Liveness assurance in Biometric Systems

Liveness assurance in Biometric Systems

by

JOHAN FREDERIK DU PREEZ

DISSERTATION

submitted in the fulfilment of the requirements for the degree

MASTER OF SCIENCE

in

COMPUTER SCIENCE

in the

FACULTY OF SCIENCE

at the

UNIVERSITY OF JOHANNESBURG

SUPERVISOR: PROF S.H. VON SOLMS

November 2006

Abstract Short summarized introduction to this dissertation

The need for a more secure cyber future is apparent in the information age that we live in. Information is fast becoming, and already is, one of the biggest assets in all domains of life. Access to information and specifically personal information must be regulated and secured in a trusted way. The use of passwords and tokens (example: bank card) that’s currently the most popular and well known mechanism for electronic identification can only identify the password or token but NOT the physical user using the password or token for identification. Biometrics addresses the above issue by being part of the physical user. For example: your fingerprint, retina or iris. Current biometric technologies provide an enabling medium to help with more accurate identification and verification. Thereby protecting and securing electronic information…BUT: One of the biggest problem areas surrounding biometrics is the fact that most biometric tokens (fingerprints, hand geometry and the human eye) can be used in some cases to identify the owner of the biometric token even after death as if the owner was still alive. The problem becomes apparent in the case of a person that passed away and the possibility of using the biometric tokens of the deceased to obtain access to his/her bank account. Therefore the importance of effective liveness testing is highlighted. Current liveness testing technologies can not be trusted in a way that would be necessary to provide the trust needed in the example of access to a personal bank account at an ATM (automatic teller machine). This dissertation reports on the initial stages of a research project that addresses the above problem by proposing the use of biometric tokens that doesn’t exist if the owner is not alive, thus the dissertation coins the new term – Inherent Liveness Biometrics. The way the human heart beats as a biometric token to identify or verify a person, might solve the issue of liveness testing, because “The way the human heart beats” might prove to be a natural biometric token that is only valid for a living person, thus an inherent liveness biometric.

Keywords

Biometrics, Liveness-testing, Identification, Authentication, Inherent liveness

Table of Content

Preface

Abstract

Chapter 1 Research overview and objectives

1.1 Problem statement 14

1.2 Objective 14

1.3 Research path 15

1.4 Structure of the document 16

1.5 Symbols 18

Part I

Biometrics in general and specific

Introduction

Chapter 2 Identification and verification, how it works

2.1 Chapter Introduction 22

2.2 Natural identification and verification 22

2.3 Identification and verification in the electronic sense 23

2.3.1 Identification and verification 23

2.4 What you KNOW 27

2.5 What you HAVE 27

2.6 What you ARE 28

2.7 Authentication by means of combination 28

Chapter 2 Identification and verification, how it works (cont.)

2.8 Chapter Summary 29

Chapter 3 Biometrics overview and system applications


3.2 Application of Biometric technology, solutions to enhance security

31

3.2.1 Applications 31

3.2.1.1 Physical access 32

3.2.1.2 Logical access 32

3.3 Biometric authentication applied in a wide range of sectors 33

3.3.1 E-commerce – Online business 33

3.3.2 Information technology in the corporate domain 33

3.3.3 Aviation 34

3.3.4 Banking and Financial 35

3.3.5 Healthcare 35

3.3.6 Government 37

3.4 Advantages of biometrics 38

3.5 Chapter summary 39

Chapter 4 Types of Biometrics


4.2 Fingerprints 42

4.2.1 History 42

4.2.2 Minutiae-based techniques 43

4.2.3 Correlation-based techniques 43

4.2.4 Different fingerprint sensing technologies 43

4.2.4.1 Optical sensing 44

4.2.4.2 Capacitive silicon 44

4.2.4.3 Electric field sensors 44

4.2.4.4 Thermoelectric sweep sensor 45

4.2.4.5 Ultrasonic sensing 45

4.2.4.6 Pressure array 45


4.3 Hand and finger geometry 46

4.3.1 History 46

4.3.2 Technology behind sensing hand and finger geometry

47


Chapter 4 Types of Biometrics (cont.)

4.4 Iris 48

4.4.1 History 48

4.4.2 Technology behind sensing detail in the iris 48


4.5 Retina 49

4.5.1 History 50

4.5.2 Technology behind scanning the retina 50


4.6 Facial recognition 51

4.6.1 History 51

4.6.2 Technology for sensing facial features 52


4.7 Speaker verification 53

4.7.1 Technology 53

4.7.2 Text dependent 53

4.7.3 Text independent 54


Chapter 4 Types of Biometrics (cont.)

4.8 Esoteric biometrics 54

4.8.1 DNA recognition 55

4.8.2 GAIT recognition 55

4.8.3 Skin luminescence 56

4.8.4 Lip movement biometrics 56

4.8.5 Ear based biometrics 56

4.8.6 Odor recognition 57

4.9 Multimodal biometrics 57


Part II

Liveness testing on biometrics

Introduction

Chapter 5 Liveness testing, why, how and what to test?

5.1 Chapter introduction 64

5.2 Why should liveness testing exist? 64

5.3 What should a liveness test, test? 65

5.4 Current liveness tests (HOW to test) 66

5.4.1 Using extra hardware 68

5.4.1.1 Temperature 69

5.4.1.2 Optical properties 69

5.4.1.3 Pulse 70

5.4.1.4 Pulse oximetry 70

5.4.1.5 Blood pressure 71

5.4.1.6 Electric resistance 71

5.4.1.7 Relative dielectric permittivity 72

Chapter 5 Liveness testing, why, how and what to test? (cont.)

5.4.2 Using existing information 73

5.4.2.1 Skin deformation of the fingertip’s skin in fingerprint biometrics

73

5.4.2.2 Pores 74

5.4.2.3 Unique characteristic of each individual 74

5.4.2.4 Perspiration 74


Chapter 6 Investigating liveness testing weaknesses


6.2 Spoofing Biometric devices 77

6.3 Ways to improve liveness testing 79

6.3.1 Is the biometric trait being presented at the sensor still alive and part of its owner?

80


Part III

Inherent liveness biometric traits

Introduction

Chapter 7 Inherent liveness – an alternative


7.2 Types of inherent liveness biometric traits 85

7.2.1 GAIT 85

7.2.2 Facial thermography 86

7.2.3 Brain patterns 86

7.2.4 Speaker verification 87

7.2.5 The way the heart beats 87

7.3 Difficulties in applying these Biometrics 88


Chapter 8 A possible solution: “The way the heart beats” as an inherent liveness biometric


Chapter 8 A possible solution: “The way the heart beats” as an inherent liveness biometric (cont.)

8.2 Using the way the heart beats as a Biometric 90

8.2.1 Background to the human heart 91

8.2.2 The conduction system 93

8.2.3 The Vectorcadiodiogram (VCG) 96

8.2.4 Uniqueness of “The way the heart beats” 100

8.3 Initial VCG data experimentation and analysis 100

8.3.1 VCG data acquisition 101

8.3.2 VCG data description 101

8.3.3 VCG data analysis 105

8.3.4 Initial outcome 108

8.3.5 VCG data analysis conclusion 108

8.4 Benefits of using the way the heart beats as a Biometric 109

8.5 Possible problems and areas to look into 110


Conclusion

A summary of the dissertation

Chapter 9 Conclusion 114

References

Main references 117

Appendix A

The story behind the research. 123

PREFACE

Chapter 1

Research overview and objectives

Chapter I – Research overview and objectives

Preface An overview of the dissertation

14

1.1 Problem statement A biometric can be used even if the person is not present or if the person has passed away

The technology of biometrics, in many different forms, is currently being used widely for individual identification and authentication. One of the problems with many existing biometric solutions is the fact that a specific biometric, belonging to a certain person, can be used, even if the person (owner) is not present or if the person (owner) passed away. Several research projects [47,52,53,55] report that, for example: a fingerprint of a person, “lifted” from almost any surface he/she touched, was captured on a thin silicon film which deceived biometric readers, and was falsely accepted. For this reason, many biometric hardware include liveness-testing, by measuring temperature, moisture, oxygen levels etc. Even these relatively sophisticated types of liveness testing are not foolproof. This research explores the possibility of using biometrics that naturally seizes to exist if the owner is not alive. Thus this dissertation coins the term Inherent liveness biometrics. Inherent liveness biometrics is thus biometric features that stop to exist if its owner is not alive. Possible examples of Inherent liveness biometric features are face-thermography, gait (the way a person walks) etc. “The way the human heart beats” will be investigated as a new possible inherent liveness biometric by analysing and comparing different anonymous patient VCG (Vector Cardiogram) data in Matlab. A conclusion will be drawn regarding this possibility. The research touches two uncharted domains, namely: The possibility of using “The way the human heart beats” as an Inherent Liveness Biometric, and the concept of inherent liveness biometrics to challenge traditional liveness testing.

1.2 Objective What is the objective of this research?

The objectives for this research is to: • Obtain a good understanding of identification and verification. • Review current biometric technologies and system applications to provide

a frame of reference for the understanding of current weaknesses in these technologies.

• Understand the importance of liveness testing in current biometric applications, how they work and investigating the serious weaknesses that still exists.

• Define the concept of inherent liveness biometrics and explore the benefits such biometrics has over others.

• Explore the possibility of using “the way the heart beats” as a possible inherent liveness biometric.



15

1.3 Research path The path the research takes

This research follows a path of firstly defining identification and authentication and providing insight into the different forms that identification and verification can take. These two concepts (identification and authentication) guide the research into the domain of biometrics. Biometrics as a technology with its current contribution and role in a collection of different markets receives focus. Some physical biometric traits are researched and discussed in this dissertation as a way to provide insight into current possibilities and applications of these biometric traits. Liveness testing as a crucial step in the biometric technology arena is defined and questions such as why to test, how to test and what to test with regards to liveness are answered. The weaknesses in current liveness testing technologies become obvious when research by others are referenced and discussed. The term Inherent liveness biometric traits are created, defined and discussed as a possible solution to liveness testing weaknesses. Different types of existing and possible inherent liveness biometrics are listed and briefly discussed. Obvious difficulties in the application of these inherent liveness biometrics surfaces. The possible new inherent liveness biometric namely “The way the heart beats” receives focus and is introduced for the first time in this dissertation by a summarized background to the conduction system of the human heart. The climax of this research is the presentation of the initial positive outcomes of VCG (vector cardiogram) data that were obtained, formatted and analyzed.



16

1.4 Structure of the document How the document is structured

Part I contains 3 chapters, chapter 2, 3 and 4. Part I is all about biometrics in general and specific. Chapter 2: This chapter defines identification and verification from a natural and electronic point of view. Different vehicles for identification and authentication are discussed. Chapter 3: An overview of biometrics and the different system applications are provided in this chapter. Sectors where biometrics is already being applied are also listed. Chapter 4: Some current types of biometrics are named and discussed in a structured way in order to provide insight into current possibilities and applications of this biometrics. Part II contains 3 chapters, chapter 5 and chapter 6. Part II shines the light on liveness testing with regards to biometric technologies. Chapter 5: Asks the questions, why, how and what to test for when the liveness of the owner of the biometric needs to be assured. Chapter 6: Shows the weaknesses in current liveness testing technologies. Part III contains 3 chapters, chapter 7, chapter 8 and chapter 9. These chapters explore possible solutions to the weaknesses in liveness testing, namely inherent liveness testing. Chapter 7: A new term “inherent liveness biometrics” is defined and some possible inherent liveness biometric traits are listed. Difficulties with regards to implementing inherent liveness biometrics are discussed. Chapter 8: “The way the heart beats” as a possible inherent liveness biometric is explored. Chapter 9: A conclusion to this research is reached.



17

How the document is structured cont.

During the coarse of this dissertation each chapter is introduced with the following picture:

The graph (red line) builds up to a climax and thus the blue bar moving along the graph as the chapters progress, shows which chapter is the climax of the dissertation.



18

1.5 Symbols Use of symbols

During the course of this dissertation several symbols are used as a means of visual representation. They are represented hereafter for ease of reference.

What you know…

What you have…

What you are… Fingerprints

Hand and finger geometry

Iris Retina Liveness testing

PART I

Biometrics in general and specific

Part I - Introduction

Introduction

This is the first part of three in this dissertation.

Identification and verification occur naturally on a daily basis. This task, to us as human beings is second nature. Identification and verification in an electronic sense receive focus. The “vehicles” such as what you KNOW, what you HAVE and what you ARE for identification and verification are discussed.

The what you ARE vehicle leads us to the domain of biometrics and an overview thereof is provided. Different current and future system applications are also listed according to the different market sectors and these are discussed. This points to the extent that biometric technologies have already penetrated a wide range of market sectors.

A wide range of existing biometrics exists. In order to provide a better understanding of the history, current applications and a possible future for the different biometric technologies the BIOVISION – Roadmap for biometrics in Europe to 2010 [16] document was used as a guide. The overview of these different biometric technologies will also act as a platform to focus on weaknesses in current biometric technologies in Part II of this dissertation.

Chapter 2

Identification and verification, how it works

Chapter 2 – Identification and verification, how it works

PART I Biometrics in general and specific

22

2.1 Chapter Introduction Introduction

The two concepts, identification and verification, span much wider than one might think initially. This chapter will elaborate on these two concepts of identification and verification, by first discussing natural identification in the traditional sense where human beings identify and verify others on an every day basis. The main focus of the chapter will be to define identification and verification in the electronic sense, where from a system’s perspective, a discussion will provide more insight into identification and verification and the “vehicles” used to make this function a reality in the electronic sense.

2.2 Natural identification and verification Natural phenomena

We see other human beings on a daily basis, we identify the ones we know and verify that the girl sitting at the table over there is famous when someone points her out. We hear the song of a bird in the morning and identify it as a Bluebird. We smell our favourite dish when we walk into the kitchen. This all happens to human beings on a daily basis without even thinking that we are actually identifying and verifying different people and objects on a continuous basis. Even in a baby’s first two months, a baby can identify familiar faces and voices, especially those he sees every day. Newborns can identify their mother’s voice at birth, and breastfed babies can identify their mother's smell after one week. In a healthy baby the ability to identify people and objects he/she has seen before, increases dramatically during the first year. Experiments have shown that at 3 months, babies can identify new pictures or toys shown to them one to six days previously.[1] Not only can human beings identify another human being but we can also distinguish between a human being that’s alive and a human being that has passed away. This way of confirming the aliveness of a person comes as second nature. To enable a computer system to identify people and objects in the same natural, efficient and fluent way that humans do on a daily basis is a daunting task, even where new technologies are being developed at an ever increasing rate.



23

2.3 Identification and verification in the electronic sense The electronic sense

Identification and verification in the electronic sense ensure that systems have a way of making sure that you are who you say you are. Solutions to achieve this range from traditional username/password regimens to the use of more complex devices such as tokens and biometric scanners. A system can identify or verify who you say you are by examining three things: what you know, what you have, and what you are. Most solutions don’t use all three, though. Tokens (what you have) can be paired with passwords (what you know) or biometric technology (what you are) to produce a stronger solution. This helps prevent the use of stolen tokens. Technology will continue to play a vital role in overcoming identity theft1 by improving ways that individuals and organizations conduct financial transactions and increasing authentication methods. There is a strong drive worldwide to improve authentication mechanisms to help verify the identity of individuals using credit/debit cards or personal cheques. Because account takeovers2 make up a large percentage of identity theft, several potential authentication techniques appear possible now or in the near future. It is at this stage of the dissertation necessary to present an overview of identification and authentication.

2.3.1 Identification and verification Identification and verification defined

Identification and verification are both used to declare the identity of a user (Figure 2.2.1). Since the two terms identification and verification are easily confused, the following is postulated to define these terms.[2] • Identification: In an identification system, an individual is recognized by

comparing his/her biometric trait with an entire database of templates to find a match. The system conducts one-to-many comparisons to establish the identity of the individual. The individual to be identified does not have to claim an identity (Who am I?).[2] For example: In a criminal investigation where the fingerprints of an unidentified person were found at the crime scene. These fingerprints might prove to be those of the criminal. The fingerprints found at the crime scene need to be matched to all fingerprints in the national fingerprint database. This is done by comparing the found fingerprint with all the fingerprints in the national fingerprint database in order to identify the owner, thus a one-to-many comparison.

1 The act of a person claiming the identity of another person 2 A Bank account that is in control of a person posing as the owner of the bank account.



24

Identification and verification defined continued

• Verification: Verification is also referred to as authentication. In a

verification system, the individual to be identified has to claim his/her identity (Am I whom I claim to be?) by providing a name or pin (Fig 2.2.1). This template is then compared to the individual's biometric characteristics. The system conducts a one-to-one comparison to establish the identity of the individual.[2] For example: In ATM (Automatic Teller Machine) transactions, a user is identified with a token (the bank card). Then the next step is to prove that the owner is present by providing a password that only the owner is supposed to know. Thus the system is notified with the token that John (for example) is at the ATM, the ATM then needs to verify that John is really John. It does this by asking John a password that the system knows only John is supposed to know. The system then compares the entered password with John’s stored password (template), thus a one-to-one comparison.

Before a system is able to identify or verify the specific biometric of a person, the system requires something to compare it with. Therefore, a profile or template containing the biometric properties is stored in the system. Recording the characteristics of a person is called enrolment. [2]

Figure 2.2.1

Figure to follow on the next page.



