Secure Bio Metrics Authentication

8/6/2019 Secure Bio Metrics Authentication

http://slidepdf.com/reader/full/secure-bio-metrics-authentication 1/6

Secure Biometrics Authentication: A brief review of the

Literature

Abstract this paper presents a brief overview of the literature in the field of Biometrics authentication, The advent of the Internet saw technological innovations such as Biometrics device, in particular fingerprint reader, as an electronicequivalent to manuscript authentication in the online environment. However, the use of this technology is stillinsignificant. The aim of this paper is to review the various studies that have explored the technical and legal issues

associated with Biometrics authentication with an objective to provide insights on their lack of acceptance.Index Terms Authentication, Biometrics, e-transaction, Fingerprint

INTRODUCTION

Biometric authentication is one of the most exciting technical improvements of recent history and looks set to changethe way in which the majority of individuals live, Security is now becoming a more important issue for business, and theneed for authentication has therefore become more important than ever. The use of biometric systems for personalauthentication is a response to the rising issue of authentication and security. The most widely used method of biometric authentication is fingerprint recognition. This paper is organised as follows: by now, the reader is alreadyfamiliar with the content of section one which consisted of an introduction followed by the concepts of Biometrics insection two, the study objectives and the hypothesis in section three and four, followed by the investigation methods insection five, section six will consist of the selection of the participants. Section seven will illustrate how the investigation

was conducted and which methodological choices were made. This is followed by the survey in section eight. Findingand results in section nine. In the final section the conclusions and recommendations will be proposed as well assuggestions for further research in sequence in section ten and eleven.

LITERATURE REVIEW

The term biometrics comes from the Greek words bios, meaning life, and metrics, meaning measure. Biometrics can bedefined as measurable physiological and/or behavioural characteristics that can be utilized to verify the identity of anindividual, and include fingerprint verification, hand geometry, retinal scanning, iris scanning, facial recognition andsignature verification [1]. Biometric authentication is considered the automatic identification, or identity verification, of an individual using either a biological feature they possess physiological characteristic like a fingerprint or somethingthey do behaviour characteristic, like a signature [2]. In practice, the process of identification and authentication is theability to verify and confirm an identity. It is accomplished by using any one or a combination of the following three

traditional identification techniques: something you possess; something you know; or something you are [1]. Something you possess: often referred to as a token and can be produced from a multitude of different physicalobjects. There are two basic types of tokens in use today: manual and automated. If a token is described as manual itmeans that the identification process requires some form of human intervention; in other words, a person will make thefinal decision of whether an identity is approved or not. Good examples of manual tokens are paper ID documents andpassports. Automated tokens, on the other hand, do not involve human intervention in the identification process, butrather the identity is verified by a system/computer such as magnetic-stripe cards, memory cards, or smart cards [1].

Something you know: the knowledge should not be commonly held, but secret. Examples of regularly used secrets arepasswords, pass-phrases, and personal identification numbers PINs.Something you are: recognizing an entity through what "they are" requires measuring one or more of their biologicalfeatures.Biological features can be either physiological characteristics like fingerprints or behavioural traits like an individual'ssignature [1, 2].The following table outlines a comparison between passwords vs. tokens vs. biometrics [3-5]



Biometric characteristics can be separated into two main categories [1]:

Physiological characteristics are related to the shape of the body. The trait that has been used the longest, for overone hundred years, are fingerprints; other examples are face recognition, hand geometry and iris recognition.

Behavioural characteristics are related to the behaviour of a person. The first characteristic to be used that is stillwidely used today is the signature.Generally, physical and behavioural characteristics used by biometrics include the following taxonomy [6] :

The accuracy of a Biometrics system is measured by:



FMR False match or acceptance rate: the lower the biometric identification system's FMR, the better the security. FMRmeans the rate at which the biometric measurements fromtw o different individuals is mistaken to be from the sameindividual [5].

