case study on usage of biometrics (cryptography)

----- CASE STUDY------

USAGE OF BIOMETRICS

BY

AMRUTTAA PARDESSI BHARGAV AMIN

PRN-14030142055 PRN- 14030142016

Subject: CRYPTOGRAPHY

SICSR|MSC(CA)-2014-16|CRYPTOGRAPHY-CASE STUDY

ACKNOWLEDGEMENT

We, Amruttaa Pardessi and Bhargav Amin would like to express our gratitude to our Cryptography

subject professor Mr Atul Kahate Sir for his guidance and motivation as well as providing

necessary information regarding the Case Study.

We were able to learn this topic to the depth and gain complete knowledge on this by our own

research.

Amruttaa Pardessi

Bhargav Amin

Date- 2 March 2015

Place- Pune


TABLE OF CONTENTS

SR NO TOPIC PAGE NO 1. Abstract 4

2. Introduction 5

3. History of Biometrics 6

4. How Biometric Authentication System

Works?

7

5. Performance and Security

Considerations

8

6. Factors to be considered for Decision

making whether Biometric Technology

to be used or not

9

7. Biometric Modalities 10

7.1. Fingerprint Recognition 11

7.2. Face Recognition 12

7.3. Iris Recognition 13

7.4. Hand/Finger Geometry 14

8. Different Kinds of Biometric Systems 15

9. Requirements of Applications to be

considered for deciding which Biometric

Technique to Implement

16

10. Biometric System Implementation 17

10.1. Biometric authentication used in ATM's

Law Enforcement and Airports

17

10.2. Biometric authentication in Networking 18

11. Advantages and Disadvantages 19

12. Recent Research in Biometric

Technology

20

13. Summary 21

14. References 22


1. ABSTRACT

Biometrics is widely discussed in past and still today. We will be discussing how

exactly biometric systems work and various biometric modalities. Biometrics is

implemented at Airports, ATM’s, networking and many more. Biometrics is also said

to be in discussion for storing biometric data on passports. Many banks and laptops,

PDA’s etc are using finger sensors now days. However, many implementations and

proposals use biometric data but it’s still not widely used for user authentication. This

case study is based on overall usage of biometrics.


2. INTRODUCTION

“Biometrics” is an automated methods of recognizing an individual based on

measurable biological (anatomical and physiological) and behavioural characteristics.

Biometrics has recently become popular due to high profile applications which use

this technology in day-to-day activities.

Example- FBI's Integrated Automated Fingerprint Identification System (IAFIS), US-

VISIT program, the Transportation Workers Identification Credentials (TWIC)

program and Registered Traveller program.

Biometrics uses a person’s own identity to identify himself. Biometrics uses physical

characteristics like face, fingerprints, irises or veins, or behavioural characteristics

such as voice handwriting or typing rhythm. Thus, this system is considered to be

safe and secure as compared to keys and passwords.


3. HISTORY OF BIOMETRICS

Biometrics was used during prehistoric times.

Chinese used fingerprinting in the 14th

century for identification.

In the 17th century fingerprinting was used to seal official documents.

