In today's digital economy, where many important activities are
carried out with the help of computer, the need for reliable,
simple, flexible and secure system is a great concern and a
challenging issue for the organization. Day by day security breaches
and transaction fraud increases, the need for secure identification
and personal verification technologies is becoming a great concern
to the organization. By measuring something unique about an
individual and using that to identify, an organization can
dramatically improve their security measures. Awareness of security
issues is rapidly increasing among company how they want to protect
the information which is a greatest asset that the company
possesses. The organization wants to protect this information from
either internal or external threat. Security plays a very important
role in the organization and to make computer system secure, various
biometric techniques have been developed. Today biometric techniques
are a reliable method of recognizing the identity of a person based
on physiological or behavioral characteristics.
exploit human's unique physical or behavioral traits in
order to authenticate people. The features measured are face,
fingerprints, hand geometry, iris, retinal, voice etc. Biometric
authentication is increasingly being used in areas like banking,
retailing, defense, manufacturing, health industry, stock exchange,
public sector, airport security, Internet security etc. Biometric
technologies are providing a highly-secure identification and
personal verification solutions. Biometric techniques are an attempt
in providing a robust solution to many challenging problems in
security. Biometrics focuses on the analysis of physical or
behavioral traits that determine individual identity. Biometrics can
he used to verify the identity of an individual based on the
measurement and analysis of unique physical and behavioral data.
Indeed, biometrics techniques increasingly are being viewed as the
preferred means to confirm an individual's identity accurately.
The history of biometric techniques is not new, it trace its
origin from the past. The ancient biometric technique which was
practiced was a form of finger printing being used in China in the
14th century, as reported by the Portuguese historian Joao de
Barros. The Chinese merchants were stamping children's palm and
footprints on paper with ink to distinguish the babies from one
another. Biometrics the ancient Greek word is the combination of two
words -bio means life, metric means measurement.It is the study of
methods for uniquely recognizing humans based upon physical or
behavioral characteristics. The physiological characteristics are
fingerprint, face, hand geometry, DNA and iris recognition.
Behavioral are related to the behavior of a person like signature,
study of keystroke, voice etc. Thus a biometric system is
essentially a pattern recognition system which makes a personal
identification by determining the authenticity of a specific
physiological or behavioral characteristic possessed by the user.
Biometric characteristics are collected using a device called a
sensor. These sensors are used to acquire the data needed for
verification or identification and to convert the data to a digital
code. The quality of the device chosen to capture data has a
significant impact on the recognition results. The devices could be
digital cameras for face recognition, ear recognition etc or a
telephone for voice recognition etc. A biometric system operates in
verification mode or identification mode. In verification mode the
system validates a person identity by comparing the captured
biometric data with the biometric template stored in the database
and is mainly used for positive recognition. In the identification
mode the system captures the biometric data of an individual and
searches the biometric template of all users in the database till a
match is not found.
DIFFERENT TYPES OF BIOMETRIC TECHNIQUES
Face Recognition:
The biometric system can automatically recognize a person by the
face. This technology works by analyzing specific features in the
face like - the distance between the eyes, width of the nose,
position of cheekbones, jaw line, chin ,unique shape, pattern etc.
These systems involve measurement of the eyes, nose, mouth, and
other facial features for identification. To increase accuracy these
systems also may measure mouth and lip movement.Face recognition
captures characteristics of a face either from video or still image
and translates unique characteristics of a face into a set of
numbers. These data collected from the face are combined in a single
unit that uniquely identifies each person. Sometime the features of
the face are analyzed like the ongoing changes in the face while
smiling or crying or reacting to different situation etc.The entire
face of the person is taken into consideration or the different part
of the face is taken into consideration for the identity of a
person. It is highly complex technology. The data capture by using
video or thermal imaging. The user identity is confirmed by looking
at the screen. The primary benefit to using facial recognition as a
biometric authenticator is that people are accustomed to presenting
their faces for identification and instead of ID card or photo
identity card this technique will be beneficial in identifying a
person. As the person faces changes by the age or person goes for
plastic surgery, in this case the facial recognition algorithm
should measure the relative position of ears, noses, eyes and other
facial features.
