1

Biometric Techniques MIA02108

Introduction to Biometric Technologies and Applications(Lecture 1-2)

2

What are Biometrics?

• The term � "biometrics" is derived from the Greek words bio (life) and metric (to measure).

�• For our use, biometrics refers to technologies for

measuring and analyzing a person's physiological or behavioral characteristics.

• These characteristics are unique to individuals hence can be used to verify or identify a person.

3

What are Biometrics?

“A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.”

4

Biometrics as Authentication

Authentication depends on• Something you know, like a password or pass

phase• Something you have, like a token• Something you ARE, a measurable trait

Know

HaveBe

5

Something you know

• Passwords• Pass phrases• PINs• Secret handshakes

6

Something you know• Strong Passwords

1. Min. 8 characters

2. Include upper and lower cases

3. Contain numeric and non numeric characters.

4. Used for certain time period

5. Cannot contain a substring of the user name.

• Weak Passwords

• As user convenience increases, the strength of authentication decreases.

7

Something you have

• Anything that is unique and that the user is required to possess can be used as an authenticating token.

• A token is generally issued to one user. It is used with a password, PIN and user ID.

• If it has been lost or stolen, and if the user ID presented with it matches, the user is authenticated.

8

Something you have

• Token fall into two general categories:

1. Storage tokens

2. Dynamic tokens

9

Something you have

• Storage tokens: Token + Password

a) Smart cards

b) Unique information stored on the token that identifies the processor.

c) Multi-factor authentication

d) Still has the weakness of passwords

e) Example: ATM card, and Employee ID card etc.

10

Something you have

• Dynamic tokens: Token + Password + One time authentication code

a) Storage token + One time authentication code

b) Strong authentication

c) But this is inconvenient for the user.

d) Example: Smart cards

11

Something you are

• Any physical trait that can be reliably measured can be used to authenticate and is called a biometric.

• A biometric is a physical or psychological trait that can be measured, recorded, and quantified.

• By doing this, we can use that trait to obtain a biometric enrollment.

• This way, we can say with a degree of certainty that someone is the same person in future biometric authentication based on their previous enrollment authentications.

12

Problems with current security systems

• Based on Passwords, or ID/Swipe cards

• Can be Lost.

• Can be forgotten.

• Can be stolen and used by a thief/intruder to access your data, bank accounts, car etc.

13

Problems with current security systems

• With increasing use of IT technology and need to protect data, we have multiple accounts/passwords.

• We can only remember so many passwords, so we end up using things we know to create them (birthdays, wife/mother name, dog, cat)

• Its is easy to crack passwords, because most of our passwords are weak!

• If we create strong passwords (that should be meaningless to us) we will forget them! And there is no way to remember multiple such passwords.

14

Some statistics on User/Passwords

• Case Study: Telesis Community Credit Union(CA), a California based financial services provider that manages $1.2 billion in assets.

• The VP of IT, lead a team to run a network password cracker as part of an enterprise security audit last year to see if employees were following Telesis’ password policies.

• Result: They were far from doing so.

15

Some statistics on User/Passwords

• In fact within 30 seconds the team was able to identify 80% of people’s passwords!

• The team asked employees to change their passwords and comply with password policies.

• A few days later, the IT team run their password cracking exercise again.

• This time they still were able to crack 70% of the passwords!

16

• Traditional means of automatic identification (before biometrics)– Knowledge-based• Use “something that you know”• Examples: password, PIN

– Token-based• Use “something that you have”• Examples: credit card, smart card, keys

17

• Problems with traditional approaches– Token may be lost, stolen or forgotten – PIN may be forgotten or guessed by the imposters• (25% of people seem to write their PIN on their

ATM card)• Estimates of annual identity fraud damages per

year:– $1 billion in welfare disbursements– $1 billion in credit card transactions– $1 billion in fraudulent cellular phone use– $3 billion in ATM withdrawals

18

Frauds in industry happens in the following situations:• Bank transaction like ATM withdrawals• Access to computers and emails• Credit Card purchase• Purchase of house, car, clothes or jewellery• Getting official documents like birth certificates or

passports• Obtaining court papers• Drivers licence• Getting into confidential workplace

19

• MANY PROBLEMS WITH CURRENT

SECURITY AUTHENTICATION SYSTEMS.

• ANSWER: USE BIOMETRIC TECHNOLOGY

• SSO (Single-Sign-On)

20

Some Examples of Different Biometrics

• Face

• Fingerprint

• Voice

• Iris

• Hand Geometry

• Retina Scan

• Signatures • Keystroke scan• DNA

21

• Requirements for an ideal biometric

– Universality• Each person should have the characteristic

– Uniqueness• No two persons should be the same in terms of the

characteristic

– Permanence• The characteristic should not change

22

• Issues in a real biometric system

– Performance• Identification accuracy, speed, robustness, resource requirements

– Acceptability• Extend to which people are willing to accept a particular

biometric identifier

– Faked protection• How easy is it to fool the system by fraudulent methods

23

• “Physiological and/or behavioral characteristics”

1. Behavioral:– User speaks.– Types on a keyboard.– Signs name.

2. Physiological:– Fingerprint– Hand– Eyes– Face

24

Key factor of Biometric System

• Enrollment• Template• Biometric algorithm• Live template• Verification

1. FAR (False acceptance rate)

2. FRR (False rejection rate)

25

Enrollment

• In a biometric system, a physical trait needs to be recorded.

• Recording is referred to as an enrollment.

• Enrollment based on the creation of a template.

26

Template

• Digital representation of a physical trait.

• Long string of alphanumeric characters, based on a biometric algorithm, characteristics or features of the physical trait.

27

Biometric algorithm

• The biometric algorithm can be viewed as the recipe for turning raw ingredients- like a physical trait- into a digital representation in the form of a template.

• The algorithm will also allow the matching of an enrolled template with a new template just created for verifying an identity, called a live template.

28

Live template and verification

• Live template and stored template are compared, the system calculates how closely they match.

• If the match is close enough, a person will be verified.

• FAR: Someone else is trying to verify you• FRR: You fail to match against your own

template

29

• “Determine or Authenticate identity”

Identification Systems:– Who am I?– Determine Identity

Verification Systems:– Am I who I claim to be?– Authenticate Identity

30

• “Determine or authenticate identity” Verification Systems (cont):– More accurate.– Less expensive.– Faster.– More limited in function.– Requires more effort by user.

31

Benefits:– Security• PC, Network, Web• Physical access to Buildings/Rooms

– Accountability• Audit Trails• Recordkeeping

– Convenience – Savings

32

Books• Biometrics for Network Security, Pearson,

Paul Reid • Biometrics, McGraw Hill, John D. Woodward,

and Nicholos M. Orlans

33

Thank You