Bio Metrics Final Report

8/8/2019 Bio Metrics Final Report

http://slidepdf.com/reader/full/bio-metrics-final-report 1/38

1. Abstract

“Biometrics” is a general term used alternatively to describe a characteristic or a process.

As a characteristic :

1. A measurable biological (anatomical and physiological) and behavioral

characteristic that can be used for automated recognition.

As a process:

2. Automated methods of recognizing an individual based on measurable

biological (anatomical and physiological) and behavioral characteristics.

Biometric systems have been researched and tested for a few decades, but have only

recently entered into the public consciousness because of high profile applications, usage

in entertainment media (though often not realistically) and increased usage by the public

in day-to-day activities. Example deployments within the United States Government

include the FBI’s Integrated Automated Fingerprint Identification System (IAFIS), the

US-VISIT program, the Transportation Workers Identification Credentials (TWIC) program, and the Registered Traveler (RT) program. Many companies are also

implementing biometric technologies to secure areas, maintain time records, and enhance

user convenience. For example, for many years Disney World has employed biometric

devices for season ticket holders to expedite and simplify the process of entering its

parks, while ensuring that the ticket is used only by the individual to whom it was issued.

A typical biometric system is comprised of five integrated components: A sensor is used

to collect the data and convert the information to a digital format. Signal processingalgorithms perform quality control activities and develop the biometric template. A

data storage component keeps information that new biometric templates will be

compared to. A matching algorithm compares the new biometric template to one or

more templates kept in data storage. Finally, a decision process (either automated or

1





Progress was made on fingerprint biometric devices during the 1960s and 1970s when a

number of companies developed products to automate the identification of fingerprints

for use in law enforcement. In the late 1960s, the FBI began to automatically check

fingerprints, and by the mid 1970s, it had installed a number of automatic fingerprint

systems across the U.S. Automated Fingerprint Identification Systems (AFIS) are now

used by police forces all around the globe. This widespread use of fingerprint data for law

enforcement lends a ‘Big Brother’ feel to the use of fingerprint biometrics for

identification, making it important for current fingerprint identification system providers

to reassure consumers that their identity is ‘safe,’ their privacy maintained, and that their

fingerprint will not be entered into a law enforcement database. Consumers must

understand that current fingerprint recognition systems used for digital transactions differ

widely from traditional AFIS systems. Automated systems for measuring other

biometrics developed similarly to those used with fingerprints. The first systems to

measure the retina were introduced in the 1980s. The work of Dr. John Daughman at

Cambridge University led to the first iris measurement technology. Identification based

on signature and face biometrics is relatively new.

Biometrics has been widely researched inside certain universities for the past two to three

decades, and most commercial products emerging today have strong roots inside

institutions of advanced education. Caltech and MIT are two leaders in the study of

biometrics and the related fields of pattern recognition, learning theory and artificial

intelligence. Because of its inherent complexity and because of their longer history with

biometrics, individuals inside universities are closely involved with the most important

product innovations involving biometrics.

Biometrics refers to the automatic identification of a person based on his/her

physiological or behavioral characteristics. This method of identification is preferred over traditional methods involving passwords and PIN numbers for various reasons: (i) the

person to be identified is required to be physically present at the point-of-identification;

(ii) identification based on biometric techniques obviates the need to remember a

password or carry a token. With the increased use of computers as vehicles of

information technology, it is necessary to restrict access to sensitive/personal data. By

3



replacing PINs, biometric techniques can potentially prevent unauthorized access to or

fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and

computer networks. PINs and passwords may be forgotten, and token based methods of

identification like passports and driver's licenses may be forged, stolen, or lost. Thus

biometric based systems of identification are receiving considerable interest. Various

types of biometric systems are being used for real-time identification, the most popular

are based on face, iris and fingerprint matching. However, there are other biometric

systems that utilize retinal scan, speech, signatures and hand geometry.

A biometric system is essentially a pattern recognition system which makes a personal

identification by determining the authenticity of a specific physiological or behavioral

characteristic possessed by the user. An important issue in designing a practical system isto determine how an individual is identified. Depending on the context, a biometric

system can be either a verification (authentication) system or an identification system.

2.2 Authentication in General

Authentication is the second step in the identify-authenticate-authorize process, which is

done countless times every day by humans and computers alike. When speaking about

human authentication, basically we have three choices: using something we know (suchas passwords and passphrases), something we have (such as access tokens, smart cards,

and so on) or something we are (biometrics). There is no "best" authentication method;

each has its pros and cons, depending on the application, the users, and the environment.

Whatever authentication method we use, we can make it stronger by using one or both of

the other methods. An example of strong authentication would be a system that requires

possession of a smart card, knowledge of a password or Personal Identification Number

(PIN), and biometric verification. Obviously to steal or fake all three would be much

more difficult than to steal or fake any one of these—however, more expensive and

laborious to operate as well. The other two factors—the time of access and the location of

subject—may also be used for access control, but usually only as auxiliary factors.

4



What You Know

Unquestionably the most widely used method of authentication, passwords, passphrases,

and PINs share both pros and cons with each other. Moreover, an advantage in one

situation easily becomes a problem in another—an example being the ease of password

sharing. Passwords are easy to change, but are also easy to intercept. Systems can force

the use of strong passwords, but the user may respond by storing or transmitting them in

such a way that the added security is effectively reduced to nil.