25

Figure 2.2.1

Figure 2.2.1 Enrolment, verification, and identification. [2]



26

Vehicles of identification

In an effort to identify or verify the identity of a person the following “vehicles” are used:

• Something you KNOW • Something you HAVE

• Something you ARE

It has to be noted that all three of the above “vehicles” are used in the traditional biological and electronic sense of identification and verification. For example: In the traditional biological sense one may ask a person a question that you know only that person would KNOW in order to identify or verify the identity of that individual. One might accept a certain object/token that only the person you are attempting to identify or verify is supposed to HAVE possession of. The “vehicle” that human beings use most often as a means to identify is who you ARE. Our identity is determined by who we are physically. By that we ARE part of our body and thus we identify other human beings mostly by looking at a face and identifying that individual. The above three “vehicles” will be discussed with the focus on electronic identification and verification in the following three sections.



27

2.4 What you KNOW Knowledge is power

“What you know” is for instance your PIN code. You need to learn the code and remember it. As a way of identification and verification, it is not very secure. The main reason is the fact that a password that is known by its owner can also be known by the possible intruder and thus there exists no direct connection between a password and its owner. If someone is standing next to you and sees your code when you use it to connect to your computer, or if you give it to someone you know, that person is able to verify himself as you to the system by using your PIN code. This is the main method for authentication in our modern crime polluted world we live in today. It is obvious why there is a constant need for stronger identification and verification methods. According to an article in SecurityProNews[3], a daily online and email publication focusing on internet security issues, the following was stated: "The issue with password protection isn't just a number issue. Rather, from a cultural standpoint, many individuals do not believe the value of the password reflects the value of the assets it protects. Time and again, the password is not afforded deserved protection. This renders passwords ineffective regardless of synchronization, best practices, or management efforts." Earl Perkins [4]

2.5 What you HAVE With great power comes great responsibility

“What you have” is for example a card (your Token), which you use to access a building. This is not directly connected to a specific person either. It is safer than the PIN code because you can’t duplicate it as easily, but there are still risks involved. If you give your card away, or lose it, someone else is able to identify himself to the system as you. Token-based security systems have been on the market for more than a decade[5] and have been proven in numerous environments. Options are available for practically any system you can imagine. These systems interface with standardized protocols, including RADIUS (Remote Authentication Dial-In User Service), TACACS (Terminal Access Controller Access Control System) or TACACS+.[6] In fact, many network hardware vendors now provide built-in support for a number of token-authentication services. Token-based identification and verification solutions have been engineered to be an addition to a network perimeter already protected by other mechanisms such as a password, thus many token-based identification and verification solutions have to do with protecting the remote connections to a central network. ATMs (Automatic Teller Machine) in South Africa and in most countries around the world are in essence remote connections to a bank’s central account database, and thus act as a perfect example of where token based-systems have been used extensively.



28

2.6 What you ARE The owner is the Biometric

“What you are” is where biometrics comes into play. A Biometric feature is inherently connected to its owner, the owner IS the biometric, the biometric is a permanent part of the owner. You “are” your fingerprint, it has a high security level. Casio Computer and Alps Electric[7] have developed a small fingerprint scanner (Figure 2.6.1) built into a short, thin cylinder for use in cellular telephones and other portable devices and have been used by some cell phone manufacturers since late 2003. The cylinder, 0.2 inches in diameter and 0.6 inches long, contains a sensor, light, and lens. When users roll their fingers over the device, it can produce an 8-level monochrome fingerprint image at 600 dots per inch resolution. Hewlett-Packard (Figure 2.6.2) became the first manufacturer to add biometric identity checking to a mass-market consumer portable electronics device, when it built a small fingerprint scanner into its HP IPAQ H5450 PDA.

Figure 2.6.1 and figure 2.6.2

Figure 2.6.1: Casio Cellular Scanner Figure 2.6.2: HP IPAQ H5450

2.7 Authentication by means of combination Combination will provide more trusted authentication

A combination of these authentication methods (What you KNOW, HAVE and ARE) will provide for more trusted authentication. If a system requires, for example, a token and a PIN, as in most ATM (Automatic teller machine) transactions, in order to authenticate a person then by having two authentication methods, the intruder needs to provide both in order to authenticate himself as another.



29

2.8 Chapter summary Summary

Identification and verification (also referred to as authentication) have been discussed in this chapter. Details regarding the “vehicles” of identification and verification have been discussed in the form of:

• Something you KNOW • Something you HAVE

• Something you ARE

Mention was made to the combination of these “vehicles” and how something you KNOW (password) in combination with something you HAVE (Bank card) creates an even stronger barrier against attack. None of these discussed “vehicles” creates an indestructible barrier though. One of these “vehicles” for identification an verification that will receive much more focus than any other in this dissertation is something you ARE (Biometrics). Nature has provided humans with many unique biometric characteristics that allow the natural recognition of one another in everyday life. In recent years, advances in biometrics technology have resulted in increased accuracy at reduced costs. Biometric technologies are positioning themselves as the foundation for many highly secure identification and personal verification solutions. Today’s biometric solutions provide a means to achieve fast, user-friendly authentication with high levels of accuracy and cost savings. Secure and trustworthy electronic commerce, for example, will be essential to the healthy growth of the global Internet economy. Many biometric technology providers are already delivering biometric authentication for a variety of web-based and client/server based applications to meet these and other needs. Continued improvements in technology will bring increased performance at a low cost. Interest in biometrics is growing substantially. Evidence of the growing acceptance of biometrics is the availability of biometric-based authentication solutions that are becoming more accurate, less expensive, faster and easy to use. The next chapter will show applications in different markets where biometric technology is already adding a positive contribution.

Chapter 3

Biometrics overview and system applications

Chapter 3 – Biometrics overview and system applications


31

3.1 Chapter Introduction Introduction

This chapter will elaborate on biometrics and system applications thereof. It will be providing a summary of the various applications of where biometric technology works to provide a higher level of security for information access via intranets, extranets, the Internet, physical access and for more secure financial and eCommerce transactions. This will point out the already obvious advantages of moving into a direction of introducing biometrics as the way for authentication, not only in certain areas, but across the broad range of practical authentication applications.

3.2 Application of Biometric technology, solutions to enhance security Biometrics is gaining increasing attention

As organizations search for more secure authentication methods for user access, eCommerce, and other security applications, biometrics as a field is gaining increasing attention. Biometric technologies will provide benefits in a broad range of security domains. The following paragraphs will discuss some of these domains briefly.

3.2.1 Applications A need for a more secure future

The world would be a trusted place if everything was secure. But unfortunately, in the real world there are fraud, crime, computer hackers, and theft. Following the events of September 11th in the U.S., there is a compelling need for a more secure future, yet it's held back due to the lack of wide deployment of authentication technology solutions for logical and physical access security. Fingerprints have been legally accepted for verifying identity for over a century.[8] They cannot be altered or forgotten. They are universally accepted as unique to each individual, and they are used in situations where there can be no mistake of identity, such as criminal proceedings and high security access control. A fingerprint-based biometric security solution can assure peoples’ personal identities through digital recognition. Fingerprint authentication provides a dependable, legally acceptable method for authenticating users. With focus on information security, physical access control and management, and embedded solutions, fingerprint authentication and for that matter many other biometric features, can be integrated and applied to a wide range of industries [9],[10],[11],and [12]. Discussions regarding the different applications of biometric technologies on these different industries will follow in the next sections, but first one needs to define two concepts: Physical and Logical access.



32

3.2.1.1 Physical access Control access to secure locations

Today, a major application of biometrics is in physical security: to control access to secure locations (rooms or buildings). Unlike photo identification cards, which a security guard must verify, biometrics permit unmanned access control. Today, biometric devices, such as fingerprint readers, are deployed in office buildings, hospitals, casinos and health clubs. Biometrics are useful for high-volume access control. For example, biometrics controlled access of 65 000 people during the 1996 Olympic Games, and Disney World uses a fingerprint scanner to verify season-pass holders entering the theme park.[13]

3.2.1.2 Logical access Reach critical mass

For a long time, biometric-based network and computer access were areas often discussed but rarely implemented. Recently, however, the unit price of biometric devices has fallen dramatically [14], and several designs aimed squarely at this application are on the market. Analysts suggest[15] logical access to be the application that will provide the critical mass to move biometrics for network and computer access from the realm of science-fiction devices to regular system components. For a technology to reach critical mass the following must fall into place according to Scott Moody[15]:

1. Technology maturity 2. Low cost

3. Small Size

4. Demonstrated Compelling need

5. Value to the buyers

These five factors will start to have a substantial impact in the market for biometrics and the application thereof regarding logical access. Physical lock-downs3 can protect hardware. When it comes to digital data, physical lock-downs do not apply. Passwords are currently the most popular way to protect data on a network. Biometrics, however, can increase a company’s ability to protect its data by implementing a more secure key than a password. Using biometrics also allows a hierarchical structure of data protection, making the data even more secure. Passwords provide a minimal level of protection and biometrics can, in conjunction with passwords, provide a next level of security to certain data objects.

3 To physically lock objects (Computer Screen) in order to protect them



33

3.3 Biometric authentication applied in a wide range of sectors Integrated and applied in a wide range of sectors

Biometric authentication can be integrated and applied in a wide range of sectors. An overview of biometric authentication applications in specific sectors will now be provided.

3.3.1 E-commerce – Online business Biometric smart cards might decrease fraud by 80%

E-commerce developers are exploring the use of biometrics and smart cards to more accurately verify a trading party’s identity. For example, many banks are interested in this combination to better authenticate customers and ensure non-repudiation of online banking, trading, and purchasing transactions. Point-of-sales (POS) system vendors are working on a cardholder verification method (CVM), which would enlist smart cards and biometrics to replace signature verification. MasterCard estimates that adding smart-card based biometric authentication to a POS credit card payment will decrease fraud by 80 percent.[16]

3.3.2 Information technology in the corporate domain Biometric authentication makes access to corporate information more secure

IT security is a very important and critical issue as more and more mission-critical information resides in electronic format, from product designs, business plans, client records, financial reports, and account records. Access to these electronic resources improves value and productivity, but at the cost of a higher threat to theft and fraud because of the information being accessible in a very convenient electronic form but without the necessary security mechanisms in place to protect the information. The most widely used methods of controlling access to computers and data are by means of passwords and PIN numbers. While passwords and PIN numbers are easy to use, they provide a weak proof of identity. They are rarely changed, frequently shared, often used in plain sight and easily defeated using widely available hacker programs.[17] Since passwords do not provide the level of security necessary for an electronically networked society, the need exists for an authentication method that is easy to use, easy to connect to computer networks and legally accepted. Implementing biometric authentication and replacing passwords and PIN numbers makes access to corporate information more efficient and secure.



34

3.3.2 Information technology in the corporate domain continued Biometric authentication makes access to corporate information more secure

Not only will biometric authentication provide a means of security, it will also increase efficiency and decrease costs. Gartner Group[18] states that password maintenance costs $400 to $600 per user per year in the U.S., and that 20 to 50 percent of all calls to company help desks are from people needing their passwords reset. The use of biometric authentication implies the following:

• Eliminate password problems. • Consolidate multiple passwords to one single biometric login. • Control and manage user access to corporate network databases. • Control and manage physical access to authorized areas. • Secure important confidential corporate information.

3.3.3 Aviation September 11

th

have heightened security awareness

The events of September 11th in the US, have heightened security awareness and created the need to validate or identify users of a given service. Is the person boarding the plane or working at the airport indeed the person they claim to be? Airport security has been a concern for some time. Not only are airports a target for terrorism, they also are a means of such criminal activity such as theft, smuggling, and evasion from law enforcement authorities. Ensuring personal authentication and providing increased security, automating personal authentication of customers/employees using biometrics will reduce the labour costs and increase aviation security being demanded today. With biometric authentication solutions, one can:

• perform airport and airline employee background checks. • control and manage physical access rights to all authorized areas of

the airport. • control and manage user access to an airport computer

network/database. • securely identify passengers to their ID’s, passports, Visas, boarding

pass, and baggage.



35

3.3.4 Banking and Financial Theft, fraud and embezzlement have risen to alarming levels

Theft, fraud, and embezzlement in this sector have risen to alarming levels as electronic methods of conducting transactions are taking over the conventional systems of checks and balances. Traditionally, financial transactions required face-to-face interaction, but with today’s technology, it is more efficient and cost effective to do it electronically. Yet, this remote way of doing business via computers and the Internet creates an environment where fraud and identity theft is a part of the risk equation. As automated and remote methods of conducting banking and financial transactions grow, the need to know with certainty that the transaction is actually being performed by a known, identifiable and valid user at the other end grows in importance also. The Internet has grown to great lengths, yet fraud and identity theft are the biggest deterrents to the growth of Internet commerce and banking. Consumers can see the numerous benefits of using the Internet for shopping and trading online, yet the fear of not knowing whom they are dealing with at the other end of the transaction is what keeps them from utilizing these resources. The Gartner Group states that 24-30 million households will be transacting on the Internet from the end of 2004, up from 7 million in 1998.[19] Biometric authentication can provide security and peace of mind to these households by tackling the issue of security. A biometric authentication solution can provide:

• secure online banking transactions • secure customer financial information • new online services • non-repudiation

3.3.5 Healthcare Fraud plays a significant role in this industry

Fraud plays a significant role when it comes to government-sponsored programs focused on healthcare. According to HCFA (Health Care Financing Administration) [20] government spending on healthcare in the U.S. exceeds $560 billion. The federal government in the U.S. accounts for 33 cents of every dollar spent on healthcare in the U.S. and state governments account for another 11 cents of every dollar spent. This represents over 6 percent of GDP annually in the U.S. In South Africa the Commission of Inquiry into a Comprehensive Social Security System has proposed that South Africa move towards a national health insurance (NHI) system in which everyone, except the poor, contributes to the cost of providing universal healthcare. With this proposal goes the transformation of the current tax subsidy to employers and employees with medical aid (worth R7,8bn/year for 7m people) into an income and risk-adjusted subsidy. Government spending on health (about R33bn/year) plus this R7,8bn subsidy will be pooled in a central fund and disbursed on a per capita basis to the whole population. [21]



36

3.3.5 Healthcare continued Fraud plays a significant role in this industry

Occurrences where individuals in the name of deceased relatives or friends receive healthcare benefits, raise serious questions regarding who is receiving services or benefits in whose name. But, there is another issue of risk mitigation, as more patient data is now being kept in electronic form. Since October 16 2002, the HIPAA (Healthcare Insurance Portability & Accountability Act in the U.S.) mandates that all patient records must be protected with something stronger than a mere password.[22] Maintaining confidentiality and security of a patient’s record by allowing controlled access to selected parts of a patient’s electronic record to only those authorized clinicians who absolutely need to access the patient information to deliver services, presents a huge issue for hospitals and physicians. It is in this healthcare environment that a convenient and secure method of “just-press-here” fingerprint authentication solution, can lead to the achievement of the level of confidentiality and security of patient’s electronic records, required by hospitals and physicians. With the implementation of HIPAA (Healthcare Insurance Portability & Accountability Act in the U.S.), healthcare organizations are challenged to contain escalating administrative and security costs, while also ensuring patient privacy and security of patient records. One of the proposed standards is the use of digital signatures in HIPAA-specified transactions to: • improve the efficiency and effectiveness of the healthcare system by

standardizing the interchange of electronic data for specified administrative and financial transactions.

• protect the security and confidentiality of electronic health information.[23] The integration and use of biometric authentication can: • support standards like the HIPAA and proposals for systems in SA. • provide accurate patient history. • authenticate hospital employees for remote information access to

patients’ records. • control and manage physical access rights to authorized spaces. • perform staff background checks. • extend medical services like online prescriptions or telemedicine.



37

3.3.6 Government Biometric verification can reduce the cost of delivering essential services

Biometric verification can greatly reduce the cost of delivering essential services by government agencies and other non-profit organizations. These cost savings take on two major forms: Reducing the overheads related to the delivering of services and the reduction of fraud. In the case of government usage the greatest benefit biometric authentication offers is personal authentication. Namely, that a benefit recipient is indeed who they claim to be and who the government thinks they are. Biometric verification can greatly reduce costs for distributing social services. Distribution of funds from entitlement programs can be linked to the rightful recipients. This can help ensure timely delivery of these services while reducing the possibility of fraud and theft. Also, the use of fraudulent identities to gain access to government services can be reduced. Biometric verification can also be an enabling technology that allows broader government initiatives such as electronic voting, voter registration, vehicle registration and other online services. Therefore, from law enforcement, military, judicial, education, to social services, the use of biometric authentication can be integrated and applied to many government services. For example: • Identifying and validating the correct person in government entitlement

programs. • Identifying criminals or access control in jails and prisons • In distance learning and Internet based classes • Classified information, physical access to authorized areas, and military

equipment control • Electronic voting, voter registration, vehicle registration, and other online

services This section has addressed applications and benefits of biometric authentication in a variety of industries. The events of September 11, 2001 in the U.S. have significantly increased security concerns of both private citizens and of governments around the world, and are accelerating the deployment of biometric security solutions for information access via intranets, extranets, the Internet, physical access and for more secure financial and eCommerce transactions. As one can clearly see, the obvious benefits that biometric technologies in the different industries (discussed above) bring are vast. In the following section we will focus on some of the combined primary benefits that biometric technologies provide.



