biometrics and authentication shivani kirubanandan

Biometrics and Biometrics and AuthenticationAuthentication

Shivani Kirubanandan

Lets Define !Lets Define !

“A biometric is a A biometric is a physiologicalphysiological or or behavioralbehavioral characteristic of a human characteristic of a human being that can being that can distinguishdistinguish one person one person from another and that theoretically can be from another and that theoretically can be used for used for identificationidentification or or verification verification of of identity.”identity.”

“A biometric is a A biometric is a physiologicalphysiological or or behavioralbehavioral characteristic of a human characteristic of a human being that can being that can distinguishdistinguish one person one person from another and that theoretically can be from another and that theoretically can be used for used for identificationidentification or or verification verification of of identity.”identity.”

Biometrics as AuthenticationBiometrics as Authentication

Authentication depends onAuthentication depends on• What you haveWhat you have• What you know What you know • What you ARE !What you ARE !

Authentication depends onAuthentication depends on• What you haveWhat you have• What you know What you know • What you ARE !What you ARE !

Why Biometrics?Why Biometrics?

• Identity thefts • Something you know can be

stolen• Predicted or hacked• Reliability on manual verification

• Identity thefts • Something you know can be

stolen• Predicted or hacked• Reliability on manual verification

Application CategoriesApplication Categories

Biometric applications available Biometric applications available today are categorized into 2 sectorstoday are categorized into 2 sectors

• Psychological: Iris, Fingerprints, Hand, Psychological: Iris, Fingerprints, Hand, Retinal and Face recognitionRetinal and Face recognition

• Behavioral: Voice, Typing pattern, Behavioral: Voice, Typing pattern, SignatureSignature

Biometric applications available Biometric applications available today are categorized into 2 sectorstoday are categorized into 2 sectors

• Psychological: Iris, Fingerprints, Hand, Psychological: Iris, Fingerprints, Hand, Retinal and Face recognitionRetinal and Face recognition

• Behavioral: Voice, Typing pattern, Behavioral: Voice, Typing pattern, SignatureSignature

Biometric Authentication ProcessBiometric Authentication Process

• Acquisition• Creation of Master characteristics• Storage of Master characteristics• Acquisition(s)• Comparison• Decision

• Acquisition• Creation of Master characteristics• Storage of Master characteristics• Acquisition(s)• Comparison• Decision

The metrics of BiometricsThe metrics of Biometrics

• FTE – Failure To Enroll• FTA – Failure To Accept• FAR – False Acceptance Rates• FRR – False Reject Rates

• FTE – Failure To Enroll• FTA – Failure To Accept• FAR – False Acceptance Rates• FRR – False Reject Rates

Essential parametersEssential parameters

• Liveness testing• Tamper resistance• Secure communication• Security Threshold level• Fall back node

• Liveness testing• Tamper resistance• Secure communication• Security Threshold level• Fall back node

Fingerprint recognitionFingerprint recognition

• Divides print into loops, whorls and arch

• Calculates minutiae points (ridge endings)

• Comparisons • authentication

• Divides print into loops, whorls and arch

• Calculates minutiae points (ridge endings)

• Comparisons • authentication

Fingerprint techniquesFingerprint techniques

• Optical

• Capacitive

• Thermal

• Ultrasonic

• Optical

• Capacitive

• Thermal

• Ultrasonic

DisadvantagesDisadvantages

• Racial issues• Dirt , grime and wounds • Placement of finger• Too big a database to process• Can be spoofed –liveness important!

• Racial issues• Dirt , grime and wounds • Placement of finger• Too big a database to process• Can be spoofed –liveness important!

Hand GeometryHand Geometry

• Geometry of users hands • More reliable than fingerprinting• Balance in performance and

usability

• Geometry of users hands • More reliable than fingerprinting• Balance in performance and

usability

DisadvantageDisadvantage

• Very large scanners • Very large scanners

Retinal ScanningRetinal Scanning

• Scans retina into database • User looks straight into retinal

reader• Scan using low intensity light• Very efficient – cant be spoofed!

• Scans retina into database • User looks straight into retinal

reader• Scan using low intensity light• Very efficient – cant be spoofed!