Unauthorized disclosure of a password is not usually detected until after unauthorized

access has already taken place. Passwords are also vulnerable to guessing, dictionary, and

brute-force attacks. On the other hand, they require no additional hardware, they are an

accepted method of authentication, and they are well-understood—even by the most

technologically challenged part of human species.

What You Have

Smart cards, access tokens (both challenge-response and time-based), and other "what

you have" authentication methods solve some of the problems associated with "what you

know" authentication, but they create a set of different problems. Unlike theft of a password, theft of a smart card or access token can, of course, be easily detected. Unlike

passwords, smart cards usually cannot be used simultaneously by two or more parties in

different places. However, "what you have" authentication devices may be lost, damaged,

and stolen. They may also run out of power (if self-powered) or may be prone to power-,

synchronization- and time-based attacks if externally powered. They may also be

subjected to reverse engineering and other treatment, which may compromise their

security.

What You Are: Biometric Authentication

There are two biometric authentication methods: biometric verification and biometric

identification of identity. Biometric identification is also sometimes referred to as pure

5



biometrics because it is based only on biometric data and is more difficult to design and

operate—but alas, pure biometrics is not the most secure, useful, or efficient one. Also,

both methods can not always be used with all biometrics—some biometrics can only be

used in verification mode because of their intrinsic properties.

Verification

Biometric verification uses entity IDs and a biometric—in this case biometric merely

serves to prove identity already declared by the entity—which may be done using

something you know (a username) or something you have (a smart card). Biometric

(something you are) works to actually complete the authentication process. Hence, the

biometric database keeps a list of valid entity IDs (which may be said to serve as primary

keys to the database) and corresponding biometric templates, and compares ("matches")

the stored template with the biometric provided. The result of this comparison is either an

accept or reject decision based on a complex algorithm and system settings (refer to the

section "Matching").

Identification

Unlike biometric verification of identity, biometric identification is based solely on

biometrics. The biometric serves as both the identifier and the authenticator. The biometric database contains the enrolled biometric templates, and they all are compared

against the provided biometric to find a match. Biometric identification may be described

as "putting all your eggs in one basket," partly because somehow faking or stealing a

biometric compromises both the ID and the authenticator.

6



A biometric identification system may operate in one of the two modes: positive

identification or negative identification. In a positive identification biometric system, the

provided biometric must be in the database and there must be only one match to

positively identify the person. The risks present in a biometric system are false

acceptance and false rejection, whereas unauthorized subjects are incorrectly accepted, or

authorized ones are denied identification, resulting in a denial of service. A negative

identification system, in contrast, works by determining whether the provided biometric

is not in the database.

Any human physiological or behavioral trait can serve as a biometric characteristic as

long as it satisfies the following requirements:

Universality - Each person should have the characteristic.

Distinctiveness - Any two persons should be different in terms of the characteristic.

Permanence - The characteristic should be sufficiently invariant (with respect to the

matching criterion) over a period of time.

Collectability - The characteristic should be quantitatively measurable. However, for

a practical biometric system, we must also consider issues of performance,

acceptability, and circumvention.

Need For Biometrics

Biometrics has gained popularity because of two main reasons:

Security and Management

The biometrics market arose from the need to prevent any risks or damages in various

fields that includes areas like banks, defense, various private institutions and it uses

identity authentication to answer that need. It uses range from physical control andmanagement including entrance control, diligence management, and machine access

control to security and management in the information industry, including computer

security, distance education, e-commerce, information security, and so on. These

days, computer processing of so much important information fosters information

7



exchange in the cyberspace, and expands e-commerce fields to the growth of the

related businesses.

Convenience

Convenience is one of the greatest advantages of biometrics compared to existingmethods of personal authentication such as keys, identification numbers (ID) and

passwords. As it is lot more convenient to simply place our finger on to a scanner

instead of remembering a long and complex series of characters and their cases.

Similar is the case with other biometric techniques. In other words, everyone can be

uniquely identified without the need for an ID, a magnetic card, a smart card, a key or

a personal identification number (PIN).

A user can verify each individual by using only physical traits such as fingerprints

and voice. Also such techniques are difficult to fake without the help of the owner.

The Biometric Process

There is a wide consensus that there are three levels of security. The first level is

something that an individual knows, which can correspond to a password. The second

level is something that an individual possesses; some sort of a plastic card or a key.

Finally, the third level is something an individual is or does. Biometrics is the third level

of security. This authentication occurs in real-time, is automatic, and is non-forensic.

The key to all types of biometrics is that the measured characteristic is distinct, unique,

and unchangeable or repeatable over time for the same individual.

There are five steps in the Biometrics process:

The first process is the enrollment phase, where a sensor measures the individual’s

characteristics. The output of the sensor is the convolution of the biometric measure,

the presentation of the current measure, and the technical characteristics of the sensor.

8



Next is transmission, the data needs to be transmitted depending upon the system.

Some systems transmit the data to another location, and if the data is large, then it

needs to be compressed first. This can cause a decrease in the quality of the signal.

The more the data is compressed the greater the decrease in quality.

