Biometrics and Authentication Shivani Kirubanandan

Lets Define ! A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.” “A biometric is a physiological or behavioral characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or verification of identity.”

Biometrics as Authentication Authentication depends on What you haveWhat you have What you knowWhat you know What you ARE !What you ARE ! Authentication depends on What you haveWhat you have What you knowWhat you know What you ARE !What you ARE !

Why Biometrics? Identity thefts Something you know can be stolen Predicted or hacked Reliability on manual verification Identity thefts Something you know can be stolen Predicted or hacked Reliability on manual verification

Application Categories Biometric applications available today are categorized into 2 sectors Psychological: Iris, Fingerprints, Hand, Retinal and Face recognitionPsychological: Iris, Fingerprints, Hand, Retinal and Face recognition Behavioral: Voice, Typing pattern, SignatureBehavioral: Voice, Typing pattern, Signature Biometric applications available today are categorized into 2 sectors Psychological: Iris, Fingerprints, Hand, Retinal and Face recognitionPsychological: Iris, Fingerprints, Hand, Retinal and Face recognition Behavioral: Voice, Typing pattern, SignatureBehavioral: Voice, Typing pattern, Signature

Biometric Authentication Process Acquisition Creation of Master characteristics Storage of Master characteristics Acquisition(s) Comparison Decision Acquisition Creation of Master characteristics Storage of Master characteristics Acquisition(s) Comparison Decision

The metrics of Biometrics FTE – Failure To Enroll FTA – Failure To Accept FAR – False Acceptance Rates FRR – False Reject Rates FTE – Failure To Enroll FTA – Failure To Accept FAR – False Acceptance Rates FRR – False Reject Rates

Essential parameters Liveness testing Tamper resistance Secure communication Security Threshold level Fall back node Liveness testing Tamper resistance Secure communication Security Threshold level Fall back node

Fingerprint recognition Divides print into loops, whorls and arch Calculates minutiae points (ridge endings) Comparisons authentication Divides print into loops, whorls and arch Calculates minutiae points (ridge endings) Comparisons authentication

Fingerprint techniques Optical Capacitive Thermal Ultrasonic Optical Capacitive Thermal Ultrasonic

Disadvantages Racial issues Dirt, grime and wounds Placement of finger Too big a database to process Can be spoofed –liveness important! Racial issues Dirt, grime and wounds Placement of finger Too big a database to process Can be spoofed –liveness important!

Hand Geometry Geometry of users hands More reliable than fingerprinting Balance in performance and usability Geometry of users hands More reliable than fingerprinting Balance in performance and usability

Disadvantage Very large scanners

Retinal Scanning Scans retina into database User looks straight into retinal reader Scan using low intensity light Very efficient – cant be spoofed! Scans retina into database User looks straight into retinal reader Scan using low intensity light Very efficient – cant be spoofed!

Disadvantages User has to look “directly” FTE ratio high in this biometric Acceptability concerns –Light exposure –Hygiene User has to look “directly” FTE ratio high in this biometric Acceptability concerns –Light exposure –Hygiene

Iris Scanner Scans unique pattern of iris Iris is colored and visible from far No touch required Overcomes retinal scanner issues Contact lenses an issue? Scans unique pattern of iris Iris is colored and visible from far No touch required Overcomes retinal scanner issues Contact lenses an issue?

Face recognition User faces camera Neutral expression required Apt lighting and position Algorithms for processing Decision User faces camera Neutral expression required Apt lighting and position Algorithms for processing Decision

Issues with Face Recognition?

Issues Identification across expression FRR or FAR fluctuate Easily spoofed Tougher usability High Environmental impact Identification across expression FRR or FAR fluctuate Easily spoofed Tougher usability High Environmental impact

Behavioral Voice Signature Typing pattern Voice Signature Typing pattern

Voice Recognition Speech input –Frequency –Duration –Cadence Neutral tone User friendly Speech input –Frequency –Duration –Cadence Neutral tone User friendly

Disadvantages Local acoustics Background noise Device quality Illness, emotional behavior Time consuming enrollment Large processing template Local acoustics Background noise Device quality Illness, emotional behavior Time consuming enrollment Large processing template

Signature Recognition Signature measures (dynamic) –Speed –Velocity –Pressure Captures images (static) High user acceptance Signature measures (dynamic) –Speed –Velocity –Pressure Captures images (static) High user acceptance

Issues Signature variable with –Age, illness, emotions Requires high quality hardware High FRR as signatures are very dynamic Signature variable with –Age, illness, emotions Requires high quality hardware High FRR as signatures are very dynamic

Typing Patterns User typing pattern –Speed –Press and Release Rate Unique patterns are generated comparisons User typing pattern –Speed –Press and Release Rate Unique patterns are generated comparisons

Issues Not very scalable FRR is high Can be spoofed – by simple technology (recorders) Not very scalable FRR is high Can be spoofed – by simple technology (recorders)

Usability issues in Biometrics User acceptability Knowledge of technology Familiarity with biometric characteristic Experience with device User acceptability Knowledge of technology Familiarity with biometric characteristic Experience with device

Usability issues… Environment of use Transaction criticality Time consuming tasks Environment of use Transaction criticality Time consuming tasks

Biometric solutions Educate Train Explain Interfaces Use Trainers Supervised Playtime Educate Train Explain Interfaces Use Trainers Supervised Playtime

General issues FTE posses problem Biometric characteristics are not encrypted Trust on input device Cannot authenticate computers! Privacy attack?! FTE posses problem Biometric characteristics are not encrypted Trust on input device Cannot authenticate computers! Privacy attack?!

Current applications Banks Immigration facilities across USA IDwidget – interesting research Eyegaze at Stanford Banks Immigration facilities across USA IDwidget – interesting research Eyegaze at Stanford

Class task Sell your biometric product Case1 A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them? Sell your biometric product Case1 A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them?

Class task… Case 2: Suggest certain areas in which biometrics would prove disastrous Note- You may suggest a particular combination of biometrics which may be disastrous to security and privacy Case 2: Suggest certain areas in which biometrics would prove disastrous Note- You may suggest a particular combination of biometrics which may be disastrous to security and privacy

Thank You!!