IS Unit 5 - Biometrics

Biometrics Controls for Security

9.1 Introduction
Biometrics is the science for determining a person's identity (ID) by measuring his/her
physiological characteristics. Authentication is a fundamental concept in security, especially with
respect to human computer interaction. In this chapter, biometrics methods are discussed. We start
with the basics of biometrics to understand what it is, its place in user authentication for physical
access control and various technologies and techniques used in biometrics. Issues and challenges in
implementing a biometrics system will be discussed in the next chapter.
Biometrics has got interesting origin in the Chinese civilization. The earliest known use of
biometrics dates back to the seventh century during China's Tang Dynasty. During this period
fingerprints were used to sign and validate contracts. Over the last century, biometrics has grown
enormously. Technologies are being developed to verify or identify individuals on the basis of
measurements of the face, hand geometry, iris, retina, finger, ear, voice, speech, signature, lip
motion, skin reflectance, deoxyribonucleic acid (DNA) and even body odor (readers are encouraged
to review the IEEE paper by Jain & Prabhakar, 2004).
Biometrics techniques of today have been made possible by the advances in computing
technology and the need that arises owing to universal presence and connectivity of computers all
over the world. Biometrics identification is a much more sophisticated method of controlling access
to computing facilities than badge readers (we discussed those in Chapter 8); however, the two
methods operate in the same way. Biometrics techniques used for user identification typically
include fingerprint recognition, palm rexognition, handprint recognition, voice pattern recognition,
signature samples, retinal scans and iris scans.
Biometrics provides a higher level of security than badges because it cannot be lost, stolen
or shared. Thus, biometrics can provide a greater degree of security than traditional authentication
methods; however, these methods are expensive as well as complex to deploy. Given this, as of now,
biometrics identification techniques are suitable only for high-security, low-traffic entrance control
for physical access. In this chapter, we explore the latest advances in biometrics.

9.2 Access Control, User Identification and User Authentication

These terms are important in the discussion of biometrics and therefore we first deal with them
before proceeding with the rest of this chapter. Access control refers to the procedures and
mechanisms used either to restrict entry into the premises where something confidential is stored -
for example, the premises wherein information systems (IS)/computing facilities are hosed - or to
restrict entry to the computing device, or to software and/or data within the computer and to those
persons authorized to use such resources. In this context, identification and authentication of users
are important for information systems security.
User identification refers to the action of the user claiming his/her ID when communicating with a
device. Authentication is the process of proving that the claimed ID is genuine. Thus, the proof of ID
is a critical process in access control. It may take one of the following three types either individually
or in combination:
1. something that the user 'knows' [password, personal identification number (PIN), etc.];
2. something the user 'possesses' (badge, smart card, etc.);
3. something the user 'is' (user's biological characteristics).
 Biometrics concerns itself with the third type. It is something so unique to a person and
embedded with the person that it cannot be lost, stolen or copied. Given the unique nature of
human biometrics ID, biometrics methods occupy an important place in user
identification/authentication.

9.3 What is Biometrics?

The term biometrics comes from the Greek words bios meaning life and metrikos meaning
measure. It is well known that humans intuitively use some body characteristics such as face, gait or
voice to recognize each other. Since, today, a wide variety of applications require reliable verification
schemes to confirm the ID of an individual, recognizing humans on the basis of their body
characteristics has become more and more interesting in emerging technology applications.
Biometrics is used as one of the methods for physical access control. It is, basically, a collection of
methods for identification based on measuring the physiological characteristics that are unique to
each and every individual. Some examples of such characteristics are:
1. voice;
2. fingerprints;
3. body contours;
4. retina and iris;
5. handwriting style/handwritten signature;
6. gait (not as commonly used as the characteristics mentioned above).