38

3.4 Advantages of biometrics Authenticate the user

As already apparent in the above section, the primary advantage of biometric authentication methods over other methods of user authentication is that they really do what they should, they authenticate the user. Listed below are some of the combined benefits that biometric technologies provide:

• The methods use real human physiological or behavioural characteristics to authenticate users.

• These biometric features are (more or less) permanent and not

changeable. It is also not easy (although in some cases not impossible) to change one’s fingerprint or other biometric characteristics.

• Users cannot pass their biometric characteristics to other users as

easily as they do with their cards or passwords.

• Biometric features cannot be stolen easily compared to objects such as tokens, keys, cards and other objects used for traditional user authentication.

• Biometric characteristics are not secret and therefore the availability of

a user’s fingerprint or iris pattern does not break security the same way as availability of the user’s password.

• Most biometric techniques are based on something that cannot be lost

or forgotten. This is an advantage for users as well as for system administrators because the problems and costs associated with lost, reissued or temporarily issued tokens/cards/passwords can be avoided, thus saving some costs in respect of systems management.

• Another advantage of biometric authentication systems may be their

speed. The authentication of a habituated user using an iris-based identification system may take 2 to 3 seconds while finding your key holder, locating the right key and using it, may take 5 to 10 seconds.



39


Biometric technology has got its obvious benefits for an array of industries where more secure systems are required. In this chapter the focus was on the benefits that biometric technology has, or could have, on the different industries. Insights into the applications of some of these biometric systems in different industries were also given by examples. In the following chapter we will look further inside the domain of biometric technology where there exist numerous types of biometric traits that can be used for identification and authentication purposes.

Chapter 4

Types of Biometrics

Chapter 4 – Types of Biometrics


41

4.1 Chapter introduction Introduction

A number of different types of biometric technologies will be discussed as contained in the BIOVISION - Roadmap for Biometrics in Europe to 2010 [16] document. But first a short overview discussing the purpose of the BIOVISION - Roadmap for Biometrics in Europe to 2010 [24] document: “As the world moves towards major deployments of biometric enabled systems, it is timely to consider where resources (of well trained and motivated people, as well as financial resources) should be focused. One of the aims of the BIOVISION project was to prepare a prioritized list of challenges, based upon a number of workshops that were held and the discussions and analysis that followed.”[24] The following is a summary of the main purpose of the BIOVISION Roadmap project: The BIOVISION consortium developed from a workshop on biometrics held in January 2002 and organized by the European Commission. The consensus developed at that workshop resulted in the proposal for the project that commenced on 1 June 2002, with duration of 14 months. The website for the current version of the BIOVISION roadmap and other materials is at http://www.eubiometricforum.com. The BIOVISION Consortium did not see the primary objective of the roadmap as the preparation of yet another quantitative prediction of the future growth in the biometrics market over the period to 2010. Although such assessments are useful and are referred to in the roadmap, the European biometric community needs a set of tools with which to develop alternative scenarios of different types of applications. The output is firstly directed to the European Commission, as customers for the study, so as to guide them in supporting areas of research, development and trial deployment that appear to be most critical for the biometrics industry in Europe. However, it is also directed towards individuals and organizations that are considering the application of biometric technologies, to support their understanding and confidence in moving forward with their ideas.[25] The different types of biometric technologies in the remaining of this chapter will be discussed in the light of the BIOVISION - Roadmap for Biometrics in Europe to 2010 [24] document.



42

4.2 Fingerprints Have been used for two centuries

Fingerprints as a means for identification and verification have been used for at least two centuries. Although research regarding the ridge detail was not undertaken until the latter part of the 19th century, the outcomes of these research projects showed that the ridge detail exhibits a high degree of uniqueness.

4.2.1 History Fingerprint impressions on pottery shards

In the 1870’s Dr. Henry Faulds [26], at that time a missionary doctor serving in Japan, uncovered ancient fingerprint impressions imbedded on pottery shards found in shell pits. He immediately thought that these might act as the artist’s distinctive marking. Thus, inspired, he started collecting and researching fingerprints. In the late 1870’s, Faulds made a major breakthrough in using the fingerprint knowledge he acquired through his research as an aid in a criminal investigation regarding a break-in that occurred at Faulds’ laboratory. For police forces and forensic services around the world a high priority was put on developing the technology and processes to automate the identification of possible matches of latent prints left at a crime scene with records of previously stored prints. The result is Automated Fingerprint Identification System (AFIS) technology that became reality in the past quarter century. Final comparisons are still left to expert examiners when it comes to using fingerprint identification as proof in a criminal investigation. The capturing of fingerprint data has come a long way from ‘ink and paper’ to live-scan systems where all ten fingerprints can be collected by placing both hands on a single glass plate. Two fingerprints that are being matched must have the same general pattern to result in the positive identification of an individual. They must also have a certain number of common ridge characteristics. This number can vary depending on how common the characteristics are and how much of the print is available. There are two main methods that are used for fingerprint identification.



43

4.2.2 Minutiae-based techniques Allocates a set of co-ordinates

The minutiae based technique allocates a set of co-ordinates to a predetermined number of mapped geographical points on the fingerprint, such as line junctions, called bifurcations, the locations of sweat pores, or where ridges and valleys begin or end. It is difficult to extract the minutiae points accurately when the fingerprint is of low quality.[27] Also this method does not take into account the global pattern of ridges and furrows. The correlation-based method that is going to be discussed next is able to overcome some of the difficulties of the minutiae-based approach.

4.2.3 Correlation-based techniques Fingerprint details are described on three levels

Correlation-based techniques require the precise location of a registration point and are affected by image translation and rotation. Fingerprint details are described on three levels. Level one detail includes the general ridge flow and pattern configuration. The details are not sufficient for individualization but can be used for exclusion. They may include information enabling orientation, core and delta location and distinction of finger versus palm. Level two details include formations and ridge characteristics. The relationship of level two details enables individualization. Level three details include all dimensional attributes of a ridge, such as ridge path deviation, width, shape, pores, edge contour, incipient ridges, breaks, creases, scars and other permanent details. If a person leaves an image of his/her fingerprint on a surface (such as a wine glass) it is deformed by the nature of pressing against that surface. Because of this it is not easy to match one fingerprint image against another in a simple way. A fingerprint Biometric system generally has two high level components: the sensor and the algorithm that processes the image into a template and also compares the captured images with the stored templates.

4.2.4 Different fingerprint sensing technologies Evolved rapidly over the past 20 years

Fingerprint sensor technologies have evolved rapidly over the past 20 years. Some of these types of sensors are briefly mentioned in the next paragraph.



44

4.2.4.1 Optical sensing Main sensing of the fingerprint

The main sensing of the fingerprint detail occurs in the form of an optical prism with a source of light on one face, and a camera on another face to sense the light that is reflected off the finger that is pressed against a third face of the prism. Total internal reflection off the ridges modulates the incident light to develop an image of the fingerprint pattern. Devices using this technology were initially quite large, but smaller units that fit into a PC mouse have now been commercialized. Devices for under $100(US) available as complete peripherals (such as a PC mouse) have been marketed. [24]

4.2.4.2 Capacitive silicon A thin sliver of silicon is processed into a fine matrix

Introduced in the mid 1990's, these are similar to an unpackaged IC (Integrated Circuit). A thin sliver of silicon is processed into a fine matrix array of small capacitors with the finger offering the other plate. The distance between a ridge and the silicon plate differs from that between a valley point and its corresponding point on the silicon, leading to a difference in the capacitance, the distribution of which images the fingerprint detail. Two forms are available - dc and ac coupled. In the past, there have been some problems with resistance to electrostatic discharges and performance with very dry or very moist fingers. Current pricing is in the $25-$40(US) unit price in 10,000 unit quantities, with the aim to reduce this to a $5(US) unit cost in the near future. Smaller area devices that can be swept by the finger reduce the cost to about $10(US) each in 10,000 unit orders (2002 prices). An example of the device integrated into a component is the Siemens PC mouse, priced at $129(US).

4.2.4.3 Electric field sensors Similar to capacitive silicon

Similar in form factor to the capacitive silicon device, an electric-field sensing device is available from Authentic.[24]



45

4.2.4.4 Thermoelectric sweep sensor Responds to the difference in temperature

Atmel offer a 14mm by 0.4mm linear sensor that responds to the difference in temperature and thermal conduction between the ridge and contact with a semiconductor surface and the valley where there is no contact.[28] A version is integrated into the popular iPAQ h5400 Pocket PC.

Figure 4.2.1

Figure 4.2.1 AT77C101B FingerChip(Thermoelectric sweep sensor)

4.2.4.5 Ultrasonic sensing Senses the pattern of the ridges underneath the skin

Quite a large unit that is claimed to have better performance as it senses the pattern of the ridges underneath the skin surface, thereby reducing the effect of surface dirt and skin cuts. Ultra Scan is the only commercial supplier.[29]

4.2.4.6 Pressure array Micro-miniature pressure sensors

BMF/Hitachi has recently developed a device with a two-dimensional matrix of micro-miniature pressure sensors that is claimed to be more resistant to spoofing by a synthetic finger.

Figure 4.2.2

Figure 4.2.2 BMF BLP-100 pressure sensor.



46

4.2.5 Applications Use of fingerprints in top end products

Fingerprints as a biometric technology is well established and the visibility of the use of fingerprints as a biometric in top end products (PDAs (HP's iPAQ h5400), laptop PCs (Samsung PC10), mobile phones (DoCoMo F505i)) provides proof of this. Unfortunately, fingerprints by their nature are a very open and visible biometric trait. Everywhere we touch we leave latent fingerprints. These latent fingerprints can be used to manufacture “dummy” fingerprints which can be used to obtain access to fingerprint biometric systems by fooling the system in authenticating the crook as a valid user. More on liveness testing in Part II of this dissertation.

4.3 Hand and finger geometry Unique geometry of hands and fingers

Hand and finger geometry recognition is the process of identifying an individual through the unique "geometry" (shape, thickness, length, width, etc.) of that individual's hand or fingers.

4.3.1 History Since the early 1980’s

Hand geometry recognition has been employed since the early 1980's and is among the most widely-used biometric technologies for controlling access to important assets. It is easy to install and use, and is appropriate for use in any location requiring highly-accurate, non-intrusive biometric security. For example, it is currently used in numerous workplaces, day care facilities, hospitals, universities, airports, and power plants. A newer option within hand geometry recognition technology is finger geometry recognition (not to be confused with fingerprint recognition). Finger geometry recognition relies on the same scanning methods and technologies as does hand geometry recognition, but the scanner only scans two of the user's fingers, as opposed to his entire hand. Finger geometry recognition has been in commercial use since the mid 1990's and is mainly used in time and attendance applications (i.e., to track when individuals have entered and exited a location).



47

4.3.2 Technology behind sensing hand and finger geometry Biometric unit used for scanning

To use a hand or finger geometry unit, an individual presents his or her hand or fingers to the biometric unit for scanning. The scanner consists of a Charged Coupled Device (CCD) which is essentially a high resolution digital camera, a reflective plate on which the hand is placed and a mirror or mirrors that help capture different angles of the hand or fingers. The camera "scans" individual geometric characteristics of the hand or fingers by taking multiple images while the user's hand rests on the reflective plate. The camera also captures depth (three-dimensional information) through light reflected from the mirrors and the reflective plate. This live image is then compared to a template that was previously established for that individual when they were enrolled in the system. If the live scan of the individual matches the stored template, the individual is verified. Typically, verification takes about 2 seconds. In access control applications, the scanner is usually connected to some sort of electronic lock, which unlocks the door, turnstile, or other entry barrier when the user is verified. The user can then proceed through the entrance. In time and attendance applications, the time that an individual checks in and out of a location is stored for later use.

4.3.3 Applications Disney World

To date, the only large-scale commercial use of two finger geometry for controlling access is at Disney World, where season pass holders use the geometry of their index and middle finger to gain access to the facilities. Hand geometry addresses the need for a clear niche in the marketplace - access control and time and attendance where the ultimate in security is not a critical factor. Hand geometry is a well established and well-characterized system and therefore it is likely to continue to serve this marketplace, although other methods using cheaper and more compact hardware (e.g. those using fingerprints) are likely to draw customers away from this sector. Issues of security, robustness and user acceptance will determine the extent of this migration.



48

4.4 Iris Coloured tissue surrounding the pupil of the eye

The human iris is the coloured tissue surrounding the pupil of the eye. The iris as a biometric trait is a relatively recent biometric compared to the human Retina. More on the Retina in the next section.

4.4.1 History Originally proposed in 1936

The idea of using iris patterns for personal identification was originally proposed in 1936 by ophthalmologist Frank Burch. By the 1980's the idea had appeared in James Bond films, but it still remained science fiction. In 1987 two other ophthalmologists, Aran Safir and Leonard Flom, patented this idea, and in 1989 they asked John Daugman (then teaching at Harvard University) to try to create actual algorithms for iris recognition. These algorithms, which Daugman patented in 1994 and are owned by Iridian Technologies are the basis for all current iris recognition systems and products.

4.4.2 Technology behind sensing detail in the iris 200 Points that can be used for comparison

Iris scans analyze the more than 200 points that can be used for comparison, including rings, furrows and freckles found inside the coloured area. When the Iris is scanned, a normal video camera can be used, the scan can be done from further away than a retinal scan. An Iris scan has been proved to work through glasses. The typical usage procedure is as follows: The user places himself/herself so that he can see his own eye's reflection in the device. The user may be able to do this from up to sixty centimetres away or may need to be as close as a two centimetres, depending on the device. Verification time is generally less than 5 seconds, though the user will only need to look into the device for a couple of moments. As a preventive measure against the use of a “fake” eye these devices may vary the light shone into the eye and check for pupil dilation. The uniqueness of eyes, even between the left and right eye of the same person, makes iris scanning very powerful for identification purposes. The likelihood of a false positive match against a template in the template database is extremely low and its relative speed and ease of use make it a great potential biometric. The only drawbacks are the potential difficulty in getting someone to hold their head in the right position for the scan if they are not doing the scan willingly.



49

4.4.3 Applications Law enforcement in the U.S.

Law enforcement agencies in the United States began using it in 1994 when the Lancaster County Prison in Pennsylvania became the first correctional facility to employ the technology for prisoner identification. In Berkshire County, the technology is used in the newly built Berkshire County Jail as a security check for employees. The Charlotte/Douglas International Airport in North Carolina allow frequent passengers to register their iris scans in an effort to streamline boarding procedures. There is discussion that banks may someday make iris scans a routine part of ATM transactions, and some have begun taking the first steps in testing these systems. It is apparent in the above that Iris recognition is a relative newcomer to the portfolio of biometric traits, yet it has established itself as a key technology with the potential of addressing many of the more demanding applications for secure authentication. In particular, it holds great promise for use in large scale identification systems, where individual distinctiveness of a template is a critical requirement. It is therefore a competitor to Automated Fingerprint Identification Systems (AFIS). However, the lack of experience in working with large numbers of users puts it at a disadvantage with the century of experience with the use of fingerprints.

4.5 Retina Rear part of the eye

The human Retina is the rear part of the eye and has many veins and capillaries. The veins and capillaries form a unique pattern which is not replicated. While the veins and capillaries are unique and not replicated in other humans, they sometimes change within an individual, this phenomenon makes the algorithms a bit more complicated.



50

4.5.1 History One of the oldest biometrics

The Retina as a biometric trait is actually one of the oldest biometrics, as 1930's research suggested that the patterns of blood vessels on the back of the human eye were unique to each individual. While technology has taken more time than the theory to be usable, EyeDentify [30], founded in 1976, developed The Eyedentification personal identification unit, the first retina scan device made for commercial use, in 1984. At this point in time, they are still the primary company for retinal scan devices though they do use resellers.

4.5.2 Technology behind scanning the retina Low intensity light source and optical coupler

Scanning of the retina involves using a low-intensity light source and an optical coupler4 that can read the patterns at a great level of accuracy. There are 320 measurements taken during this process. It does require the user to remove glasses, place their eye close to the device, and focus on a certain point. Whether the accuracy can outweigh the public discomfort has yet to be seen.

4.5.3 Applications Exclusively used in high-end security solutions

Contrary to popular public misconceptions, and reflective of what is seen in the movies, retina scan is used almost exclusively in high-end security applications. It is used for controlling access to areas or rooms in military installations, power plants and the like that are considered high risk security areas. Retina scan devices are probably the most accurate biometric available today. The continuity of the retinal pattern throughout life and the difficulty in fooling such a device also make it a great long-term, high-security option. Unfortunately, the cost of the proprietary hardware as well as the inability to evolve easily with new technology make retinal scan devices a bad fit for most situations. It also has the stigma of consumers thinking it is potentially harmful to the eye, and in general not easy to use. A comment in an internal test report by a reseller summarizes this accurately: 'Not tested because employees are afraid of this device'.

4 An optical coupler is a structure used for enhancing the absorption and detection of radiation in a detector.

It may be based on a grating, in which case it is named a grating coupler. Another common type of coupler is the prism coupler.



51

4.6 Facial recognition Characteristics of a person’s face

As gathered from the name, facial recognition analyzes the characteristics of a person's face. Access is permitted only if a match is found.

