Introduction Biometrics - Summer 2006 1helens/csit520/Lecture/w01-Overview.pdf · A key component of any DRM system, ... structure gives distinctive information useful for ... Artificial

Introduction Biometrics - Summer 2006 1

Introduction

“Under the new US-VISIT program started in Jan. 2004, all foreigners who enter the US on visas must have their hands (finger prints) and faces scanned digitally. In addition, starting later this year, new passports will be issued that bear a chip containing biometric data.” [1]

e-Passports - “The Dutch Government is planning important trials to investigate how the introduction of biometrics to their national passports . . . Meanwhile, the UK’s Passport Service is now embarking on a major biometric enrolment trial.” [2]


Introduction (cont’d)

Digital Rights Management (DRM) Systems:“Rights holders should be able to license, monitor,

and track the usage of rights in a dynamic digital trading environment, especially in the near future when universal multimedia access (UMA) becomes a reality, and any multimedia content will be available anytime, anywhere.

A key component of any DRM system, also known as intellectual property management and protection (IPMP) systems is user authentication to ensure that only those with specific rights are able to access the digital information.” [3]

The Ubiquity of users and devices requires the need for reliable and universal authentication of users.


Introduction (cont’d)

Biometric Industry: Post-9/11 “International Biometric Group has revised its

biometric industry revenue projections. Projected 2003 revenue of $935m are actually lower than previously anticipated; however, 2004 revenues of $1.48b and 2005 revenues of $2.2b are higher than had been previously projected.” [4]

What is Biometrics?“Biometrics refers to the automatic identification or

verification of living persons using their enduring physical or behavioral characteristics.” [1]


Biometric CharacteristicsBiometric Characteristics


Personal Identification

• An association of an individual with an identity.

• Questions related to personal identification:– Is this the person truly he or she claims to be?– Has this individual been here before?– Should this person be given access/entrance to

this building, room, system, etc.?


Personal Identification

There are three levels of “security” in personal identification:– Token based: something that you POSSESS, e.g. an

ID card with photo, a key, an access card,– Knowledge based: something that you KNOW, e.g. a

password, a PIN.– Biometrics: something that you “ARE”, (e.g. your

fingerprint, your face, etc.) or that you “DO” or “PRODUCE”, (e.g. your signature, your voice, etc.)


Why Biometrics?Why Biometrics?

3.14159

Sec

urity

Lev

el

Something you have

Something you know

Something you are

Method (degree of “difficulty”)


Biometric Systems

Typically, there are two categories:Verification: authenticate a claimed identity. Q:“Is he who he claims to be?” (one-to-one comparison)Identification: determine the identity of an individual. Q: “Who is he?” (one-to-many comparison)


BIOMETRICS

A biometric characteristic must possess the following:Universality – every individual should have this characteristic.Uniqueness or distinctiveness – any two person should be “sufficiently different” in terms of the characteristic.Permanence – ideally, the characteristics should be invariant with time. However, if the characteristic is “sufficiently invariant” (with respect to the matching criterion) over a period of time, it is acceptable. Collectability – the characteristics should be measured quantitatively.


Biometric SystemOther issues to be considered in a practical biometric system

include:Performance – refers to the achievable recognition accuracy and speed, the resources required, as well as the operational and environmental conditions that may affect the accuracy and speed.Acceptability – to what extend people are willing to accept and use the biometric system as part of their daily lives.Degree of intrusiveness – how much co-operation is required from the user to collect the biometric sample.Circumvention - how easy it is to fool the system by fraudulent techniques, i.e. degree of vulnerability to fraud.Long-term system support – DB management, re-enrollment, template updating, etc.


Challenges in Biometric SystemsChallenges in Biometric Systems• Noisy and distorted images• Changes in sensor technology – the device used for

enrollment may be different at the time of recognition.• Population coverage• Stringent system requirements (error rates, verification

time, storage, cost, etc.)• Template aging/update• System security (attacks on the system)• System maintenance• User convenience and cultural issues (non-contact sensors)• Small intra-class variability and Large inter-class

variability• Estimating extremely low error rates


Biometric System

A biometric system is essentially a pattern recognition system(PR). Four-stage process:

1. Capture (enrollment process) - a sample of the biometric characteristic is obtained

2. Extraction - unique features are extracted3. Comparison4. Decision - match or no-matchLogically, this 4-stage process can be grouped into two

modules:1. Enrollment module2. Recognition module


Typical Pattern Recognition Systems

A typical pattern recognition system attempts to capture the invariant information in the patterns representing the entities in the same class intra-class variation. (Should be small)the discriminating information of the patterns representing entities in different classes inter-class variation. (Should be large)

The main issue is “how good” is the representation (feature) of the pattern that can be quantified for comparison.