TIMELINE

1858 – First systematic capture of hand images for identification purposes is recorded 1892 – Galton develops a classification system for fingerprints 1894 – The Tragedy of Pudd’nhead Wilson is published 1896 – Henry develops a fingerprint classification system 1903 – NY State Prisons begin using fingerprints 1936 – Concept of using the iris pattern for identification is proposed 1960 – First model of acoustic speech production is created 1963 – Hughes research paper on fingerprint automation is published 1969 – FBI pushes to make fingerprint recognition an automated process 1970s – Face Recognition takes another step towards automation 1970 – Behavioral components of speech are first modelled 1974- First commercial hand geometry systems become available 1975 – FBI funds development of sensors and minutiae extracting technology 1976 – First prototype system for speaker recognition is developed 1977 – Patent is awarded for acquisition of dynamic signature information 1985 – Concept that no two irises are alike is proposed 1985 – Patent for hand identification is awarded 1986 – Patent is awarded stating that the iris can be used for identification 1991 – Face detection is pioneered, making real time face recognition possible 1992 – Biometric Consortium is established within US Government 1993 – FacE REcognition Technology (FERET) program is initiated 1994- First iris recognition algorithm is patented 1994 – Integrated Automated Fingerprint Identification System (IAFIS) competition is held 1995 – Iris prototype becomes available as a commercial product 1996 – Hand geometry is implemented at the Olympic Games 1997 – First commercial, generic biometric interoperability standard is published 1998- FBI launches COOlS (DNA forensic database) 1999 – FBI’s IAFIS major components become operational 2000 – First research paper describing the use of vascular patterns for recognition is published 2000 – West Virginia University biometrics degree program is established 2002 – ISO/IEC standards committee on biometrics is established 2003 – Formal US Government coordination of biometric activities begins 2003 – European Biometrics Forum is established 2004 – DOD implements ABIS 2004 – Presidential directive calls for mandatory government-wide personal identification card for all federal employees and contractors 2004 – First state wide automated palm print databases are deployed in the US 2005 – Iris on the Move is announced at Biometrics Consortium Conference 2010 – U.S. national security apparatus utilizes biometrics for terrorist identification 2011 – Biometric identification used to identify body of Osama bin Laden 2013 – Apple includes fingerprint scanners into consumer-targeted smartphones


4. HOW BIOMETRIC AUTHENTICATION SYSTEM WORKS?

There are 5 integrated components:

a. A sensor- It detects the characteristics used for identifying the person. It

collects the data and converts information to digital format.

b. Signal Processing Algorithms- Develops the biometric template and processes

the signal.

c. Data Storage or Computer- Stores information about biometric templates to

be compared.

d. Matching Algorithm- Compares new biometric template to the one kept in

Data Storage.

e. Decision process- This can be automated or human assisted. It makes a system

level decision after the comparison.


5. PERFORMANCE AND SECURITY CONSIDERATIONS

It’s difficult to measure the performance of biometric authentication systems.

Whether the system is good or bad completely depends on the accuracy of the

system. Speed, storage, cost and ease-of-use are also important factors that must be

considered. Biometric systems are not perfect and many a times cause errors. It may

happen that and unauthorised person gets access and an authorised person is rejected

by the system. These kinds of errors are called False Acceptance (FA) and False

Rejection (FR) respectively. For most systems these kinds of errors can be dealt

with. The FR rate and FA rate are dependent on each other. Both rates are zero in a

perfect system. If the system is very secure than it tries to increase FA rate to zero

which makes the FR rate very high. Whereas,

The time required by the authentication system to determine a person is authorised or

not is an important factor to judge the performance of system. The ideal would be if

the answers are got in real time. For example- it would be unacceptable to wait for

half a minute in front of an ATM to be authenticated. Thus the accuracy and security

of biometric system is related with time. This means the more time a biometric

system takes for authentication the less secure it is.

Thus the conclusion is such that the biometric system has FR and FA rate which

needs to be traded off with each other which in turn affects the time taken for

authentication and security.


6. FACTORS TO BE CONSIDERED FOR DECISION MAKING

WHETHER BIOMETRIC TECHNOLOGY TO BE USED OR

NOT

Distinctiveness and uniqueness of biometric characteristic- Two persons

might have the same characteristics, what is the probability of this case? How

can the biometric traits be distinguished accurately?

Vulnerability to fraud system- Is the system vulnerable to fraudulent

methods? Is it possible to copy or steal biometric characteristic of another

person?

Intrusiveness of System- When taking biometric sample, is the system

intrusive?

Variation of Biometric Characteristic- What is the duration when the

characteristic of an individual can change? What are the consequences that the

biometric characteristic of a user is lost?

Maintenance of the system- Is support required? Do the samples need regular

updation? What kind of support is required?