Readers would like to note that gait is the peculiar way one walks and is a complex
spatiotemporal biometrics. Biometrics experts say that gait is not supposed to be very 'distinctive',
but is sufficiently 'discriminatory' to allow verification in some low-security applications. It is
important to be aware that 'gait' is a behavioral biometrics and may not remain invariant, especially
over a long period of time, owing to the fluctuations in body weight, major injuries involving joints or
brain or inebriety. However, because acquisition of gait (i.e., capturing the movement/walking style
of an individual) is similar to acquiring a facial picture, it may be an acceptable biometrics. Since gait-
based systems use the video-sequence footage of a walking person (see Figure 9.1) to measure
several different movements of each articulate joint, it is inpurtintensive and computationally
expensive (Box 9.1).
Biometrics methods, in general, involve performing some human action for configuring a system
used to recognize the physiological parameters of the ID (human entity) to be authenticated, for
example, most often, this could be:
1. drawing a few signatures so that the system can analyze and record their
characteristics/pattern;
2. looking into a scanning apparatus in order to record retinal patterns;
3. intoning words for the analysis and recording of voice patterns;
4. collecting multiple video shots of a person walking (gait acquisition).
With some success, these methods have are not so rampant as compared with the traditional
authentication methods (discussed in the Chapter 8). Also, biometrics methods, sometimes, give rise
to social acceptance issues as often they are lroked upon suspiciously (e.g., people may feel that
exposing their eyes to the retina scanner may damage their eyes'). Box 92 illustrates the multi-
disciplinary nature of biometrics.
 Basically, all biometrics techniques are based on similar concepts and employ common
features and functions, the most important being the procedures for enrolment and physical access
to premises housing the computing facilities/computer systems [it is said that the techniques are
developed whereby laptop users can use their thumb impression as the way of authentication to
start the laptop operating systems (OSs) on power-on, e.g., the SONY notebook series]. Usually, the
identification system is used in conjunction with other information, such as a PIN. In this type of
inspection for identification, a reference pattern that is known to be secure is compared with freshly
recorded identification data. Enrolment and template preparation are important procedures in
biometrics; they are discussed in a later section.

9.4 Nature of Biometrics Identification/Authentication Techniques

It is very important to understand the inherent nature of biometrics before proceeding further in
this chapter. In the world of security, identification and authentication techniques have 'accuracy'
implications (more on this is discussed in Section 9.7) that are based on 'probabilistic' phenomena.
This means that another issue surrounding the topic of biometrics is that of 'certainty as probability'
and there is a good reason for this. When an individual's claims of ID and privilege are verified in a
truly reliable way, the identification is 'authoritative'. The practical value of any
identification/authentication scheme, however, generally exists in one of the following three states:
1. certain and unambiguous (deterministic);
2. certain, based on a low probability of error (probabilistic);
3. uncertain and ambiguous and therefore (for att practical purposes) false.

Unfortunately, a biometrics attribute is not necessarily unambiguously permanent; therefore, all

biometrics schemes are probabilistic. Design and implementation steps that can reduce the
likelihood of an error are essential to orderly deployment of the technology. Biometrics techniques
are most reliable and effective when used as an authenticating technique as part of a multi-factor
scenario. For example, if an individual makes a claim of ID at the bank with his/her name, and that
claim is supported (authenticated) by a biometrics identifier, then the probability of error is very
low. Errors are much more likely to occur where the system must figure out the ID of an individual
on its own (identify). This point is a crucial one to remember. Now let us understand the nature of
biometrics identification and biometrics authentication (see Box 9.3).

Box 9.3 Biometrics Identifications and Biometrics Authentication

Biometrics identification
Biometrics identification is a sophisticated variation on a token-based, single-foctor security
scheme in this case, the token is some physical attribute of the person - fingerprint, iris, retina, face,
vein pattern. etc. (details are discussed in Section 9.5). Biometrics identification systems typically
follow three highlevel processing steps (refer to Figure 9.2). First, the system must 'acquire' an image
of the attribute through an appropriate scanning technique.
Once the scanned content is acquired, it must be 'localized' for processing purposes. During
this step, extraneous informational content is discarded and 'minutiae' are isolated and turned into a
'template', a sort of internal canonical form for matching attributes stored in a database (these
terms are discussed in Section 9.6).
 Minutioe are the uniquely differentiating characteristics of the biometrics attribute. Whorts
and loops and their relationship to one another on a fingerprint are examples of the minutiae that
might be extracted (see Figure 9.4). Finally, templates stored in the database are searched for a
match with the one just presented. If a match is found, the identification is a success and the
succeeding steps of the security process can begin.