9



After the transmission step is signal processing. Signal processing involves three

steps. First is feature extraction where the true biometric pattern is extracted from

noise and signal loss that was gained or added during transmission. In this step you

also trying to preserve the features of the biometrics pattern that are distinct and

repeatable and eliminate the features that are redundant. Next, some systems run a

diagnostic at this point to check the quality of the signal, others check the signal

quality later. If the signal received from the data is insufficient, it is marked as

defective and a new biometrics sample is requested. Once the data is acquired, it

needs to be compared with other measures. In order to build a template for person, the

physical characteristic has to be presented again and compared to the template. This

process is called pattern matching. For authentication to be successful in the future,

the individual’s physical characteristic is compared to the template. Finally, the

biometrics sample is entered and assigned to person. This is where the term

enrollment comes into play meaning that the biometric sample is entered into the

system for the very first time. The biometric sample is now referred to as a template.

There is an exception to the pattern matching process. Some systems allow multiple

enrollments and this allows the pattern matching process to be skipped.

Next is the decision subsystem, which invokes a distance measure for comparison.

This step directs the database in its search to find matches or non-matches based upon

the distance measures received from the pattern matcher. Some systems implement a

policy to accept the biometric sample if the distance is lower than some set threshold

and reject the biometric sample if the distance is greater than the threshold. The

policy could also be set to give a user three attempts to enter an acceptable biometric

sample.

Finally, there are numerous ways to store the data based upon the type of biometrics

used. Feature templates are stored in a database for comparison by the pattern

matcher. For one-to-one matching systems the database could be stored on magnetic

10



strip cards carried by the individuals. A centralized database is not needed in a one-

to-one system, but a database would be helpful to identify counterfeit cards or reissue

lost or stolen cards. For one-to-N, where N is greater than one and systems with

identification verification a centralized database is needed. As the numbers of entries

grow (N) the speed of verification becomes important, therefore, the database may

need to be partitioned so that feature samples can be matched to templates stored in a

separate identified partition. This allows the search time for authentication to decline.

If the Biometric pattern needs to be reconstructed from stored data, raw data storage

will be needed. The storing of raw data allows changes in the system and can also

eliminate the need to recollect data from all the users.

4. Types Of Biometrics

The different types of biometrics techniques are classified according to the following

characteristics:

4.1. Biometrics using Physical Characteristics

Fingerprints, face, iris, vein, cornea, hand, DNA pattern, ear, etc

Relatively stable

Does not change much in a lifetime

Huge, expensive equipment needed. Intrusive method

4.2. Biometrics using Behavioral Traits

Signature, voice recognition, walking style

Change according to psychological condition

Influenced by physical traits (men/women, build)

11



Change a lot

Simple, inexpensive equipment. Non-.offensive method

A biometrics system should use personal traits developed with the following "ideal"

criteria: universal (everyone has it), unique (no two people have it alike), permanent(does not change and cannot be changed), collectable (easy to obtain and quantify with a

sensor).

5. Biometric Features

5.1 Fingerprint Recognition

Humans have fingerprints for better grip, different people have entirely different sets of

fingerprints, which enables identification.A fingerprint is made up of ridges and valleys

(lines and the gaps separating them) and it is these ridges and valleys, which are scanned

to verify the authenticity of a print. To authenticate a set of prints, a scanner has to firstly

get the images of the prints, which are to be authenticated, and secondly it needs to

actually go about the business of verifying.

The most commonly used method of scanning is optical scanning. An optical scanner has

a CCD (charged coupled device). There is an array of light sensitive diode (photosites).

When these diodes come in contact with light they generate an electrical signal. Every

photosite records a pixel representing the light it came in contact with. It is not necessary

that the same kind of light fall on all diodes. So what is generated is a mix of dark and

light areas, which together make up the image.

12



The process begins as soon as you place your finger on the glass plate. The scanner has

its own source of light (mostly an array of LED’s) which illuminates the finger the CCD

inside takes a picture of the finger. It then checks for the integrity of the Image in terms

of contrast, sharpness and sheer quality. The system checks the average pixel darkness,

or, might employ a sampling technique and check the overall values in a simple area. If

the image is too dark or too light, it is rejected. Exposure settings are then accordingly

adjusted and the print is rescanned.

If the exposure level is found to be correct, it goes on to check the image definition(sharpness of fingerprint). It does so by analyzing the several straight lines moving

horizontally and vertically across the image. If a line perpendicular to the ridges will

comprise alternating segments of light and dark pixels then the scanner proceeds to

compare the captured fingerprint with those in the database to see if it can find a match.

Matching of prints is a fairly complex process in itself and is far removed-from the super-

imposing method. This is so because smudging (due to scan surface or oily fingers) can

make the same print appear different in different photos. Also, scanning and matching theentire finger consumes a lot of processing power.

Scanners compare specific features of the fingerprint, which is called minutiae. These

points are generally places where ridgelines end or bifurcation occurs. The idea is to

measure the relative positions of the minutiae. Depending on the algorithm, a specific

number of minutiae must be matched for the print to be accepted.

5.2. Facial Recognition

13



Face recognition is a Biometrics technology that uses an image or series of images from

either a camera or photograph to recognize a person. Unlike other biometrics

technologies, face recognition is a passive biometrics and does not require a person’s

cooperation. Face recognition is completely oblivious to differences in appearance as a

result of race or genders differences and is a highly robust Biometrics. The main

application of facial recognition is in security wherein the software is expected to pick a

face out of say thousands of passengers at the airport, and match it with the database of

wanted criminals.

