Report on Biometrics

2014 [CURRENT DEVELOPMENTS]

Amulya Lohani | 12063542 1

1. Introduction

1.1. General Introduction From the combat zone to the corporate office; from the airport to the ATM;

knowing who is really who is a big security concern today. Every person in the world carries multiple human traits that are unique form of personal identification. Its a science known as Biometrics, recognizing individuals based on their physical or behavioral characteristics. Biometrics refers to technologies for measuring and analyzing such characteristics that can be used to identify or verify a person. It is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database. (Mishra, 2010)

Technologies relying on biometric data to authenticate identity have been used predominately by Government authorities for security purposes, such as protecting computer network access, countering fraud, border security and determining a citizens true identity. In the commercial sector, biometric recognition is typically used for physical access control to buildings and logical access control to IT systems. Already, some laptop computers and smartphones have built-in fingerprint recognition scanners to make them more secure. Social media sites also offer facial recognition software to assist users tagging uploaded photos. (UK Parliament, 2014)

In the context of Nepal, it has been about 5-8 years, the use of biometric device has come to an existence. Since then, the popularity has been increased very positively. Mostly, the biometrics device are used to be adopted for attendance and security. It has been used in small and medium organizations, banks and financial institutions to larger factories to effectively manage and monitor human resources activities.

Shikhar Insurance Co. Ltd. Shikhar Insurance Company Ltd. (SICL) is an established General Insurance

Company promoted by a young team of reputed Industrial and Business Houses involved in various fields like Aviation, Banking, Manufacturing, Trading, Travel Trade, Media Houses etc. Company was established in 2004 A.D. Its head office is situated in Thapathali, Kathmandu where research for this project is carried out. SICL is a leading insurance company in the country with its clients from all over Nepal. SICL has more than 20 branches scattered inside and outside the Kathmandu valley.

Key Terms

a) Authentication: It is a process by which a system verifies the identity of a user who wishes to access it.

b) Verification: It is the process of establishing the truth, accuracy, or validity of something.

c) False Rejection Rate (FRR): The FRR is defined as the percentage of identification instances in which false rejection occurs. This can be expressed as a probability.

d) Pattern: A repeated decorative design. e) Minutiae: the small, precise, or trivial details of something.



1.2 History

The practice of distinguishing humans based on unique physical or behavior

traits goes back thousands of years. Evolution of Biometrics is shown in timeline

below.

Figure 1: Timeline showing the evolution of Biometrics (Zalman, 2014)



2. Background The term "biometrics" is derived from the Greek words bio (life) and

metric (to measure). Biometrics refers to the identification or verification of a person based on his/her physiological and/or behavioral traits. Biometric technologies offer two means to determine an individuals identity: verification and identification. Verification confirms or denies a persons claimed identity by asking, Is this person whom he/she claims to be? Identification, also known as recognition, attempts to establish a persons identity by asking, Who is the person? The primary advantage of a biometric trait is that it belongs to that individual who is implicitly connected to it, unlike passwords or pins, which are external to an individual. (Michael P. Down, 2004)

Types of Biometrics

a) Physiological Biometrics: An individuals physical characteristics are authenticated by physical biometrics. Physiological characteristics are formed in the early developing stages of human body. Some measurable Physiological characteristics by biometric system includes:

fingerprints

face

retina

iris

hand geometry

b) Behavioural Biometrics: Behavioural characteristics are not inherited, but learned. Behavioural Biometrics look at the unique habits of an individual. Typical behavioural features that can be measured include:

voice patterns

handwriting / signature

keystroke dynamics (Planet Biometrics, 2014)

Figure 2: Types of Biometrics (Carlson, 2014)



2.1. How does biometric system work?

Biometric systems can seem complicated, but they all use the same two modules:

Figure 3: Biometric System Architecture (Du, 2009)

a) Enroll module Biometric signals is extracted by sensor from the user. Biometric data is

interpreted into digital signals in Data acquisition module. These signals are processed in data pre-processing module to reduce noise. Then most distinctive patterns of biometric characters are analysed by the pattern analysis module. Then pattern extraction module generates identifiable templates picking these distinctive patterns. Finally these templates will be save in the database.

Figure 4: Biometric enroll module (Du, 2009)



b) Matching Module

In matching module, pattern matching module and decision module are additional. Here, newly sensed biometric data follows the same process as of enrollment data and pattern templates are generated from data. These generated templates are compared with those in the biometric database. System calculates match scores for final decision. The system identifies/verifies data, if matching scores is higher than predetermined threshold.