Test reports and statistics are used to find answers to these questions by Decision

makers.


7. BIOMETRIC MODALITIES

Biometric modalities include face, iris, fingerprint, voice and signature. Many factors

need to be considered when implementing a biometric such as location, security risks,

tasks (identification and verification), expected number of users, user circumstances,

existing data, etc

Multimodal Biometrics: (as below)


7.1. FINGERPRINT RECOGNITION

Fingerprints have uneven surfaces called ridges and valleys that form the unique

identification for the individual. Many applications use ridge patterns that are on top

joint of finger.

The FBI IAFIS system used a method to compare the submitted information against a

database which has millions of fingerprints too check if the individual has submitted

previously or has a criminal history. IAFIS require information of all 10 fingers,

either ink based or electronic. Submitted fingers are compared against the fingerprints

in database and are verified by 0, 1, 2 fingerprint examiners. This process takes 1 to 2

hours.

Automated commercial systems require only one finger for comparison and prove the

identity. This process takes less than a second.


7.2. FACE RECOGNITION

Since 1960, machine vision researchers were trying to find the appropriate methods

for detecting face but no perfect solution was found. Multiple approaches were tried

2D and 3D which greatly improve face recognition abilities.


7.3. IRIS RECOGNITION

Iris is colored part on an individual’s eye. This concept dates back to 1936. The

patent for iris recognition was issued in 1994 for algorithms that can make this

happen.

The identification system illuminates the iris with near-infrared light, which is seen

by most cameras and does not cause injury to humans. Iris recognition takes

illuminated picture of iris.


7.4. HAND/FINGER GEOMETRY

This was most successful biometric product. It works as; a user enters a PIN code to

claim an identity, and then places their hand on system, which takes a picture of her

hand. The picture shows view of the hand from top and sides. Measurements are

taken as digits of hand and compared to those collected at enrollment.


8. DIFFERENT KINDS OF BIOMETRIC SYSTEMS

Dynamic Signature: Measures speed and pressure for identification.

Retina Recognition: Image of the blood vessels and back of eye is collected and matched

with previously collected samples.

Body Recognition: Measures the appearance and walking style of an individual.

Speech Recognition: An individual’s physical voice as well has behavioural attributes of

voice are used for recognition.

Keystroke Dynamics: Measures typing patterns of individuals.

Odour

Ear

DNA

(Ignore the vendor and market share column)


9. REQUIREMENTS OF APPLICATIONS TO BE CONSIDERED

FOR DECIDING WHICH BIOMETRIC TECHNIQUE TO

IMPLEMENT

The factors that must be considered are:

The ability to deal with the number of individuals.

Ease of use

Speed of operation

Secure and robust against various attacks

Accurate discrimination against individuals


10. BIOMETRIC SYSTEM IMPLEMENTATIONS

10.1. Biometric authentication used in ATM's Law Enforcement and

Airports

Iris Recognition used for Law Enforcement first by U.S. in 1996 in prison to

release prisoners.

Iris Recognition used in ATM, if an individual faces the sensors, the camera

immediately captures the iris, the Iris is verified with the record in database,

then the accounts are unlocked immediately. Iris can be captured through sun

glasses, contact lenses and glasses.

CANADA's immigration system uses biometrics it helps identifying applicants

during the initial stage of VISA process. This system helps the visa issuing

authorities to take decisions who should be granted the visa to visit Canada.

Biometrics helps them prevent:

o Known criminals from entering Canada

o Identifying fraud and theft

o Deportees from re-entering Canada without permission and

o Failed refugee claimants’ form re-entering Canada with false identity proof.


10.2. Biometric authentication in Networking

Companies such as Novell, Baltimore Technologies are some of the first to take

advantage of biometric scheme.

Internet Banking: Used in enhancing the security of Internet Banking.

A bank, contracting with an ASP (Application Service Provider), could require

biometric verification for a high-value transaction over the Internet.