Limitations of Biometric SystemAs a pattern recognition system, there are three

fundamental categories of limitations:“Raw” Information – this comes from the sensoracquisition mechanism, e.g. camera, scanner, etc.Representation – this comes from the feature extraction process. The particular chosen representational scheme may not capture all the useful information for identification or authentication.Invariant or discriminatory information – this comes from the similarity or distance measure and the matching scheme chosen for the system.


Enrollment Process in Biometric System

Acquisition of biometric

characteristics

Extraction of features

System Database

User ID

Enrollment


Enrollment Process in Biometric SystemEnrollment mode – process of registering the biometric

characteristics of individuals, to establish the “ground truth”. Enrollment is common for both verification and identification operations. Two types of enrollment:“Positive” enrollment – for verification and positive identification, i.e. construction of a database of “eligible” members. common for verification and identification modes of operations.“Negative” enrollment – “the most wanted list”. You do not wish to be in this database.

Note: in this course, we concentrate on the “positive”enrollment


Verification Mode in Biometric System

A sample of the biometric characteristics


System Database

Verification

Claimed ID

Matcher

Template of the claimed ID

Decision (Yes or No)


Verification Mode in Biometric SystemVerification mode – The presented biometric is

compared with a single enrolled “template”. User has to present a token (e.g. a PIN, a name, etc.). With the presented token, the biometric template (or samples) associated with the user will be retrieved. The extracted feature from the input sample will be compared with the template from the database. The output of the comparison is an accept/reject decision.

Verification is basically a “positive” recognition, i.e. a list of “legal” members is stored in the database. It is recognition of “membership” to gain access.


Verification Mode in Biometric SystemRecap: Answers the question - Am I who I claim to

be?A template (or samples) of the claimed individual’s

biometric characteristics is in the system.Enrollment capturing of the presented individual’s biometricsFeature extraction generating the characteristics, i.e. the feature setComparison feature set matching against the template (or samples of the claimed individual)Decision

One-to-one comparison (am I who I claim to be?) -Binary (yes or no)


Identification Mode in Biometric System

A sample of the biometric characteristics


System Database

Identification

Matcher

All Templates

Decision: “ID” or“Not in the system”


Identification Mode in Biometric SystemIdentification mode – The presented biometric is compared

with ALL enrolled “templates” from the database. Identification can operate in one of the two modes:Positive identification – “Membership” recognition. The output of the comparison is either accept (ID of the individual) or reject (individual is not enrolled) (based on the matching scheme) or a list of the “closest” match.Negative identification – the database is the “most wanted” individuals. This is also known as screening, i.e. the input sample is screened against the database. Output is also either yes/no or a list of the “closest”match.

In the case of a list is returned, human intervention is required to make the final decision.

Note: in this course, we’ll concentrate on the “Positive”identification.


Identification Mode in Biometric SystemRecap: answers the question - Who is this?A database of the biometric characteristics is in

the system.Enrollment capturing of the individual’s biometricsFeature extraction generating the characteristics, i.e. the feature setComparison feature set matching against ALL templates from the databaseDecision

One-to-many comparison (who is this?) - Binary (match or no-match) or selecting several “close” ones and allow human to make final decision


Biometric TechnologiesTwo categories:

Physiological traitsDNAface, fingerprints, hand geometry, Palmprints,iris, retina,vein pattern

Behavioral traits voice, handwriting, off- and on-line signature, key stroke pattern, gait.


Physiological Biometrics (Cont’d)

DNA (Deoxyribo Nucleic Acid)Unique code for individuals (identical twins have identical DNA patterns!!)Mostly used in the context of forensic applicationsSpeed in producing results (slow)Privacy issues: DNA pattern contains “too much”information of an individual



Hand Geometry (week 2)Human cannot use this biometric to identify or verify a personMeasurements taken from the hand can be used as features for recognition.Technique can be simple and inexpensive.Invariant over time (?)



