1. Chapter11 Authentication
멀티미디어 연구실
김상철, 유재석

2. Authentication Basic & Notation Password Countering password measusres
Examples
Challenge-Response
Challnge-Response Overview
Biometric
Basic
Direction (Current State)
Trends
Survey paper Periocular Biometrics in the Visible Spectrum

3. Authentication Basics
What the entity knows
Definition
::Authentication is Binding of an identity to a subject
암호, 개인 정보, …
What the entity is
Service
지문, 홍채, …
What the entity has
Identity
Information.
Where the entity knows
카드, 사원증, OTP

4. Authentication’s Notation
The set A of authentication information  set of specific information with which entities prove their identities
The set C of complementary information  set of information that the system stores and uses to validate the authentication information.
The set F of complementation functions  generate the complementary information from the authentication information, for 𝑓∈𝐹, 𝑓:𝐴→𝐶 The set L of authentication functions  for 𝑙∈𝐿, 𝑙:𝐴 ×𝐶→{𝑡𝑟𝑢𝑒, 𝑓𝑎𝑙𝑠𝑒}
The set S of selection functions  enable an entity to create or alter the authentication and complementary information.
𝑪=𝑨
𝑭={𝒍}
𝑳= 𝒆𝒒 if arguments are the same  eq is true else  eq is false
Authenticate by entering password
𝑨 is the set of Strings making up acceptable passwords
Comparing
Stored passwords

5. Passwords
Definition
:: Password is information associated with an entity that confirms the entity’s identity.
Authenticate by entering password
If password is validated,
User’s identity is authenticated
If not
Password is rejected & authentication fails.
Comparing
Stored passwords
Simple password : some sequence of characters
Password space is the set of all sequences of characters that can be passwords
Sequence of 10 digits as a password : A has elements (from “ ” to “ ”)

6. Passwords
The set A of authentication information  set of all sequences of characters that can be passwords. Example : Sequence of 10 digits as a password  (from “ ” to “ ”)
The set C of complementary information  containing more, or fewer, elements than A. Example : Sequence of 8~12 digits as a password  (from “ ” to “ ”)  Depending on the nature of the complementation function.
Most systems stored passwords in protected files
Accidentally
Protected files
Expose your password
Hash function

7. Password is not correct
Passwords
Goal of authentication system
:: ensuring entities are correctly identified.
Allowed
Password is correct
Guess another’s Password
Password is not correct
Disallowed
Authentication
Model
Authentication model
:: Providing a systematic way to analyze problem of exposing another’s information
Find an 𝑎∈𝐴 such that, for 𝑓∈𝐹,𝑓 𝑎 ∈𝑐,𝑐∈𝐶 𝑐 is associated with a particular entity (or any entity)
Computing 𝑓 𝑎
Authenticating via 𝑙(𝑎)
Determining
𝑎 related to an entity

8. Attacking a Password System
Dictionary Attack
:: Dictionary attack is the guessing of a password by repeated trial and error.
Guess another’s Password
Via Dictionary
Allowed
Disallowed
Dictionary attack type 1 :
When complementary information & complementation functions are available
Dictionary attack takes each guess 𝑔 and computes 𝑓(𝑔) for each 𝑓∈𝐹
If 𝑓(𝑔) corresponds to the complementary information for entity E
 𝑔 authenticates E under 𝑓
Dictionary attack type 2 :
When complementary information & complementation functions are unavailable
Authentication functions 𝑙∈𝐿 may be used
If the guess 𝑔 result in 𝑙 returning true, 𝑔 is correct password

9. Countering Password Guessing
Goal of the defender
:: maximize the time needed to guess the password
Password Guessing needed A or B
A. set of complementation function & complementary information
B. Access to the authentication functions
Notation ::
𝑃  probability that an attacker guess a password in a specified period of time.
𝐺  the number of guess that can be tested in one time unit.
𝑇  the number of time units during which guessing occurs.
𝑁  the number of possible passwords
𝑃≥ 𝑇𝐺 𝑁

10. Countering Password Guessing
Example :
Let passwords be composed of characters drawn from an alphabet of 96 characters
Assume that guesses can be tested each second.
We wish the probability of a successful guess to be 0.5 over a 365-day period.
What is the minimum password length that will give us this probability ??
☞ Solution : 𝑁≥ 𝑇𝐺 𝑃
☞ 𝑃 : 0.5, 𝑇 : 365*24*60*60 (sec.) , 𝐺 : 10 4
☞ 𝑁≥ 365∗24∗60∗60 ∗ , 365∗24∗60∗60 ∗ = 6.31∗ 10 11
☞ minimum password S : 𝑖=0 𝑆 96 𝑖 ≥𝑁=6.31∗ 10 11
☞ S ≥ 6, password of at least length 6 must be required
Assumption
Time required to test a password is constant.  REASONABLE
All passwords are equally likely to be selected  depends on a function of the password selection mechanism.

