Upload
bhargav-amin
View
126
Download
1
Tags:
Embed Size (px)
Citation preview
----- CASE STUDY------
USAGE OF BIOMETRICS
BY
AMRUTTAA PARDESSI BHARGAV AMIN
PRN-14030142055 PRN- 14030142016
Subject: CRYPTOGRAPHY
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 2
ACKNOWLEDGEMENT
We, Amruttaa Pardessi and Bhargav Amin would like to express our gratitude to our Cryptography
subject professor Mr Atul Kahate Sir for his guidance and motivation as well as providing
necessary information regarding the Case Study.
We were able to learn this topic to the depth and gain complete knowledge on this by our own
research.
Amruttaa Pardessi
Bhargav Amin
Date- 2 March 2015
Place- Pune
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 3
TABLE OF CONTENTS
SR NO TOPIC PAGE NO 1. Abstract 4
2. Introduction 5
3. History of Biometrics 6
4. How Biometric Authentication System
Works?
7
5. Performance and Security
Considerations
8
6. Factors to be considered for Decision
making whether Biometric Technology
to be used or not
9
7. Biometric Modalities 10
7.1. Fingerprint Recognition 11
7.2. Face Recognition 12
7.3. Iris Recognition 13
7.4. Hand/Finger Geometry 14
8. Different Kinds of Biometric Systems 15
9. Requirements of Applications to be
considered for deciding which Biometric
Technique to Implement
16
10. Biometric System Implementation 17
10.1. Biometric authentication used in ATM's
Law Enforcement and Airports
17
10.2. Biometric authentication in Networking 18
11. Advantages and Disadvantages 19
12. Recent Research in Biometric
Technology
20
13. Summary 21
14. References 22
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 4
1. ABSTRACT
Biometrics is widely discussed in past and still today. We will be discussing how
exactly biometric systems work and various biometric modalities. Biometrics is
implemented at Airports, ATM’s, networking and many more. Biometrics is also said
to be in discussion for storing biometric data on passports. Many banks and laptops,
PDA’s etc are using finger sensors now days. However, many implementations and
proposals use biometric data but it’s still not widely used for user authentication. This
case study is based on overall usage of biometrics.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 5
2. INTRODUCTION
“Biometrics” is an automated methods of recognizing an individual based on
measurable biological (anatomical and physiological) and behavioural characteristics.
Biometrics has recently become popular due to high profile applications which use
this technology in day-to-day activities.
Example- FBI's Integrated Automated Fingerprint Identification System (IAFIS), US-
VISIT program, the Transportation Workers Identification Credentials (TWIC)
program and Registered Traveller program.
Biometrics uses a person’s own identity to identify himself. Biometrics uses physical
characteristics like face, fingerprints, irises or veins, or behavioural characteristics
such as voice handwriting or typing rhythm. Thus, this system is considered to be
safe and secure as compared to keys and passwords.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 6
3. HISTORY OF BIOMETRICS
Biometrics was used during prehistoric times.
Chinese used fingerprinting in the 14th
century for identification.
In the 17th century fingerprinting was used to seal official documents.
TIMELINE
1858 – First systematic capture of hand images for identification purposes is recorded 1892 – Galton develops a classification system for fingerprints 1894 – The Tragedy of Pudd’nhead Wilson is published 1896 – Henry develops a fingerprint classification system 1903 – NY State Prisons begin using fingerprints 1936 – Concept of using the iris pattern for identification is proposed 1960 – First model of acoustic speech production is created 1963 – Hughes research paper on fingerprint automation is published 1969 – FBI pushes to make fingerprint recognition an automated process 1970s – Face Recognition takes another step towards automation 1970 – Behavioral components of speech are first modelled 1974- First commercial hand geometry systems become available 1975 – FBI funds development of sensors and minutiae extracting technology 1976 – First prototype system for speaker recognition is developed 1977 – Patent is awarded for acquisition of dynamic signature information 1985 – Concept that no two irises are alike is proposed 1985 – Patent for hand identification is awarded 1986 – Patent is awarded stating that the iris can be used for identification 1991 – Face detection is pioneered, making real time face recognition possible 1992 – Biometric Consortium is established within US Government 1993 – FacE REcognition Technology (FERET) program is initiated 1994- First iris recognition algorithm is patented 1994 – Integrated Automated Fingerprint Identification System (IAFIS) competition is held 1995 – Iris prototype becomes available as a commercial product 1996 – Hand geometry is implemented at the Olympic Games 1997 – First commercial, generic biometric interoperability standard is published 1998- FBI launches COOlS (DNA forensic database) 1999 – FBI’s IAFIS major components become operational 2000 – First research paper describing the use of vascular patterns for recognition is published 2000 – West Virginia University biometrics degree program is established 2002 – ISO/IEC standards committee on biometrics is established 2003 – Formal US Government coordination of biometric activities begins 2003 – European Biometrics Forum is established 2004 – DOD implements ABIS 2004 – Presidential directive calls for mandatory government-wide personal identification card for all federal employees and contractors 2004 – First state wide automated palm print databases are deployed in the US 2005 – Iris on the Move is announced at Biometrics Consortium Conference 2010 – U.S. national security apparatus utilizes biometrics for terrorist identification 2011 – Biometric identification used to identify body of Osama bin Laden 2013 – Apple includes fingerprint scanners into consumer-targeted smartphones
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 7
4. HOW BIOMETRIC AUTHENTICATION SYSTEM WORKS?
There are 5 integrated components:
a. A sensor- It detects the characteristics used for identifying the person. It
collects the data and converts information to digital format.