Palmprint (week 3)Larger area of ridges and linesDistinctive, Stable in adultsPerformance depends on the acquisition sensorCan achieve high accuracy


Physiological Biometrics

Face (week 5)We recognize each other by the faceThis is one of the most acceptable biometricsThe method of acquisition is non-intrusive. e-Passport requires face as one of the biometric characteristicsFacial disguise is a challenge to authentication applicationsFeatures may be the location and/or shape of the eyes, nose, lips, etc.



Fingerprints (week 5)This is one of the “oldest” biometrics used and one of the most developed techniquethey are believed to be unique to each person (and each finger)They are used worldwide for criminal investigationsImmigration of HK also has the finger print (thumb) of all residentse-Passport requires fingerprints as one of the biometric characteristicsMain feature: graphical flow-like ridges



Iris (week 6)Iris is the annular region of the eye bounded by the pupil and sclera (white of the eye) on either sideIt is believed that the visual texture pattern of the iris stabilizes very early (first 2 years) in life. Its complex structure gives distinctive information useful for identification of individuals.Each iris is unique (even irises of identical twins are different).It is extremely difficult to surgically “change” the iris texture information.Artificial irises (e.g. designer contact lenses) are easily detectable.



Hand Vein (week 6)digitized images of hand vein patterns can be captured by an infra-red camera.Hand vein patterns are unique to each individualit is very difficult to change the formation of the hand vein pattern even by surgeryThus, hand vein based system has the potential to achieve acceptable accuracy.Hand vein patterns can be difficult to acquire due to medical conditions of the person, eg. Obesity.



Facial Thermogram (week 6)non-intrusiveusing an infra-red camera to capture the heat “intensity” of the vascular facial tissue results in an image called the face thermogram.It is believed that face thermograms are unique to each individualface thermograms depend heavily on many factors, such as

emotion of the personphysical health of the person which affects the body temperature

view-dependent



Ear (week 6)The shape of the ear and the structure of the cartilegenous tissue of the pinna are distinctiveDistinctive, permanentCan be acquired by camera (image) or infra-red sensor (thermogram)Problem of hair covering the ear.Others (?)



Retinal Pattern (week 6)The pattern formed by veins beneath the retinal surface in an eye is stable and uniqueDigital images of the retinal patterns is acquired by projecting a low-intensity beam of infra-red light into the eye and an image of the retina illuminated is captured. The acquisition process requires close co-operation from the person (user).Retinal scan is currently perceived to be the most secure biometric technique.Retinal scanners are expensive.


Behavioral Biometrics (Cont’d)

Signature (week 6)Handwriting is believed to be characteristic of each person.Signature-based authentication systems have been successfully designed.There are two approaches to signature verification:

static - uses only the geometric features of a signaturedynamic - uses both the geometric as well as the dynamic features such as acceleration, velocity and trajectory profiles of the signature.

Signatures have been well accepted as a form of identification, even electronic version of signatures are accepted nowadays.Professional forgers may fool the system.



Voice/Speech (week 6)Voice is a combination of physiological and behavioral characteristics.The voice of a person is distinct but may not provide sufficient information for identification.There are two types of speech-based verification system: text-dependent and text-independent.A text-dependent system authenticates the identity of an individual based on the utterance of a fixed pre-determined phrase.A text-independent system verifies a speaker independent of the phrase. Thus, this is more difficult but offers more protection against fraud.Some people are very good at mimicking other’s voice!!



Gait (week 6)One can easily recognize someone from the way that person walks. Not invariant – may change over time due to physical changes of the body, e.g. body weight, injuries, etc.Collectability is not simple and easy.



Keystroke (week 6)It is believed that each person types with his/her own characteristics.It not unique however, can provide sufficient discriminatory information to allow identity verification.


Multimodal BiometricsThere are limitations of unimodal biometric systems.Using multiple biometric modalities can be expected to be

more reliable, due to multiple, independent pieces of “evidence”.

Multimodal biometric systems also provide anti-spoofing measures by making it more difficult for intruder to produce multiple forged biometrics.

Many challenges to be overcome when using multimodal biometrics.