4.6.1 History Began in the 1960’s

The first attempts began in the 1960’s with a semi-automated system. Marks were made on photographs to locate the major features; it used features such as eyes, ears, noses, and mouths. The distances and ratios were computed from these marks to a common reference point and compared to reference data. In the early 1970’s Goldstein, Harmon and Lesk created a system of 21 subjective markers such as hair colour and lip thickness [31]. This proved even harder to automate due to the subjective nature of many of the measurements still done completely by hand. A more automated approach to recognition began with Fisher and Elschlagerb just a few years after the Goldstein paper. This approach measured the features above using templates of features of different pieces of the face and then mapped them all onto a global template. After continued research it was found that these features do not contain enough unique data to represent an adult face. Another approach is the Connectionist approach, which seeks to classify the human face using a combination of both range of gestures and a set of identifying markers. This is usually implemented using two-dimensional pattern recognition and neural net principles. Most of the time this approach requires a huge number of training faces to achieve decent accuracy; for that reason it has yet to be implemented on a large scale. The first fully automated system to be developed utilized very general pattern recognition. It compared faces to a generic face model of expected features and created a series of patterns for an image relative to this model. This approach is mainly statistical and relies on histograms and the greyscale value.



52

Figure 4.6.1: Cognitec

FaceVacs

4.6.2 Technology for sensing facial features Digital video camera

The process works when a user faces a digital video camera, usually standing about sixty centimetres away from it, where the overall facial structure, including distances between eyes, nose, mouth, and jaw edges are measured. These measurements are captured in a database and used as a comparison when a user stands before the camera again. Facial recognition has many advantages such as easy integration into existing access control or time and attendance systems, verification and/or identification being accomplished in a short time period, flexible communication interfaces that enable terminals to be networked together, and a non-intrusive technology. Facial recognition technology does have its challenges. Today’s IT and Security professional will have to deal with the frustration of verification reattempts. Changes in lighting, objects in the background distorting a reading, imprecise facial positioning, and expressions of the user can all contribute to verification reattempts. A second challenge is the scanner’s inability to recognize countermeasures against a clean photo such as beards, moustaches, and disguises. A third challenge is the possibility of fake faces or moulds affecting a reading. Legal and privacy issues can be seen as final challenges.

4.6.3 Applications Cognitec FaceVacs

Cognitec Corporation’s FaceVACS-Entry technology facial recognition scanner (Figure 4.6.1) showcases a facial recognition example. Here the technology is used for allowing this flight attendant airport access and verification. Notice the distance (two feet) from the machine to the user. The future of facial recognition remains uncertain due to the difficulties in making a positive identification of a person and with this biometric being a verification only type of system. Since its inception, facial recognition has been touted as a fantastic system for recognizing potential threats (whether terrorist, scam artist, key or known criminal) but so far has been unproven in high-level usage. The technology has proven to have more problems than successes.

Figure 4.6.1



53

4.7 Speaker verification Distinctive aspects of the voice

Speaker verification technology utilizes the distinctive aspects of the voice to verify the identity of individuals. Speaker verification is occasionally confused with speech recognition, a technology which translates what a user is saying (a process unrelated to authentication). Speaker verification technology, by contrast, verifies the identity of the individual who is speaking. The two technologies are often bundled – speech recognition is used to translate the spoken word into an account number, and Speaker verification verifies the vocal characteristics against the vocal characteristics of the owner associated with the account.

4.7.1 Technology Audio capture device

Speaker verification can utilize any audio capture device, including mobile and land telephones as well as PC microphones. The performance of voice recognition systems can vary according to the quality of the audio signal as well as variation between enrolment and verification devices. Speaker verification systems fall into two classes, depending on whether the recognition is text dependent or text independent.

4.7.2 Text dependent Knows in advanced what the speaker is supposed to say

Text dependent systems know in advance what the speaker is supposed to say. Typically the person will speak a short ‘pass phrase’ that will then be compared against a model or template based on that person's utterance of the same words during enrolment. Sometimes there is a single, fixed pass phrase – this raises the possibility of an attack using a recording. To overcome this problem, the system may enrol the person using multiple words or phrases, perhaps the digits “0” to “9”. Then the person can be asked to speak a random selection of these. This challenge-response method makes it much harder to attack a system using recordings. Explicit knowledge of the words being used means that the systems can be fairly accurate at recognition on fairly short amount of speech, provided the speaker is being cooperative.



54

4.7.3 Text independent Do not know beforehand what the speaker will say

Text independent systems, do not know beforehand what the speaker will say. Generally such systems will have to make use of whatever speech is available for both enrolment and verification. To get a reasonable performance, the systems require a far greater amount of speech. Such systems are more robust for recognizing uncooperative speakers. Text independent speaker verification is more likely to be used for forensic or covert applications. One of the current problems for speaker verification is that of coping with low quality microphone types, and noise on the telephone link may be much alleviated as the technology in these areas improves. Current systems do not make use of an individual’s phraseology, style, idioms they use and other speech data that humans use in the recognition task. The use of such information could lead to improvements in text independent speaker recognition. Currently there seems to be little work in developing standards for interchange of biometric speech data.

4.7.4 Applications Automated password resets

A large proportion of calls to IT helpdesks involve password reset. There are now a number of automated password reset products on the market that use speaker verification to help ensure that only the account owner can reset their password. Such systems can be more secure than relying on the IT helpdesk staff to correctly identify the caller, and also can offer a considerable cost saving.

4.8 Esoteric biometrics Biometrics that are still in the early developmental stage

The previous sections (4.2 to 4.7) discussed mainstream biometrics or biometrics that are commonly available or commercially viable. This section focuses on esoteric biometrics or biometrics that are still in the early experimental and development stages. Research efforts have started to tackle some of these esoteric biometric features. It is reasonable to expect that at least some of today’s esoteric biometrics could become tomorrow’s mainstream biometrics.



55

4.8.1 DNA recognition Genetic information of a cell

DNA carries the genetic information of a cell. This information is contained by the combination of proteins. Population studies show that there is enough support because of statistical estimations at this stage to say that a DNA profile of someone can most likely be matched to that person and only that person in a whole world population. DNA is present in all the cells in a human being, and is routinely shed in the form of sweat, saliva, skin cells and hair, etc. The downside though of DNA as a biometric is that the process of extracting and amplification of the DNA in order to record it as a DNA profile is still time consuming and very costly. Quite a few electronic developments in the form of integrated circuits(IC’s) that can act like micro-laboratories are in development, and might prove to be exciting possibilities in the near future. One thing with DNA as a biometric is the fact that all human beings leave a trace of their DNA where ever they move in the form of sweat, saliva, skin cells and hair. So, the question is how liveness will be proved. For example: if someone obtains cells of an individual containing that individuals’ DNA and uses that DNA to claim the identity of someone he/she is not.

4.8.2 GAIT recognition “By the way they walk”

The term gait recognition is typically used to signify the identification of people ‘by the way they walk’. Gait is determined by the physical characteristics of each individual, and so is believed to be as unique to the person as a fingerprint is. Gait is also one of the few biometrics that can be measured at a distance, which makes it useful in surveillance applications as well. The majority of current approaches in using gait as a biometric trait are motion-based, combining the image sequence of a video recording by its motion or by statistical analysis. There is great scope for future research, both in application and developing human gait recognition as a biometric trait. Clearly, gait would benefit from an established database on which to assess new developments. These developments could be improvements in recognition procedure or in automated techniques. As such, future work will establish more precisely the results that can be achieved by this new biometric. If its performance can equal that of other biometrics, then by its practical advantages it could indeed become a pragmatist’s choice.



56

4.8.3 Skin luminescence Light reflection on the skin

Lumidigm [32] have patented a method of characterizing the reflectivity, absorbance and scattering of light from the skin of individuals, as a function of wavelength of incident light and the distance between the light source and the skin surface. The method is under development for a commercialized product. A related technique is based upon the scattering of light from the nail bed under the fingernails. Spectrometry of the light absorbed by blood and scattered by skin is claimed to offer a way of distinguishing individuals.

4.8.4 Lip movement biometrics Adjunct to facial recognition and speaker verification

This biometric could be an adjunct to either facial recognition or speaker verification systems, with the aim of improving the performance of either of these two methods. IDIAP at Martigny [33] in Switzerland is making significant progress in this field.

4.8.5 Ear based biometrics The outer shape of the ear & otoacoustic emissions

Systems have been proposed that make use of:

a) The outer shape of the ear. This is already used by a number of police forces to identify criminals, and the subject of the European Commission funded FEARID [34] project. Research into the use of this feature as a biometric has been reported by a number of groups.

b) The otoacoustic emissions measuring the response to a transient input signal broadcast into the ear.



57

4.8.6 Odor recognition Uniqueness of an individual’s body odour

The uniqueness of an individual’s body odor has been used to find survivors in the aftermath of an earthquake by making use of the very sensitive noses of trained dogs. Each human scent is comprised of approximately 30 chemical substances known as rolatiles. Different quantities of these chemicals create the unique smell that individuals have. Sensor developments that are particularly of interest in the context of human odor sensing include the micro fabrication of channels and micro pumps, and the construction of CMOS sensors that use FET transistors sensitive to specific gasses and vapours. The new nano-technology paradigm is the key to developing gas chromatographs, mass and optical spectrometers that could perform the complex analyses of human generated odours. The extent to which electronically sensed individually distinct odours can be measured remains uncertain, although certain clues are coming to light. For example, analysis of breath for halitosis has been demonstrated using a 40 element sensor array, with varying sensitivities. Rome University has recently demonstrated how an electronic nose can determine the vaporized concentration of a male pheromone from maxillas of students. Tests showed a bimodal distribution whose origin is the subject of further research.[35]

4.9 Multimodal biometrics Combining existing systems for better results

As a general rule, if an authentication system is designed and made by humans, it can be defeated by humans and thus: no single biometric technology has proved infallible. Industry and academics are combining existing systems for better results and thus the term Multimodal biometrics5. Unfortunately, there is no single biometric solution that works for every person. Variations in biology and appearance can render facial recognition systems, iris scanning and even fingerprints ineffective. Additionally, many of today’s systems can be fooled with simple techniques that will be discussed in a later chapter. These issues are leading many corporations and academics to investigate multimodal biometric systems that combine several existing methods into a single, more foolproof system. The Multimodal biometric market segment is poised to grow even faster than biometrics has.

5 Systems that utilize more than one physiological or behavioral characteristic for enrollment, verification, or

identification.



58

4.9 Multimodal biometrics continued Combining existing systems for better results

One leading provider, HumanScan [36], combines face recognition, voiceprints and lip movements to identify a person. Using a simple video camera and microphone, the system creates a unique template for each individual and produces much better results. Already used in a number of military applications, the technology is to be used to begin tracking visitors to the US and Germany at the end of 2005. In the USA a Minnesota based company, Identix [37], is extending its current face recognition software and fingerprint scanners with “skinprint”, a method for extracting skin textures from a digital photo image. The technology increases accuracy from 70% to over 90% and can even differentiate identical twins. From an adoption perspective, the technology can accommodate the exciting wealth of facial scans currently being tracked, eliminating the need to re-scan individuals. Identix [37] has also developed software that allows users to integrate any two biometric systems. Effectively combining the scores of both systems to produce a single” confidence score”, the system is already being used to monitor workers entering and exiting the Gaza strip. Like all developing technologies, issues abound including standards, government approval and scoring, but in the case of biometrics, the rule of “more is better” certainly seems to apply.



59


The BIOVISION - Roadmap for Biometrics in Europe to 2010 [19] document provides the biometric field with a roadmap to encourage research and a sense of focus on promising, and already proven biometric related technologies. The above biometric technologies in sections 4.1 to 4.9 have been briefly discussed according to the direction that the BIOVISION document provides. The Biometrics Market Report 2003-2007 [38] gives the following summary of relative market share between a collection of relevant biometric technologies.(Figure 4.10.1.)

Figure 4.10.1

Figure 4.10.1: Comparative market share by technology. [38]

Summary cont.

An interesting fact to point out is that Finger scanning technologies still fills a full 53% of the market, although it is a biometric trait that one leaves everywhere one touches, and that can easily be reproduced from a latent print into the form of a dummy finger that has been proven to fool most of the modern finger scanners, as will be discussed in Part II of this dissertation. One of the interesting outputs from the BIOVISION - Roadmap for Biometrics in Europe to 2010 [19] is graph 4.10.2. The result shows the position of themes relating to the application of biometric systems in the financial sector and where they lie in relation to the two factors: Uncertainty and Importance. It is disturbing to observe that the security theme is of high importance but still remain relatively uncertain. This point provides proof that although security is considered a very important factor in biometric systems it is still is not known to what extent these systems can be trusted.



60

4.10 Chapter summary continued Figure 4.10.2

Figure 4.10.2: Importance vs. uncertainty Plot for Financial application of

biometrics. [19]

Summary cont.

All the biometric technologies discussed in chapter 4, has got its strengths and weaknesses, as can clearly be seen. One of the themes running throughout biometric technology remains security. It is clear in figure 4.10.2. that security has a relative high importance but remains uncertain regarding ruggedness. Included in the security node is liveness assurance or liveness testing. The area of liveness assurance inside the domain of security in biometric applications is one of the major weights preventing the biometric rocket to take off. Therefore the focus in Part II of this dissertation will revolve around Liveness and how to test for it. Current vulnerabilities in liveness assurance approaches will be highlighted.

PART II

Liveness testing on Biometrics

Part II – Introduction

Introduction

Someone once said: “If a system is made by man, it can be defeated by man.” This part (Part II) of the dissertation shines a light on one of the ways to defeat a biometric system, namely, to substitute an artificial or simulated biometric sample for the biometric of the “real” owner of that biometric trait, also called spoofing. Liveness testing is critical in biometric applications today. Liveness testing aims to provide a means to boost confidence in the identification and verification process. When an individual via a biometric system claims to be someone, liveness testing attempts to establish if the individual is alive and able to make such a claim. Currently there are quite a few issues revolving around liveness testing and related technologies. One of the major issues is the fact that most existing liveness testing technologies only attempt to establish if an individual is alive or not. Liveness testing technologies in general does NOT attempt to establish if the biometric trait is being presented with the consent of its owner. i.e. is the owner conscious and able to make the decision to present the biometric? Even though biometric devices use physiologic information in the identification and verification purposes, these physiological traits do not necessarily indicate liveness. The goal of liveness testing is therefore to determine if the biometric trait being captured is actually taken from the authorized, live owner who is present at the time of capture. In this part (Part II) of the dissertation these issues will surface and some of them will be discussed in more depth.

Chapter 5

Liveness testing, why, what and how to test

Chapter 5 – Liveness testing, why, how and what to test

PART II Liveness testing on Biometrics

64


Recent reports have proved that biometric devices can be spoofed using a variety of methods. For example: articles published in Atlantic Monthly’s magazine called “c’t magazine” [35] have described relative elementary procedures that can fool biometric devices in simple ways. Some spoofing techniques were as elementary as breathing on a fingerprint sensor and then by doing that, the sensor picked up an image of the previous latent fingerprint left on the sensor surface and accepted that as a live finger being presented. Security provided by biometric systems, and specifically the level of confidence by which the system can assess the user’s identity, is diminished if such biometric devices can be readily circumvented. Liveness testing is one of the methods receiving a lot of attention because of attempts to provide a mechanism to stop these types of attacks. This chapter will look at liveness testing and will ask the questions: Why should liveness testing exist in a biometric system? What should a liveness test, test? An overview of how current liveness testing works will also be presented. Lets start with the first question: Why should liveness testing exist?

5.2 Why should liveness testing exist? Need not be a sophisticated process

Liveness testing sometimes need not be a sophisticated process, it might be as simple as having someone observing the capturing of the biometric trait at the sensor device. As an example of this and to show the necessity for liveness testing the following story was reported in the Eastern Province Herald news paper [39]: In our country, South Africa, pensioners can use a fingerprint to prove their identity in order to claim a monthly pension amount. Postmaster Dawie Bester manned the counter for illiterate people when a young man and woman arrived, holding an older man between them. The young man and women explained that the older man was their uncle and that he is very lazy.



65

5.2 Why should liveness testing exist? Continued Need not be a sophisticated process

Postmaster Bester became suspicious when he noticed that the old mans’ eyes were completely still. Then when he noticed the way the young man manoeuvred the old mans’ hand on the counter for fingerprint authentication, he approached and explained to the young man and woman that it is required that the pension claimants be in full control of their bodies and minds to get the amount. Bester told them that he would have to summon his supervisor. The young man and woman began shouting at Bester and turned around and ran off abruptly leaving the old man to fall to the ground. Bester commented: “When I got to the other side of the counter, I discovered that the old man was ice cold and had obviously been dead for many hours, so I called the police. In my 29 years working in this post office I have never known such a thing. We have had several people die while waiting in the queue but never a dead person trying to claim.” If the liveness test in the reported instance wasn’t a person (in the form of postmaster Bester) manning and observing the sensor, it would have been compromised. Imagine the risk if the same process was used in an unmanned application like withdrawing money from an ATM. The above example illustrates the importance of liveness testing and provides a very practical reason WHY liveness testing is receiving such a focus in current biometrics.