Figure 9.2 Biometrics identification: acquisition, localization and matching.

Biometrics Authentication
Biometrics authentication virtually eliminates the risk of anonymity in a 'two-factor security
scenario', by using a 'physical attribute' of the person to authenticate a token. Two-factor
authentication is a security process in which the user provides two means of identification, one of
which is typically a physical token, such as a card, and the other is typically something that can be
memorized, such as a security code. In this context, the two factors involved are sometimes spoken
of as something you have and something you know. Two-way authentication process is similar to
biometrics identification. First, the requestor presents a token to assert the ID. For example, an
automated teller machine (ATM) or credit card is inserted into a reader. A number encoded on the
card is actually the token; the card is more like a container for the token, but treating the card as a
token is appropriate. As with identification, the system must 'acquire' an image of the personal
attribute. Second, the attribute must be 'localized', the minutiae extracted and a matching template
created (see Figure 9.3).
Finally, the value of the token is used to look up the template previously stored for this
individual. If it matches the template presented on this occasion, the requestor is authenticated.

Figure 9.3 Biometrics authentication: acquisition, localization and matching.

9.5 Biometrics Techniques
Names of some biometrics techniques were mentioned in Section 9.3 and Box 9.3 (fingerprint scans,
retinal and iris scans, etc.). In this section, major biometrics techniques are described in brief. A
detailed treatment of each of the techniques is beyond the scope of this chapter. Readers interested
in greater details may like to have a look at the reference materials solely devoted to the topic of
biometrics as suggested in the Further Reading section. Some of the emerging technologies in
biometrics are described here. They fall in major categories such as hand-based techniques, eye-
based techniques, face-based techniques, teter-based techniques and signature-based techniques:

1. Fingerprint: Fingerprint identification techniques fall into two major categories - Autumated
Fingerprint Identification Systems (AFISs) and Fingerprint Recognition Systems (FRSs). AFIS is
cypically restricted to law-enforcement use. Fingerprint recognition derives a unique
template from the attributes of the fingerprint without storing the image itself or even
allowing for its reconstruction Fingerprint recognition for identification acquires the initial
image through a live scan of the finger (Figure 9.5) by direct contact with a reader device
that can also check for validating attributes such as temperature and pulse Since the finger
actually touches the scanning device, the surface can become oily and cloudy after repeated
use and therefore reduce the sensitivity and reliability of optical scanners. Solid-state
sensors overcome this and other technical hurdles because the coated silicon chip itself is
the sensor. Solid-state devices use electrical capacitance to sense the ridges of the
fingerprint and create a compact digital image, so they are less sensitive to dirt and oils.
Fingerprint recognition is generally considered reliable enough for commercial use, and
some vendors are already actively marketing readers as a part of local area network (LAN)
login schemes. Figure 9.4 illustrates contours on a fingerprint of humans that is unique for
each individual. Figure 9.5 illustrates a type of finger recognition equipment.

