Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Introduction to Biometrics August 31, 2005
Outline l Introduction to Biometrics - What is Biometrics? - What is the Process? - Why Biometrics? l Biometrics Resources l What is Secure Biometrics l Revisiting Topics to be covered l Some exploratory research areas l Some useful reference books
What is Biometrics? l Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic l Features measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retinal, Vein and Voice l Identification and personal certification solutions for highly secure applications l Numerous applications: medical, financial, child care, computer access etc.
What is the Process? l Three-steps: Capture-Process-Verification l Capture: A raw biometric is captured by a sensing device such as fingerprint scanner or video camera l Process: The distinguishing characteristics are extracted from the raw biometrics sample and converted into a processed biometric identifier record - Called biometric sample or template l Verification and Identification - Matching the enrolled biometric sample against a single record; is the person really what he claims to be? - Matching a biometric sample against a database of identifiers
Why Biometrics? l Biometrics replaces Traditional Authentication Methods l Provides better security l More convenient l Better accountability l Applications on Fraud detection and Fraud deterrence l Dual purpose - Cyber Security and National Security
Why Biometrics? (Continued) l Authentication mechanisms often used are User ID and Passwords l However password mechanisms have vulnerabilities - Stealing passwords etc. l Biometrics systems are less prone to attacks l Need sophisticated techniques for attacks - Cannot steal facial features and fingerprints - Need sophisticated image processing techniques for modifying facial features
Why Biometrics? (Continued) l Biometrics systems are more convenient l Need not have multiple passwords or difficult passwords - E.g., characters, numbers and special symbols - Need not remember passwords l Need not carry any cards or tokens l Better accountability - Can determine who accessed the system with less complexity
Why Biometrics? (Concluded) l Dual Purpose - Cyber Security and National Security l Access to computer systems and networks l Fraud detection - Who has intruded the system? - Who has entered the building - Surveillance and monitoring l Fraud Deterrence - Because of biometrics systems, people are nervous to commit crimes - Stealing from supermarkets and shops, etc.
Biometrics Resources l Biometrics Consortium is the major resource l Another Resource l Has Information on - Who is doing what l Academia, Industry and Government - White papers on Biometrics technologies l Fingerprint detection, facial recognition, Iris scanning,
Biometrics Resources: What is academia doing? l Michigan State University - Developing algorithms for fingerprint detection, etc. l West Virginia University - Forensic identification initiative l San Jose State University - Mathematical concepts
Biometrics Resources: What is Industry doing? l Focus is on building faster and cheaper devices l More accuracy, less false positives and negatives l Incorporating biometrics into mobile devices, Smartcards l Biometrics in healthcare: delivering medication to correct patients l Biometrics in child care: Children are picked up by those authorized l Protecting digital content - Ensuring that voice and video are not altered Vendors:
Biometrics Resources: What is Government doing? l NSA (National Security Agency) - Research on protecting critical information systems l DoD (Department of Defense) - Biometrics Management Office - Provide Armed forces access to Biometrics systems for combat operations l INS/DHS (Department of Homeland Security; Immigration and Nationalization Service) - Biometrics technologies at Airports l NIST (National Institute of Standards and Technologies) - Major player in Biometrics
Activities of NIST l Measurements, Testing and Standards is NIST’s mission l Focus on Biometrics Standards l Activities - Biometrics Consortium - Common Biometric Exchange File Format - Biometric Interoperability, Performance and Assurance Working Group - BioAPI Consortium - Various Standards
Activities of NIST (Continued) l Biometrics Consortium is the Government focal point for research, development and testing of Biometric products and technologies l Common Biometric Exchange File Format is a product of the consortium to develop common fingerprint template formats l Biometrics Interoperability working group promotes common definitions and concepts for exchanging information between national and international partners l BioAPI consortium develops common Application Programming Interfaces for biometrics technologies
Activities of NIST (Concluded) l NIST is developing standards for the following: - Finger image format for data Interchange - Face image format for data interchange - Iris image format for data interchange - Signature image format for data interchange l NIST is working with International standards organizations for joint standards - ISO (International Standards Organization)
What is Secure Biometrics? l Study the attacks of biometrics systems - Modifying fingerprints - Modifying facial features l Develop a security policy and model for the system - Application independent and Application specific policies - Enforce Security constraints l Entire face is classified but the nose can be displayed - Develop a formal model - Formalize the policy l Design the system and identify security critical components - Reference monitor for biometrics systems
Security Vulnerabilities l Type 1 attack: present fake biometric such a synthetic biometric l Type 2 attack: Submit a previously intercepted biometric data: replay l Type 3 attack: Compromising the feature extractor module to give results desired by attacker l Type 4 attack: Replace the genuine feature values produced by the system by fake values desired by attacker l Type 5 attack: Produce a high number of matching results l Type 6 attack: Attack the template database: add templates, modify templates etc.
