. Standards should also be in place that would prevent one person from compromising the system’s ability to identify a user who has committed an inappropriate act. Finally, security is enhanced when the software that performs the authentication function is not located at the users work station. The data should be entered at the workstation, but then passed on to a secure server for authentication. This decreases the possibility that the data can be tampered with. 5.3 Biometrics and Job Function/Roles When using biometrics technology, or any other technology for the purpose of verifying a user's identity, it is important to understand that not everyone within an organization or department needs access to all information. While biometrics is considered the most reliable form of user authentication, we must remember that user authentication is complex, especially when applied to a network where one person may need to have access to various applications or systems. People within organizations who need access to sensitive, confidential, or classified information will need the strongest form of authentication - three-factor authentication. This level of authentication will necessitate use of passwords, smart cards or tokens, and personal identifiers. Those who need to have rapid access to a particular application or system might need to use a smart card or token. A password may be the only authentication needed for those with minimal security needs. A person's specific job duties or work environment will also impact user authentication. For example, in a manufacturing environment where noise levels are high or heavy glovers are being worn voice scans or finger print scans would not be appropriate. The point is this -
  • 32. 32 there is a need for flexibility in any authentication protocol that can accommodate different workplace constraints. 5.4 Biometrics and Cost As biometrics technology moves from research and development to implementation in the market place, cost to users of the technology has to be a concern. All of the issues related to Y2K meant that many organizations, corporation, and government entities had to expend a major portion of their Information Management budgets to upgrade their systems prior to the year 2000. A security evaluation may reveal user authentication as one of the vulnerable areas needing to be upgraded. Biometrics technology may be considered as a solution to stronger user authentication in such a scenario. Most products are designed to integrate with existing systems without having to replace all of the existing hardware and/or software. Certainly any upgrades would not require the kind of capital expenditures associated with Y2K. One of the advantages to using biometrics technology for user authentication is its low cost with finger print technology costing as low as $100.00. However, the cost of using a retina scan device can be $2,000.00 - $2,500.00 and puts it at the other extreme of the cost spectrum. This has proven to be one of the factors that make this type of technology less attractive to most potential users, even though it is highly reliable. One has to also factor in the cost of not making a change to biometrics technology in calculating help desk time for users who simply have forgotten their passwords, and this happens a lot. According to one source, such calls can cost “upwards to $35 a shot.” (8) Other cost factors for technical support staff include reassigning passwords that have expired when the system does not assign the password for the user. There is also a cost factor if passwords are stolen and there is a breech in security. Stolen passwords can result in loss of money and while biometrics technology may not completely solve all of the cost related problems, it will certainly decrease it.
  • 33. 33 CHAPTER - VI CONCLUSION & FUTURE SCOPE 6.1 Why biometrics – possible future markets: Reading currently published papers and information about biometrics, one can think that the main reason for applying biometric solutions is security. This perspective is supported by politicians, spreading the message that biometric technologies can help in the fight against terrorism, help locate criminals, etc. This is not fundamentally wrong. Indeed, if automatic devices for identity recognition were more prevalent in locations such as airports, police stations and other areas that are sensitive or involve high concentrations of public activity, they would surely make the life of criminals and terrorists much more difficult. However, there are many reasons to believe that biometrics will change the life of people in near future mostly because its use will be much more convenient than other techniques in use today for individual identity authentication. This is already apparent today, especially in connection with applications such as physical and logical access control, transportation, and also in the financial industry. In this presentation I will try to specify new possible markets, with emphasis on markets that will – from my point of view – have the largest impact on future societies. 6.2 Conclusion: There seem to exist more disadvantages than advantages for using biometric authentication systems. This is one reason why such systems are not yet widely used. But the advantages mentioned above are so important and people want to benefit from them that the disadvantes will be more and more reduced in the future. However, some sort of trade-offs, like between the FA rate and the FR rate will always need to be made. The discussion above shows that biometric authentication is an interesting topic that a lot of research is going on in this area and that it can be used for secure systems despite all disadvantages. At the moment it is recommended to combine biometric authentication with any other authentication technology. Such multi-factor authentication systems are always more secure and it is also common practice to use combinations of different authentication
  • 34. 34 methods. ATMs require for example a PIN and a bank card with additional authentication information saved on a chip. When talking about biometric data questions about the privacy of personal data come up automatically. This paper has not considered this topic but there are many article dealing with these concerns. It is a difficult topic but it is obvious that biometric authentication systems have to store the biometric samples in a secure way and it has 11 to be ensured that such data cannot be used otherwise. The best would be if biometric data is kept under the control of the person to which it belongs. This could be done for example by saving the biometric sample only on a smart card which is used in combination with the biometric in an authentication process. To sum up it can be clearly said that the usage of biometric authentication will increase more and more in the future. This will be supported among other things by the steady improvement of the technologies and the reduction of the prices for hardware and software. Biometric authentication can and probably will be used in many areas, for example ATMs, access to Personal Computers, PDAs and mobile phones, DRM systems, access to buildings and cars and many more we can’t even think about.
  • 35. 35 REFERENCES 1. Julian Ashbourn, “Biometrics: Advanced Identity Verification”, London: Springer - Verlag, (2002), page no. 5. 2. Robert Todd Carroll, “The Skeptics Dictionary: Phrenology”. 3. Robert Todd Carroll, “The Skeptics Dictionary: Anthropometry”. 4. Samir Nanvati, “Biometrics: Identity Verification in a Networked World”, (2002) 5. Biometrics, Aidan Dysart http://www.zdnet.com/pcmag/features/biometrics/bench.html 6. The Challenge of User Authentication http://www.ankari.com/whitepapers.asp 7. NMAS Implementation scenarios http://developer.novell.com/research/appnotes/2001/july/01/a0107015.html 8. Benchmark Test http://www.zdnet.com/pcmag/features/biometrics/bench.html 9. Body may be key to foolproof ID http://www.usatoday.com/life/cyber/tech/ctc447.html