2. Hand geometry: The essence of hand geometry is the comparative dimensions of fingers
and the locations of joints. Basically, the shape of a person's hand (the length and the width
of the hand and fingers) measures hand geometry. This is a unique trait that differs
significantly among people and hence is used in some biometrics systems to verify the ID of
people. A person places his/her hand on a device that has grooves for each finger (see Figure
9.6). Reference marks on the plate allow calibration of the image to improve the precision of
matching. The system compares the geometry of each finger, and the hand as a whole, to
the information in a reference file (called the template) to verify that person's ID. Some
systems perform simple, 2D measurements of the palm of the hand. Others attempt to
construct a simple 3D image from which to extract template characteristics. Readers may
find it interesting to note that one of the earliest automated biometrics systems, Identimat,
was installed at the Shearson-Hamill investment bank on Wall Street (Manhattan, NY, USA)
during the late 1960s. It used hand geometry and stayed in production for almost 20 years.
In one of the most popular descendants of the Identimat, a small digital camera captures top
and side images of the hand.
3. Hand vein and palm vein biometrics: Hand vein recognition attempts to distinguish
individuals by measuring the differences in subcutaneous features of the hand using infrared
(IR) imaging (see Figure 9.7). Like face recognition system, vein recognition system, too,
must deal with the extra issues of 3D space and the orientation of the hand. Like retinal
scanning, it relies on the pattern of the veins in the hand to build a template with which to
attempt matches against templates stored in a database. The use of IR imaging offers some
of the same advantages as hand geometry over fingerprint recognition in manufacturing or
shop-floor applications where hands may not be clean enough to scan properly using a
conventional video or capacitance technique.
The pattern of blood veins (see Figure 9.7) is unique to every individual, even among
identical twins. Palms have a broad and complicated vascular pattern and thus contain a
wealth of differentiating features for personal identification. Furthermore, it will not vary
during the person's lifetime. It is a very secure method of authentication because this blood
vein pattern lies under the skin. This makes it almost impossible for others to read or copy.
Palm biometrics works by getting the vein pattern image captured (see Figure 9.7).
An individual's vein pattern image is captured by radiating his/her hand with near-IR rays.
The reflection method illuminates the palm using an IR ray and captures the light given off
by the region after diffusion through the palm. The deoxidized hemoglobin in the vein
vessels absorbs the IR ray, thereby reducing the reflection rate and causing the veins to
appear as a black pattern. This vein pattern is then verified against a preregistered pattern
to authenticate the individual. As mentioned before, given that veins are internal in the body
and have a wealth of differentiating features, attempts to forge an ID are extremely difficult,
thereby enabling a high level of security. In addition, the sensor of the palm vein device can
only recognize the pattern if the deoxidized hemoglobin is actively flowing within the
individual's veins. Palm vein recognition-based system is not dangerous; a near-IR ray is a
component of sunlight and so there is no more exposure when scanning the hand than by
walking outside in the sun.

4. Signature: Signature is the way a person signs his/her name and is known to be a
characteristic of that individual. Although signatures require contact with the writing
instrument and an effort on the part of the user, they have been accepted in government,
legal and commercial transactions as a method of verification. Signatures are a behavioral
biometrics that change over a period of time and are influenced by physical and emotional
conditions of the signatories. Signatures of some people vary substantially: even successive
impressions of their signature are significantly different. Further, professional forgers may
be able to reproduce signatures that fool the system.
While a signature is not strictly biometrics (because it is not a part of human body),
it is a simple, concrete expression of the unique variations in human hand geometry.
Forensic experts have developed criteria over the years for verifying the authenticity of a
signature. Automating this process allows computer automation to take the place of an
expert in looking for unique identifying attributes. In addition to the general shape of the
signed name, a signature recognition system can also measure both the pressure and the
velocity of the point of the stylus across the sensor pad. Signatures, however, are difficult to
model for variation, and are reliable, especially when compared with other simpler
alternatives.
 Keystroke dynamics is a variation on signature recognition that measures the typing
rates and intervals. Regarding keystroke dynamics, it is hypothesized that each person types
on a keyboard in a characteristic way. This behavioral biometrics is not expected to be
unique to each individual but it offers sufficient discriminatory information to permit ID
verification. Owing to the fact that keystroke dynamics are a behavioral biometric, for some
individuals, one may expect to observe large variations in typical typing patterns. Further,
the keystrokes of a person using a system could be monitored unobtrusively as that person
is keying in information. Box 9.4 explains the difference between biometric signature and
digital signature.