5.3 What should a liveness test, test? WHAT needs to be tested to ensure liveness?

Every security technology has weaknesses and strengths, the same with biometrics. Most current biometric technologies have a number of points that pose a vulnerability to compromise system integrity. As stated before, the vulnerability of spoofing current biometric sensors that read a biometric trait will receive focus in this section. The physical biometric reader is especially susceptible for a point of entry in spoofing attacks because of the fact that biometric sensors are normally installed in an easily observable and accessible location, naturally to allow users of the biometric system to use the biometric sensor easily and conveniently. This however also makes it easier for the potential adversary. The example in section 5.2 of the monthly pension amount paid out to beneficiaries authenticated by fingerprint biometrics is an example of an attack using a real biometric trait that is still part of the owner but used without the owner’s consent. So, one asks the question: WHAT needs to be tested to ensure liveness? The following surfaces:

Is the biometric trait being presented at the sensor still alive and part of its owner?

Is the biometric trait that is presented, obtained with the consent of its owner. i.e. is the owner conscious and able to make the decision to present the biometric?



66

5.3 What should a liveness test, test? Continued WHAT needs to be tested to ensure liveness cont.?

Most current biometric liveness tests attempt to establish the liveness of a presented biometric trait. However (in most cases) a result from this does not necessarily assure that the biometric trait is being presented with the owners’ consent. Think of the possible case where the owner of a biometric trait is alive but unconscious for whatever reason, and the adversary presents the biometric trait to the sensor while the owner is alive but unconscious, thus without the owners’ knowledge and therefore without his consent.

5.4 Current liveness tests (HOW to test) Liveness detection takes place at different stages

Liveness detection can be performed either at the acquisition stage, or at the processing stage. For example, an optical fingerprint scanner would create an image of most objects. But, the biometric system will however not be able to extract typical fingerprint features if the object is not a fingerprint, thus liveness detection takes place at the processing stage. A capacitive fingerprint sensor on the other hand, would not even create an image of objects that are not similar to fingerprints, thus the liveness detection takes place at the acquisition stage. [40] Also, a video camera used as the biometric sensor in a facial recognition application will create an image of whatever is presented, thus the liveness detection will have to take place separately at the processing stage. In contrast, a thermal video camera used as the biometric sensor in a thermal facial recognition application will not create an image if the presented face has no difference in temperature across the surface of the face. The thermal video camera uses differences in warm and cold areas to create an image, thus if only a picture of someone’s face is presented to the thermal video camera no image will be created. Liveness detection takes place at the acquisition stage.



67

5.4 Current liveness tests (HOW to test) continued Liveness detection takes place at different stages cont.

Besides the two different stages (acquisition stage, or processing stage) in which liveness testing is implemented, there also exists two different approaches to determine if a biometric is alive or not namely: liveness detection and non-liveness detection. Methods used in spoofing a biometric system often have a number of different non-liveness characteristics that could be used to detect non-liveness. Examples of non-liveness detection methods would be to detect air bubbles in gelatine artificial fingerprints, or to detect reflective qualities in pictures or LCD(Liquid Crystal Displays) used to spoof facial recognition biometric devices. Most biometric systems today have a decision process which firstly checks for liveness: if data = live, perform acquisition and extraction

else if data = not live, do not perform acquisition and extraction This means that the adversary has a simpler task when attempting to imitate a live biometric than circumventing a non-liveness detection mechanism. This is true because most biometric liveness tests attempt to extract and assess liveness features and NOT non-liveness features. There are essentially three different ways to introduce liveness detection into a biometric system [41]:

• Using extra hardware to acquire life signs. • Using the information already captured by the system to detect life

signs.

• Using liveness information inherent to the biometric. The first of these methods (using extra hardware) introduces a subset of issues. It is expensive, it is bulky and it could still be possible to present the artificial biometric to the biometric sensor and the real biometric of the intruder to the hardware that detects liveness. Also, in some cases it is still possible to fool the additional hardware with, for example, a wafer-thin artificial fingerprint or a high quality three dimensional artificial eye to fool an iris scanner. The second method (using existing information) does not have these disadvantages, except maybe that it could be possible to still fool with an artificial biometric. It is on the other hand a bit more complicated to extract the life signs using no additional hardware.



68

5.4 Current liveness tests (HOW to test) continued Liveness detection takes place at different stages cont.

The third method of using inherent liveness information to the biometric will be discussed in part III of this dissertation. The ways to introduce liveness detection are relatively different between specific biometric traits. Therefore the following section will attempt to generalize and provide a summary of liveness detection methods, but with the focus on fingerprints as a biometric trait.

5.4.1 Using extra hardware Problems exist

One of the issues with liveness detection methods that are based on extra hardware, is the fact that in most cases the physical biometric reader (fingerprint reader, iris scanner, etc.) has to be adjusted to operate efficiently in different kinds of environments. This leads to problems, typically ending up with having the margin of liveness acceptability too high in order for the reader to accommodate different physical environments. For example, when using a wafer-thin artificial fingerprint glued on to a live finger the liveness detection hardware might not be sensitive enough to detect the spoofing attempt. Furthermore, using extra hardware will in many cases be inconvenient for the user. Some of the liveness features that can be used as ‘proof of live’ by using extra hardware are summarized in the following sections. The focus here will be on fingerprints as a biometric. This is because the list of liveness features for all current biometric technologies are simply endless.



69

5.4.1.1 Temperature Temperature with contrast

Temperature is not a biometric trait, except when looking at different contrasts of different temperatures in the face, e.g. thermal facial recognition. In other words temperature without contrast is not a unique characteristic from individual to individual, except that all human beings are warm blooded (37°C). For this reason all biometric traits incorporating temperature as a liveness detection method have the common problem of checking the temperature separately from the physical biometric trait. This means that the biometric trait might be spoofed, but because it is still presented by a live person (although not the owner) the sensor accepts the biometric trait as alive. For a fingerprint the temperature of the epidermis is about 26 - 30°C. When using a thin silicone artificial fingerprint, this will result in a decrease by a maximum of 2°C of the temperature transfer to the sensor. It will however not be difficult to have the temperature of the artificial fingerprint within the working margins of the sensor. Sensors that are used outdoors often have a broader working margin, giving the intruder even better prerequisites.[42]

5.4.1.2 Optical properties The optical properties of human skin vs. other materials

Optical sensors can use the optical properties of human skin versus other materials as a liveness detection method. These properties include e.g. absorption, reflection, scattering, and refraction under different lighting conditions (such as red, blue, green, infrared and laser lights). But again this is not failsafe. A gelatine artificial fingerprint, for example, does however have optical properties which are very similar to human skin. [43]



70

5.4.1.3 Pulse Has been used effectively in the medical field

In the medical field pulse has been a very effective way to check liveness. When pulse is used as a liveness detection method in biometrics we again have the same problem as with so many liveness detection methods, and that is that the liveness detection method is separated from the physical biometric trait, for example : The pulse in the tip of the finger can be detected and used as a liveness detection method. With a wafer-thin artificial fingerprint, the underlying finger's pulse will however be sensed. Also, practical problems arise due to changes in the pulse. A person with a pulse of 40 beats per minute implicates that the finger must be held for at least four seconds on the sensor for the pulse to be detectable. The same person could have a pulse of 80 beats per minute if he or she worked out immediately before the fingerprint scanning. The emotional state of the person also affects the pulse.[44] A US patent entitled Anti-Fraud Biometric Sensor that Accurately Detects Blood Flow by SmartTouch LLC describes how two light emitting diodes (LEDs) and a photo-detector are used to determine whether blood is flowing through the finger. Similar solutions have been possible to fool by simulating blood flow (through the use of a flashing light or by moving the impostor’s finger). This patent claims to have solved these problems by checking if the background light level is above a threshold and by detecting movement of the finger. This liveness detection method basically implements pulse oximetry, but only uses the pulse rate information.[45]

5.4.1.4 Pulse oximetry To measure oxygen saturation

Pulse oximetry is used in the medical field to measure the oxygen saturation of haemoglobin in a patient's arterial blood. A pulse oximeter also measure the pulse rate. The technology involved is based on two basic principles. First, haemoglobin absorbs light differently at two different wavelengths depending on the degree of oxygenation. Second, the fluctuating volume of arterial blood for each pulse adds a pulsating component to the absorption. [39] Again, because of the separated nature between this liveness detection method and the physical biometric trait it is still possible to fool the sensor, for example : By using a translucent artificial fingerprint (e.g. gelatine) which covers only the live finger's fingerprint, the pulse oximetry will still measure the saturation of oxygen of haemoglobin in the intruder's finger's blood and will therefore confirm liveness although the biometric trait presented (translucent artificial fingerprint) is actually NOT alive. [46]



71

5.4.1.5 Blood pressure Proposes several obstacles

Apart from the same disadvantages as with measuring the pulse, measuring blood pressure adds another problem. The sensors available today (excluding the single point sensors that must be entered directly in the vein), require measurement at two different places on the body, e.g. on both hands. Also, blood pressure measurement devices are easy to fool by using a wafer-thin artificial fingerprint and the underlying finger's blood pressure.

5.4.1.6 Electric resistance Electric resistance of the skin

The electric resistance of the skin can range from a couple of kilo-Ohms to several mega-Ohms depending on the humidity of the skin. With some people having dry skin, and others having moist skin, it is easy to realize that the span of allowed resistance levels will be great enough for an intruder to easily fool the system. For example, by putting some saliva on the silicone artificial fingerprint, the system will be fooled into believing it is the live finger.[46] In [42], the electric resistance was measured to 16 MOhms per cm in a live finger and 20 MOhms per cm for the corresponding gelatine artificial fingerprint. In other words, the difference between the two is so small that it would be impossible to create liveness detection with this method without getting a too high False Rejection Rate (FRR)6. Matsumoto and colleagues also showed that a live finger has a moisture level of 16 percent, while a gelatine fingerprint has a moisture level of 23 percent.[47] Since the moisture affects the resistance, and the weather conditions and psychological conditions can change the dryness or sweatiness of human skin, the difference in moisture level between live fingers and gelatine artificial fingerprints, is small enough to be able to fool sensors with gelatine prints.

6 FRR : the frequency that an authorized person is rejected access



72

5.4.1.7 Relative dielectric permittivity Measurement of the degree a medium resists electric charge

The relative dielectric permittivity (also known as relative dielectric constant or RDC), is a measurement of the degree to which a medium resists the flow of electric charge divided by the degree to which free space resists such charge.[47] The different values of RDC between live human skin and an artificial medium is the basis for this liveness detection method. In the example of a fingerprint as a biometric we have a similar problem that we have in electric resistance (5.4.1.6) as a liveness detection method, the RDC is also affected by the humidity of the finger, therefore in order to get an acceptable FRR7, the range of acceptable RDC will include the RDC of a gelatine fingerprint. An artificial fingerprint made of silicone on the other hand, has to be prepared with a solution of 90 % alcohol and 10 % water to fool a system. The RDC of alcohol and water are 24 and 80 respectively, while the RDC of human skin has a value in between these. Since the alcohol will evaporate quicker than water, the RDC will soon be within the acceptance range of the sensor.[46] Surely, there are many more liveness detection methods that are based on extra hardware. The ones listed above are the most widely researched and documented. The examples show that there are liveness features that can be captured by the use of extra hardware and all of these different liveness features are captured separately from the physical biometric trait. This creates an opportunity for the potential adversary to present an artificial biometric (thin translucent artificial fingerprint) to the sensor and then presenting his own liveness feature.

7 FRR – False rejection rate , The amount of times as a percentage that an authentic/valid user is rejected.



73

5.4.2 Using existing information How to use existing information as the liveness feature

With the growing number of biometric technologies a sea of opportunities and ways of using existing information in the capturing of biometric traits are developing. Therefore this section will be more focused on fingerprints as a biometric trait and how to use existing information as the liveness feature. Currently, to the author’s knowledge there exists only one thoroughly researched method for liveness detection using existing information today. This method, using perspiration as a liveness feature, is therefore the only method which will be presented in some detail in this section 5.4.2.4. Other emerging methods will be mentioned first.

5.4.2.1 Skin deformation of the fingertip’s skin in fingerprint biometrics Fingertip’s skin deforms when pressed against a surface

This liveness detection method uses the information about how the fingertip's skin deforms when pressed against a surface. If for example, the user is required to place his/her finger on the sensor twice, or to move it once it is in contact with the sensor surface, there will be some non-linear distortions between the two fingerprint impressions. Using a comparably thick artificial fingerprint with the same type of requirements, will only give a rigid transformation between the two fingerprint impressions. Using a thin artificial fingerprint glued on to a live finger, will on the other hand still produce quite similar non-linear deformations as a live finger would. [47]



74

5.4.2.2 Pores Details in the fingerprint, such a sweat pores, can be used

It is possible to use details in the fingerprint, such as sweat pores, as a liveness detection method by using a fingerprint sensor which can acquire an image of the print with a very high resolution.[47] These fine details might be difficult to copy in artificial fingerprints. According to [47], the work by Matsumoto [47], showed that a coarse reproduction of intra-ridge pores is feasible with gelatine artificial fingerprints.

5.4.2.3 Unique characteristic of each individual Depend on characteristics unique to each individual

In [24], the authors argue that a good liveness detection method should depend on characteristics that are unique to each individual and which are also difficult to copy. They suggest a method where the recognition is done using the ordinary print on the fingertip, but when it comes to liveness detection, a side impression (near the nail) which has been enrolled earlier, should also be subject to recognition.[48] The advantage of this method is that people usually do not leave their side impressions as latent prints very often. Therefore, the problems with artificial fingerprints made from latent prints will dramatically decrease. The capturing of a side impression will not require extra hardware, the same fingerprint sensor for sensing the fingerprint biometric is used.

5.4.2.4 Perspiration Detection of perspiration in a time progression of fingerprint images

The Biomedical Signal Analysis Laboratory at West Virginia University[49], USA, is developing a liveness detection algorithm which is based on the detection of perspiration in a time progression of fingerprint images. To be able to fully understand the algorithm developed at the West Virginia University, a theory background of perspiration will be presented first. The human skin contains an average of 600 sweat glands per square inch, and the sweat (a dilute sodium chloride solution) diffuses from the sweat glands on to the surface of the skin through small pores. Skin pores do not disappear, move, or spontaneously change over time. The pore-to-pore distance is approximately 0.5 mm over the fingertips. [50] Sweat has a very high dielectric constant and electrical conductivity compared to the lipid-soluble substances absorbed by the outmost layer of the skin. Generally, the dielectric constant of sweat is around 30 times higher than the lipid. [50]



75

5.4.2.4 Perspiration continued Detection of perspiration in a time progression of fingerprint images cont.

When laying a fingertip with moist skin on a capacitive sensor, the capacitance will be much higher (resulting in a darker captured image), than if the skin was not moist. The reason is the high dielectric constant of sweat. Because of this, capacitive scanners are specifically suited for detection of perspiration. [50] Perspiration over time in live fingers starts from the pores. The sweat then diffuses along the ridges during time, making the semi-dry regions between the pores moister or darker in the image. The perspiration process does not occur in cadaver fingers or artificial fingerprints. [50] There are mainly two ways to use the perspiration information. Either you can use the fact that perspiration starts from the pores (static approach), or you can use the fact that perspiration changes the image darkness over time (dynamic approach). This liveness detection method does only require a software upgrade and not any extra hardware.


It has been established that liveness assurance is an absolute prerequisite for trusted identification and authentication. Liveness assurance is provided by implementing liveness tests in the biometric application. The different methods of applying liveness testing (using extra hardware and using existing information) all share a common vulnerability, namely: the liveness testing is separated from the biometric trait itself, liveness testing in fact forms another separate layer in the biometric application. We cannot expect to receive a guarantee from any liveness test regarding the vitality of the user, in fact, any detection mechanism can and will be defeated according to [51]. But, if one could focus on biometric traits that seize to exist the moment the owner stops living, then by the inherent nature of the biometric trait no liveness testing will be necessary. In Part III of this dissertation the focus will be on liveness information inherent to the biometric. First we will continue with the following section proving current liveness testing weaknesses.

Chapter 6

Investigating liveness testing weaknesses

Chapter 6 – Investigating liveness testing weaknesses


77


This section provides a summary of several studies that indicate the vulnerability of current biometric systems. In this chapter it will become apparent that biometric spoofing of a biometric sensor is proved to be quite successful by several researchers. These studies show that spoofing IS possible even though liveness tests attempt to prevent such attacks. By using biometric spoofing, no knowledge of the matching algorithms inside the system or the biometric trait template specification or access to the template database (generally limited to system administrators) is needed. Also, since biometric spoofing operates in the analogue domain, outside the digital limits of the biometric system, the digital protection mechanisms such as encryption, digital signature, hashing etc. are not applicable. Several experiments and findings will be looked at, in order to investigate the reality of spoofing.

