What technology are you looking for today?
December 12, 2017 3:44 pm

Biometrics

Biometrics (ancient Greek: bios life, metron measure) refers to two very different fields of study and application. The first, which is the older and is used in biological studies, including forestry, is the collection, synthesis, analysis and management of quantitative data on biological communities such as forests. Biometrics in reference to biological sciences has been studied and applied for several generations and is somewhat simply viewed as “biological statistics.”More recently and incongruently, the term’s meaning has been broadened to include the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.Some researchers have coined the term behaviometrics for behavioral biometrics such as typing rhythm or mouse gestures where the analysis can be done continuously without interrupting or interfering with user activities.

//


Biometrics are used to identify the input sample when compared to a template, used in cases to identify specific people by certain characteristics.

 



possession-based

Using one specific “token” such as a security tag or a card



knowledge-based

The use of a code or password.

Standard validation systems often use multiple inputs of samples for sufficient validation, such as particular characteristics of the sample. This intends to enhance security as multiple different samples are required such as security tags and codes and sample dimensions.

Common human biometric characteristics

Classification of some biometric traits

Biometric characteristics can be divided in two main classes

 



Physiological are related to the shape of the body. The oldest traits that have been used for more than 100 years are fingerprints. Other examples are face recognition, hand geometry and iris recognition.

 

Recently, a new trend has been developed that merges human perception to computer database in a brain-machine interface. This approach has been referred to as cognitive biometrics. Cognitive biometrics is based on specific responses of the brain to stimuli which could be used to trigger a computer database search. Currently, cognitive biometrics systems are being developed to use brain response to odor stimuli, facial perception and mental performance for search at ports and high security areas. These systems are based on use of functional transcranial Doppler (fTCD) and functional transcranial Doppler spectroscopy (fTCDS) to obtain brain responses, which are used to match a target odor, a target face or target performance profile stored in a computer database. Thus, the precision of human perception provides the data to match that stored in the computer with improve sensitivity of the system.



Behavioral are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice.

Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral.

 

Other biometric strategies are being developed such as those based on gait (way of walking), retina, hand veins, ear canal, facial thermogram, DNA, odor and scent and palm prints.

Comparison of various biometric technologies

It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:



Universality

Each person should have the characteristic



Uniqueness

Is how well the biometric separates individually from another.



Permanence

Measures how well a biometric resists aging.



Collectability

Ease of acquisition for measurement.



Performance

Accuracy, speed, and robustness of technology used.



Acceptability

Degree of approval of a technology.



Circumvention

Ease of use of a substitute.

Functions

A biometric system can provide the following two functions:



Verification

Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.



Identification

Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.

Issues and concerns

As with many interesting and powerful developments of technology, there are concerns about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. A theoretical example is a debit card with a personal Identification Number (PIN) or a biometric. Some argue that if a person’s biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. However, this argument ignores a key operational factor intrinsic to all biometrics-based security solutions: biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a “live” biometric sample to a pre-stored, static “match template” created when the user originally enrolled in the security system. Most of the commercially available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (for example, by using hash codes and encryption), so the problem is effectively limited to cases where the scanned “live” biometric data is hacked. Even then, most competently designed solutions contain anti-hacking routines. For example, the scanned “live” image is virtually never the same from scan to scan owing to the inherent plasticity of biometrics; so, ironically, a “replay” attack using the stored biometric is easily detected because it is too perfect a match. The television program Myth Busters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so equipped. While the laptop’s system proved more difficult to bypass, the advanced commercial security door with “live” sensing was fooled with a printed scan of a fingerprint after it had been licked. There is no basis to assume that the tested security door is representative of the current typical state of biometric authentication, however. With careful matching of tested biometric technologies to the particular use that is intended, biometrics provide a strong form of authentication that effectively serves a wide range of commercial and government applications. Biometric verification of an individual’s identity can help control the risks associated with misidentification. However, biometric verification can itself be compromised through vulnerabilities in the system. This can occur through deliberate attempts to breach security and the integrity of the biometric process as shown in the television program Myth Busters. To address this risk the Biometrics Institute has established a Biometrics Vulnerability Assessment Methodology. However, the clear concern is that the numbers of biometric samples of an individual are limited. If all samples are lost via compromise the legitimate owner will be unable to replace the old ones. Additionally, the limited number of samples means that there is a concern with secondary use of biometric data: a user who accesses two systems with the same fingerprint may allow one to masquerade is her to the other. Several solutions to this problem are actively being researched.