5. Retinal scan: For a retinal scan, there is a system used for reading a person's retina to scan
the bloodvessel pattern of a retina on the backside of the eyeball (see Figure 9.9). This
pattern is known to be extremely unique among people. A camera is used to植物 a beam
inside the eye and capture the pattern and compare it to the reference file recorded
previously (called the template). Thus, retinal recognition creates an 'eye signature' from the
vascular configuration of the retina, an extremely consistent and reliable attribute with the
advantage of being protected inside the eye itself. An image of the retina is captured by
having the individual look through a lens at an alignment target (see Figure 9.8). Diseases or
injuries that would interfere with the retina are comparatively rare in the general
population, so the attribute normally remains both consistent and consistently available.

6. Iris scan: The 'iris' is the colored portion of the eye that surrounds the pupil. Refer Figure 9.9
to understand the anatomy of a human eye. The iris has unique patterns, rifts, colors, rings,
coronas.

7. Face/facial thermogram: Facial images are the most common biometrics characteristics
used by humans to make a personal recognition, hence the idea to use this biometrics in
technology. Face recognition technology is still in itsearly stages, and most tests and
applications have been run against relatively small databases. The similarity score produced
by each comparison determines the match - the highest score wins. Acquisition for
biometrics identification purposes requires the individual's face to be presented to a video
camera. An evident deficiency in some current schemes is the ability to fool or confuse some
systems with makeup.
A facial thermogram works much like face recognition except that the image is
captured by way of an IR camera, and the heat signature of the face is used to create the
biometrics template used for matching. This is more reliable than simple imaging. Although a
comparison of various technologies and algorithms shows that the results are promising and
some approaches did yield impressive results, this technology is still considerably less
reliable than some alternatives. As is the case with other technologies, practical usefulness
increases dramatically in a two-factor scenario. Face recognition/facial thermogram method
is a non-intrusive method and is suitable for covert recognition applications. The
applications of facial recognition range from static ('mug shots') to dynamic, uncontrolled
face identification in a cluttered background (subway and airport).
 Face verification involves extracting a feature set from a 2D image of the user's face
and matching it with the template stored in a database. The most popular approaches to
face recognition are based on either (1) the location and shape of facial attributes such as
eyes, eyebrows, nose, lips and chin and their spatial relationships or (2) the overall (global)
analysis of the face image that represents a face as a weighted combination of a number of
canonical faces. Although the performance of commercially available systems is reasonable,
there is still a significant room for improvement since false reject rate (FRR) is about $10 %$
and false accept rate (FAR) is $1 %$. These systems also have difficulties in recognizing a face
from the images captured from two different angles and under different ambient
illumination conditions. It is questionable if a face itself is a sufficient basis for recognizing a
person from a large number of identities with an extremely high level of confidence. Facial
recognition system should be able to automatically detect a face in an image, extract its
features and then recognize it from a general viewpoint (i.e., from any pose) that is a rather
difficult task. Another problem is the fact that the face is a changeable social organ
displaying a variety of expressions.

8. Voice: Voice recognition techniques are generally categorized according to two approaches
automatic speaker verification (ASV) and automatic speaker identification (ASI). ASV uses
voice as the authenticating attribute in a two-factor scenario. ASI attempts to use voice to
identify who an individual actually is. Voice recognition distinguishes an individual by
matching particular voice traits against templates stored in a database. Voice systems must
be trained to the individual's voice at enrolment time, and more than one enrolment session
is often necessary. Feature extraction typically measures formants or sound characteristics
unique to each person's vocal tract. The patternmatching algorithms used in voice
recognition are similar to those used in face recognition. Readers are encouraged to refer
the paper by Jain and Prabhakar (2004) for comparison of various biometrics techniques.

9.6 Matching and Enrolment Process in Biometrics

In the discussion so far, several times, there was a mention of the terms 'enrolment' and 'template'.
In this section, we explain these extremely important terms associated with biometrics. As humans,
we are more comfortable recognizing our friends and family members through their faces, voices,
mannerisms and gaits (the way they walk). Also, most of us are more comfortable using PINs and
passwords for proving who we are. However, teaching computers how we do this so easily is a
challenge. For this purpose, enrolment and template creation are the necessary steps in biometrics.
Almost all biometrics systems share the same matching flow (illustrated in Figure 9.10).