Every face has certain characteristics and distinguishable features, which allow us to

differentiate between two people. The software does the whole work.. The software

divides the face into 80 nodes, some of the common ones being distance between the

eyes, width of the nose, and depth of eye sockets, cheekbones, jaw line and chin. The

system generally needs to match between 14-25 nodes in order to obtain a positive ID.

There are a lot of people coming in and out of a place where this system is set up

(stadiums, airports etc). The real challenge is to recognize the face instantly. To facilitate

this, a database is created with the help of an algorithm, which goes through the

characteristics of the faces and stores them as a string of numbers. This string is called

faceprint.

Following are the broad steps utilized by facial recognition software:

False Detection: The camera pans around looking for a face. The minute it

encounters a face, it starts scanning it and proceeds to identifying various nodes and

taking measurements if possible.

Detection of Orientation: Once the face is detected, the system determines the

head’s size and position. Generally, a face needs to be around 40 degrees towards the

camera for the system to register and analyze it.

14



Mapping: The facial image is scaled down to the level of the images in the database

and is then rotated and otherwise adjusted to match the formatting of the images in

the database.

Encoding: The algorithm then converts the face into a face print based on the pre-

defined criteria programmed into the algorithm.

Matching: This new data is then used as a filter to sort through the database of faces

at super fast speeds to come up with a match.

15



Since it uses a variety of nodes, simpler alterations of the face will not fool it; however,

twins might; so, the system is certainly not infallible.

5.3. Iris Recognition

Iris scanning is the best choice for verification of identity because no two people have

identical irises. Also, the two irises of a single individual are unique. The iris is a better

biometric tool than fingers or hands because it has thousands of measurable features that

can be captured, extracted, and used to form a reference template. Since the iris has more

measurable features that can be captured, extracted, and used the resulting template is

more complex than that of other biometric devices. Therefore, the false acceptances and

rejections that are reality for other biometric devices are extremely unlikely. The chances

of an iris scan creating the same template from two different individuals are about 1 in

107

10 7

16



Iris recognition technology is safe, accurate and capable of performing 1-to-many

matches at extraordinarily high speeds, without sacrificing accuracy. Iris recognition has

also become more passive, and acquisition devices can be situated at distances of up to

10" away from the individual attempting verification. Iris scan though related to the eye

(like retinal scan) uses a completely different method of identification. The iris is the

colored ring surrounding the pupil. Over 200 points can be used for comparison such as

rings, furrows and freckles. The scan is done with a regular camera and the subject stands

about a foot from the lens of the camera so it is lot more convenient.

In India, Kerala embraces biometrics for cooperatives. The Kerala State Cooperative

Institute of Information Technology Electronics and Communication is partnering with

Access Shield International (ASI) to work on program in Iris Technology.

5.4. Hand Recognition

Introduction

Hand geometry recognition is the longest implemented biometric type, debuting in the

market in the late 1980s. The systems are widely implemented for their ease of use,

public acceptance, and integration capabilities. One of the shortcomings of the hand

geometry characteristic is that it is not highly unique, limiting the applications of the

hand geometry system to verification tasks only.

Approach

The devices use a simple concept of measuring and recording the length, width,

thickness, and surface area of an individual’s hand while guided on a plate (Figure 1).

Hand geometry systems use a camera to capture a silhouette image of the hand (Figure

17



2). The hand of the subject is placed on the plate, palm down, and guided by five pegs

that sense when the hand is in place. The resulting data capture by a Charge-Coupled

Device (CCD) camera of the top view of the hand including example distance

measurements

Figure1: Bottom view Figure 2: Silhouette of Hand Image

The image captures both the top surface of the hand and a side image that is captured

using an angled mirror (Figure 3). Upon capture of the silhouette image, 31,000 points

are analyzed and 90 measurements are taken; the measurements range from the length of

the fingers, to the distance between knuckles, to the height or thickness of the hand andfingers (Figure 4). This information is stored in nine bytes of data, an extremely low

number compared to the storage needs of other biometric systems.

Figure 3: Hand Including Mirror Figure 4: Image as Seen by the CCD Camera

18



The enrollment process of a hand geometry system typically requires the capture of three

sequential images of the hand, which are evaluated and measured to create a template of

the user’s characteristics. Upon the submission of a claim, the system recalls the template

associated with that identity; the claimant places his/her hand on the plate; and the system

captures an image and creates a verification template to compare to the template

developed upon enrollment. A similarity score is produced and, based on the threshold of

the system; the claim is either accepted or rejected.

5.5. Signature Recognition

The biometric most familiar to us is the signature. Our ability to judge by sight if one

signature matches another has made this a time-proven and legally binding biometric.

However, by sight alone, most of us cannot recognize the pressure of the pen on the paper

or the speed and rhythms of its traverse of the page. Computers can do all these things,

and quantify, analyze and compare each of these properties to make signature recognition

a viable biometric technology.

The process used by a biometric system to verify a signature is called dynamic signature

verification (DSV). As a person signs his or her name, a DSV system captures a number

of behavioral characteristics with a special sensitive pen and tablet. These characteristics

include the angle at which the pen is held, the number of times the pen is lifted, the time

it takes to write the entire signature, the pressure exerted by the person while signing, and

the variations in the speed with which different parts of the signature are written.

Together these things become a biometric trait. Each time a person signs his or her name,

slight variations can be found in the signature. Thus, several signatures must be taken

from one person to compile an average profile. This average profile is the template for

comparison when a person uses the signature verification system.