b. Signal Processing Algorithms- Develops the biometric template and processes
the signal.
c. Data Storage or Computer- Stores information about biometric templates to
be compared.
d. Matching Algorithm- Compares new biometric template to the one kept in
Data Storage.
e. Decision process- This can be automated or human assisted. It makes a system
level decision after the comparison.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 8
5. PERFORMANCE AND SECURITY CONSIDERATIONS
It’s difficult to measure the performance of biometric authentication systems.
Whether the system is good or bad completely depends on the accuracy of the
system. Speed, storage, cost and ease-of-use are also important factors that must be
considered. Biometric systems are not perfect and many a times cause errors. It may
happen that and unauthorised person gets access and an authorised person is rejected
by the system. These kinds of errors are called False Acceptance (FA) and False
Rejection (FR) respectively. For most systems these kinds of errors can be dealt
with. The FR rate and FA rate are dependent on each other. Both rates are zero in a
perfect system. If the system is very secure than it tries to increase FA rate to zero
which makes the FR rate very high. Whereas,
The time required by the authentication system to determine a person is authorised or
not is an important factor to judge the performance of system. The ideal would be if
the answers are got in real time. For example- it would be unacceptable to wait for
half a minute in front of an ATM to be authenticated. Thus the accuracy and security
of biometric system is related with time. This means the more time a biometric
system takes for authentication the less secure it is.
Thus the conclusion is such that the biometric system has FR and FA rate which
needs to be traded off with each other which in turn affects the time taken for
authentication and security.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 9
6. FACTORS TO BE CONSIDERED FOR DECISION MAKING
WHETHER BIOMETRIC TECHNOLOGY TO BE USED OR
NOT
Distinctiveness and uniqueness of biometric characteristic- Two persons
might have the same characteristics, what is the probability of this case? How
can the biometric traits be distinguished accurately?
Vulnerability to fraud system- Is the system vulnerable to fraudulent
methods? Is it possible to copy or steal biometric characteristic of another
person?
Intrusiveness of System- When taking biometric sample, is the system
intrusive?
Variation of Biometric Characteristic- What is the duration when the
characteristic of an individual can change? What are the consequences that the
biometric characteristic of a user is lost?
Maintenance of the system- Is support required? Do the samples need regular
updation? What kind of support is required?
Test reports and statistics are used to find answers to these questions by Decision
makers.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 10
7. BIOMETRIC MODALITIES
Biometric modalities include face, iris, fingerprint, voice and signature. Many factors
need to be considered when implementing a biometric such as location, security risks,
tasks (identification and verification), expected number of users, user circumstances,
existing data, etc
Multimodal Biometrics: (as below)
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 11
7.1. FINGERPRINT RECOGNITION
Fingerprints have uneven surfaces called ridges and valleys that form the unique
identification for the individual. Many applications use ridge patterns that are on top
joint of finger.
The FBI IAFIS system used a method to compare the submitted information against a
database which has millions of fingerprints too check if the individual has submitted
previously or has a criminal history. IAFIS require information of all 10 fingers,
either ink based or electronic. Submitted fingers are compared against the fingerprints
in database and are verified by 0, 1, 2 fingerprint examiners. This process takes 1 to 2
hours.
Automated commercial systems require only one finger for comparison and prove the
identity. This process takes less than a second.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 12
7.2. FACE RECOGNITION
Since 1960, machine vision researchers were trying to find the appropriate methods
for detecting face but no perfect solution was found. Multiple approaches were tried
2D and 3D which greatly improve face recognition abilities.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 13
7.3. IRIS RECOGNITION
Iris is colored part on an individual’s eye. This concept dates back to 1936. The
patent for iris recognition was issued in 1994 for algorithms that can make this
happen.
The identification system illuminates the iris with near-infrared light, which is seen
by most cameras and does not cause injury to humans. Iris recognition takes
illuminated picture of iris.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 14
7.4. HAND/FINGER GEOMETRY
This was most successful biometric product. It works as; a user enters a PIN code to
claim an identity, and then places their hand on system, which takes a picture of her
hand. The picture shows view of the hand from top and sides. Measurements are
taken as digits of hand and compared to those collected at enrollment.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 15
8. DIFFERENT KINDS OF BIOMETRIC SYSTEMS
Dynamic Signature: Measures speed and pressure for identification.
Retina Recognition: Image of the blood vessels and back of eye is collected and matched
with previously collected samples.
Body Recognition: Measures the appearance and walking style of an individual.
Speech Recognition: An individual’s physical voice as well has behavioural attributes of
voice are used for recognition.