Hand Geometry:
Hand geometry is techniques that capture the physical
characteristics of a user's hand and fingers. It analyses finger
image ridge endings, bifurcations or branches made by ridges. These
systems measure and record the length, width, thickness, and surface
area of an individual's hand. It is used in applications like access
control and time and attendance etc. It is easy to use, relatively
inexpensive and widely accepted. A camera captures a 3 dimensional
image of the hand. A verification template is created and stored in
the database and is compared to the template at the time of
verification of a person. Fingerprint identification.Currently
fingerprint readers are being built into computer memory cards for
use with laptops or PCs and also in cellular telephones, and
personal digital assistants. It is successfully implemented in the
area of physical access control.
Eye Recognition:
This technique involves scanning of retina and iris in eye.
Retina scan technology maps the capillary pattern of the retina, a
thin nerve on the back of the eye. A retina scan measures patterns
at over 400 points. It analyses the iris of the eye, which is the
colored ring of tissue that surrounds the pupil of the eye. This is
a highly mature technology with a proven track record in a number of
application areas. Retina scanning captures unique pattern of blood
vessels where the iris scanning captures the iris. The user must
focus on a point and when it is in that position the system uses a
beam of light to capture the unique retina characteristics.It is
extremely secure and accurate and used heavily in controlled
environment. However, it is expensive, secure and requires perfect
alignment and usually the user must look in to the device with
proper concentration. Iris recognition is one of the most reliable
biometric identification and verification methods. It is used in
airports for travelers.Retina scan is used in military and
government organization. Organizations use retina scans primarily
for authentication in high-end security applications to control
access, for example, in government buildings, military operations or
other restricted quarters, to authorized personnel only. The unique
pattern and characteristics in the human iris remain unchanged
throughout one's lifetime and no two persons in the world can have
the same iris pattern.
Voice Biometrics:
Voice biometrics, uses the person's voice to verify or identify
the person. It verifies as well as identifies the speaker. A
microphone on a standard PC with software is required to analyze the
unique characteristics of the person. Mostly used in telephone-based
applications. Voice verification is easy to use and does not require
a great deal of user education. To enroll, the user speaks a given
pass phrase into a microphone or telephone handset. The system then
creates a template based on numerous characteristics, including
pitch, tone, and shape of larynx. Typically, the enrollment process
takes less than a minute for the user to complete. Voice
verification is one of the least intrusive of all biometric methods.
Furthermore, voice verification is easy to use and does not require
a great deal of user education.
Signature Verification:
Signature verification technology is the analysis of an
individual's written signature, including the speed, acceleration
rate, stroke length and pressure applied during the signature. There
are different ways to capture data for analysis i.e. a special pen
can be used to recognize and analyze different movements when
writing a signature, the data will then be captured within the pen.
Information can also be captured within a special tablet that
measures time, pressure, acceleration and the duration the pen
touches it .As the user writes on the tablet, the movement of the
pen generates sound against paper an is used for verification. An
individual's signature can change over time, however, which can
result in the system not recognizing authorized users. Signature
systems rely on the device like special tablet, a special pen etc.
When the user signs his name on an electronic pad, rather than
merely comparing signatures, the device instead compares the
direction, speed and pressure of the writing instrument as it moves
across the pad.
Keystroke:
This method relies on the fact that every person has her/his own
keyboard-melody, which is analyzed when the user types. It measures
the time taken by a user in pressing a particular key or searching
for a particular key.
OTHER BIOMETRIC TECHNIQUES ARE
o Vein/Vascular Patterns: Analyses the veins in, for example, the hand and the face.
o Nail Identification: Analyses the tracks in the nails.
o DNA Patterns: it is a very expensive technique and it takes a
long time for verification/identification of a person
o Sweat pore analysis: Analyses the way pores on a finger are
located.
o Ear Recognition: Shape and size of an ear are unique for every
person.
o Odour Retection: Person is verified or identified by their
smell.
o Walking Recognition: It analyses the way the person walks.