Baltimore Technologies offer biometric security. Users will be authenticated

using multiple biometrics and then authorized to access data and applications

and conduct business in a secure manner.


11.ADVANTAGES AND DISADVANTAGES

Besides many disadvantages the advantages make biometric systems very desirable

to use.

Accuracy and Security are disadvantages of biometric authentication systems as

discussed earlier.

Acceptability is also a disadvantage of biometric authentication system.

Acceptability by users is a major concern like for example, many people think that

fingerprint authentication is used for criminals and by iris scanning the light beam

can harm their eyes.

Cost is also a major disadvantage of biometric techniques. High cost is imposed on

the hardware and software and on other hand on integrating biometric authentication

mechanism to current network.

Another disadvantage is the varying reliability of biometric system. The physical

characteristics of people might change with age or any physical injury or diseases.

This might affect fingers or eyes.

Also, environment conditions can affect biometric systems like for example

background noise can affect voice recognition systems or a cut in finger might not

give that person access to system by finger recognition.

Another problem is integrating biometric authentication system in corporate

infrastructure. Proper platform or applications are not available to host the

biometric system on large scale in organisations.

Apart from the many disadvantages there are also many advantages which make the

biometric systems very desirable let’s have a look below:

The major advantage is that biometric systems is that the data cannot be lost, stolen,

duplicated or forgotten like keys and access cards. These cannot be forgotten,

compromised, shared or observed or guessed like passwords or PINS.

No need to change the recorded data every three months like we do with passwords.

Therefore, it’s more convenient to use.

Biometric authentication system increase the security of system, if accuracy is high,

the hardware is unique and can’t be cheated easily. Clare Hist states for example that

biometrics used in conjunction with smart cards “can provide strong security for PKI

credentials held on the card.”

It can also be considered cost efficient, as reduces overheads for password

maintenance.


12.RECENT RESEARCH IN BIOMETRIC TECHNOLOGY

Infrared Technology to scan fingerprint below surface of skin to reveal vascular

and sub dermal details that results in multidimensional details of one’s

thumbprint.

Research includes using a combination of biometric systems for human

identification.

Biometric for mobile applications

New biometric technologies in forensic and security applications

A research group from France submitted a paper that described a method

combining biometric information with cryptographic systems.


12.SUMMARY

More disadvantages than advantages seem to exist for Biometric Authentication

Systems. That is why these systems are not widely acceptable or used yet. The

advantages are such that people tend to use these systems despite of the

disadvantages. Every system has to deal with the disadvantages.

A lot of research is still going on in this area to build a more secure system despite

the disadvantages. For example- Using Smart Card along with finger print detection

makes the system more secure. Thus combination of biometric with other

technologies is highly effective and used widely today.

To conclude, the usage of biometric systems will increase a lot more in future with

the support of stable technologies and more cost effectiveness.


13.REFERENCES

http://www.cic.gc.ca/english/department/biometrics-why.asp

http://www.biometricsinstitute.org/pages/types-of-biometrics.html

http://en.wikipedia.org/wiki/Biometrics

http://shop.bsigroup.com/Browse-By-Subject/Biometrics/Why-use-biometrics/

http://ntrg.cs.tcd.ie/undergrad/4ba2.02/biometrics/now.html

http://www.biometricupdate.com/201501/history-of-biometrics

http://www.cic.gc.ca/english/department/biometrics-why.asp

http://www.biometricsinstitute.org/pages/types-of-biometrics.html

http://en.wikipedia.org/wiki/Biometrics

http://shop.bsigroup.com/Browse-By-Subject/Biometrics/Why-use-biometrics/

http://ntrg.cs.tcd.ie/undergrad/4ba2.02/biometrics/now.html

http://www.biometricupdate.com/201501/history-of-biometrics

case study on usage of biometrics (cryptography)

Technology

biometric technology

biometric data

cryptographycase study

biometric technique

introduction biometrics

abstract biometrics

cryptography sicsrmscca

various biometric modalities