6.2 Spoofing Biometric devices Would fingerprint sensors accept dummy fingers?

Putte and Keuning [52] tested several fingerprint sensors to check whether they accept an artificially created (dummy) finger instead of a real finger. The authors describe methods to create dummy fingers with and without the cooperation of the real owner of the biometric (say, Ilse). When the owner cooperates (namely, Ilse is helping the attackers), obviously, the quality of the produced dummy fingers can be higher than those produced without cooperation (namely, Ilse is a victim of the attackers). In the scenario where the owner cooperates, a plaster cast of the finger is created, liquid silicon rubber is filled inside the cast to create a wafer-thin dummy that can be attached to a finger, without being noticed at all. This operation is said to take only a few hours. In the second scenario where the owner doesn’t cooperate, more time (nearly eight hours) and more skill is needed: First, a fine powder is used to enhance the latent fingerprints left on a glass or scanner surface. Then, a photo of the print is taken which is used to transfer the print to a PCB (Printed Circuit Board). UV light exposure and acid etching leave the profile of the print on the board, which is used for producing the silicon cement dummy. In both the cases, the authors used cheap and easily accessible material for the creation of the dummy finger. Five out of six sensors (which included both optical and solid state sensors) tested by the authors accepted a dummy finger created by the above methods as a real finger in the first attempt, the remaining sensor accepted the dummy finger in the second attempt. The authors argue that the liveness features (e.g. temperature, conductivity, heartbeat, dielectric constant, etc.) claimed to be used by the scanner manufacturers to distinguish a dummy finger from a real finger, may not perform well since the detection margins of the system need to be adjusted to operate in different environments (e.g., indoor vs. outdoor), different environmental conditions (e.g., hot summer vs. cold winter), etc. Wafer thin silicon dummy fingers may lead to changes that are still within the detection margins of the systems.



78

6.2 Spoofing Biometric devices continued Would fingerprint sensors accept dummy fingers cont.?

Matsumoto et al. [47] attacked 11 different fingerprint verification systems with artificially created gummy (gelatine) fingers. In respect of a cooperative owner, his finger is pressed to a plastic mould, and a gelatine leaf is used to create the gummy finger. The operation is said to take less than an hour. It was found that the gummy fingers could be enrolled in all of the 11 systems, and they were accepted with a probability of 68-100 percent. In the respect of a non-cooperative owner, a residual fingerprint from a glass plate is enhanced with a cyanoacrylate adhesive. After capturing an image of the print, PCB based processing similar to the operation described above is used to create the gummy fingers. All of the 11 systems enrolled the gummy fingers and they accepted the gummy fingers with more than 67 percent probability. Artificial fingers that are easily made of cheap and readily available gelatine, were accepted by extremely high levels by fingerprint devices with optical or capacitive sensors. Highly publicized articles drew attention to the spoofing vulnerabilities of biometric devices. Lisa Thalheim and Jan Krissler for c’t magazine[35] while in a less rigorous fashion, demonstrated the vulnerability of a variety of biometric technologies through simple techniques for fingerprint spoofing such as :

• Breathing on the fingerprint scanner to reactivate the latent fingerprint.

• Using a bag of water on top of the latent fingerprint. • Dusting the latent fingerprint using graphite powder, stretching

adhesive film over it and applying pressure. • Using wax casts and silicon moulds.

Most recently, Marie Sanstrom in 2004 [53] conducted similar experiments for her Master’s thesis, dispelling vendor’s claims of anti-spoofing enhancements of optical and capacitive scanners. Nine different systems were tested at the CeBIT trade show in Germany and all were deceived. It is obvious that spoofing attacks can be quite successful in fooling the existing systems, and no perfect (either hardware or software) solution is currently available. Remaining attacks are feasible only if some knowledge about the biometric authentication system and/or some access privileges are available to the attacker. This fact may decrease the applicability of other attacks compared to the fake biometric submission attack. On the other hand, it may also increase their applicability since no physical production (which is more costly and time consuming compared to digital production) such as plastic moulding, is necessary. Further, in the digital domain, the attacks can be executed in relatively less time.



79

6.2 Spoofing Biometric devices continued Would fingerprint sensors accept dummy fingers cont.?

In order to eliminate attacks where a previously intercepted biometric is replayed, Ratha [54] proposed a challenge/response based system. A pseudo-random challenge is presented to the sensor by a secure transaction server. At that time, the sensor acquires the current biometric signal and computes the response corresponding to the challenge (for example, pixel values at locations indicated in the challenge). The acquired signal and the corresponding response are sent to the transaction server where the response is checked against the received signal for consistency. An inconsistency reveals the possibility of a re-submission attack. Adler [55] proposed an attack on a face recognition system, where the account of a specific user enrolled in the system is attacked via synthetically generated face images. An initial face image is selected. Using the matching scores returned from the matcher that was generated for each of the successive face images, this initial image is modified. At each step, several eigen-images (that can be generated from public domain face databases) are multiplied with a weight and added to the current candidate face image. The modified image which leads to the highest matching score is used as input for the new candidate image. These iterations are repeated until no improvement in matching score is observed. Experimental results on three commercial face recognition systems show that after about 4000 iterations, a sufficiently large matching score is obtained, which corresponds to a very high (~99.9 percent) confidence of matching scores.

6.3 Ways to improve liveness testing How can we better?

Liveness testing is a step in the right direction and certainly provides a certain degree of protection against spoofing. All the attacks discussed above regarding spoofing will remain a real vulnerability as long as the liveness feature of an individual is captured separately from the biometric trait itself. The potential adversary will have the opportunity of presenting an artificial biometric trait and “convince” the biometric sensor that the artificial biometric is alive by presenting his own liveness features. This is possible because of the fact that most liveness tests today test for liveness separately from the capturing of the biometric trait itself. A liveness test attempts to answer the following question: Is the biometric trait being presented at the sensor still alive and part of its owner?



80

6.3.1 Is the biometric trait being presented at the sensor still alive and part of its

owner? Depends on how the test is implemented

An accurate answer to this question depends more on how the test is implemented than on what liveness characteristic is measured. The most successful current liveness testing mechanisms measure the liveness characteristic simultaneously with the biometric feature. These liveness testing mechanisms are more difficult to deceive because of the fact that the liveness feature has to be presented at the same time and place as the biometric feature, thus making it more difficult to create artificial biometric features which have to include the liveness feature. One approach to minimize the effectiveness of artificial or simulated biometric specimens is by combining biometrics with other authentication methods. Examples of such methods (also discussed in Part I section 2.7) include:

• Things a person HAS (tokens, physical keys, bank cards, proximity cards).

• Things a person KNOWS (PIN, keyword). • Manned supervision of biometric stations.

Another attempt to combat artificial or simulated biometric specimens is to turn to Multimodal biometrics (combining different biometric technologies – Part I section 4.9). This will force the potential adversary to spoof multiple biometric features. At this point it is important to stress that liveness testing is in no way complete assurance against spoofing with artificial or simulated biometric specimens. Liveness testing is NOT a guarantee that the biometric is authentic and part of its rightful owner. Liveness testing can only improve the overall security of biometric systems if it is designed and implemented correctly. Liveness tests are being implemented in biometric systems to increase our confidence to the effect that only alive and originally enrolled biometric features are authenticated by such systems. As stated before – the best liveness testing is performed simultaneously with the biometric data capture. It is critical that liveness tests be carefully and robustly designed, careless implementation of a good idea is worthless. Liveness testing in fact “raises the bar” for potential adversaries by decreasing the chances that an artificial or simulated biometric feature be accepted as real. The actual combination of authentication methods used in specific applications should be selected based on the unique requirements of that biometric application.



81


Liveness testing is often proposed to prevent forgery. Unfortunately, once a liveness detection method is revealed, it is relatively simple to construct a method to circumvent it. Indeed, all known liveness tests only increase the forgery expense. They will presumably never exclude forgery completely.[56] Liveness testing (as long as it is true that liveness features of a biometric trait is captured separately from the biometric itself) will not provide the necessary substance to build the trust that is needed in the biometric industry to create a real “Lift-off” for biometric technologies. The ideal biometric trait would be one that doesn’t exist if it’s owner is not alive. That is if the biometric trait exists because its owner is alive and the biometric sensor is able to sense the biometric feature it would naturally imply that the owner is alive. Therefore, in Part III of the dissertation the possibilities and advantages of inherent liveness biometrics will be investigated.

PART III

Inherent liveness Biometric traits

Part III - Introduction

Introduction

Part II of this dissertation referred to the fact that most current biometric sensors capture the liveness features separately from the physical biometric trait. This creates the opportunity for the possible adversary to present either an artificially created biometric trait or a real biometric trait which is not part of its owner. Because the biometric trait and liveness features are captured separately the possible adversary has an opportunity to present his/her own liveness features while presenting an artificially created biometric trait or a real biometric trait but not part of its owner anymore. This dissertation coins the term: Inherent liveness biometrics. Inherent liveness biometric traits are biometric traits that seize to exist if the owner of the biometric is not alive. Naturally, liveness testing is not needed with inherent liveness biometric traits because of the fact that the inherent liveness biometric trait seizes to exist if the owner is not alive. In this part (Part III) of the dissertation potential inherent liveness biometric traits will be briefly discussed. It will become apparent that inherent liveness biometric traits are definitely scarce when compared to biometric traits that keeps on existing after separation from its owner or when the owner of the biometric passes away. Inherent liveness biometric traits have specific challenges in its application. This will be discussed later in this part (Part III) of the dissertation. Using “The way the heart beats” as an inherent liveness biometric will be explored and discussed as the climax of this dissertation. The use of “the way the heart beats” in the context of using it as an inherent liveness knowledge have not been attempted before. This exciting possibility of using “The way the heart beats” as an inherent liveness biometric trait will be discussed. Early stages of experimentation and analysis regarding VCG (Vectorcardiogram) data will also be presented.

Chapter 7

Inherent liveness – an alternative

Chapter 7 – Inherent liveness – an alternative

PART III Inherent liveness – an alternative

85


As long as the biometric trait itself is separated form the liveness test, a real opportunity for an adversary exists. An adversary has the possibility of presenting an artificially created biometric trait or a real biometric trait but not part of its owner anymore and then fool the liveness test by presenting his/her own liveness features. This chapter will propose inherent liveness biometrics as an alternative to liveness testing.

7.2 Types of inherent liveness biometric traits Biometric traits that seize to exist the moment the owner passes away

The fact that this dissertation coins the term inherent liveness biometrics makes the listing of biometric traits that qualify as researched and confirmed inherent liveness biometric traits difficult. Inherent liveness biometric traits are biometric traits that seize to exist the moment the owner passes away. That is, the fact that the inherent biometric trait exists and is detectible by a suitable sensor proves the liveness of its owner. Examples of possible biometric traits that immediately seize to exist if the owner is not alive will be listed and briefly discussed next.

7.2.1 Gait Typically used to identify people by “the way they walk”

As discussed in 4.8.2 the term gait recognition is typically used to signify the identification of people ‘by the way they walk’. Gait is determined by the physical characteristics of each individual, and so is believed to be as unique to the person as a fingerprint is. Gait is also one of the few biometrics that can be measured at a distance, which makes it useful in surveillance applications as well. Further development is necessary before its performance, limitations, and advantages can be fully assessed. In the context of inherent liveness biometric traits the way one walks is naturally a biometric that will seize to exist if the owner is not alive or able to do so. Gait used as an inherent liveness biometric trait in a wide scale application such as access at an ATM (Automatic Teller Machine) might pose some problems in respect to the disabled which might not be able to walk.



86

7.2.2 Facial thermography Heat patterns under the skin

Facial thermography detects heat patterns created by the branching of blood vessels under the skin on the face. This is then emitted from the skin and sensed by an infrared camera. These patterns, called thermograms, are highly distinctive. Developed in the mid-1990s, thermography works much like facial recognition, except that an infrared camera is used to capture the images.[57] The fact that the blood of a diseased person stops to flow will result in the thermal image of the face becoming non-existent. Thus thermography as an inherent liveness biometric naturally seizes to exist at time of death, therefore, no liveness testing is required. Facial thermography has the added advantage in that everyone has a face and thus, every living person presents a usable image. Also, unlike visible light systems, infrared systems work accurately in dim light or even total darkness. Although identification systems using facial thermograms were undertaken in 1997, the effort was suspended because of the cost of manufacturing the system.

7.2.3 Brain patterns Baseline brain-wave pattern

A person has the ability to alter most of their own brain wave patterns by thinking and responding to different things. But, people cannot alter what is referred to as their baseline brain-wave pattern. An individual’s baseline brain-wave pattern has the ability to be used as a biometric trait. This is a solution referred to as an “EEG Fingerprint”.[58] NWAI (figure 7.2.1) is a device that senses and analyzes persons’ neural waves. The problem is that the technology must be customized for each user and is therefore not easily adaptive to each individual.[58] Brain patterns as an inherent liveness biometric seizes to exist the moment the owner passes away.



87

7.2.3 Brain patterns continued

Figure 7.2.1

Figure 7.2.1: NWAI from BioControl Systems (http://www.biocontrol.com)

7.2.4 Speaker verification Distinctive aspects of the voice

Speaker verification technology utilizes the distinctive aspects of the voice to verify the identity of individuals. In 4.7 the focus was on Speaker verification. The voice and ability to speak naturally seizes to function the moment the owner passes away. The use of speaker verification in the context of an inherent liveness biometric trait poses possible challenges such as the fact that a persons’ voice can be easily recorded and that this recording can be played back at any time. Not everyone has the ability to speak and this will prevent the use of this biometric in wide scale applications such as ATMs.

7.2.5 The way the heart beats The climax of this dissertation

The way the heart beats as a possible inherent liveness biometric will receive focus as the climax of this dissertation in chapter 8. It seems that by the nature of some of these identified possible inherent liveness biometric traits that these biometric traits present specific challenges and difficulties in the application of inherent liveness biometrics. We will discuss some of these challenges in the next section.



88

7.3 Difficulties in applying these Biometrics Difficulty in applying inherent liveness biometrics

The fact that there aren’t that many biometric traits that reflects the main criteria for a biometric to be inherently alive and the lack of technology to effectively capture these biometric traits, both adds to the difficulty in applying these inherent liveness biometrics. The next chapter will look into the possibility of using the way the heart beats as an Inherent Liveness Biometric. The different sections in the next chapter will provide insight into some difficulties facing but one possible inherent liveness biometric namely the way the heart beats.


Inherent liveness biometrics poses an attractive alternative to traditional liveness testing. Traditional liveness testing where the liveness features are captured and evaluated separately from the biometric trait itself creates an opportunity for the possible adversary. The adversary can fool the system with the use of an artificially created biometric trait or a real biometric trait but not part of its owner anymore and then presenting his/her own liveness features. Inherent liveness biometrics prove its liveness naturally because of its existence. An inherent liveness biometric seizes to exist the moment its owner passes away. The next chapter will look into the possibility of using the way the heart beats as an Inherent Liveness Biometric. The different sections in the next chapter will provide insight into some difficulties facing but one of the possible inherent liveness biometric namely the way the heart beats.

Chapter 8

A possible solution: “The way the heart beats’’ as an

inherent liveness Biometric

Chapter 8 – ‘The way the heart beats’


90


As stated before, this dissertation coins the term “Inherent Liveness Biometrics”. The following, again highlights the definition of Inherent Liveness Biometrics with the focus on the possibility of using the way the heart beats as an Inherent Liveness Biometric. Also, according to the author of this dissertation no research, reference or information regarding the application of using the electrical activity in the human heart as an inherent liveness biometric could be found. The way the heart beats might prove to be an exciting alternative inherent liveness biometric trait because of the small but very significant fact that the way the heart beats does not exist if the owner is not alive, therefore liveness testing and all the issues surrounding liveness testing are excluded in the scenario where an inherent liveness biometric is applied for identification and authentication.

8.2 Using the way the heart beats as a biometric Electrical conductive properties

The main concept for using the exciting possibility of the way the heart beats as an inherent liveness biometric revolves around using the electrical conductive properties inside the human heart as the unique biometric feature of the user to be identified and/or authenticated. The electrical events occurring in the human heart are powerful enough to be detected by electrodes on the body surface. One type of recording of these events is an ECG (Electrocardiogram, figure 8.2.1) of the human heart.

Figure 8.2.1

Figure 8.2.1. A schematic of a typical ECG (Electrocardiogram).

Electrical activity inside the heart

Another more technologically advanced reading of the electrical activity inside the human heart is a Vectorcardiogram (VCG) figure 8.2.2.



91

8.2 Using the way the heart beats as a Biometric continued Figure 8.2.2

Figure 8.2.2. A schematic of a VCG graph (top) and a ECG graph (bottom).

Background regarding the human heart is needed before further discussions into these types of recordings (ECG and VCG) can commence.

8.2.1 Background to the human heart The human heart

The heart is a four-chambered, muscular organ about the size of your fist. It lies within the chest, between the lungs, and just behind and to the left of the breastbone. The heart's main job is to pump oxygen-rich blood throughout the body. It does this by contracting 60 to 90 times per minute. With each contraction, the heart chambers pump blood either into a ventricle or an artery. During the course of a day, your heart beats more than 100,000 times, pumping 7,000 litres of blood through thousands of miles of blood vessels. Cardiac circulation begins in the right side of the heart. Veins (the inferior vena cava and superior vena cava) return blood low in oxygen to the right atrium. Blood passes from the right atrium into the right ventricle where it is pumped via the pulmonary artery into the lungs to receive oxygen and give off carbon dioxide. Oxygen-rich blood then re-enters the heart from the lungs, moving into the left atrium. From the left atrium, blood enters the left ventricle and is pumped out through the aorta (the largest blood vessel) for circulation to the rest of the body.