METHODS OF BIOMETRIC AUTHENTICATION:
o VERIFICATION : is the process of verifying the user is who they
claim to be.
o IDENTIFICATION : is the process of identifying the user from a
set of known users.
WORKING OF BIOMETRICS:
All biometric systems works in a four-stage process that consists
of the following steps.
o Capture: A biometric system captures the sample of biometric
characteristics like fingerprint, voice etc of the person who wants
to login to the system.
o Extraction: Unique data are extracted from the sample and a
template is created. Unique features are then extracted by the
system and converted into a digital biometric code. This sample is
then stored as the biometric template for that individual.
o Comparison: The template is then compared with a new sample.
The biometric data are then stored as the biometric template or
template or reference template for that person.
o Match/Non-Match: The system then decides whether the features
extracted from the new sample are a match or a non-match with the
template. When identity needs checking, the person interacts with
the biometric system, a new biometric sample is taken and compared
with the template. If the template and the new sample match, the
person's identity is confirmed else a non-match is confirmed.
[Biometric Authentication System and its functional components]
The Biometric Authentication System Includes Three Layered Architecture:
o Enroll: A sample is captured from a device, processed into a
usable form from which a template is constructed, and returned to
the application.
o Verify: One or more samples are captured, processed into a
usable form, and then matched against an input template. The results
of the comparison are returned.
o Identify: One or more samples are captured, processed into a
usable form, and matched against a set of templates. A list is
generated to show how close the samples compare against the top
candidates in the set.
A biometric template is an individual's sample, a reference data,
which is first captured from the selected biometric device. Later,
the individual's identity is verified by comparing the subsequent
collected data against the individual's biometric template stored in
the system. Typically, during the enrollment process, three to four
samples may be captured to arrive at a representative template. The
resultant biometric templates, as well as the overall enrollment
process, are key for the overall success of the biometric
application. If the quality of the template is poor, the user will
need to go through re-enrollment again. The template may be stored,
within the biometric device, remotely in a central repository or on
a portable card.
Storing the template on the
biometric device has the advantage of
fast access to the data. There is no dependency on the network or
another system to access the template. This method applies well in
situations when there are few users of the application. Storing the
template in a central repository is a good option in a
high-performance, secure environment. Keep in mind that the size of
the biometric template varies from one vendor product to the next
and is typically between 9 bytes and 1.5k. For example, as a
fingerprint is scanned, up to 100 minutia points are captured and
run against an algorithm to create a 256-byte binary template. An
ideal configuration could be one in which copies of templates
related to users are stored locally for fast access, while others
are downloaded from the system if the template cannot be found
locally.
Storing the template on a card or a token has the advantage that
the user carries his or her template with them and can use it at any
authorized reader position. Users might prefer this method because
they maintain control and ownership of their template. However, if
the token is lost or damaged, the user would need to re-enroll. If
the user base does not object to storage of the templates on the
network, then an ideal solution would be to store the template on
the token as well as the network. If the token is lost or damaged,
the user can provide acceptable identity information to access the
information based on the template that can be accessed on the
network. The enrollment time is the time it takes to enroll or
register a user to the biometric system. The enrollment time depends
on a number of variables such as: users' experience with the device
or use of custom software or type of information collected at the
time of enrollment.
Biometric Performance Measures:
o False Acceptance Rate (FAR) or False Match Rate (FMR): the
probability that the system incorrectly declares a successful match
between the input pattern and a non-matching pattern in the
database. It measures the percent of invalid matches. These systems
are critical since they are commonly used to forbid certain actions
by disallowed people.
o False Reject Rate (FRR) or False Non-Match Rate (FNMR): the
probability that the system incorrectly declares failure of match
between the input pattern and the matching template in the database.
It measures the percent of valid inputs being rejected.
o Receiver (or relative) Operating Characteristic (ROC): In
general, the matching algorithm performs a decision using some
parameters (e.g. a threshold). In biometric systems the FAR and FRR
can typically be traded off against each other by changing those
parameters. The ROC plot is obtained by graphing the values of FAR
and FRR, changing the variables implicitly. A common variation is
the Detection error trade-off (DET), which is obtained using normal
deviate scales on both axes.
o Equal Error Rate (EER): The rates at which both accept and
reject errors are equal. ROC or DET plotting is used because how FAR
and FRR can be changed, is shown clearly. When quick comparison of
two systems is required, the ERR is commonly used. Obtained from the
ROC plot by taking the point where FAR and FRR have the same value.
The lower the EER, the more accurate the system is considered to be.
o Failure to Enroll Rate (FTE or FER): the percentage of data
input is considered invalid and fails to input into the system.
Failure to enroll happens when the data obtained by the sensor are
considered invalid or of poor quality.
o Failure to Capture Rate (FTC): Within automatic systems, the
probability that the system fails to detect a biometric
characteristic when presented correctly.
o Template Capacity: the maximum number of sets of data which can
be input in to the system.
For example, performance parameters associated with the
fingerprint reader may be:
o a false acceptance rate of less than or equal to 0.01 percent
o a false rejection rate of less than 1.4 percent
o the image capture area is 26×14 mm.
Obviously, these two measures should be as low as possible to
avoid authorized user rejection but keep out unauthorized users. In
applications with medium security level a 10% False Rejection Error
will be unacceptable, where false acceptance rate error of 5% is
acceptable.
False Acceptance When a biometric system incorrectly identifies
an individual or incorrectly verifies an impostor against a claimed
identity. Also known as a Type II error. False Acceptance Rate/FAR
The probability that a biometric system will incorrectly identify
an individual or will fail to reject an impostor. Also known as the
Type II error rate.
It is stated as follows:
FAR = NFA / NIIA or FAR = NFA / NIVA
where FAR is the false acceptance rate
NFA is the number of false acceptances
NIIA is the number of impostor identification attempts
NIVA is the number of impostor verification attempts
False Rejection Rate/FRR The probability that a biometric system
will fail to identify an enrollee, or verify the legitimate claimed
identity of an enrollee. Also known as a Type I error rate.
It is stated as follows:
FRR = NFR / NEIA or FRR = NFR / NEVA
where FRR is the false rejection rate
NFR is the number of false rejections
NEIA is the number of enrollee identification attempts
NEVA is the number of enrollee verification attempts
Crossover Error Rate (CER)
Represents the point at which the false reject rate = the false
acceptance rate.
Stated in percentage
Good for comparing different biometrics systems
A system with a CER of 3 will be more accurate than a system with
a CER of 4
BIOMETRICS USE IN INDUSTRY
Punjab National Bank (PNB) installed its first biometric ATM at a
village in Gautam Budh Nagar (UP) to spread financial inclusion.
"The move would help illiterate and semi-literate customers to
do banking transaction any time.
Union Bank of India biometric smart cards launched. Hawkers and
small traders could avail loan from the bank using the card.
In Coca-Cola Co., hand-scanning machines are used to replace the
time card monitoring for the workers. In New Jersey and six other
states, fingerprint scanners are now used to crack down on people
claiming welfare benefits under two different names.
In Cook County, Illinois, a sophisticated camera that analyzes
the iris patterns of an individual's eyeball is helping ensure that
the right people are released from jail. At Purdue University in
Indiana, the campus credit union is installing automated teller
machines with a finger scanner that will eliminate the need for
plastic bankcards and personal identification numbers.
MasterCard International Inc. and Visa USA Inc., the world's two
largest credit card companies, have begun to study the feasibility
of using finger-scanning devices at the point of sale to verify that
the card user is really the card holder. The scanners would compare
fingerprints with biometric information stored on a microchip
embedded in the credit card.
Walt Disney World in Orlando has
started taking hand scans of people who purchase yearly passes.
These visitors now must pass through a scanner when entering the
park preventing them from lending their passes to other people.