Figure 9.10 | Process flow in biometrics matching.

There are a number of key terms that appear in Figure 9.10 that are explained as follows:
1. Biometrics: A measurable physical characteristic or personal behavioral trait used to
recognize the ID, or verify the claimed ID, of an enrollee.
2. Behavioral biometrics: This is a biometrics that is characterized by a behavioral trait that is
learnt and acquired over time rather than a physiological characteristic. However,
physiological elements may influence the monitored behavior.
3. Biometrics data: These are also known as biometrics sample. These data consist of
biometrics characteristics of the entity under authentication and are physiological data in
nature. They are the information extracted from the biometrics sample and used either to
build a reference template (template data) or to compare against a previously created
reference template (comparison data). Thus, biometrics sample/biometrics data are the raw
data representing a biometrics characteristic of an end-user as captured by a biometrics
system (e.g., the image of a fingerprint, retinal scan data, etc.).
4. Enrolment: It is the process by which a subject's (entity under authentication) biometrics
data are initially acquired, accessed, processed and stored in the form of a template. Thus, it
is the process of collecting biometrics samples from a person and the subsequent
preparation and storage of biometrics reference templates representing that person's ID.
5. Enrolment time: It is the time period a person must spend to have his/her biometrics
reference template successfully created.
6. Template: It is a crucial element in the working of biometrics systems as it is the deciding
and defining element of biometrics technology. A template is nothing but a small file derived
from the distinctive features of a users' biometrics data used for performing biometrics
matches. It is important to note that the biometrics systems store and compare biometrics
templates, and not biometrics data.
7. Match/matching: It is the process of comparing a biometrics sample against a previously
stored template and scoring the level of similarity. Accept or reject decisions are based on
whether this score exceeds the given threshold.
8. Feature extraction: This is the automated process of locating and encoding distinctive
characteristics from biometrics data in order to generate a template. Feature extraction
takes place during enrolment and verification process.
9. Biometrics engine: It is the software element of the biometrics system that processes
biometrics data during the stages of enrolment and capture, extraction, comparison and
matching.
10. Biometrics device: It is the part of a biometrics system containing the sensor that captures a
biometrics sample from an individual.
11. Comparison: It is the process of comparing a biometrics sample with a previously stored
reference template or templates.
12. Minutiae: It is the unique, measurable physical characteristic scanned as an input and stored
for matching by biometrics systems. For fingerprints, minutiae include the starting and
ending points of ridges, and ridge junctions among other features. Figure 9.11 shows, for
example, how a fingerprint is processed to arrive at a minutiae starting with the original
fingerprint and ending with the minutiae graph.
 Figure 9.11 | Process flow in obtaining a minutiae.

9.8 Benefits of Biometrics over Traditional Authentication Methods

Traditionally, passwords and ID cards have been used to restrict access to secure systems but these
methods can easily be breached and are unreliable. Biometrics cannot be borrowed, stolen or
forgotten and forging one is practically impossible. From the preceding discussions, one can see that
biometrics is an alternative to using passwords for authentication in logical or technical access
control. Biometrics is based on the third type of authentication mechanism - something you are
(recall Section 9.2). Biometrics is defined as an automated means of identifying or authenticating the
ID of a living person based on physiological or behavioral characteristics. In biometrics, identification
is a 'one-to-many' search of an individual's characteristics from a database of stored images.
Authentication in biometrics is a 'one-to-one' search to verify a claim to an ID made by a person.
Biometrics is used for identification in physical controls and for authentication in logical controls.
In the domain of physical security (discussed in Chapters 7 and 8), passwords and PINs are the most
frequently used authentication techniques for controlling access. In higher security applications,
handheld tokens are used instead of passwords. However, passwords, PINs and tokens have a
number of problems that raise questions about their suitability for modern security access control
applications, particularly highsecurity applications such as access to defense systems or medical data
systems (Box 9.7).

Biometrics provides a number of benefits compared to the traditional methods:

1. increased level of security;
2. greater convenience;
3. higher level of accountability;
4. fraud detection and fraud deterrence.