FNMR False non-match or rejection rate: the lower the biometric identification system's FNMR, the easier the system isto use. FNMR means mistaking two biometric measurements from the same individual to be from two differentindividuals [5].In summary, all biometric systems work in similar ways, but it is important to remember that the ease of enrolment and

quality of the template are critical success factors in the overall success of any biometric system [7] .Allan [7] provides a list of some of the strengths, weaknesses and suitable applications for each biometric methodology:

Today there are several biometric characteristics that are in use in various applications. Each biometric has its ownstrengths and weaknesses, and suitable applications for each biometric methodology. There are no particular biometricswhich may successfully meet the requirements of all applications. Depending on the application s usage and thebiometric characteristic s features we are able to suitably match a particular biometric to an application [5]. Explain thatthe fingerprint- and iris-based techniques are more accurate than the voice-based technique. Nevertheless, in a phonebanking application, the voice-based technique might be preferable as the bank could integrate it seamlessly into theexisting telephone system.



The following table briefly compares five biometrics according to seven parameters [5]

Harris and Yen [8] take into account the advantages and disadvantages of biometric identification systems which can besummarized in the following two figures:



To summarize, the advantages and disadvantages of the biometric identification system require assessment by theorganization in order to determine the most appropriate identification technique for their business purposes.A number of studies have been carried out in several countries by prospective users, vendors, and governments. Thefollowing is a sampling of these studies: A six month study was carried out in the UK in April 2004 to assess processesand record testimony of user experiences and attitudes to incorporate biometric information into new passports and theproposed national identity card. 10,016 users joined in the study which used facial, iris and fingerprint biometrics. Sixstatic and one mobile centre in different regions of the UK were used to gather data. The study covered the testing of the use of biometrics through a simulated application process; measurement of the process times; assessment of customer perceptions and reactions; testing fingerprint and iris biometrics for one-to-many identification and testing;and facial, iris and fingerprint biometrics for one-to-one verification. However, the outcome of this study revealed highenrolment times: on average 8 minutes and 15 seconds, and 10 minutes and 20 seconds for disabled participants. Arecommendation by the study s organisers was presented for example a number of such as good design andmanagement of the enrolment, environment is significant to accomplish high success rates; a number of measuresrequire to be put in place for the enrolment of disabled people; improved processes for failed enrolments are necessary;testing is essential. The UK s National Health Service NHS have adopted the use of biometric authentication with about11,000 employees enabled with fingerprint recognition technology in over 60 hospitals, and with over 30,000 employeesable to access patients records remotely. In a recent ISL Biometrics assessment in a UK Bank, 91 per cent of clientsseemingly favoured biometrics over user-name/password authentication systems. In the USA, United Bank provides afingerprint sensor for their clients to access their account rather than using a username and password. In additionWestpac is reported to be carrying out an assessment of biometric security technology that would issue clients withbiometric fingerprint devices to allow them to access their accounts online. JCB Japan, a financial services organisation,undertook a biometric authentication trial using fingerprint authentication for mobile access to JCB's on-line cardmember account inquiry service. According to the Civil Aviation Authority of Singapore, a project at Singapore's ChangiAirport known as Fully Automated Seamless Travel (FAST) is expected to decrease traveller processing time from 15minutes or longer to two minutes by using fingerprint and facial recognition equipment.Woodward, Webb, Newton, Bradley and Rubenson [10] identified that people related concerns as a major hindrance tothe acceptance of a biometric system. The concerns raised can be divided into three major areas:

Informational privacy; Physical privacy;Religious objections.



These concerns are what might be labelled emotional issues as they are driven by a fear of loss of privacy or a fear of physical harm.The following concerns relating to information privacy were identified:1-The function creep is the process of using information for something other than for what it was initially intended [5,10].2-The tracking is a concern many people share given that access to data relating to a individual, governments couldstart to develop into Big Brother institutions capable of tracking a citizen s every move [5, 10].3- The final concern is the misuse of data [10]; for example, the capture and abuse of biometric information in an online

environment .Many biometrics have a certain stigma attached to them and can prevent people from using the system comfortably.Fingerprinting, for example, has an undeserved stigma from association with criminal activities [5, 10], and, because of this, users feel that they are being criminalised when asked to give a fingerprint, especially when this fingerprintsubmission is a mandatory event. Concerns relating to actual harms can include physical harm to an individual from thesensor; for example, the laser used in retinal scanning, as well fear that an impostor might want to sever a limb, such asa finger, in order to bypass the biometrics system [5, 10]. Another concern raised regarding working within the irisrecognition industry is whether eye infections such as conjunctivitis are transferable by the camera. Users of the touch-based biometric scanners also often fear the transmission of illness and bacteria through the use of scanners [5, 10].Different countries have different cultures and religious beliefs which govern business and social practices, and peoplewill be hesitant to adopt practices considered contrary to their cultural or religious dictates. Many Christians, forexample, believe biometrics represent the Mark of the beast as described in Revelation [5, 10] and this could result inprohibiting their use. In additionwo me n s facial recognition would be prohibiting in some Muslim countries such asSaudi Arabia.

CONCLUSION

Biometric authentication is one of the most exciting technical improvements of recent history and looks set to changethe way in which the majority of individuals live. The literature review has served to expand the concepts behindbiometric authentication, give explanations of how such systems work and to estimate their effectiveness. The point isnot to support the reader with deep knowledge of the main physiological biometrics: fingerprint, hand geometry, facialrecognition, and iris recognition, but rather to show how these biometrics are surprisingly alike in design. They allfunction and mainly use of the same techniques. In this review, the most important physiological and behaviouralbiometrics have been reviewed and it has become clear that the inner workings of behavioural biometric systems areoverall significantly more complex than physiological systems. Using multiple biometrics in one application is one of most interesting aspects of the research, and an approach has been introduced to evaluate the possibility of employingbiometrics in a central database environment. This approach allows a single biometric to be used in multiple applicationsand multiple biometrics to be used in a single application. The use of biometrics will become an increasingly essentialpart of our lives, changing the traditional method of transactions like tokens, usernames and passwords. E-transactions

are the way of the future. Financial institutions and banks, along with many other organisations, are being forced tomodify the techniques with which they carry out business. These technological changes have brought with them e-transaction hackers and identity theft. These cyber crimes have become common and are only expected to increase.However, a more efficient means of protecting identities and transactions is required to be implemented and the bestmethod of providing such secure identification at this time is by employing biometric systems.

REFERENCES

[1] Ashbourn, J., Biometrics: Advanced Identity Verification: The Complete Guide. Springer-Verlag, London, . . 2000:Springer. 201.[2] Wayman, J.L. and L. Alyea, Picking the Best Biometric for Your Applications, in National Biometric Test CenterCollected Works. 2000, National Biometric Test Center: San Jose. p. 269-275.[3] Pfleeger C.P., Security in computing. second edition ed. 1997: Prentice Hall PTR.[4] Tiwana, A., Web Security. 1999: Digital Press An imprint of Butterworth-Heinemann.

[5] Prabhakar, S., S. Pankanti, and A.K. Jain, Biometrics Recognition: Security and Privacy Concerns. IEEE Security &Privacy, 2003.1(2): p. 33-42.[6] Zhang, D., Automated Biometrics: Technologies and Systems 2000, Norwell, MA: Kluwer Academic Publishers. 331.[7] ALLAN, A., Biometric Authentication. Perspective. Gartner Research, 2002a: p. 1-31.[8] HARRIS, A.J. and D.C. YEN, Biometric authentication: assuring access to information. Information Management andComputer Security, 2002.1 0(1): p. 12-19.[9] Dugelay, J.L., et al., Recent Advantages in Biometric Person Authentication, in ICASSP International Conference onAcoustics, Speech and Signal Processing. 2002: Orlando, Florida, USA.[10] Woodward, J.D., et al., Army Biometric Applications: Identifying and Addressing Sociocultural Concerns. 2001:RAND.

Documents

Secure Bio Metrics Authentication