Keystroke Dynamics: Measures typing patterns of individuals.
Odour
Ear
DNA
(Ignore the vendor and market share column)
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 16
9. REQUIREMENTS OF APPLICATIONS TO BE CONSIDERED
FOR DECIDING WHICH BIOMETRIC TECHNIQUE TO
IMPLEMENT
The factors that must be considered are:
The ability to deal with the number of individuals.
Ease of use
Speed of operation
Secure and robust against various attacks
Accurate discrimination against individuals
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 17
10. BIOMETRIC SYSTEM IMPLEMENTATIONS
10.1. Biometric authentication used in ATM's Law Enforcement and
Airports
Iris Recognition used for Law Enforcement first by U.S. in 1996 in prison to
release prisoners.
Iris Recognition used in ATM, if an individual faces the sensors, the camera
immediately captures the iris, the Iris is verified with the record in database,
then the accounts are unlocked immediately. Iris can be captured through sun
glasses, contact lenses and glasses.
CANADA's immigration system uses biometrics it helps identifying applicants
during the initial stage of VISA process. This system helps the visa issuing
authorities to take decisions who should be granted the visa to visit Canada.
Biometrics helps them prevent:
o Known criminals from entering Canada
o Identifying fraud and theft
o Deportees from re-entering Canada without permission and
o Failed refugee claimants’ form re-entering Canada with false identity proof.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 18
10.2. Biometric authentication in Networking
Companies such as Novell, Baltimore Technologies are some of the first to take
advantage of biometric scheme.
Internet Banking: Used in enhancing the security of Internet Banking.
A bank, contracting with an ASP (Application Service Provider), could require
biometric verification for a high-value transaction over the Internet.
Baltimore Technologies offer biometric security. Users will be authenticated
using multiple biometrics and then authorized to access data and applications
and conduct business in a secure manner.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 19
11.ADVANTAGES AND DISADVANTAGES
Besides many disadvantages the advantages make biometric systems very desirable
to use.
Accuracy and Security are disadvantages of biometric authentication systems as
discussed earlier.
Acceptability is also a disadvantage of biometric authentication system.
Acceptability by users is a major concern like for example, many people think that
fingerprint authentication is used for criminals and by iris scanning the light beam
can harm their eyes.
Cost is also a major disadvantage of biometric techniques. High cost is imposed on
the hardware and software and on other hand on integrating biometric authentication
mechanism to current network.
Another disadvantage is the varying reliability of biometric system. The physical
characteristics of people might change with age or any physical injury or diseases.
This might affect fingers or eyes.
Also, environment conditions can affect biometric systems like for example
background noise can affect voice recognition systems or a cut in finger might not
give that person access to system by finger recognition.
Another problem is integrating biometric authentication system in corporate
infrastructure. Proper platform or applications are not available to host the
biometric system on large scale in organisations.
Apart from the many disadvantages there are also many advantages which make the
biometric systems very desirable let’s have a look below:
The major advantage is that biometric systems is that the data cannot be lost, stolen,
duplicated or forgotten like keys and access cards. These cannot be forgotten,
compromised, shared or observed or guessed like passwords or PINS.
No need to change the recorded data every three months like we do with passwords.
Therefore, it’s more convenient to use.
Biometric authentication system increase the security of system, if accuracy is high,
the hardware is unique and can’t be cheated easily. Clare Hist states for example that
biometrics used in conjunction with smart cards “can provide strong security for PKI
credentials held on the card.”
It can also be considered cost efficient, as reduces overheads for password
maintenance.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 20
12.RECENT RESEARCH IN BIOMETRIC TECHNOLOGY
Infrared Technology to scan fingerprint below surface of skin to reveal vascular
and sub dermal details that results in multidimensional details of one’s
thumbprint.
Research includes using a combination of biometric systems for human
identification.
Biometric for mobile applications
New biometric technologies in forensic and security applications
A research group from France submitted a paper that described a method
combining biometric information with cryptographic systems.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 21
12.SUMMARY
More disadvantages than advantages seem to exist for Biometric Authentication
Systems. That is why these systems are not widely acceptable or used yet. The
advantages are such that people tend to use these systems despite of the
disadvantages. Every system has to deal with the disadvantages.
A lot of research is still going on in this area to build a more secure system despite
the disadvantages. For example- Using Smart Card along with finger print detection
makes the system more secure. Thus combination of biometric with other
technologies is highly effective and used widely today.
To conclude, the usage of biometric systems will increase a lot more in future with
the support of stable technologies and more cost effectiveness.
SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY Page 22
13.REFERENCES
http://www.cic.gc.ca/english/department/biometrics-why.asp
http://www.biometricsinstitute.org/pages/types-of-biometrics.html
http://en.wikipedia.org/wiki/Biometrics
http://shop.bsigroup.com/Browse-By-Subject/Biometrics/Why-use-biometrics/
http://ntrg.cs.tcd.ie/undergrad/4ba2.02/biometrics/now.html
http://www.biometricupdate.com/201501/history-of-biometrics