The technology also received widespread attention at summer's
Olympic Games Atlanta, where 65,000 athletes, coaches and officials
used a hand-scanning system to enter the Olympic Village.
Selection of Biometric Techniques:
There are a lot of decision factors for selecting a particular
biometric technology for a specific application.
1. Economic Feasibility or Cost- The cost of biometric system
implementation has decreased recently; it is still a major barrier
for many companies. Traditional authentication systems, such as
passwords and PIN, require relatively little training, but this is
not the case with the most commonly used biometric systems. Smooth
operation of those systems requires training for both systems
administrators and users.
2. Risk Analysis- Error rates and the types of errors vary with
the biometrics deployed and the circumstances of deployment. Certain
types of errors, such as false matches, may pose fundamental risks
to business security, while other types of errors may reduce
productivity and increase costs. Businesses planning biometrics
implementation will need to consider the acceptable error threshold.
3. Perception of Users- Users generally view behavior-based
biometrics such as voice recognition and signature verification as
less intrusive and less privacy-threatening than physiology-based
biometrics.
4. TechnoSocio Feasibility- Organizations should focus on the
user-technology interface and the conditions in the organizational
environment that may influence the technology's performance. The
organization should create awareness among the users how to use the
techniques and should overcome the psychological factors as user
fears about the technology. Organization has to also consider the
privacy rights of users while implementing the biometric techniques.
5. Security- Biometric techniques should have high security
standards if they will be implemented in high secure environment.
The biometric techniques should be evaluated on the basis of their
features, potential risk and area of application, and subjected to a
comprehensive risk analysis.
6. User friendly & Social Acceptability- Biometric techniques
should be robust and user friendly to use and they should function
reliably for a long period of time. The techniques should not divide
the society into two group i.e. digital and non digital society.
7. Legal Feasibility- Government has to form a regulatory
statutory framework for the use of biometric techniques in various
commercial applications. It should form a standard regulatory
framework for use of these techniques in commercial applications or
transactions. If required the framework has to be regulated and
changed time to time.
8. Privacy- As biometric techniques rely on personal physical
characteristics, an act has to be made to protect the individual's
privacy data not to be used by other. A data protection law has to
be created in order to protect the person's privacy data.
Criteria
for evaluating biometric technologies.
The reliability and acceptance of a system depends on the
effectiveness of the system, how the system is protected against
unauthorized modification, knowledge or use, how the systems provide
solutions to the threats and its ability and effectiveness to
identify system's abuses.
These biometric methods use data compression algorithms,
protocols and codes. These algorithms can be classified in three
categories:
o Statistical modeling methods,
o Dynamic programming,
o Neural networks.
The mathematical tools used in biometric procedure need to be
evaluated. Mathematical analysis and proofs of the algorithms need
to be evaluated by experts on the particular fields. If algorithms
implement "wrong" mathematics then the algorithms are
wrong and the systems based on these algorithms are vulnerable. If
the algorithms used in the biometric methods have "leaks",
or if efficient decoding algorithms can be found then the biometric
methods themselves are vulnerable and thus the systems based on
these methods become unsafe.
Different algorithms offer different degrees of security, it
depends on how hard they are to break. If the cost required to break
an algorithm is greater than the value of the data then we are
probably safe. In our case where biometric methods are used in
financial transactions where a lot of money is involved it makes it
worth it for an intruder to spend the money for cryptanalysis.
The cryptographic algorithms or techniques used to implement the
algorithms and protocols can be vulnerable to attacks. Attacks can
also be conceived against the protocols themselves or aged standard
algorithms. Thus criteria should be set for the proper evaluation of
the biometric methods addressing these theoretical concerns.
The evaluation of the biometric systems is based on their
implementation. There are four basic steps in the implementation of
the biometric systems which impose the formation of evaluative
criteria.
o Capture of the users attribute.
o Template generation of the users attribute.
o Comparison of the input with the stored template for the
authorized user.
o Decision on access acceptance or rejection.