Security and Privacy for Biometrics l Privacy of the Individuals have to be protected l CNN News Release: August 29, Distorting Biometrics Enhances Security and Privacy - Biometric data converted to numerical strings by mathematical algorithm for later use - If the mathematical templates are stolen could be dangerous - Researchers have developed method to alter the images in a defined and repeated way - Hackers steal the distortion not the original face or fingerprint
Revisiting Topics Covered l Unit #1: Biometrics and Other Emerging Topics in Information Security (Lecture 1) l Part I: Supporting Technologies (not included in Exam) - Material from book Database and Applications Security, CRC Press, Thuraisingham, May Unit #2: Information Security (Lecture 2) - Unit #3: Information Management (Lecture 3) l Included a demo of suspicious event detection by Gal Lavee; example of behavioral biometrics
Revisiting Topics Covered l Part II: Introduction to Biometrics - Unit #4: What is Biometrics? Why Biometrics? (Lecture 4) l Chapter 1 of text book + material from Unit #5: Designing Biometrics Systems (Lecture 5) l Chapters 2 and 3 of book + additional reference material
Outline of the Course (Continued) l Part III: Biometrics Technologies - Chapters 4 – 9 + Reference material - Unit #6: Finger Scan - Unit #7: Facial Scan - Unit #8: Iris Scan - Unit #9: Voice Scan - Unit #10: Physiological Biometrics - Unit #11: Behavioral Biometrics
Outline of the Course (Continued) l Part IV: Biometrics Application - Chapters 10 – 14 + reference material - Unit #12: Types of Applications - Unit #13: Citizen Facing Applications - Unit #14: Employee Facing Applications - Unit #15: Customer Facing Applications - Unit #16: Biometrics Markets l Part V: Privacy and Standards - Chapters 15 – 17 + Reference material, NIST activities - Unit #17: Risks to Privacy - Unit #18: Privacy Enhanced Biometrics Systems - Unit #19: Biometrics Standards
Outline of the Course (Continued) l Part VI: Securing Biometrics Systems - Reference material - Unit #20: Attacks to Biometric Systems - Unit #21: Designing Secure Biometrics Systems l Part VII: Prototypes and Products - Reference material - Unit #22: Overview of Prototypes and Products - Unit #23: USVISIT and Other Biometrics Systems
Outline of the Course (Concluded) l Unit #24 Conclusion to the Course - Summarize what we have learnt and provide directions l Appendix: Special Topics and Guest Lectures (Not included in exams) - Data Mining for Biometrics Applications l Towards end of the course given by me - Privacy preserving data mining l September 26, 2005 (tentative) - Other special topics l E.g., Image processing, October 24, 2005 (Tentative)
Some Exploratory Research Areas not covered l DNA l Ear shape l Odor (human scent) l Vein-scan (in back of hand or beneath palm) l Finger geometry (shape and structure of finger or fingers) l Nailbed identification (ridges in fingernails) l Gait recognition (manner of walking)
Some Useful Reference Books l Biometrics by John D. Woodward Jr., Nicholas M. Orlans, Peter T. HigginsJohn D. Woodward Jr.Nicholas M. Orlans Peter T. Higgins - Paperback: 416 pages - Publisher: McGraw-Hill Osborne Media; 1 st edition (December 19, 2002) - ISBN: l Biometric Systems : Technology, Design and Performance Evaluation by James Wayman (Editor), Anil Jain (Editor), David Maltoni (Editor), Dario Maio (Editor)James WaymanAnil Jain David MaltoniDario Maio - Hardcover: 370 pages - Publisher: Springer; 1 st edition (December 16, 2004) - ISBN: