View
227
Download
1
Tags:
Embed Size (px)
Citation preview
Biometrics and Biometrics and AuthenticationAuthentication
Shivani Kirubanandan
Lets Define !Lets Define !
“A biometric is a A biometric is a physiologicalphysiological or or behavioralbehavioral characteristic of a human characteristic of a human being that can being that can distinguishdistinguish one person one person from another and that theoretically can be from another and that theoretically can be used for used for identificationidentification or or verification verification of of identity.”identity.”
“A biometric is a A biometric is a physiologicalphysiological or or behavioralbehavioral characteristic of a human characteristic of a human being that can being that can distinguishdistinguish one person one person from another and that theoretically can be from another and that theoretically can be used for used for identificationidentification or or verification verification of of identity.”identity.”
Biometrics as AuthenticationBiometrics as Authentication
Authentication depends onAuthentication depends on• What you haveWhat you have• What you know What you know • What you ARE !What you ARE !
Authentication depends onAuthentication depends on• What you haveWhat you have• What you know What you know • What you ARE !What you ARE !
Why Biometrics?Why Biometrics?
• Identity thefts • Something you know can be
stolen• Predicted or hacked• Reliability on manual verification
• Identity thefts • Something you know can be
stolen• Predicted or hacked• Reliability on manual verification
Application CategoriesApplication Categories
Biometric applications available Biometric applications available today are categorized into 2 sectorstoday are categorized into 2 sectors
• Psychological: Iris, Fingerprints, Hand, Psychological: Iris, Fingerprints, Hand, Retinal and Face recognitionRetinal and Face recognition
• Behavioral: Voice, Typing pattern, Behavioral: Voice, Typing pattern, SignatureSignature
Biometric applications available Biometric applications available today are categorized into 2 sectorstoday are categorized into 2 sectors
• Psychological: Iris, Fingerprints, Hand, Psychological: Iris, Fingerprints, Hand, Retinal and Face recognitionRetinal and Face recognition
• Behavioral: Voice, Typing pattern, Behavioral: Voice, Typing pattern, SignatureSignature
Biometric Authentication ProcessBiometric Authentication Process
• Acquisition• Creation of Master characteristics• Storage of Master characteristics• Acquisition(s)• Comparison• Decision
• Acquisition• Creation of Master characteristics• Storage of Master characteristics• Acquisition(s)• Comparison• Decision
The metrics of BiometricsThe metrics of Biometrics
• FTE – Failure To Enroll• FTA – Failure To Accept• FAR – False Acceptance Rates• FRR – False Reject Rates
• FTE – Failure To Enroll• FTA – Failure To Accept• FAR – False Acceptance Rates• FRR – False Reject Rates
Essential parametersEssential parameters
• Liveness testing• Tamper resistance• Secure communication• Security Threshold level• Fall back node
• Liveness testing• Tamper resistance• Secure communication• Security Threshold level• Fall back node
Fingerprint recognitionFingerprint recognition
• Divides print into loops, whorls and arch
• Calculates minutiae points (ridge endings)
• Comparisons • authentication
• Divides print into loops, whorls and arch
• Calculates minutiae points (ridge endings)
• Comparisons • authentication
Fingerprint techniquesFingerprint techniques
• Optical
• Capacitive
• Thermal
• Ultrasonic
• Optical
• Capacitive
• Thermal
• Ultrasonic
DisadvantagesDisadvantages
• Racial issues• Dirt , grime and wounds • Placement of finger• Too big a database to process• Can be spoofed –liveness important!
• Racial issues• Dirt , grime and wounds • Placement of finger• Too big a database to process• Can be spoofed –liveness important!
Hand GeometryHand Geometry
• Geometry of users hands • More reliable than fingerprinting• Balance in performance and
usability
• Geometry of users hands • More reliable than fingerprinting• Balance in performance and
usability
DisadvantageDisadvantage
• Very large scanners • Very large scanners
Retinal ScanningRetinal Scanning
• Scans retina into database • User looks straight into retinal
reader• Scan using low intensity light• Very efficient – cant be spoofed!
• Scans retina into database • User looks straight into retinal
reader• Scan using low intensity light• Very efficient – cant be spoofed!