DisadvantagesDisadvantages

• User has to look “directly” • FTE ratio high in this biometric• Acceptability concerns

– Light exposure– Hygiene

• User has to look “directly” • FTE ratio high in this biometric• Acceptability concerns

– Light exposure– Hygiene

Iris ScannerIris Scanner

• Scans unique pattern of iris• Iris is colored and visible from far• No touch required• Overcomes retinal scanner issues• Contact lenses an issue?

• Scans unique pattern of iris• Iris is colored and visible from far• No touch required• Overcomes retinal scanner issues• Contact lenses an issue?

Face recognitionFace recognition

• User faces camera

• Neutral expression required

• Apt lighting and position

• Algorithms for processing

• Decision

• User faces camera

• Neutral expression required

• Apt lighting and position

• Algorithms for processing

• Decision

Issues with Face Recognition?Issues with Face Recognition?

IssuesIssues

• Identification across expression• FRR or FAR fluctuate• Easily spoofed• Tougher usability• High Environmental impact

• Identification across expression• FRR or FAR fluctuate• Easily spoofed• Tougher usability• High Environmental impact

BehavioralBehavioral

• Voice• Signature• Typing pattern

• Voice• Signature• Typing pattern

Voice RecognitionVoice Recognition• Speech input

– Frequency– Duration – Cadence

• Neutral tone • User friendly

• Speech input – Frequency– Duration – Cadence

• Neutral tone • User friendly

DisadvantagesDisadvantages

• Local acoustics• Background noise• Device quality• Illness , emotional behavior• Time consuming enrollment• Large processing template

• Local acoustics• Background noise• Device quality• Illness , emotional behavior• Time consuming enrollment• Large processing template

Signature RecognitionSignature Recognition

• Signature measures (dynamic)– Speed– Velocity– Pressure • Captures images (static)• High user acceptance

• Signature measures (dynamic)– Speed– Velocity– Pressure • Captures images (static)• High user acceptance

Issues Issues

• Signature variable with– Age, illness, emotions• Requires high quality hardware• High FRR as signatures are very dynamic

• Signature variable with– Age, illness, emotions• Requires high quality hardware• High FRR as signatures are very dynamic

Typing Patterns Typing Patterns

• User typing pattern– Speed– Press and Release Rate• Unique patterns are generated• comparisons

• User typing pattern– Speed– Press and Release Rate• Unique patterns are generated• comparisons

IssuesIssues

• Not very scalable

• FRR is high

• Can be spoofed – by simple technology (recorders)

• Not very scalable

• FRR is high

• Can be spoofed – by simple technology (recorders)

Usability issues in BiometricsUsability issues in Biometrics

• User acceptability• Knowledge of technology• Familiarity with biometric

characteristic• Experience with device

• User acceptability• Knowledge of technology• Familiarity with biometric

characteristic• Experience with device

Usability issues…Usability issues…

• Environment of use• Transaction criticality • Time consuming tasks

• Environment of use• Transaction criticality • Time consuming tasks

Biometric solutionsBiometric solutions

• Educate• Train• Explain Interfaces• Use Trainers• Supervised Playtime

• Educate• Train• Explain Interfaces• Use Trainers• Supervised Playtime

General issuesGeneral issues

• FTE posses problem• Biometric characteristics are not

encrypted• Trust on input device• Cannot authenticate computers!• Privacy attack?!

• FTE posses problem• Biometric characteristics are not

encrypted• Trust on input device• Cannot authenticate computers!• Privacy attack?!

Current applicationsCurrent applications

• Banks • Immigration facilities across USA• IDwidget – interesting research• Eyegaze at Stanford

• Banks • Immigration facilities across USA• IDwidget – interesting research• Eyegaze at Stanford

Class taskClass task

• Sell your biometric productCase1A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them?

• Sell your biometric productCase1A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them?

Class task…Class task…

Case 2: • Suggest certain areas in which

biometrics would prove disastrous• Note- You may suggest a particular

combination of biometrics which may be disastrous to security and privacy

Case 2: • Suggest certain areas in which

biometrics would prove disastrous• Note- You may suggest a particular

combination of biometrics which may be disastrous to security and privacy

Thank You!!Thank You!!