11. Random Selection of Passwords
Theorem
:: Let the expected time required to guess a password be T. then T is a maximum when the selection of any of a set of possible passwords is equiprobable.
Proof ::
Suppose there are 𝑛 possible passwords.
Password number 𝑖 has probability 𝑝 𝑖 of being selected.
It is assumed that the attacker knows the exact values of the 𝑝 𝑖 and tries them in due order.
𝑞 𝑗  the sum of all 𝑝 𝑖 for 𝑖 from 1 to 𝑗, 𝑞 𝑗 is the probability that the password is part of the 𝑗. ( 𝑞 𝑛 =1)
For all 𝑗, 𝑞 𝑗 ≥ 𝑗 𝑛 .
𝑞 𝑗 is higher  the probability of attacker succeeds by doing at most j guesses.  we find 𝑞 𝑗 = 𝑗 𝑛
The uniform distribution( 𝑝 𝑖 = 1 𝑛 , for all 𝑖) implies 𝑞 𝑗 = 𝑗 𝑛 for all 𝑗. ( 𝑞 𝑗 is cumulative distribution function)
∴ T is a maximum when the selection of any of a set of possible passwords is equiprobable

12. PDP-11 uses pseudorandom generator
Random Selection of Passwords
Theorem
:: Let the expected time required to guess a password be T. then T is a maximum when the selection of any of a set of possible passwords is equiprobable.
In Practice, several other factors mediate the result.
Example :
PDP-11 system that randomly generated passwords composed of 8 capital letters & digits.
𝑃 = (26+10) 8 . Taking sec per encryption  140 years needed to try all possible Passwords.
PDP-11 is 16bit machine
PDP-11 uses pseudorandom generator
Attack
Attack
Other factors
Authenticated after 140 years
Authenticated after 41 seconds
16bit pseudo random number’s period : 65536
 possible passwords, requiring 102 seconds to try them all.

13. Random Selection of Passwords
How do Keep passwords
Administrator manage a lot of random generated passwords
Michele Crabb’s method
Clever method of obscuring the written password
Let 𝑋 be the set of all strings over some alphabet.
Site chooses some simple transformation algorithm 𝑡:𝑋→𝐴.
Elements of 𝑋 are distributed on pieces of paper.
Before being used as passwords, they must be transformed by applying 𝑡.
𝑡 is very simple, must be memorized, must be changed periodically.
Easy to visible or accessible
Rarely stolen by others
The transform algorithm is “Capitalize the third letter in the word and append the digit 2.”
The word on the paper is “Swqgle3”
The password will be “SwQgle32”

14. Pronounceable and Other Computer-Generated Passwords
Pronounceable passwords are based on the unit of sound called a phoneme.
In English, cv, vc, cvc, or vcv, where v is vowel and c a consonant.
Password “helgoret” & “juttelon”  Pronounceable passwords ,“przbqxdf” & “zxrptglfn”  not
Advantage :
fewer phonemes need to be used to reach some limit
The #of pronounceable passwords of length n < the # of random password of length n
Disadvantage :
Type 1 dictionary attack is expected to take less time  pronounceable passwords < random passwords
Example :
Assume that passwords are to be at most eight characters long.
96 printable characters.
Pronounceable password : 440 possible phonemes
Random password : 7.3 *
 Easily generalize this from phonems to words, with similar result. (Key crunching)
Definition
:: Let 𝑛 and 𝑘 be two integers, with 𝑛≥𝑘. Key crunching is the hashing of a string of length 𝑛 or less to another string of length 𝑘 or less.