19



Signature biometrics poses a couple of unique problems. The first is the comfort with

which people are already willing to use their signature as a form of identification. While

this high level of consumer acceptance is viewed as strength by vendors of such systems,

this bears with it a strong downside. Without proper notification, a person may sign an

electronic signature pad and unwittingly also be surrendering a reference or live

biometric sample. Since the custom of leaving a signature as one's "official mark" is

based on the presumption of irreproducibility (i.e., that a forger would be hard-pressed to

imitate a signature just by looking at it), people are willing to provide a signature without

giving its potential for reproduction a second thought. However, electronic data is easy to

copy and transmit. And so, a forger posing as a deliveryman might fraudulently secure a

signature biometric by presenting a victim with a "gift" box, requesting a signature to

confirm delivery, and making off with the victim's biometric data.

The second unique property of signature biometrics is that unlike all other biometrics,

which either establish an identity (identification) or confirm an identity (authentication), a

signature can convey intent (authorization). In other words, a traditional signature on

paper is taken both to authenticate the signatory, and to convey the signatory’s legal

authority. An electronic system that solicits a user's non-signature biometric must provide

a separate step to convey the user's legal authorization for any binding transaction. Asignature-based biometric system could mimic our current legally customary acceptance

of a signature to simultaneously convey both identity and authority.

5.6. DNA Recognition

Principles of DNA biometrics

Humans have 23 pairs of chromosomes containing their DNA blueprint. One member of

each chromosomal pair comes from their mother; the other comes from their father.

Every cell in a human body contains a copy of this DNA. The large majority of DNA

does not differ from person to person, but 0.10 percent of a person's entire genome would

be unique to each individual. This represents 3 million base pairs of DNA.

20



Genes make up 5 percent of the human genome. The other 95 percent are non-coding

sequences, (which used to be called junk DNA). In non-coding regions there are identical

repeat sequences of DNA, which can be repeated anywhere from one to 30 times in a

row. These regions are called variable number tandem repeats (VNTRs). The number of

tandem repeats at specific places (called loci) on chromosomes varies between

individuals. For any given VNTR loci in an individual's DNA, there will be a certain

number of repeats. The higher number of loci is analyzed, the smaller the probability to

find two unrelated individuals with the same DNA profile.

DNA profiling determines the number of VNTR repeats at a number of distinctive loci,

and uses it to create an individual's DNA profile. The main steps to create a DNA profile

are: isolate the DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the

DNA up into shorter fragments containing known VNTR areas, sort the DNA fragments by size, and compare the DNA fragments in different samples.

6. Future trends of biometrics

6.1 keystroke recognition

As we possess unique physiological biometrics, we also possess unique behavioral

biometrics-such as the way we sign our name. The way and the manner in which we type

on our computer keyboard varies from individual to individual, and in fact it is unique

enough, it is also considered to be a behavioral biometric.

How Keystroke Recognition Works

In comparison to the other biometric technologies examined, Keystroke Recognition is

probably of the easiest to implement and administer. This is so because at the present

time, Keystoke Recognition is completely a software based solution. There is no need to

install any new hardware. All that is needed is the existing computer and keyboard that

the individual is currently using. There is only one primary vendor for this technology,

and that is BioNet Systems, LLC.

21



The distinctive, behavioral characteristics measured by Keystroke Recognition include:

1. The cumulative typing speed;

2. The time that elapses between consecutive keystrokes;

3. The time that each key is held down;

4. The frequency of the individual in using other keys on the keyboard, such as the

number pad or function keys;

5. The sequence utilized by the individual when attempting to type a capital letter-

for example, does the individual release the shift key or the letter key first?

6.2 Gait Recognition

The characteristics of your walk may not be as

distinctive as the swaggering of John Wayne or

the sashay of Joan Collins, but your stride may

still be unique enough to identify you at a

distance -- alone or among a group of people.

Researchers at the Georgia Institute of

Technology and elsewhere are developing

technologies to recognize a person's walk, or

gait. Results indicate these new identification

methods hold promise as tools in the war on

terrorism and in medical diagnosis.

Gait recognition technology is a biometric

method -- that is, a unique biological or behavioral identification characteristic, such as a

fingerprint or a face. Though still in its infancy, the technology is growing in significance

because of federal studies.

6.3. Thermo grams

In experiments last year, Georgia

Tech Research Institute researchers

monitored 70 subjects as they walked

past a laboratory-based radar system

similar to the radar guns carried by

police officers .

22



Infrared Thermography, thermal imaging, or thermal video, is a type of infrared imaging

science. Thermographic cameras detect radiation in the infrared range of the

electromagnetic spectrum (roughly 900–14,000 nanometers or 0.9–14 µm) and produce

images of that radiation. Since infrared radiation is emitted by all objects based on their

temperatures, according to the black body radiation law, thermography makes it possible

to "see" one's environment with or without visible illumination. The amount of radiation

emitted by an object increases with temperature, therefore thermography allows one to

see variations in temperature (hence the name). When viewed by thermographic camera,

warm objects stand out well against cooler backgrounds; humans and other warm-

blooded animals become easily visible against the environment, day or night. As a result,

thermography's extensive use can historically be ascribed to the military and security

services.

So these infrared cameras are used to detect the heat patterns of different parts of the

body.

6.4.Skin Reflection

in this type of biometrics the light is sent is sent in to the body. The reflected light is

different for different persons which forms the basis of recognition.