Applications of Biometric SystemsBiometric applications fall into three main

categories: Commercial – computer network login, access digital information, sensitive facilities, ATM, credit card, cellular phone, PDA, medical records, etc.Government – national ID, passport, driver’s license, welfare claims, border control, social security, etc.Forensic – terrorist identification, parenthood determination, missing children, criminal investigation, corpse identification, etc.


Biometrics Technologies and ApplicationsSome questions and properties to be considered when

choosing a biometrics for an application:Does the application require identification or verification?The system is quite different for these two types of recognitions. Primarily, the matching scheme is different.Is it attended (semi-automatic) or unattended (completely automatic)?Requirements for complete automated system is quite different from semi-automatic one. For automated system, output has to be a simple “accept” or “reject”.


Biometrics Technologies and Applications (Cont’d)

Are the users habituated (or willing to be habituated) to the given biometrics?Performance of a biometrics-based system improves steadily as the subjects instinctively learn to give “good” biometric measurements. Some applications may tolerate the less effective learning phase of the application deployment for a longer time than others.Are the subjects cooperative or non-cooperative?Typically, applications involving non-cooperative subjects warrant the use of physiological biometrics that cannot be changed easily.



What are the storage requirement constraints?Different applications impose varying limits on the size of the internal representation for the chosen biometrics.How stringent are the performance requirement constraints?Applications that demand higher accuracies require the biometrics with higher degree of uniqueness.What types of biometrics are acceptable to the users?Depending on the cultural, ethical, social, religious, and hygienic standards of the society, different biometrics are acceptable in applications deployed in different demographics.



Is the application covert or overt?Not all biometrics can be captured without the knowledge of the subject to be identified. Even the biometrics which could be captured without the knowledge of a subject may not be used in some countries due to privacy legislations.


Which Biometrics is the “best”Universality (all individuals possess this biometric)Uniqueness (variability across individuals)Permanence (does not change over time)Collectability (can be quantified)Performance (low processing time and error rate)Acceptability (“well” received by the population)Circumvention (can it be easily spoofed or copied?)

NO biometric is optimal.Need to find the best match between an application and a

specific biometric.


Why is Personal Identification difficult?

Database is large, can be millionsPopulation coverage and scalabilityIntra-class variability and inter-class similarityNoisy and distorted acquired imagesSystem performance – speed, cost, error rateAttacks on the systemNon-uniqueness of the biometric characteristics –Temporal variationsAddressing privacy concernsCultural/Religious concerns or objectionsSegmentation – isolate the biometric characteristics from the background


The Future of BiometricsResearch Issues:

better performance of some of the technologies better representational models, better algorithms in feature extraction, better discrimination strategiesfusion of different technologies combining features to provide better discrimination.

Practical Concerns:Improving the quality of the acquired images/signals“Liveness” detectionSystem securityHybrid technology uses - combining biometrics with smart cards and public-key infrastructure (PKI)


References1. M.L. Johnson, “Biometrics and The Threat to Civil Liberties”, Computer,

April 2004, pp.90-92.2. “e-Passports – Part 1”, Biometric Technology Today, June 2004, p. 11.3. J. Ortega-Garcia, J. Bigun, D. Reynolds, and J. Gonzalez-Rodriguez,

“Authentication Gets Personal with Biometrics”, IEEE Signal Processing Magazine, vol.21, no. 2, March 2004, pp. 50-62.

4. “The Biometric Industry: One Year After 9/11”, International Biometric Group, reports.

5. A.K. Jain, A.Ross, and S. Prabhakar, “An Introduction to Biometric Recognition”, IEEE Trans. On Circuit and Systems for Video Technology, vol.14, no.1, Jan. 2004, pp.4-20.

6. J. Ashbourn, Biometrtic: Advanced Identity Verification, Springer-VerlagLtd., 2000. (ISBN 1-85233-243-3)

7. A.K. Jain, R. Bolle and S. Pankanti (eds.), BIOMETRICS: Personal Identification in Networked Society, Kluwer Academic Publishers, 1999. (Chapter 1)

8. R.M. Bolle, J.H. Connell, S. Pankanti, N.K. Ratha, and A.W. Senior, Guide to Biometrics, Springer-Verlag, 2004. (chapter 1)

Documents

Introduction Biometrics - Summer 2006 1helens/csit520/Lecture/w01-Overview.pdf · A key component of any DRM system, ... structure gives distinctive information useful for ... Artificial