15. User Selection of Passwords
Proactive password selection.
This Technique enables users to propose passwords they can remember,
But rejects any that are deemed too easy to guess
Some categories of passwords that researchers have found easy to guess are as follows.
1. Passwords based on account names
a. Account name followed by a number
b. Account name surrounded by delimiters
2. Passwords based on user names
a. Initials repeated 0 or more times
b. All letters lower- or uppercase
c. Name reversed
d. First initial followed by last name reversed
3. Passwords based on computer names
4. Dictionary words
5. Reversed dictionary words
6. Dictionary words with some or all letters capitalized

16. User Selection of Passwords
7. Reversed dictionary words with some or all letters capitalized
8. Dictionary words with arbitrary letters turned into control characters
9. Dictionary words with any of the following changes: a → 2 or 4, e → 3, h→ 4, i → 1, l → 1, o → 0, s → 5 or $, z → 5.
10. Conjugations or declensions of dictionary words
11. Patterns from the keyboard
12. Passwords shorter than six characters
13. Passwords containing only digits
14. Passwords containing only uppercase or lowercase letters, or letters and
numbers, or letters and punctuation
15. Passwords that look like license plate numbers
16. Acronyms (such as “DPMA,” “IFIPTC11,” “ACM,” “IEEE,” “USA,” and
so on)
17. Passwords used in the past
18. Concatenations of dictionary words
19. Dictionary words preceded or followed by digits, punctuation marks, or
spaces
20. Dictionary words with all vowels deleted
21. Dictionary words with white spaces deleted
22. Passwords with too many characters in common with the previous
(current) password

17. User Selection of Passwords
Bad Example
“hello” & “mycomputer” : because they violate criteria 4 and 18
4 . Passwords based on computer names
18. Concatenations of dictionary words
“1PLK107” : because it violates criteria 15 (it is California licence plate number)
15. Passwords that look like license plate numbers
“311t3$p32k : because it violates criteria 9 (“elitespeak” modified)
9. Dictionary words with any of the following changes: a → 2 or 4, e → 3, h→ 4, i → 1, l → 1, o → 0, s → 5 or $, z → 5.
Good Example
“L1Mm*2^Ap” (^A represents control-a)
The letters are chosen from the names of various members of two familes
Combination of characters is unlikely to be guessed

18. User Selection of Passwords
Definition
::Proactive password checker is Software that enforces specific restrictions on the selection of new passwords.
Proactive password checkers must meet several criteria :
1. It must always be invoked. Otherwise, users could bypass the proactive mechanism.
2. It must be able to reject any password in a set of easily guessed passwords (such as in the list above).
3. It must discriminate on a per-user basis.
For example, “^AHeidiu’” (^Abeing control-a) is a reasonable password for most people, but not for the author, whose oldest daughter is named “HeidiTinúviel.”
4. It must discriminate on a per-site basis.
For example, “^DHMC^DCNH” is a reasonable password at most places, but not at the Dartmouth Hitchcock Medical Center at Dartmouth College, New Hampshire.
5. It should have a pattern-matching facility.
Many common passwords, such as “aaaaa,” are not in dictionaries but are easily guessed. A pattern matching language makes detecting these patterns simple. For example, in one pattern-matching language, the pattern “^\(.\)\1*$” will detect all strings composed of a single character repeated one or more times.
6. It should be able to execute subprograms and accept or reject passwords based on the results.
This allows the program to handle spellings that are not in dictionaries. For example, most computer dictionaries do not contain the word “waters” (because it is the plural of a word, “water,” in that dictionary). A spelling checker would recognize “waters” as a word. Hence, the program should be able to run a spelling checker on proposed passwords, to detect conjugations and eclensions of words in the dictionary.
7. The tests should be easy to set up, so administrators do not erroneously allow easily guessed passwords to be accepted.

19. Reusable Passwords and Dictionary Attacks
Goal of random passwords, pronounceable passwords, and proactive password checking
Maximize the time needed to guess password.
If Type1 dictionary attack is aimed at finding any user’s password ,
Technique “Salting” increases the amount of work required.
Salting makes the choice of Complementation function a function of randomly selected data.
Random data is different for each user.
To determine if the string s is the password for any of a set of n users.
Attack via random password
Attack via pronounceable passwords
Attack via proactive password
Random data is different for each user
Attack via other methods….