7. FRR, FAR

The most striking difference between the biometrics system and a traditional

authentication system based on an ID/password is that the new system cannot generate

100 percent 'Yes' or 'No' answers. On the other hand, other existing systems can do so

according to letters or numbers entered. In the case of biometrics, biological information

could change in terms of its shape or angle when it is read, so matching scores against

Templates could change accordingly.

As a result, even a valid person may be rejected or a wrong person may be accepted. The

ratios developed to evaluate the probabilities of the two cases are called FRR (False

Rejection Ratio) and FAR (False Acceptance Ratio).

23



24



In Figure 1.3 shown above, the shaded portion with oblique lines on the left part of a

critical value is FRR, and the other portion on the right part, is FAR. Certainly, a system

with less shaded portion is better.

_ The above Figure 1.4 shows the change patterns of FAR and FRR according to changes

in the critical value. The point where FAR and FRR are the same is called EER (Equal

Error Rate), and is used as a yardstick for evaluating the system's performance along with

the two other ratios.

The smaller the shaded portion in Figure 1.3 is, the closer the graph in Figure 1.4 will be

to the X and Y axis. A user can set a different critical value according to his or her

purposes. For example, in the case of a very important security system, the user can

reduce the possibility that an unauthorized person is accepted to near zero by setting acritical value high enough. Instead, even an authorized person can fail to get access at

times. On the other hand, if police is looking for a criminal with fingerprints obtained

from the crime scene, it will be necessary to search for and analyze all possible

fingerprints. In areas such as these, it is useful to set the critical value low enough to find

all possible matches in the fingerprint database. In short, the higher the critical value is,

the less convenient the system can be but, at the same time, its security is higher.

Conversely, the lower the value is, the more convenient the system is, but its security is

lax.

8.Applications:

The practical applications of biometric technologies are diverse and expanding, as new

needs are identified. By and large, biometric applications fall into two main categories:

law enforcement and civilian applications.

The law enforcement community is perhaps the largest biometric user group. Policeforces throughout the world use AFIS technology to process criminal suspects, match

finger images and bring guilty criminals to justice.

Those biometric applications not involving crime detection utilize some form of access

control. This will either involve the physical access of people to secure areas, or securing

25



the access to sensitive data. In other words, access control is either physical access or

data access. Whether securing benefit systems from fraud, preventing illegal immigrants

from entering a country, or prisoners from leaving a prison - controlling access is the

underlying principle. Access control ensures that authorized individuals can gain access

to a particular area and that unauthorized individuals cannot.

Some examples of biometric applications are listed below.

Banking

Banks have been evaluating a range of biometric technologies for many years. Fraud and

general breaches of security must be controlled if banks are to remain competitive in the

financial services industry. Automated teller machines (ATMs) and transactions at the

point of sale are particularly vulnerable to fraud and can be secured by biometrics. Other

emerging markets include telephone banking and Internet banking, both of which demand

the utmost security for bankers and customers alike.

Computer Access

Fraudulent access to computer systems affects private computer networks and the

Internet in the same way: confidence is lost and the network is unable to perform at full

capacity until the breach in security is patched. Biometric technologies are proving to be

more than capable of securing computer networks. This market area has phenomenal

potential, especially if the biometrics industry can migrate to large-scale Internet

applications. As banking data, business intelligence, credit card numbers, medical

information and other personal data becomes the target of attack, the opportunities for

biometric vendors are rapidly escalating.

Electronic Benefits Transfer (EBT)

Benefits systems are particularly vulnerable to fraud. The battle against fraud has been

waged by welfare departments across many U.S. states for years. A variety of

26



technologies are being evaluated, although fingerprint scanning is particularly

widespread. AFIS technology and one-to-one verification are used to ensure that the

benefit claimant legitimately receives a benefit check. Another development that may

revolutionize the payment of benefits is Electronic Benefits Transfer (EBT), which

involves loading funds onto a plastic card. The card can then be used to purchase food

and other essentials in shops fitted with special point-of-sale smart card readers.

Biometrics are well-placed to capitalize on this phenomenal market opportunity and

vendors are building on the strong relationship currently enjoyed with the benefits

community.

Immigration

Terrorism, drug-running, illegal immigration and an increasing throughput of legitimate

travelers is putting a strain on immigration authorities around the world. It is essential for

these authorities to quickly and automatically process law-abiding travelers and identify

the lawbreakers. Biometrics are being employed in a number of diverse applications to

make this possible. The U.S. Immigration and Naturalization Service (INS) is a major

user and evaluator of biometric technologies. Systems are currently in place throughout

the U.S. to automate the flow of legitimate travelers and deter illegal immigrants.

Biometrics are also gaining widespread acceptance in Australia, Bermuda, Germany,

Malaysia, and Taiwan.

National Identity

Biometrics are beginning to assist governments as they record population growth,

identify citizens, and prevent fraud occurring during local and national elections. Often

this involves storing a biometric template on a card which, in turn, acts as a national

identity document. Fingerprint scanning is particularly strong in this area and programs

are already underway in Jamaica, Lebanon, the Philippines, and South Africa.

Physical Access

27



More and more organizations are using biometrics to secure the physical movement of

people. Schools, nuclear power stations, military facilities, theme parks, hospitals, offices

and supermarkets across the globe employ biometrics to minimize security threats. As

security becomes more important for parents, employers, governments and other groups,

biometrics will be seen as a more acceptable and therefore essential tool. The potential

applications are endless. Biometrics could even be employed to protect our cars and

homes.

Prisons

Prisons, as opposed to law enforcement, use biometrics not to catch criminals, but to

make sure that they are securely detained. A surprising number of prisoners simply walk

out of prison gates before they are officially released. A wide range of biometrics are now

being employed worldwide to secure prison access, police detention areas, enforce home

confinement orders, and regulate the movement of probationers and parolees.

28



Telecommunications

With the rapid growth of global communications, cellular telephones, dial inward system

access (DISA), and a range of telecommunication services are under attack from

fraudsters. Cellular companies are vulnerable to cloning (a new phone is created using

stolen code numbers) and new subscription fraud (a phone is obtained using a false

identity). Meanwhile, DISA - which allows authorized individuals to contact a central

exchange and make free calls - is being targeted by telephone hackers. Once again,

biometrics are being called upon to defend this onslaught. Speaker ID is well suited to the

telephone environment and is making inroads into these markets.

Time & Attendance

Recording and monitoring the movement of employees as they arrive at work, take

breaks, and leave for the day was traditionally performed by "clocking-in" machines.

However, manual systems can be circumvented by someone "punching in" for someone

else, a process known as "buddy punching." This disrupts time management and unit

costing exercises and costs companies millions of dollars. Replacing the manual process

with biometrics prevents abuses of the system. In addition, biometrics can be

incorporated with time management software to produce management accounting and

personnel reports.

29



10. Major Concerns

Biometric technology is inherently individuating and interfaces easily to

database technology, making privacy violations easier and more damaging. If we

are to deploy such systems, privacy must be designed into them from the beginning,

as it is hard to retrofit complex systems for privacy.

Biometric systems are useless without a well-considered threat model. Before

deploying any such system on the national stage, we must have a realistic threat

model, specifying the categories of people such systems are supposed to target, and

the threat they pose in light of their abilities, resources, motivations and goals. Any

such system will also need to map out clearly in advance how the system is to work,

in both in its successes and in its failures.

Biometrics is no substitute for quality data about potential risks . No matter how

accurately a person is identified, identification alone reveals nothing about whether a

person is a terrorist. Such information is completely external to any biometric ID

system.

Biometric identification is only as good as the initial ID. The quality of the initial

"enrollment" or "registration" is crucial. Biometric systems are only as good as theinitial identification, which in any foreseeable system will be based on exactly the

document-based methods of identification upon which biometrics are supposed to be

an improvement. A terrorist with a fake passport would be issued a US visa with his

own biometric attached to the name on the phony passport. Unless the terrorist A) has

already entered his biometrics into the database, and B) has garnered enough

suspicion at the border to merit a full database search, biometrics won't stop him at

the border.

Biometric identification is often overkill for the task at hand. It is not necessary to

identify a person (and to create a record of their presence at a certain place and time)

if all you really want to know is whether they're entitled to do something or be

somewhere. When in a bar, customers use IDs to prove they're old enough to drink,

not to prove who they are, or to create a record of their presence.

30



Some biometric technologies are discriminatory. A nontrivial percentage of the

population cannot present suitable features to participate in certain biometric systems.

Many people have fingers that simply do not "print well." Even if people with "bad

prints" represent 1% of the population, this would mean massive inconvenience and

suspicion for that minority. And scale matters. The INS, for example, handles about 1

billion distinct entries and exits every year. Even a seemingly low error rate of 0.1%

means 1 million errors, each of which translates to INS resources lost following a

false lead.

Biometric systems' accuracy is impossible to assess before deployment . Accuracy

and error rates published by biometric technology vendors are not trustworthy, as

biometric error rates are intrinsically manipulable. Biometric systems fail in two

ways: false match (incorrectly matching a subject with someone else's reference

sample) and false non-match (failing to match a subject with her own reference

sample). There's a trade-off between these two types of error, and biometric systems

may be "tuned" to favor one error type over another. When subjected to real world

testing in the proposed operating environment, biometric systems frequently fall short

of the performance promised by vendors.

The cost of failure is high. If you lose a credit card, you can cancel it and get a new

one. If you lose a biometric, you've lost it for life. Corrupt or deceitful agents withinthe organization must build any biometric system to the highest levels of data

security, including transmission that prevents interception, storage that prevents theft

and system-wide architecture to prevent both intrusion and compromise.

Despite these concerns, political pressure for increasing use of biometrics appears to be

informed and driven more by marketing from the biometrics industry than by scientists.

Much federal attention is devoted to deploying biometrics for border security. This is an

easy sell, because immigrants and foreigners are, politically speaking, easy targets. But

once a system is created, new uses are usually found for it, and those uses will not likely

stop at the border.

31



With biometric ID systems, as with national ID systems, we must be wary of getting the

worst of both worlds: a system that enables greater social surveillance of the population

in general, but does not provide increased protection against terrorists.

10. Disadvantages Of Biometrics

One of the most important disadvantages of biometrics is the cost. Some of the newer

systems use a laser to read the surface of your finger. Because biometric testing is

extremely expensive government agencies are usually the only agencies that

implement and utilize the newer systems

Facial imaging can also hinder accurate identifications. Individuals who look alike

can fool the scanner. Individuals have the ability to alter their appearance like their

facial hair, for instance, to fool the scanner.

Another problem is false acceptances and rejections. These two problems can occur

during authentication. False acceptances can occur when an impersonator is accepted by the system. Rejections can occur when a person with an accurate identity is

rejected by the system. The fact remains that no biometric system will ever be 100

percent accurate. As a result, commercial developers often set a threshold in their

systems. This threshold serves as a reference score that is compared to the actual

score. If the score falls above the threshold, the person is accepted but if the person

falls below the threshold the person is rejected.

The amount of comfort with using biometrics is a concern for many individuals. The

scanning of hands or fingers has criminal connotations for some. For others the

scanning of their eye is fearful. Scanning the eye requires close physical contact to a

scanning device and many people are afraid to stick their eye close to anything that

32



has a laser in it. Despite the public does not generally accept the fact that the laser

does not generate enough power to harm the retinal scanning. Furthermore, the

nervousness that people feel about the scanners identification could result in

authentication errors, because the user is not relaxed.

11. Conclusion

Biometrics is a powerful tool to secure our networks such as banks, offices and personal

data. It provides high security and reduces the incidence of unauthorized access in

sensitive areas. But as no technology is foolproof there are some loop holes in this

technology which have yet to be covered.

Some people object to biometrics for cultural or religious reasons. Others imagine a

world in which cameras identify and track them as they walk down the street, following

their activities and buying patterns without their consent. They wonder whether

companies will sell biometric data the way they sell email addresses and phone numbers.

People may also wonder whether a huge database will exist somewhere that contains vital

information about everyone in the world, and whether that information would be safe

there.

At this point, however, biometric systems don't have the capability to store and catalog

information about everyone in the world. Most store a minimal amount of information

about a relatively small number of users. They don't generally store a recording or real-

life representation of a person's traits -- they convert the data into a code. Most systems

also work in only in the one specific place where they're located, like an office building

or hospital. The information in one system isn't necessarily compatible with others,

although several organizations are trying to standardize biometric data.

However above all these advantages and disadvantages this technology will be creating

ripples in the field of security and privacy.

33



12. References

1.Jain, A.K; Pankati, S; Prabhakar, S; Lin,Hong;Ross,A; “Biometric a great challenge”

IEEE Pattern Recognition, 6 July 2005 , PP : 17-20

2.Ives, R.W; Yengzi, Du; Etter, D.M; Welch,T.B; “A Multidisciplinary Approach To

Biometric” Education IEEE Transaction, August,2005, PP : 462-471

3.Delac,K; Grgio,M; “A Survey of Biometric Recognition Methods” Electronics in

Marine IEEE, 16 June,2004 PP : 184-193

4.Prabhakar,S; Pankanti,S;Jain,A.K; “Biometric Recognition:Security and Privacy

Concerned” Security And Privacy Magazine IEEE, April,2004 PP : 33-42

5.Lee,Kwanyong; Park,Hye Yound; “A Statistical Identification And Verification for

Biometrics” Springer Verlag Gmbh, PP : 611

6.”Biometrics” article from DIGIT magazine, August,2005 PP:30-34

34



35



15. BIOMETRICS IN USE TODAY

In March 1998, a senator introduced a bill that would authorize banks and other

financial institutions to switch to electronic fund-transfer systems. To ensure security,

an individual would have to submit some type of biometric data, such as a fingerprint

Biometrics is also being used at Walt Disney World. A person who has a season or

annual pass no longer needs a photo identification card to enter the park.

The Connecticut Department of Social Services currently uses fingerprint scanning to

verify the identity of the 85,000 people who are available for benefits. This system is

being tested to see if the use of biometrics can reduce – or even eliminate – fraud.

36



Facial recognition is gaining popularity among biometric tools. The Department of

Motor Vehicles in West Virginia (and six other states including Missouri) use facial

recognition. The system takes a digital picture of a person when they apply for,

renew, or seek a replacement for a lost driver’s license. Any tampering with thelicense to alter or replace the photograph renders it invalids. If a person tries to renew

a license or replace a lost license, the picture in the system must match the person

trying to get the license before it will be issued.

16. CONCLUSION

The conclusion that can be inferred from this seminar is that the various

Biometric Techniques are designed to solve the problems faced by traditional methods,

however it also has certain shortcomings but these are very limited and small as

compared to the traditional methods. It is a growing area of application of computingtechniques. It is serving for security and convenience in various areas and has a bright

future.

37



17. REFRENCES

1. Jain , A.K; Pankati, S; Prabhkar, S; Lin, Hong; Ross, A; “Biometric a great

challenge” IEEE Pattern Recognition, 6 July 2005, PP : 17-20

2. Ives, R.W; Yengzi, Du; Etter, D.M; Welch, T.B; “A Multidisciplinary Approach toBiometric” Education IEEE Transaction Aug 2005, PP : 462-471

3. Delac,K; Grgic, M; “ A Survey of Biometric Recognition Methods ” Electronics in

Marine IEEE 16 June,2004, PP : 184-193

4. Prabhakar, S; Pankanti, S; Jain, A.K; “ Biometric Recognition:Security and Privacy

concerns” Security and Privacy Magazine IEEE April ,2004 PP : 33-42

5. Lee, Kwanyong; Park,Hye Young; “ A Statistical Identification and Verification

Method for Biometric” Springer Verlag GmbH PP : 611

6. “ Biometrics” article from DIGIT Magazine August,2005 PP : 30-34

Documents

Bio Metrics Final Report