DisadvantagesDisadvantages
• User has to look “directly” • FTE ratio high in this biometric• Acceptability concerns
– Light exposure– Hygiene
• User has to look “directly” • FTE ratio high in this biometric• Acceptability concerns
– Light exposure– Hygiene
Iris ScannerIris Scanner
• Scans unique pattern of iris• Iris is colored and visible from far• No touch required• Overcomes retinal scanner issues• Contact lenses an issue?
• Scans unique pattern of iris• Iris is colored and visible from far• No touch required• Overcomes retinal scanner issues• Contact lenses an issue?
Face recognitionFace recognition
• User faces camera
• Neutral expression required
• Apt lighting and position
• Algorithms for processing
• Decision
• User faces camera
• Neutral expression required
• Apt lighting and position
• Algorithms for processing
• Decision
Issues with Face Recognition?Issues with Face Recognition?
IssuesIssues
• Identification across expression• FRR or FAR fluctuate• Easily spoofed• Tougher usability• High Environmental impact
• Identification across expression• FRR or FAR fluctuate• Easily spoofed• Tougher usability• High Environmental impact
BehavioralBehavioral
• Voice• Signature• Typing pattern
• Voice• Signature• Typing pattern
Voice RecognitionVoice Recognition• Speech input
– Frequency– Duration – Cadence
• Neutral tone • User friendly
• Speech input – Frequency– Duration – Cadence
• Neutral tone • User friendly
DisadvantagesDisadvantages
• Local acoustics• Background noise• Device quality• Illness , emotional behavior• Time consuming enrollment• Large processing template
• Local acoustics• Background noise• Device quality• Illness , emotional behavior• Time consuming enrollment• Large processing template
Signature RecognitionSignature Recognition
• Signature measures (dynamic)– Speed– Velocity– Pressure • Captures images (static)• High user acceptance
• Signature measures (dynamic)– Speed– Velocity– Pressure • Captures images (static)• High user acceptance
Issues Issues
• Signature variable with– Age, illness, emotions• Requires high quality hardware• High FRR as signatures are very dynamic
• Signature variable with– Age, illness, emotions• Requires high quality hardware• High FRR as signatures are very dynamic
Typing Patterns Typing Patterns
• User typing pattern– Speed– Press and Release Rate• Unique patterns are generated• comparisons
• User typing pattern– Speed– Press and Release Rate• Unique patterns are generated• comparisons
IssuesIssues
• Not very scalable
• FRR is high
• Can be spoofed – by simple technology (recorders)
• Not very scalable
• FRR is high
• Can be spoofed – by simple technology (recorders)
Usability issues in BiometricsUsability issues in Biometrics
• User acceptability• Knowledge of technology• Familiarity with biometric
characteristic• Experience with device
• User acceptability• Knowledge of technology• Familiarity with biometric
characteristic• Experience with device
Usability issues…Usability issues…
• Environment of use• Transaction criticality • Time consuming tasks
• Environment of use• Transaction criticality • Time consuming tasks
Biometric solutionsBiometric solutions
• Educate• Train• Explain Interfaces• Use Trainers• Supervised Playtime
• Educate• Train• Explain Interfaces• Use Trainers• Supervised Playtime
General issuesGeneral issues
• FTE posses problem• Biometric characteristics are not
encrypted• Trust on input device• Cannot authenticate computers!• Privacy attack?!
• FTE posses problem• Biometric characteristics are not
encrypted• Trust on input device• Cannot authenticate computers!• Privacy attack?!
Current applicationsCurrent applications
• Banks • Immigration facilities across USA• IDwidget – interesting research• Eyegaze at Stanford
• Banks • Immigration facilities across USA• IDwidget – interesting research• Eyegaze at Stanford
Class taskClass task
• Sell your biometric productCase1A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them?
• Sell your biometric productCase1A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them?
Class task…Class task…
Case 2: • Suggest certain areas in which
biometrics would prove disastrous• Note- You may suggest a particular
combination of biometrics which may be disastrous to security and privacy
Case 2: • Suggest certain areas in which
biometrics would prove disastrous• Note- You may suggest a particular
combination of biometrics which may be disastrous to security and privacy
Thank You!!Thank You!!