20. Guessing Through Authentication Functions
complements, No complemenatation  not publicly available
:: Attackers has to use authentication function
System can not prevent type 1 dictionary attack.
: authentication functions must be available  Computer has no way of distinguishing between authorized & unauthorized users
Techniques:
Type 1 : backoff (𝑃≥ 𝑇𝐺 𝑁 , minimize 𝑇)
:: exponential backoff begins when a user attempts authenticate and fails.
Let 𝑥 be a parameter selected by the system administrator. System waits when user fails 𝑥 1 seconds.
After n failures, the system waits 𝑥 𝑛−1 seconds.
Type 2 : disconnection (𝑃≥ 𝑇𝐺 𝑁 , 𝐺=0, after some number of failed)
After some number of failed authentication attempts, connection is broken and user must reestablish it
Type 3 : disabling (𝑃≥ 𝑇𝐺 𝑁 , 𝐺=0, after some number of failed)
If n consecutive attempts to log in to an account fail, the account is disabled until a security manager can re-enable it.
Type 4 : jailing (𝑃≥ 𝑇𝐺 𝑁 , minimize 𝑇)
The unauthenticated user is given access to a limited part of the system. And records the attacker’s action.

21. Challenge Response Definition
:: Let user U desire to authenticate himself to system 𝑆. Let 𝑈 and 𝑆 have an agreed-on secret function 𝑓.
A challenge-response authentication system is one in which 𝑆 sends a random message m (the challenge) to 𝑈,
𝑈 replies with the transformation 𝑟=𝑓(𝑚) (the response). 𝑆 validates 𝑟 by computing it separately.
Secret (수신호1), 𝒎
수신호해석 (수신호1)
= 변화구, 𝒇(수신호𝟏)
변화구, 𝒓=𝒇(𝒎)
스트라이크, 𝑺 𝒗𝒂𝒍𝒊𝒅𝒂𝒕𝒆 𝒓
Passwords have the fundamental problem that they are reusable!
If an attacker sees a password, she can later replay the password.

22. Pass Algorithm & One Time Passwords
Pass Algorithm Definition
:: Let there be a challenge-response authentication system in which the function 𝑓 is the secret. Then 𝑓 is called a pass algorithm
One Time Password Definition
:: A one-time password is a password that is invalidated as soon as it is used.
Challenge : the number of the authentication attempt.
Response : one-time password.
Problem : generation of random passwords & synchronize System & Users
generation of random passwords solution : Cryptographic hash function, enciphering function
synchronize System & Users solution : system inform the user which password it expects

23. Hardware-Supported Challenge Response Procedures
Hardware support comes in two forms:
Program for a general-purpose computer
Special-purpose hardware support
1st Type of hardware device :
Token based
2nd Type of hardware device :
Time based
Token
Token
Authenticate
Response
Every
60 seconds
Display
Different number
Authenticate
Response

24. Dictionary attack Defence. Bellovin and Merrit’s Technique
Challenge-Response and Dictionary Attack.
Dictionary attack Defence.
Bellovin and Merrit’s Technique

25. Bellovin and Merrit’s Technique
Alice uses the shared password s to encipher a randomly selected public key p for a public key system. Alice then forwards this key, along with her name, to Bob
Alice
Bob
Alice, p
Bob, s, p s

26. Bellovin and Merrit’s Technique
Bob determines the public key using the shared password, generates a random secret key k, enciphers it with p, enciphers the result with s, and sends it to Alice.
Alice
Bob
E(s,E(p,k)
Bob, s, p,
E(s,E(p,k)
Alice, s, p, k

27. Bellovin and Merrit’s Technique
Alice deciphers the message to get k, Now both Bob and Alice share a randomly generated secret key. At this Point, the challenge-response phase of the protocol begins. Decipher(x) = D(x), D (E(s,D(p,k)) = k
Alice
Bob
Bob, s, p, k
Alice, s, p, k

28. Bellovin and Merrit’s Technique
Bob uses k to decipher 𝑅 𝐴 . He the generates a random challenge 𝑅 𝐵 and enciphers both with k to produce 𝐸 𝐾 ( 𝑅 𝐴 𝑅 𝐵 ). He send this to Alice
Alice
Bob
𝐸 𝐾 ( 𝑅 𝐴 𝑅 𝐵 )
𝑅 𝐵
Bob, s, p, k
Alice, s, p, k
𝑅 𝐴

29. Bellovin and Merrit’s Technique
Alice deciphers the messages, validates 𝑅 𝐴 and determines 𝑅 𝐵 . She enciphers it using k and sends the message 𝐸 𝑘 ( 𝑅 𝐴 ) back to Bob
Alice
Bob
𝐸 𝑘 ( 𝑅 𝐴 )
𝑅 𝐵
𝑬 𝑲 ( 𝑹 𝑨 𝑹 𝑩 ),
Bob, s, p, k
Alice, s, p, k
𝑅 𝐴

30. Bellovin and Merrit’s Technique
Bob deciphers the message and verifies 𝑅 𝐵
Alice
Bob
Validate
𝑅 𝐵
𝑬 𝑲 ( 𝑹 𝑨 𝑹 𝑩 ),
Bob, s, p, k
𝑬 𝑲 ( 𝑹 𝑩 )
Alice, s, p, k
𝑅 𝐴

31. Biometrics
Biometrics refers to the identification of humans by their characteristics or traits
 Recognizing people by their voices or appearance, and impersonating people by assuming their appearance, was widely known in classical times.
the automated measurement of biological or behavioral features that identify a person.
The earliest cataloging of fingerprints dates back to 1891 when Juan Vucetich started a collection of fingerprints of criminals in Argentina.

32. Biometrics Fingerprints
The analysis of fingerprints for matching purposes generally requires the comparison of several features of the print pattern
Pattern
arch: The ridges enter from one side of the finger, rise in the center forming an arc, and then exit the other side of the finger.
loop: The ridges enter from one side of a finger, form a curve, and then exit on that same side.
whorl : Ridges form circularly around a central point on the finger.
Arch pattern
loop pattern
whorl pattern

33. Biometrics Fingerprints(cont.) Minutia features
- ridge ending : The ridge ending is the point at which a ridge terminates.
- Bifurcation : Bifurcations are points at which a single ridge splits into two ridges.
- short ridge (or dot) : Short ridges (or dots) are ridges which are significantly shorter than the average ridge length on the fingerprint.
ridge ending
Bifurcation
short ridge (or dot)

34. Biometrics
Voices
-also called speaker verification or speaker recognition
-The system is first trained on fixed passphrases or phonemes that can be combined.
To authenticate, either the speaker says the pass-phrase or repeats a word composed of the learned phonemes.
“What is your mother’s maiden name?”
“kim”

35. Biometrics
Eyes
Iris
Iris recognition is an automated method of biometric identification that uses mathematical pattern-recognition techniques on video images of the irises of an individual's eyes.
John Daugman developed and patented the first actual algorithms to perform iris recognition

36. Biometrics Eyes Retinal scans
Retinal scans rely on the uniqueness of the patterns made by blood vessels at the back of the eye.
retinal patterns may be altered in cases of diabetes , glaucoma or retinal degenerative disorders, the retina typically remains unchanged from birth until death.

37. Biometrics
Faces
relative position, size, and/or shape of the eyes, nose, cheekbones, and jaw
3-dimensional recognition
Skin texture analysis

38. Biometrics
Keystroke
Keystroke dynamics requires a signature based on keystroke intervals, keystroke pressure, keystroke duration, and where the key is struck.

39. Biometrics Direction Mobile Biometrics
• Why Smartphone based Biometrics?
Safe and secure authentication technology necessary for private applications on Mobile platforms •
Optimal platform for supporting Biometrics
- Sensors: Camera, microphone, Gyro, …
- Processors: CPU, GPU
- Communication: LTE, WiFi, Bluetooth,
NFC
- Open API for App SDK

40. Biometrics Direction m-Biometrics App -Face
• RecognizeMe by Apocolipse
Ver 2.0
for iOS5
-Fingerprint
• Motorola ATRIX
• iFMID by S.I.C. Biometrics

41. Biometrics Direction Future Market of m-Biometrics
(M units) 기기출하대수 (Source: CNet)
Future Market of m-Biometrics
($M) m-Payment (Source: Juniper Research)
(Source: Goode Intelligence 2011)

42. Biometrics Direction Barriers for m-Biometrics - Device Security
- Aging
- Fake
-HW: Sensors & Processors

43. Biometrics Trends Brainwaves
Each person has a unique pattern of neural pathway which determines their brain activity. This makes the EEG biometric system hard to forge and therefore desirable for use in high security systems.
Heart signal
the five peaks and troughs, known as a PQRST pattern (see picture), that map each heartbeat. The shape of this pattern is affected by such things as the heart’s size, its shape and its position in the body. Cardiologists have known since 1964 that everyone’s heartbeat is thus unique, and researchers around the world have been trying to turn that knowledge into a viable biometric system

44. Biometric Combinations
combine of the techniques improved the accuracy of biometric authentication.
Ex) Duc, Bigun, Bigun, Maire, and Fischer [281] describe a “supervisor module” for melding voice and face recognition with a success rate of 99.5%.
Issue
- Privacy and discrimination
1. Unintended functional scope: The authentication goes further than authentication, such as finding a tumor.
2. Unintended application scope: The authentication process correctly identifies the subject when the subject did not wish to be identified.
3. Covert identification: The subject is identified without seeking identification or authentication, ie a subject's face is identified in a crowd.
- Danger to owners of secured items
Ex) in 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.

45. Location
The physical location of an entity is described by a location signature derived from the GPS satellites
Each location (to within a few meters) and time (to within a few milliseconds) is unique, and hence form a location signature.
host also has a location signature sensor (LSS) and obtains a similar signature for the user
-> If the LSS is stolen, the thief would have to log in from an authorized geographic location.
Ex) Suppose Anna is an employee of a bank in California. The bank uses
location-based authentication to verify logins. Anna’s LSS is stolen, and the thief
takes it to New York. From there, the thief tries to access the bank’s computer.
Anna’s LSS generates a signature and transmits it to the bank. The bank’s LSS
determines that Anna’s LSS is in New York and is supplying a correct signature.
However, Anna is not authorized to access the bank’s computer from New York, so
the authentication is rejected

46. Summary
Authentication consists of an entity, the user, trying to convince a different entity, the verifier, of the user’s identity.
 The user does so by claiming to know some information, to possess something, to have some particular set of physical characteristics, or to be in a specific location.
Passwords are the most basic authentication mechanism.
 They are vulnerable to guessing unless precautions ensure that there is a large enough set of possible passwords and that each potential password in the set is equally likely to be selected.
Challenge-response techniques allow the system to vary the password and are less vulnerable to compromise because the password is never transmitted in the clear.
 One-time passwords, an example of this technique, are particularly effective against guessing attacks because even if a password is guessed, it may not be reused.
Biometrics measures physical characteristics of the user.
 These characteristics are sent to the verifier, which validates them. Critical to the successful use of biometric measurements is the understanding that they are simply passwords and must be protected in the same way that passwords must be protected.
Location requires the verifier to determine the location of the user.
 If the location is not as it should be, the verifier rejects the claim.

47. Periocular Biometrics in the Visible Spectrum
IEEE Transactions on Biometrics Compendium, Vol.6, Issue.1, pp , March 2011
Unsang Park; Jillela, R.; Ross, A.; Jain, A. K.;

48. Motivation (Current State)
Iris Detection & Recognition
사람 인식을 위해서 대부분 홍채(iris) 인식 기술을 많이 사용
홍채는 움직이는 객체 (화상에 맺힐 때 움직임에 따라 다른 이미지)
빛 반사를 차단(?)해야하는 Ideal Condition이 존재함
홍채의 크기가 매우 작음  얼굴 이미지에서 홍채 인식이 매우 어려움
Periocular ??
Entire Face Region & only iris region간의 Good Trade off
홍채를 얻는 것이 어려울 경우 사람의 Skin은 좋은 인식 객체가 될 수 있음
입이나 코가 가려질 경우에 Periocular 는 좋은 identity 자료가 됨
 Periocular에 대한 Biometric 정의가 없으므로 이에 대한 정의 필요

49. Challenges Periocular’s Problem
Region Definition : region include the eyebrows, iris, and the sclera, or should it exclude some of these components?
Feature Extraction :What are the best features for representing these regions?
Matching : How do we match the extracted features?
Image Acqusition : Which spectrum band (visible or NIR(Near Infrared) is more beneficial for matching periocular biometrics?
Fusion : What other biometric traits are suitable to be fused with the periocular information?