Privacy

A concern is how a person’s biometric, once collected, can be protected. Australia has therefore introduced a Biometrics Institute Privacy Code in order to protect consumer personal data beyond the current protections offered by the Australian Privacy Act.

Biometrics sensors’ obstacles

Different sensors (hardware producers), generating different biometrics outcomes, different outcomes cannot be encryptedly compared (they will never match). It is very difficult to create standard on identical encryption paths. Biometrics standard can be obtained only if the common information is unconcealed. Currently each biometric scanner’s vendor is responsible for generating his own encryption method. In order to unify the biometrics collection method(s) the Standardization procedure must force Biometrics exposure, however, exposed biometrics information present a serious threat to privacy rights.

Marketing of biometric products Despite confirmed cases of defeating commercially available biometric scanners, many companies marketing biometric products (especially consumer-level products such as readers built into keyboards) claim the products as replacements, rather than supplements, for passwords. Furthermore, regulations regarding advertising and manufacturing of biometric products are (as of 2006) largely non-existent. Consumers and other end users must rely on published test data and other research that demonstrate which products meet certain performance standards and which are likely to work best under operational conditions. Given the ease with which other security measures such passwords and access tokens may be compromised, and the relative resistance of biometrics to being defeated through alteration and reverse engineering, large scale adoption of biometrics may offer significant protection against the economic and social problems associated with identity theft. Sociological concerns

As technology advances, and time goes on, more private companies and public utilities may use biometrics for safe, accurate identification. These advances are likely to raise concerns such as:



Physical

Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.



Personal Information

There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual’s consent.

Danger to owners of secured items

When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. In 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.

Cancelable Biometrics-  Physical features, such as face, fingerprint, iris, retina, hand, or behavioral features, such as signature, voice, gait, must fulfill a certain criteria to qualify for use in recognition. They must be unique, universal, acceptable, collectible and convenient to the person, in addition, to reliability at recognition, performance and circumvention. Most importantly, however, permanence is a key feature for biometrics. They must retain all the above features in particular the uniqueness unchanged, or acceptably changed, over the lifetime of the individual. On the other hand, this fundamental feature has brought biometrics to challenge a new risk. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity. Previously, research was focusing on using biometrics to overcome the weakness in traditional authentication systems that use tokens, passwords or both. Weakness, such as sharing passwords, losing tokens, guessable passwords, forgetting passwords and a lot more were successfully targeted by biometric systems, although accuracy still remains a great challenge for many different biometric data. But one ordinary advantage of password does not exist in biometrics. That is re-issue. If a token or a password is lost or stolen, they can be cancelled and replaced by a newer version i.e. reissued. On the other hand, this is not naturally available in biometrics. If someone’s face is compromised from a database, they cannot cancel it neither reissue it. All data, including biometrics is vulnerable whether in storage or in processing state. It is relatively recently research has been undertaken to consider protection of biometric data more seriously. Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al. Besides reliable accuracy performance and the replacement policy cancellable biometric has to be non-revisable in order to fulfill the aim. Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al and Savvides et al, whereas other methods, such as Dabbah et al, take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies. In general, cancelable biometrics may be seen to represent a promising approach to address biometric security and privacy vulnerabilities. However, there are several concerns about the security of such schemes. First, there is very little work analysing their security, except for an analysis of biohashing. Secondly, while distortion schemes should be preferably non-invertible, no detailed proposed scheme has this property. In fact, it would appear to be trivial to undistort the template given knowledge of the distortion key in most cases. Third, cancelable biometrics would appear to be difficult to implement in the untrusted scenarios for which they are proposed: if the user does not trust the owner of the biometric sensor to keep the biometric private, how can they enforce privacy on the distortion parameters used? This last concern is perhaps the most serious: the security of cancelable biometrics depends on secure management of the distortion parameters, which must be used for enrollment and made available at matching. Furthermore, such keys may not be much better protected than current passwords and PINs. In summary, cancelable biometrics offer a possible solution to certain serious security and privacy concerns of biometric technology; however, current schemes leave a number of important issues unaddressed.

 

Rahul Chaurasia,Symbiosis Law School,Pune

Article from articlesbase.com

Related Biometric Sensors Articles

Leave a Reply