Figure 5: Biometric matching module (Du, 2009)



2.2. Biometric device used in Shikhar Insurance Co. Ltd.

Shikhar Insurance Co. Ltd (SICL) has been using finger print recognition biometric system for the purpose of staff attendance and payroll management since 2011 AD. Earlier, company used to manually enter attendance details of each staff in a register book. The increase in number of staffs and piles of register books made the traditional approach impracticable and difficult to manage. As a solid solution, company introduced the fingerprint scanner system. Device is linked with a software that displays attendance details and generates timely reports. In addition, software automatically calculates and displays payroll information based on staffs attendance and also generates payroll reports. Software have only access to the HR manager. However, company has a separate IT department for maintenance and upgrading of biometric system.

Figure 6: Finger print scanner used in Shikhar Insurance Co. Ltd.



2.3. Working mechanism of a fingerprint scanner

Figure 7: Figure showing how fingerprint scanner stores image of a fingertip (Easy Clocking, 2014)

Working mechanism of a fingerprint scanner system is common to that of other biometrics devices. It contains similar modules (i.e. Enroll and Matching) as explained in section 2.2 of this report. The whorls, arches, and loops are what make up this characteristics of a fingertip. These are recorded along with the patterns of ridges, furrows, and minutiae. This information will then be processed or stored as an encoded computer algorithm to be compared with other fingerprint records.

Only specific characteristics, which are unique to every fingerprint, are filtered and saved as an encrypted biometric key or mathematical representation (a binary code). No image of a fingerprint is ever saved, only a series of numbers, which is used for verification. The algorithm cannot be reconverted to an image, so no one can duplicate the fingerprints.

2.4. Application areas of fingerprint scanner

Application areas of fingerprint scanner biometric system can be mainly

categorized in following groups.

a) Commercial applications such as electronic data security, physical access

control, computer network login, Internet access, ecommerce, ATM, credit card,

medical records management, etc.

b) Government applications such as Voters ID, drivers license, national ID card,

social security, border control, and passport control, etc.

c) Forensic applications such as criminal investigation, corpse identification,

parenthood determination, finding missing children, etc.



3. Analysis This section contains all information based on an interview taken with HR Manager

of SICL, Miss Sahara Thapa. Please refer to questionnaire section in appendix for more information taken from interview.

3.1. Analysis of Pros and Cons

Pros

a) Punctuality Implementation of the fingerprint scanner system has made staff punctual to

their office time. Device enters check in time of attendees so accurately that even a second late to their specified time will mark late in the records. Staff also cant manipulate time once checked in.

b) Accountability Biometric System stores attendance details in an organized form so that

information can be retrieved in many ways. For instance, attendance reports can be generated on daily, weekly or monthly basis. System can also display department wise attendance details or that of only late staffs. Thus system is accountable to companys requirements.

c) Accuracy Fingerprint scanner has been accurate for company in two ways. First one is, it

records accurate check in and check out times of staffs so that attendance and payroll reports generated timely will also contains accurate details. Next is, scanner identifies the accurate person. Each staff has unique identity saved in database. Thus no staff can cheat system by checking in on behalf of others.

d) Time Saving

Biometric system can identify or reject persons characters within a couple of seconds. As SICL strictly follows time management, time saving systems like biometrics have become beneficial for the office in saving time.

e) Reduce paperwork

Fingerprint scanner stores all attendance details into the database. Later on those data can be achieved through computer software linked to it. This has helped company to completely eliminate register books making easier and less time consuming to manage staff attendance.



Ratings of pros on the basis of their importance to organization Miss Sahara Thapa had been asked to rate in percentage, the beneficial factors

of biometric attendance system on the basis of their importance to the company. We have got the following results.

Figure 8: Pie Chart showing the rating of importance of pros

Miss Thapa finds Punctuality and Accountability extremely important. She believes that new system has definitely helped in maintaining punctuality and keeping attendance and payroll records up to date. Accuracy has also decent importance in the company. However, she considers Reduce paper work and Time saving factors less important because still daily attendance report is printed daily and the hardcopy has to be stored in a file, being slightly time consuming task.

Cons

a) FRR Rate False rejection is an occasional problem that company has been facing using

fingerprint scanner. FRR rate is high during a Nepalese festival season that falls in July/August where female put Henna (Mehendi) in their hands. Similarly, problems also rises in case of injured or burnt finger of staffs.

b) Privacy

Maintenance of privacy of records is a big threat for company. Biometric system records staffs personal, attendance and payroll details. These information can be easily viewed, once anyone gets access to main system. Till now company havent encountered any privacy issues but is aware of possibilities.

c) Financial Cost

Punctuality30%

Accountability30%

Accuracy20%

Time saving10%

Reduce paperwork10%

Punctuality Accountability Accuracy Time saving Reduce paperwork



Cost required to install and maintain biometrics system in the company is considerably higher compared to that of traditional attendance system. Though biometric software is designed for complete security, it is not financially beneficial technology

d) Misuse of data

Misuse of data stored in companys database is another major threat. Data of staffs taken for biometric system might be used in an unethical way for economic gain by some other people. So company has to stay alert in these matters.

Rating of cons on the basis of their severity to organization In interview, Miss Thapa had been asked to rate in percentage, the drawbacks

of biometric attendance system on the basis of their severity to the company. We have got the following results.

Figure 9: Pie Chart showing the rating of cons on the basis of severity to organization

Miss Thapa feels FRR Rate and Privacy are two greatest disadvantages of biometric attendance system for company. She thinks high financial cost is decent drawback because outstanding features has made the system cost worthy. She had rated data misuse and accuracy as less severe drawbacks.

FRR Rate30%

Privacy30%

Financial Cost20%

Misuse of data10%

Accuracy10%

FRR Rate Privacy Financial Cost Misuse of data Accuracy



3.2. Propelling factors to shift towards biometric system

a) Increase in staff number Company currently has around 90 full time working staffs. Before

implementation of biometric system, each staff had to manually enter their entrance and exit time daily along with their signature in a register book. Sometimes staffs had to stand in a queue just to register their attendance. Thus it was a time consuming process.

b) Problem in management of attendance Increasing piles of register books made the traditional approach of attendance

hard to manage. There was no proper department wise allocation of staffs attendance. As a result, it could take hours to even days to retrieve small information. Staffs payroll also completely relied upon the records in register book. Thus company had to face many problems managing records.

c) Inaccurate records

There were always chances of human errors in traditional attendance system as records were manually entered. Besides, staff could easy cheat attendance by registering incorrect time in case of being late in office time. Thus there was high chance of inaccurate records.

d) Separate IT department Presence of an IT department also propelled company to implement biometric

system. Company had a separate IT depart to look after its computer networking, financial software, company website, etc. IT professionals were aware about the changes that company could entertain after the implementation of fingerprint biometrics attendance system.

3.3. Cost basis Analysis Company paid a certain sum of money at the time of installation. Then annually it

is paying certain amount for system maintenance. Staff from dealer of the biometric system visits company once in a year for maintenance. It has been three years since company has started using this system. The total amount company has invested on biometric system till now is described below.

Installation Charge (Hardware items, Proprietary : Rs.60,000 Software and Application system development cost)

Manpower, training cost : Rs.8,000

Maintenance charge (2011) : Rs.8,000



Hence, total investment in Biometric System in last three years = Rs.92,000 (Approx.)

For traditional approach,

The approximate annual cost was Rs.5,000.



No any expensive equipment was needed. However, to maintain records, register books, files, file case, papers, etc. were necessary.

Therefore, if traditional attendance system was continued to use, total cost in last three years would be: Rs.5000*3 = Rs.15,000

Following line chart shows cost comparison between biometric and traditional attendance system in the organization if

Figure 10 : Line chart showing the cost comparison between biometric and traditional attendance system

The initial investment required for biometric attendance system is drastically higher. However in the long run, cost difference narrows with biometric system being very slightly costlier. Evaluating the performance of biometric system, company is fully satisfied and believes its getting a good return of investment. Capability of biometric system is absolutely incomparable to that of traditional system. Hence, despite of being expensive, implementation of biometric attendance system is right for large organizations.

3.4. Analysis on security threats

If companys security system becomes victim of network attacks, social engineering, etc, attacker can easily get access to companys database. Data can be misused causing a problematic situation for company or an individual staff. Company havent experienced any such threats but the authority is aware of the matter.

To maintain security, company has integrated fortigate firewall with VPN technology to establish secure communication and maintain data privacy. However, in this era, integration of firewall does not completely guarantee information security.

Thus, company would have implemented some common security measures like security software (to detect and remove computer viruses and malwares), Data Encryption (to protect stored information), Intrusion Detection (to generate quick alert if system suspects an attack). (nibusinessinfo, 2014)

0

10,000

20,000

30,000

40,000

50,000

60,000

70,000

80,000

90,000

2011 2012 2013

Cost Comparison (NRs.)

Biometric Attendance System Traditional Attendance System



4. Conclusion

4.1. Critical Evaluation

I enjoyed the time spend on preparing report on Biometrics. Interviewing with

professionals in a renowned company as a researcher was an amazing experience. I

had gone through some difficulties in the way. Firstly, it was difficult for me to select a

company. The next challenging task was to analyze technology based on interview

data. Yet, I got to learn many facts about biometrics, which is one of the topic of my

interest.

Based on analysis, in my opinion, SICL has taken good benefit from the

Biometric attendance system. Fingerprint recognition has been correct choice for

company to maintain regular attendance and payroll of staffs. Currently, only head

office of SICL has implemented fingerprint recognition. Company is planning to

implement this system in all the branches in the near future. However, company

immediately needs to work on implementing secured information security measures.

Only head office of SICL has implemented fingerprint recognition.

4.2. Future Escalation

The biometrics market share was $5.2 billion in 2012 expected to reach $16.7

billion by 2019. (PRWeb, 2014) The future of biometrics is not just limited to finger

print scanners and face recognition. Its evolving into a range of science fiction-like

systems that measure physical characteristics, like typing speed and

electrophysiological signals. According to a research conducted by Gartner, 30% of

mobile companies will use biometrics by 2016. (Barrett, 2014) Thus, Biometrics has

been successful to become the top ranked IT priority among enterprise business

leaders over the last few years and is expected to increase its market in the future.



References Anon., 2013. Biometrics Market: Shares, Strategies, and Forecasts, Worldwide, 2013 to 2019 New

Research Report at ReportsnReports.com. [Online]

Available at: http://www.prweb.com/releases/biometrics-devices-market/2013-2019-

forecasts/prweb11307038.htm

[Accessed 22 12 2013].

Barrett, L., 2014. http://www.zdnet.com/article/30-percent-of-companies-will-use-biometric-

identification-by-2016/. [Online]

Available at: http://www.zdnet.com/article/30-percent-of-companies-will-use-biometric-

identification-by-2016/

[Accessed 16 12 2014].

Carlson, D., 2014. Biometrics - Your Body as a Key. [Online]

Available at: http://www.dynotech.com/articles/biometrics.shtml

[Accessed 9 12 2014].

Du, Y. (., 2009. Biometric Technologies. Bioinformatics, pp. 369-370.

Easy Clocking, 2014. What is Biometrics?. [Online]

Available at: http://www.bioelectronix.com/what_is_biometrics.html

[Accessed 7 12 2014].

Michael P. Down, O. a. R. J. S., 2004. Biometrics: An Overview of the Technology, Challenges and

Control Considerations. Information Systems Control Journal, Volume 4, p. 1.

Mishra, A., 2010. Multimodal Biometrics it is: Need for Future Systems. International Journal of

Computer Applications (0975 8887) , Volume 3, p. 1.

nibusinessinfo, 2014. Common IT security measures. [Online]

Available at: https://www.nibusinessinfo.co.uk/content/common-it-security-measures

[Accessed 15 12 2014].

Planet Biometrics, 2014. Survey: Biometrics Overview. [Online]

Available at: http://www.planetbiometrics.com/article-details/i/47/

[Accessed 10 12 2014].

PRWeb, 2014. Biometrics Market: Shares, Strategies, and Forecasts, Worldwide, 2013 to 2019 New

Research Report at ReportsnReports.com. [Online]

Available at: http://www.prweb.com/releases/biometrics-devices-market/2013-2019-

forecasts/prweb11307038.htm

[Accessed 22 12 2013].

UK Parliament, 2014. Current and future uses of biometric data and technologies. [Online]

Available at: http://www.parliament.uk/business/committees/committees-a-z/commons-

select/science-and-technology-committee/news/current-and-future-uses-of-biometric-data/

[Accessed 6 12 2014].

Zalman, A., 2014. Counterterrorism & Homeland Security. [Online]

Available at: http://terrorism.about.com/od/issuestrends/tp/History-of-Biometrics.htm

[Accessed 2 12 2014].

Documents

Report on Biometrics