50. Global Feature Extraction Local Feature Extraction
Overview
Image Alignment
Feature Extraction
Matching
Iris Detection
Scale Normalization
Global Feature Extraction
Local Feature Extraction
Score Level Fusion
Periocular Region Segment
Extracted Feature
Result
SIFT
Gradient Orientation
Local Binary Pattern

51. Iris Detection & Scale Normalization
사람의 홍채는 모두 원형  원검출을 통해 파악
Scale Normalization
파악된 홍채를 이용하여 눈의 크기 Normalization
Scaling

52. ROI Selection Feature Extraction
본 논문은 Global Feature와 Local Feature를 혼합하여 눈 주변부 인식에 이용
Global Feature를 추출하기 위해서 “Periocular” 영역에 대한 정의가 필요
홍채의 중심부 𝐶 𝑖𝑟𝑖𝑠
홍채의 반지름 𝑅 𝑖𝑟𝑖𝑠
Multiple interest point
논문에서는 𝐶 𝑖𝑟𝑖𝑠 기준으로 주변부에
Width: 6* 𝑅 𝑖𝑟𝑖𝑠
Height: 4* 𝑅 𝑖𝑟𝑖𝑠
의 Interest Region을 설정
 Global Feature로 LBP와 GO를 이용
눈썹 영역은 굉장히 분별력있는 자료
위의 방법으로 70%이상은 눈썹을 포함
SIFT는 얼굴 전체에서 Feature를 뽑음
 Global Match가 눈썹을 포함하지 않아도 괜찮음

53. Local Binary Pattern & Histogram Oriented Gradient
LBP
1. 얼굴 영역  Sub Small Region
 Gray Color histogram
2. small region을 중심으로 인접한 블록들의 차를 비교한 결과를
2진수로 Labeling함
Uniform Pattern
2번의 1,0이 바뀌는 패턴이 존재하면 이를 Uniform Pattern이라 하고 이를 이용하여 Histogram화
Histogram Oriented Gradient(HOG)
빛(Luminance)의 세기가 약한곳에서 강한곳으로 흘러가는
(혹은 반대) 방향과 크기를 Histogram화

54. SIFT (Scale Invariant Feature Transform)
Key Point Detection
Extract Candidates
Keypoints Localization
Orientation Assignment
Orientation Invariant
Edge Detection
Interpolation of Data
For Accurate Position
DoG(Difference Of Gaussian)
을 이용하여 윤곽선 추출
최적의 Scale상에서의 포인트를 찾기 위해 테일러 급수 전개식을 이용하여 정확한 Position 정의
Orientation Assignment
KeyPoints의 국소부위 영역에
최적 스케일에서의 GradientVector들의 Magnitude를 통계내어
강한 크기의 방향으로 정렬
Scale Invariant
Scale Space Extrema
Discarding
Low-Contrast KeyPoints
Scale Space Theory에 의해 최적의 Scale을 갖는 Location을 찾음
Low-Contrast에서 발견된 KeyPoints(분별력 없음)을 제거
Keypoint descriptor
Corner Detection
Eliminating
Edge responses
Harris Corner Detection을 이용하여 코너 포인트들만을 검출
한쪽으로의 방향성을 갖는 KeyPoints(코너 아님)을 제거
: 크기변화 강건
: 방향변화 강건

55. SIFT (Scale Invariant Feature Transform)
최적 Scale 𝝈 Image에서 KeyPoint 주변부의 16*16 블록에 대해
4by4 sub block마다 8 방향의 Gradient 히스토그램을 Descriptor로 한다.
최적 Scale로 인한 Scale Invariant
Orientation Assignment로 인한 Orientation Invariant

56. Weighted Fusion (Score Level Fusion)
여러 개의 모델들의 Eigenspace에서 최적의 Weight값을 찾아
Multiclass & Multialgorithm에서의 성능을 높이는 방법
 Multi Feature & Algorithm ( GO, LBP, SIFT )의 Weighted Fusion을 통해 인식 성능을 높임
Image Alignment
Feature Extraction
Matching
Iris Detection
Scale Normalization
Gradient Orientation
LBP Extraction
Weighted Fusion
Face Detection
ROI Selection
SIFT Extraction

57. Experimental Condition Neutral-Neutral(무표정(비교)-무표정(DB))
Face Segmented(Automatical or Manual)
+ Eyebrows & L/R Information
일반적으로 Eyebrows의 유무에 따라 성능 향상폭이 나타남
 눈썹은 개개인 고유의 특징이며 Edge와 Color가 강하기 때문에 분별력있는 부위
일반적으로 왼쪽인지 오른쪽인지 정보를 알고 있을 때 정확도 향상폭은 높지 않음
 양쪽눈의 생김새가 다르기 때문에 Global Feature들의 경우 향상폭이 미비하거나 낮음
 SIFT의 경우 Local Feature이므로 방향 정보가 있으면 분별력에 도움을 줌
Eyebrows 정보의 유무에 따라 분별력차이가 매우 큼
 Periocular에 Eyebrow도 포함해야 함