Applications of Biometric Techniques
Biometrics is an emerging technology which has been widely used
in different organization for the security purpose. Biometrics can
be used to prevent unauthorized access to ATMs, cellular phones,
smart cards, desktop PCs, workstations, and computer networks. It
can be used during transactions conducted via telephone and Internet
(electronic commerce and electronic banking). Due to increased
security threats, many countries have started using biometrics for
border control and national ID cards. The use of biometric
identification or verification systems are widely used in different
companies as well as the government agencies. The applications where
biometric technique has its presence are
o Identity cards and passports.
o Banking, using ATMs, Accessing Network Resource
o Physical access control of buildings, areas, doors and cars.
o Personal identification
o Equipment access control
o Electronic access to services (e-banking, e-commerce)
o Travel and Transportation, Sporting Event
o Border control
o Banking and finance, Shopping Mall
o Airport security
o Cyber security
o Time Management in Organization
o Voice Recognition(Tele banking)
o Prison visitor monitoring system.
o Voting System
Prospects of Biometric Techniques:
The biometric industry is at an infancy stage in India, but is
growing fast to capture the entire market. This technique is
expanding both into private and public areas of application.
Biometric applications need to interconnect to multiple devices and
legacy applications. The industry market and consumer markets are
adopting biometric technologies for increased security and
convenience. With the decreasing price of biometric solutions and
improved technology, more organization is coming forward to
implement this technology. The lack of a standard regulatory
framework is a major drawback in implementing biometrics in organization.It is not widely accepted by the users because some
organization and society have the opinion that this technology is
inappropriate and the privacy data of the users are lost. If proper
regulatory framework is not established it will not be accepted by
the organization as well as by the user. The
devices manufactured for biometric techniques has to comply with standards Increased IT
spending in the government and financial sector offers better
opportunities for such deployments. Even though there are no global
mandated or regulatory frame works as of now, they are expected to
arrive very soon.
Standard law and regulation will open a wide
market for biometrics in electronic legal and commercial
transactions.
The anti-terrorism act has introduced has a wide scope for the
biometric techniques to be implemented.
Consumer privacy data has to be protected in order to be widely
accepted by the user.
Integration of biometric with different
legacy application and hardware.
Biometric technique has a great demand in the telecommunication
domain.
The notebook and laptop manufacturer has already implemented the
biometric techniques like finger printing for the enhancement of the
security.
The biometric industry must address major challenges related to
performance, real-world utility, and potential privacy impact in
order for biometrics to reach their full potential
Many
companies are also implementing biometric technologies to secure
areas, maintain time records, and enhance user convenience.
An interesting biometric application is linking biometrics to
credit cards.
Other financial transactions could benefit from biometrics, e.g.,
voice verification when banking by phone, fingerprint validation for
e-commerce, etc. The market is huge, and covers a very wide range of
hardware, applications and services.
Conclusion:
The future of this technology is booming. With the rapid increase
of fraud and theft in commercial transaction; it is a great concern
for the organization to use biometric as key instrument in
eliminating the fraud and flaws in the traditional security
approach. Both businesses and consumers are anxious for greater
security in commercial transactions. The technology is increasingly
reliable and affordable, and the question of the legal
enforceability of electronic contracts is settled. While consumers
recognize the benefits of biometric authentication, they are
reluctant to fully accept the technology without adequate assurances
that companies will keep their biometric information confidential
and subject to various safeguards and the existing law provides a
limited measure of protection for biometric information so greater
protection should be offered to consumers so that their personal
information is not misused. Biometrics will play vital roles in the
next generation of automatic identification system. Biometric
identifiers must be considered when implementing a biometric-based
identification system. The applicability of specific biometric
techniques depends heavily on the application domain. Biometrics
must be implemented properly to be effective and the consequences
considered. Biometrics will become increasingly prevalent in
day-to-day activities where proper identification is required. The
real future of the technology lies in creating a biometric trust
infrastructure that allows private sector and the public sector to
handle security needs. Ultimately, such an infrastructure would
allow people to move to various locations worldwide while
maintaining their security clearance as defined by their
physiological and behavioral identities.