92

8.2.1 Background to the human heart continued Figure 8.2.3

Fig 8.2.3. The human heart – [Source Unknown ]

Physical properties

The atria and ventricles are separated by special tissue that forms the heart valves. Heart valves direct blood flow between the chambers of the heart. These valves act like one-way doors, allowing blood to flow forward into the next chamber. The valves close to prevent backflow. On the right side of the heart, blood flows through the tricuspid valve, which lies between the right atrium and the right ventricle. This valve has three leaflets or cusps. On the left side of the heart, blood flows between the left atrium and the left ventricle through the mitral valve. The mitral valve is also commonly known as the bicuspid valve because it only has two leaflets or cusps. For blood to pass from the upper chambers of the heart into the lower chambers, the tricuspid or mitral valves must be open. The valves are controlled by blood pressure changes in each heart chamber. Valves are also located between the ventricles and the large vessels that carry blood away from the heart. Blood flows through the pulmonic valve, which separates the right ventricle and the pulmonary artery. On the left side of the heart, blood flows through the left ventricle and into the aorta through the aortic valve.



93

8.2.1 Background to the human heart continued

Physical properties cont.

The heart has an electrical conduction system that stimulates it to contract or beat. Each beat begins as an electrical impulse that arises from a specialized area of the right atrium called the sinoatrial (SA) node. The SA node is the heart's natural pacemaker. It receives messages from the brain and other centres directing it to adjust the heart rate to meet the body's needs. The above background information is important in the study of using the way the heart beats as a biometric because of the following: To use the heart as a biometric we are not referring to the pulse created by the heart beating. Also, we are not referring to the sounds that the heart makes (the heart contracting and the valves opening and closing). Lastly, we are not referring to the movement of the heart when beating. When exploring to use the way the heart beats as an inherent liveness biometric we are considering the electrical activity inside the human heart, which brings us to the next section.

8.2.2 The conduction system

Where the electrical impulse begins

The heart has its own system to generate and spread electrical signals from one end of the heart muscle to the other, making the muscle contract. The electrical impulse begins at a bundle of cells called the sinoatrial (SA) node. This node is a small pacemaker in the right atrium near the entrance of the superior vena cava. It is difficult to see this structure with the naked eye. If one could look at the entrance of the superior vena cava into the heart, then follow along the front edge where it meets up with the atrium. This is where one will find a thickened area. This is the sulcus terminals with the sinoatrial node inside. The rest of the electrical conduction system cannot easily be seen without a microscope, figure 8.2.4.



94

8.2.2 The conduction system continued Figure 8.2.4

Figure 8.2.4. The conduction system of the human heart – [Source Unknown ]

The ECG

The electrocardiogram (ECG), as mentioned before in the beginning of chapter 8, is a way that we can “see” certain characteristics of the electrical signals in the heart. There are three waves to the ECG, each of which corresponds to a stage of the heart's contraction.

Figure 8.2.5

Figure 8.2.5. A Basic example of the three waves of an ECG.



95

8.2.2 The conduction system continued The ECG waves

These waves are called P, QRS, and T, figure 8.2.5. The stages of contraction for each wave are listed below: P: Atrial muscle contraction after the SA node fires. QRS: Ventricular contraction. T: Ventricular refilling and recharging after contraction. A real example of an ECG measurement of a human heart is depicted in figure 8.2.6. below.

Figure 8.2.6

Figure 8.2.6. A Real example of a ECG measurement.

Figure 8.2.7

Fig 8.2.7. Another example of a Real ECG measurement.



96

8.2.3 The Vectorcardiogram (VCG) Electrical signals from the heart

In an ECG graph, figure 8.2.6., electrical signals from the heart are presented as a graph of voltage against time. The voltages developed along the various axes of the heart are recorded using a set of lead configurations which are selected in turn. However, more information can be derived from the more technologically advanced reading namely the vectorcardiogram(VCG). The VCG can deliver a three-dimensional “picture” of the orientation and magnitude of the cardiac electrical vector throughout the cardiac cycle. In practice a two-dimensional image is displayed for each of the orthogonal planes (Refer to figure 8.3.1 on page 102).

Each cell in the heart can be represented

Each cell in the heart can be represented as a dipole with differing direction as the heart beats. These small cell level dipoles grouped together close to each other can be represented as a single dipole. The electric field of the heart as a whole can then be studied as the field of a single dipole, the cardiac vector. The line drawn by the tip of the cardiac vector is the vectorcardiogram(VCG). During a heart beat the tip draws a collection of three-dimensional loops, called a VCG complex or the VCG loop. From the surface of the skin it is possible to measure information regarding the dipole inside. These measured signals are used to derive the VCG.[59] In discussions with Professor A.L. van Gelder[60] it showed that the vectorcardiogram (VCG), figure 8.2.8., would provide more parameters than the electrocardiogram(ECG) to measure the electrical activity in the heart. In conjunction with Ruben Hechter from TECMED[61] anonymous patient VCG data from different age groups was obtained. These patients had the same vectorcardiogram reading of their heart taken more than once. VCG data containing the above information provided the basis to perform initial experimentation and analysis. Detail of experimentation and analysis of this VCG data will be provided in section 8.3. The outcome of this analysis provided a platform to establish the possibility of using the way the heart beats as an inherent liveness biometric and the necessity to do a lot more research and development. The following is a definition of a vectorcardiogram - the representation of the ECG as a three-dimensional signal, visualized as three two-dimensional Lissajous figures[62] in three orthogonal planes. Figure 8.2.9. shows the different stages (P,QRS and T) in the depolarization(contraction) and repolarization(releasing) process of the heart. The depolarization and repolarization process is triggered by the conduction system (figure 8.2.4.). The different types of presentation namely the ECG(bottom) and VCG(middle) is shown clearly in figure 8.2.9. It is easy to compare the ECG and VCG presentation with the status of electrical flow in the physical heart (top of figure 8.2.9.). Figure 8.2.10. is a visual representation of the vector data contained in a VCG dataset. The figure illustrates the heart depolarizing(contracting).



97

Figure 8.2.8. Vectorcardiogram (VCG)

8.2.3 The Vectorcardiogram (VCG) continued Figure 8.2.8



98

8.2.3 The Vectorcardiogram (VCG) continued

Figure 8.2.9

Figure 8.2.9. The heart (top), the vectorcardiogram(middle) and the

electrocardiogram (bottom). – [Source unknown]



99

8.2.3 The Vectorcardiogram (VCG) continued Figure 8.2.10

Figure 8.2.10. A three Dimensional view derived from VCG data – [Source

unknown]



100

8.2.4 Uniqueness of ‘’The way the heart beats’’ According to the author

According to the author of this dissertation no research, reference or information regarding the application of using the electrical activity in the human heart as an inherent liveness biometric could be found. According to the author there is no information available regarding the uniqueness of the ECG or VCG measurements of the heart. VCG and ECG measurements were mostly applied and developed in and for the medical field. Mainly to diagnose a variety of heart diseases, this is done by interpreting the ECG or VCG reading and identifying characteristics that are similar to the characteristics of the different heart diseases. To use the electrical conductance properties of the heart as an inherent liveness biometric one will have to interpret the ECG and VCG reading a lot differently, one will be looking for differences between the different ECG and VCG readings and not similarities. For this reason the current ECG and VCG sensing technologies might not be ideal for use in capturing the needed characteristics of the conductivity of the heart. The initial stages of experimentation and analysis on acquired anonymous patient VCG data were conducted and will be detailed in the next section.

8.3 Initial VCG data experimentation and analysis To provide the necessary motivation for the future

It has to be stated that the experimentation and analysis discussed in this section are the initial stages of continued research. This section was included in the dissertation to provide the necessary motivation for the future formal formulation of the correct statistical approach and better mathematical models for the analysis of such data.



101

8.3.1 VCG data acquisition VCG data

A meeting with Professor A.L. van Gelder[60] in Mid-2004 was positive in the sense that when told about the idea of using the way the heart beats as an inherent liveness biometric he was very positive and excited. Professor A.L. van Gelder in one of his previous projects monitored the ECG graphs of pilots on a regular basis. At some point Professor van Gelder realized that he could recognize the pilots based on looking at their ECG graphs. At the time he did not realize the possible biometric application of this phenomenon. Professor A.L. van Gelder made contact with Ruben Hechter from TECMED[61]. Ruben Hechter in his work with products from the company Schiller[58] provided access to anonymous patient VCG data. Schiller is a leading international manufacturer and supplier of electrocardiographs, Spiro meters, patient monitors and external defibrillators. The VCG data was received in the Schiller SEMA-200 format - An advanced Data Management application for comprehensive management, analysis and archiving of Resting ECGs (with Serial Comparison and Vector Analysis).

8.3.2 VCG data description Thirty anonymous patients

The VCG data for thirty anonymous patients was received. The average number of measurements per patient are three, these were taken on different dates. One of the challenges was to extract these VCG measurements from the SEMA-200 application which has an internal encrypted database where the physical data is stored. The SEMA-200 has excellent views of the data. These views however is intended for a doctor that has to interpret the data and based on these views make a diagnosis. Figure 8.3.1 shows an example of a screenshot from the SEMA-200 application showing a three dimensional view of the VCG.



102

8.3.2 VCG data description continued Figure 8.3.1

Figure 8.3.1 3D Analysis of the VCG.

VCG data received

All of the anonymous patient VCG data received had two or more VCG data sets from different readings on different days. The challenge was to find a way of extracting the data from the measurements’ view in the SEMA-200 application into Microsoft Excel in order to perform experimentation and analysis on the data in a way that SEMA-200 couldn’t. The measurements’ view of one set of VCG data inside the SEMA-200 application is depicted in figure 8.3.2. The SEMA-200 application did not allow one to export the data to any text based format. The simple copy and paste approach also wasn’t allowed. Thus the thirty anonymous patient VCG data sets were manually typed into a Microsoft Excel spreadsheet, data set by data set. The three stages (P,QRS and T) in the beat of one patients’ heart is visible in the three columns of the measurements view in figure 8.3.2.



103


Figure 8.3.2. The measurements view in the SEMA-200 application.

Excel spreadsheet

These parameters were captured as one row in a Microsoft Excel spreadsheet. The patients were numbered from one to thirty and the first column of a row in the spreadsheet indicated the patient number (figure 8.3.3). The rest of the columns are broken down into parameters grouped by the P, QRS and T loops in the VCG graph. Figure 8.3.3, figure 8.3.4 and figure 8.3.5 provides an example of the data after capturing in the spreadsheet.



104


Figure 8.3.3. Patient numbers and parameters for the P phase.

Figure 8.3.4

Figure 8.3.4. Example of captured parameters for the QRS phase.

Figure 8.3.5

Figure 8.3.5. Example of captured parameters for the T phase.



105

8.3.3 VCG data analysis An approach was formulated

In conjunction with Hannes Naude[64] working for Kentron[65] (A leading SA weapons development company) with previous experience in the field of advanced pattern matching, the following approach in analyzing the VCG data was formulated. There are a variety of different ways to approach the challenge for finding the extent to which the captured VCG parameters of a person (or patient in this case) distinguishes him/her from that of another. Also, the extent to which the VCG parameters of a person stay constant from reading to reading has to be taken into account in order to provide a constant biometric template for a person that other VCG readings can be matched against. For this first VCG analysis attempt it was decided to take one of the easier routes namely: “Nearest Neighbour classifiers”. Nearest Neighbour classifiers rests on the principle that data in a certain class(in this case a person) that consists of say K parameters on that person becomes the coordinate for that person in a K dimensional space. For example: It is known that Johan’s length is 1900mm and that he has two ears. Thus Johan is the point (1900,2) on the Cartesian plane. It is also known that Hannes has a length of 1800mm and has only one ear (1800,1). Ilse has a length of 1600mm and has two ears (1600,2). If say one had to identify Johan, Hannes or Ilse at an access control point then let’s assume the result from the sensor at the access control point is (1603,2). The obvious conclusion to make is that the variance(3mm) is the result of a measuring fault or simply a result of Ilse growing. Something that is known regarding both measuring faults and growth is that the expected variance should be small. Thus, by measuring the distances to each of the existing points on the Cartesian plane and selecting the smallest average one can conclude by fair certainty that the visitor is indeed Ilse. BUT, This example was chosen in this way to point out another problem with Nearest Neighbour classifiers, namely the sensitivity regarding the scale of the provided data.



106

8.3.3 VCG data analysis continued An approach was formulated cont.

Assume that a visitor has a height of 1892mm and 1 ear. According to the method in the previous paragraph the visitor is identified as Johan, this is because the provided data(1872,1) lies closest to that of the point (1900,2) on the Cartesian plane. But, it is common sense that the visitor is Hannes. This is because of the fact that the possibility of a 100mm measuring fault is much more likely than the possibility of one missing ear. This incorrect identification is the result of the sensitivity of scale in nearest neighbour classifiers. An easy way of compensating for the above data scaling problem is the normalization of every parameter in the class in order to have the same variance. Thus, parameters with high stability will carry more weight than parameters with high variance. Another related problem is that of irrelevant parameters. Assume for example that a third parameter is available, namely that of the existence/non-existence of garlic on the visitors breath. This new third parameter will carry the same weight as the ear parameter. The question is if this garlic parameter really deserves to have the same weight as a very stable feature such as the ear parameter? The above argument might sound silly, but it becomes very relevant when one analyzes data with parameters that we don’t necessarily understand. It is possible(very likely) that some of the parameters in the VCG data used for this analysis and experimentation contains indications of that persons’ stress level. Patients that undertook this specific test might as a rule have a higher stress level because of the possible outcome of a medical diagnosis. Thus this characteristic of stress that is fairly stable from patient to patient will carry a higher weight. BUT, does it really make sense to base the identification of a person on the fact that he/she was less stressed than others? Clearly it is necessary to filter out irrelevant parameters. Therefore Thornton’s separability index[66] is a very simple but yet effective way of discarding irrelevant parameters.



107

8.3.3 VCG data analysis continued An approach was formulated cont.

The VCG data captured in an excel spreadsheet (as discussed in section 8.3.2.) was imported into MatLab[67] in a variable called VCG. All non-numerical fields were excluded. The following Matlab code was used to normalize the parameters, implement Thornton and calculate the Euclidian distance. To split the data into ID’s and parameters: id=VCG(:,1); VCGdata=VCG(:,2:end); To normalize the variances: VCGdata=VCGdata-repmat(mean(VCGdata),65,1); VCGdata=VCGdata./repmat(sqrt(var(VCGdata)),65,1); To do the classification: D=dist(VCGdata); [Y,I]=sort(D); id2=id(I); Where the function dist is: function D=dist(A); L=size(A,1); D=zeros(L); for s1=1:L for s2=s1+1:L diff=A(s1,:)-A(s2,:); D(s1,s2)=sqrt(sum(diff.^2)); D(s2,s1)=D(s1,s2); end end The VCG data using the above analysis in MATLAB in slightly different combinations provided very exciting and interesting results. These outcomes will be provided and discussed in the next section.



108

8.3.4 Initial outcome Very promising outcome.

The result from this initial experimentation and analysis is very promising. The outcome is presented in the following experiment: Thirty patients with an average number of 2,1 VCG measurements taken on different dates amounted to 65 VCG measurements in total. The following is an analysis in MATLAB: load VCG id=VCG(:,1); VCGdata=VCG(:,2:end); VCGdata=VCGdata-repmat(mean(VCGdata),65,1); VCGdata=VCGdata./repmat(sqrt(var(VCGdata)),65,1); var(VCGdata) D=dist(VCGdata); [Y,I]=sort(D); id2=id(I(2,:)); id==id2 sum(id==id2) ans = 37 This shows that in 37 out of the 65 VCG measurements the relevant patient is identified correctly based on his/her other VCG measurement/measurments. That is a 57% chance for correct identification of a patient based on the way his/her heart beats. If the VCG data for a patient did not contain any unique characteristics distinguising him\her from others then this answer would have been in the order of 2 or maybe 3, that is a percentage chance of 4.6%, not 57% for the correct identification of a patient. The percentage for correctly verifying the identity of a patient based on the way his\her heart beats would therefore be even greater. This is because of the fact that the patients’ VCG mesurement was compared against the other VCG measurements. For verification a one to one comparison is executed, Patient x says that he is patient x and it needs to be verified by comparing the VCG measurement to one stored template of patient x.

8.3.5 VCG data analysis conclusion

The VCG data used in this initial experimentation and analysis is patient data, thus meaning that there is a high probibility for a patient to be suffering from a heart condition. This heart condition is reflected in the VCG measurements for that patient. Because of this the possibility that it is actually the specific heart condition creating the uniqueness exists. In other words it is a possibility that it is actually the heart condition that is identified and not the physical person. But then the patients are probably receiving treatment and this might influence the VCG measurements and make them less consistent for a specific patient and still the results looks promising.



109

Because of the above factors a lot of research and development are still necessary to be able to capture the correct properties from a more realistic population with a specifically designed sensor to substantially prove that the way the heart beats are indeed an inherent liveness biometric. This initial experimentation and analysis definitely provides the necessary motivation to continue a more formal approach in order to prove the uniqueness of the way the heart beats.

8.4 Benefits of using the way the heart beats as a Biometric Exciting benefits

The possibility of using the way the heart beats as an inherent liveness biometric poses quite a few exciting benefits:

• The way the heart beats is a unique & private feature of an individual. It cannot be captured without the owner’s knowledge.