58. Experimental Condition Neutral-Smiling(웃음(비교)-무표정(DB))
Face Segmented(Automatical or Manual)
+ Eyebrows & L/R Information
일반적으로 Eyebrows의 유무에 따라 성능 향상폭이 나타남
 눈썹은 개개인 고유의 특징이며 Edge와 Color가 강하기 때문에 분별력있는 부위
Global Feature vs Local Feature
 Global Feature들의 경우 동일인물임에도 영상내에서 변화가 생겼으므로 분별력이 떨어짐
 SIFT의 경우 동일 인물임에도 나타나는 부분적 특징을 살릴 수 있어 분별력이 더욱 높아짐

59. Experimental Condition Neutral-Neutral (무표정(비교)-무표정(DB))
Face Segmented( Automatical or Manual )
+ Eyebrows & L/R Information
+ Iris or Eye Masking 홍채
홍채 정보만 없을 경우에 Global Matching의 성능저하는 크지 않음
 Global Feature들은 홍채 정보 자체보다는 주변부의 정보에 민감함
눈 전체
눈 정보 전체가 없을 경우에 SIFT Matching의 성능저하가 큼
 눈 부위에서 발생하는 많은 SIFT Feature가 추출되지 않기 때문에 발생

60. CMC Curve 단일 피쳐간 성능 비교 Ranking내에 포함될 확률 (CMC Curve, abt1100 images)
전반적으로 Local Feature인 SIFT가 개인이 갖는 각 특징점(점, 상처)들을 추출하여 매칭에 도움을 주므로 다른 Global Feature에 비해 성능이 높음
 Weighted Fusion과 큰 성능 차이가 나타나지 않음

61. DET (Detection Error Trade off)
Face Recognition의 성능 평가 요소
False Positive / False Negative의 비율 Graph
x축과 y축이 낮을 수록 성능이 좋음
단일 피쳐간 성능 비교
FAR(False Accept Rate) : 생체 시스템에 비등록자를 등록자로 인식 (False Positive)
FRR(False Reject Rate) : 생체 시스템에 등록자를 불인식 (False Negative)]
EER(Error Equal Rate) : FAR과 FRR이 같아지는 지점 : ~1%를 목표로 함

62. Partial Face Periocular의 경우 Non-Partial Face보다 성능이 조금씩 떨어지는 수준 
Periocular를 이용한 정보 & Eye를 이용한 정보의 성능평가
Periocular의 경우 Non-Partial Face보다 성능이 조금씩 떨어지는 수준 
얼굴 인식 알고리즘 자체에서 나타나는 성능 저하
약간의 가려짐이 있을 경우 FaceVACS(상용화 알고리즘)의 인식율이 매우 저조함
 Local Feature의 특징, Periocular가 갖는 Global Information의 분별성이 높은 특징
Non-Partial Face
*FaceVACS (Other Face Recognition Algorithm)
Use face & “EYE only”

63. Pose Variation
GO,LBP의 경우 Periocular Region에서의 차이때문에 정확도가 조금씩 떨어지는 경향이 있음
LBP가 그나마 강건한 이유는 포즈의 변화에도 주변 픽셀들의 변화하는 패턴 자체가 크게 변하지 않는 이유때문으로 추측
SIFT의 경우 Rotation에 강하지만 Affine 에 약한 특징 때문에 매칭 결과가 낮아지는 것으로 추측

64. Experimental DB에서 어떻게 Occlusion했는가? Occlusion위치에 따른 차이
Random? Fixed? (언급되지 않음)
Ex)
오른쪽일 경우 매칭이 잘될 수 있음
이 경우는?
SIFT라면?
GO, LBP, SIFT모두 Occlusion일 경우 성능저하가 심하게 나타남
특히 LBP의 경우 Occlusion부위에 대한 Binary Pattern이 심하게 겹치게 되므로 분별성을 잃게 됨
가려진 부위에 그나마 강건한 것은 SIFT이지만 Occlusion 객체가 단순하기 때문일 것

65. Conclusion Eyebrow의 Template Matching?? 현 피쳐 Pose Variation 강함
Occlusion 위치에 따라 유동적