• Identical twins might have different and distinct electrical activities

in their hearts.

• The heart is hidden, it is not possible to easily capture the characteristics of an individual’s heart without his\her consent.

• No liveness testing necessary, an Inherent liveness biometric. The

nature of the way the heart beats as a biometric proves the liveness of the user in a natural way.

• In the possibility of using the way the heart beats as a biometric

one might incorporate a stress level check that will ask a user in an ATM transaction to enter the bank if too high stress levels are detected that might indicate a user being forced against his\her will to conduct a transaction.

• Everybody has a heart. Unlike a fingerprints, some individuals

might be disabled and have no hands and thus no fingerprints. This is hindering systems where fingerprints are being used to identify and verify a large population.



110

8.5 Possible problems and areas to look into Problems

• The way the heart beats will change if an individual suffers from a

heart attack – even if it is still unique, re-enrolment will have to occur.

• If an artificial pacemaker is installed the way the heart beats will

change, if it stays unique - re-enrolment will have to occur.

• To obtain a sufficient “noise free” electrical heart activity measurement the user must stay fairly still for 10 to 15 seconds.

• Sudden heart diseases will influence the way the heart beats.

• The way an individuals heart beats changes through time, thus the

biometric system must have a way of adjusting small changes and adding those changes to the template in the database on a continuous bases.

• ECG/VCG sensors might still need some specific development in

terms of the application as a biometric tool.

• People might be reluctant or find it too intrusive to have their heart activities recorded and used as a biometric.

• What about heart transplants? Maybe the way the heart beats as a

biometric system can incorporate another layer of protection in for example, measuring the resistance from one hand to the other through the body to act as a conformation of arm length to double-check if the heart is inside the original owner. Also the chances that the way the heart beats changes during a heart transplant is very good because of some permanent damage that the heart incurs during a transplant, according to Dr. de Greef (a lecturer at the medical faculty of the Witwaters-rand university)



111


The possible solution of using the way the heart beats as an inherent liveness biometric looks promising. The benefits are obvious and if indeed possible will solve a lot of the current liveness testing issues. The way the heart beats is obviously only detectible if the owner is still alive, thus cancelling the need for liveness testing. The initial experimentation and analysis on anonymous patient VCG data showed very promising outcomes. This definitely provides the necessary motivation for future more formal research regarding proving the reality of using the way the heart beats as an inherent liveness biometric.

Conclusion

Chapter 9

Conclusion

Chapter 9 - Conclusion

CONCLUSION 114

A conclusion is drawn from the dissertation Summary

All the objectives set out for this research was fulfilled and therefore the following conclusion for each objective. The objectives for this research was to: • Obtain a good understanding of identification and verification. Identification and verification are two very important functions in our every day lives. To us human beings these functions are performed on a daily basis as second nature. This dissertation provided a deeper understanding of these two functions in the electronic world and the challenges surrounding a system to have the capabillity of identification and verification. • Review current biometric technologies and system applications to provide

a frame of reference for the understanding of current weaknesses in these technologies.

Current biometric technologies provide the most natural vehicle for more secure and trusted identification and verification. But current weaknesses were clearly pointed out in part II. Liveness testing is an attempt to enable more secure and trusted identification and verification but serious weaknesses with liveness testing technologies still exist and was pointed out in part II of this dissertation. • Understand the importance of liveness testing in current biometric

applications, how they work and investigating the serious weaknesses that still exists.

The term Inherent liveness biometrics was coined and explored as a solution to the current liveness testing technologies weaknesses. Inherent liveness biometrics seize to exist the moment its owner passes away or when seperated from its owner. Thus the inherent liveness biometric proves its liveness by existing. • Define the concept of inherent liveness biometrics and explore the

benefits such biometrics has over others. Inherent liveness biometrics do not need liveness testing to be performed separately from the capturing of the biometric trait itself. This is because of the fact that the inherent liveness biometric seizes to exist the moment it is separated from the owner or if the owner passes away. Thus the main benefit of using inherent liveness biometric traits above traditional biometrics traits was shown to be the elimination of separate liveness testing and all the current problems that comes with current liveness testing technologies. • Explore the possibility of using “the way the heart beats” as a possible

inherent liveness biometric. The way the human heart beats is presented as a new possible inherent liveness biometric. Initial experimentation and analysis on acquired anonymous patient VCG data proved very positive. This initial experimentation and analysis provide enough motivation for more formal research in order to prove the uniqueness of the way the human heart beats. To use the way the heart beats as a biometric has got its benefits and drawbacks as is the case with all biometric features and technologies.

Chapter 9 - Conclusion

CONCLUSION 115

Maybe the most promising benefit regarding the way the heart beats as a biometric is the fact that the biometric feature in its nature solves one of the biggest concerns regarding biometrics today namely: Liveness testing. One cannot measure the electrical activity of a human heart if the heart and thus the human is not alive. And one of the most un-explored and un-researched fields in using the way the heart beats as a biometric is probably which ECG/VCG parameters will be best suited for the application in a biometric system and how or what must be changed to the physical working of existing sensors in order to maximize the reliability and usability of such a system.

References

Main references

REFERENCES 117

[1] http://www.babycenter.com/expert/baby/babydevelopment/6888.html ,2005-01-26 , By Judith

Hudson, Ph.D.

[2] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar. Handbook of Fingerprint

Recognition. Springer Verlag, New York, NY, USA, June 2003.

[3] Available from http://www.securitypronews.com/news/securitynews/spn-45-

20040915MostCustomerPasswordImplementationsandPoliciesIneffectiveAccordingtoMETAGroup.

html - Staff Writer (Accessed 12 January 2005).

[4] Earl Perkins, vice president with META Group's Security & Risk Strategies advisory service.

[5] http://www.networkcomputing.com/1018/1018f1.html - A Token of Our Esteem -September 6,

1999 By Timothy M. O'Shea

[6] http://www.networkcomputing.com/1018/1018f1.html (accessed 9 November 2005)

[7] Available from http://www.mobileinfo.com/News_2003/Issue15/Casio_Scanner.htm (Accessed

24 March 2005).

[8] http://www.biometrics.co.za/tech_Economist.htm (accessed 6 November 2005)

[9] Julian Ashbourn, "Biometrics: Advanced Identity Verification, The Complete Guide," Springer,

London, 2000.

[10] A. Jain, R. Bolle, S. Pankanti, editors, "BIOMETRICS Personal Identification in Networked

Society," Kluwer Academic Press, Boston, 1999.

[11] D. Zhang, "AUTOMATED BIOMETRICS Technologies and Systems," Kluwer Academic

Publishers, Boston, 2000.

[12] L. Jain, et al, editors, "Intelligent Biometric Techniques in Fingerprint and Face Recognition,"

CRC Press, Boca Raton, 1999.

[13] http://www.coreuk.com/WP_what_is_biometric.htm (Accessed 23 August 2004)

[14] www.smu.edu/csr/articles/2004/Summer/Kennedy.pdf - Thumbs Up for Biometric

Authentication by Gwen “Wendy” Kennedy

[15] http://www.wave-report.com/conference_reports/2005/BiometricConsortium.html Biometrics

Consortium By John Latta

Main references

REFERENCES 118

[16] http://www.banking.com/aba/cover_0197.htm Biometrics comes to life By By Orla O'Sullivan,

senior editor/technology

[17] http://www.pc-phage.com/ (accessed on 2005-11-07)

[18] Available from http://www.gartner.com/Init (Accessed 19 January 2005).

[19] http://www.gartner.com Gartner Research Group. (Accessed 22 July 2004).

[20] http://www.hcfama.org/index.cfm?fuseaction=Page.viewPage&pageId=325 (accessed 7

November 2005)

[21] Financial Mail, 17 May 2002

[22] http://www.cms.hhs.gov/hipaa/hipaa2/regulations/security/nprm/default.asp (accessed 7

November 2005)

[23] Health Insurance Portability and Accountability Act Executive Summary. 12 June 2004.

http://www.hipaa-iq.com/summary.htm

[24] BIOVISION - Roadmap for Biometrics in Europe to 2010

[25] Financial Mail, 17 May 2002

[26] Available from http://www.alumni.ca/~fren4j0/history_of_fingerprinting.htm (Accessed 19

January 2005).

[27] http://www.securityworldhotel.com/uk/STA/biometrics/part_4.asp (accessed 8 November

2005)

[28] www.atmel.com/literature/AT77C101B (accessed 8 November 2005)

[29] http://www.ultra-scan.com/Default.aspx?tabid=470 (accessed 26 February 2006)

[30] Availible from http://ctl.ncsc.dni.us/biomet%20web/BMRetinal.html (Accessed 6 June 2005)

[31]http://perso.wanadoo.fr/fingerchip/biometrics/types/fingerprint_sensors_physics.htm#pressure

(accessed 26 February 2006)

[32] http://www.lumidigm.com/ (accessed 2006-06-11)

[33] www.idiap.ch/ (accessed 2006-06-16)

[34] www.fearid.com/html/statusQuo (accessed 2006-09-10)

Main references

REFERENCES 119

[35] c't 11/2002, page 114 – Biometrie, Lisa Thalheim, Jan Krissler, Peter-Michael Ziegler. Body

Check - Biometric Access Protection Devices and their Programs Put to the Test

(http://www.heise.de/ct/english/02/11/114/)

[36] http://www.humanscan.de/ (accessed 2006-06-12)

[37] www.identix.com/ (accessed 2006-09-10)

[38] Biometrics Market Report 2003-2007. International Biometrics Group, 2002,

URL: http://www.biometricgroup.com/reports/public/market_report.html (Accessed 21 October

2004)

[39] http://www.theherald.co.za/herald/2005/11/10/news/n04_10112005.htm (accessed 2006-01-

11)

[40] International Biometric Group. Liveness detection in biometric systems, 2003.

White paper. Available at http://www.biometricgroup.com/reports/public/

reports/liveness.html [accessed 12/05/04].

[41] www.citer.wvu.edu/members/publications/files/15-SSchuckers-Elsevior02.pdf [accessed

01/03/06]

[42] Scenario Testing Performance and Reporting Biometric Performance Testing and Reporting

Draft v1.2 – Page 11 , www.ncits.org/tc_home/m1htm/docs/m1030351.pdf [accessed 01/28/06]

[43] Biometric Recognition: Security and Privacy Concerns ,biometrics.cse.msu.edu/j2033.pdf

[accessed 01/23/06]

[44] Blood Pressure Monitoring, www.medphys.ucl.ac.uk/teaching/

undergrad/projects/2003/group_03/whydet.html [accessed 01/23/06]

[45] Zeno Geradts*, Arnout Ruifrok, Extracting forensic evidence from biometric devices, pp. 8

[46] Ton van der Putte and Jeroen Keuning,BIOMETRICAL FINGERPRINT RECOGNITION

DON'T GET YOUR FINGERS BURNED

[47] Tsutomu Matsumoto,Hiroyuki Matsumoto, Koji Yamada, Satoshi Hoshino - Impact of Artificial

"Gummy" Fingers on Fingerprint Systems - http://cryptome.org/gummy.htm [accessed 2006-01-12]

Main references

REFERENCES 120

[48] Handbook of Fingerprint Recognition, Series: Springer Professional Computing

Maltoni, D., Maio, D., Jain, A.K., Prabhakar, S. ,1st ed. 2003. Corr. 2nd printing, 2003, XII, 348 p.

178 illus. with CD-ROM., Hardcover ISBN: 0-387-95431-7

[49] Biomedical Signal Analysis Laboratory, http://people.clarkson.edu/~biosal/ [accessed 2006-01-

09]

[50] R. Derakhshani R, S.A.C. Schuckers, L. Hornak, L. O'Gorman, "Determination of Vitality From

A Non-Invasive Biomedical Measurement for Use in Fingerprint Scanners", No.2, pp. 383-396,

2003.

[51] International Biometric Group. Liveness detection in biometric systems, 2003

White paper. Available at http://www.biometricgroup.com/reports/public/

reports/liveness.html [accessed 12/05/04].

[52] T. Putte and J. Keuning, “Biometrical fingerprint recognition: don’t get your fingers burned”,

Fourth Working Conf. Smart Card Research and Adv. App., pp. 289-303, 2000.

[53] Marie Sandstrom, Liveness Detection in Fingerprint Recognition Systems, 2004

[54] N.K. Ratha, J.H. Connell, and R.M. Bolle, “Enhancing security and privacy in biometrics-based

authentication systems”, IBM Systems Journal, vol. 40, no. 3, pp. 614-634, 2001.

[55] A. Adler, “Sample images can be independently restored from face recognition templates”,

http://www.site.uottawa.ca/~adler/publications/2003/adler-2003-frtemplates.pdf

[56] Biometric Myths, Dr. Manfred Bromba , http://www.bromba.com/contacte.htm

[57] http://www.ccert.edu.cn/education/cissp/hism/037-039.html (accessed 11/10/2005)

[58] Let Me In!!! (“Biometric Access & Neural Control”) William J. Lawson, Ph.D. , Ruby Ann M.

Lawson , November 26 2001

[59] Presentation and Analysis of Vector Electrocardiograms ,Anna Redz, 10th March 1998 page

12

[60] Professor A.L. van Gelder - FRCP(London) Head, Dept of Internal Medicine at the University

of Pretoria and the Pretoria Academic Hospital

[61] Ruben Hechter ([email protected]) – Sales Representative, Electro Medical, Techmed

(Pty) Ltd

Main references

REFERENCES 121

[62] http://www.math.com/students/wonders/lissajous/lissajous.html (accessed 02/03/2006)

[63]http://www.schiller.ch/navigation/powerslave,id,839,nodeid,839,_country,hq,_language,en.html

(accessed 13/03/2006)

[64] Hannes Naude, Denel Aerospace engineer

[65] http://www.kentron.co.za/Home.asp (accessed 2006-04-14)

[66] Feature subset selection using Thornton’s separability index and its applicability to a number

of sparse proximity-based classifiers, John Greene , Department of Electrical Engineering

University of Cape Town, Private Bag, Rondebosch, 7001, South Africa., [email protected]

[67] http://www.mathworks.com/ (accessed 2006-04-23)

Appendix A

The story behind the research

Appendix A

APPENDIX A 123

A.1. The story behind the research… My interest in biometrics was sparked in my biometrics honours class. One of the major topics was that of liveness testing and the vast number of issues surrounding assuring that the individual claiming an identity really is who he/she is claiming to be. The idea of using the way the heart beats as an inherent liveness biometric came from a video in which Rick Warren (http://www.purposedrivenlife.com/rickwarren.aspx) a well known pastor and author of the book “Purpose driven life” said the following: “Did you know that God created every man with a unique heart beat?”. Now Rick Warren obviously did not mean this in the literal sense. At that time I was in my honours year, the phrase: “Did you know that God created every man with a unique heart beat?” immediately got me thinking in the direction of biometrics. I, together with Prof. von Solms, decided to concentrate on the broader field of biometrics with specific focus on liveness testing and with the climax being that of establishing if the possibility of using the way the heart beats as an inherent liveness biometric exists. This research in terms of the way the heart beats as an inherent liveness biometric aimed to contribute by reaching a point where it could either be said that the possibility of using the way the heart beats as an inherent liveness biometric exists or not. This research reached that conclusion by showing promising outcomes in the VCG analysis that was done.

A.2. Some of the challenges encountered were:

• Involvement of medical specialists (Professor A.L. van Gelder, Ruben Hechter). Their time was very scarce, but both were positive from the beginning.

• Obtaining access to VCG sensors and obtaining the VCG data. Currently there are only two Schiller VCG sensors in South Africa. To obtain access to anonymous VCG data proved to be quite a challenge.

• Converting the VCG data to a usable form.

• Involving someone (Hannes Naude, Denel Aerospace engineer) with the mathematical

skill to assist in the planning for an approach to analyze the data. Pattern recognition algorithms are very complex and to assist in planning the mathematical approach we needed special mathematical skills in the field.

• The huge task of presenting the data and analysis in an understandable way in this

dissertation.

A.3. External events surrounding the research: External events that drew attention to this study created the opportunity for me to network with other specialists in the computer security arena. The overall response to the idea of using the way the heart beats as an inherent liveness biometric and consequently this research was overwhelming. Some of the highlights and responses are included next:

• Student symposium in the field of natural sciences 2004. Hosted by the South African academy for science in union with the University of Stellenboch. At this event a 20 minute presentation on this research were given. First prize (cash prize) was awarded to this research (+- 30 other presentations). The research was still in early stages in 2004 (Figure A.1. and Figure A.2.).

Appendix A

APPENDIX A 124

Figure A.1. Student symposium in the field of natural sciences 2004.

Figure A.2. Student symposium in the field of natural sciences 2004.

Appendix A

APPENDIX A 125

• ISSA 2005 - Information Security South Africa Conference. This is an international conference and I was asked to present a poster (figure A.3.) on this research. The response was positive and numerous enthusiastic questions were asked. The response from a Canadian attendee in particular was very positive. She is involved in policy making in government functions. They are more and more moving towards biometric technology to prevent identity theft on various fronts.

Figure A.3. Poster at ISSA 2005.

This research provided a vehicle for me to grow tremendously in my field of interest, and my only hope is to continue on this exciting path.

Documents

Liveness assurance in Biometric Systems