Download presentation
Presentation is loading. Please wait.
Published byLewis Sanders Modified over 9 years ago
1
Section 2.3.5 – Biometrics 1
2
Biometrics Biometric refers to any measure used to uniquely identify a person based on biological or physiological traits. Generally, biometric systems incorporate some sort of sensor or scanner to read in biometric information and then compare this information to stored templates of accepted users before granting access. 2 Image from http://commons.wikimedia.org/wiki/File:Fingerprint_scanner_in_Tel_Aviv.jpg used with permission under the Creative Commons Attribution 3.0 Unported license
3
Requirements for Biometric Identification Universality. Almost every person should have this characteristic. Distinctiveness. Each person should have noticeable differences in the characteristic. Permanence. The characteristic should not change significantly over time. Collectability. The characteristic should have the ability to be effectively determined and quantified. 3
4
Biometric Identification 4 Feature vector Reference vector Comparison algorithm matchesdoesn’t match Biometric Reader
5
CIT 380: Securing Computer Systems Slide #5 Biometric Measurement Possible Outcomes: 1.Correct person accepted 2.Imposter rejected 3.Correct person rejected (False Rejection) 4.Imposter accepted (False Acceptance)
6
CIT 380: Securing Computer Systems Slide #6 False Positives and Negatives Tradeoff between False Accept Rate False Reject Rate Crossover Error Rate
7
Candidates for Biometric IDs Fingerprints Retinal/iris scans DNA “Blue-ink” signature Voice recognition Face recognition Gait recognition Let us consider how each of these scores in terms of universality, distinctiveness, permanence, and collectability… 7 Public domain image from http://commons.wikimedia.org/wiki/File:Retinal_scan_securimetrics.jpg Public domain image from http://commons.wikimedia.org/wiki/File:CBP_chemist_reads_a_DNA_profile.jpg Public domain image from http://commons.wikimedia.org/wiki/File:Fingerprint_Arch.jpg
8
CIT 380: Securing Computer Systems Slide #8 Fingerprints Capacitive measurement, using differences in electrical charges of whorls on finger to detect those parts touching chip and those raised.
9
CIT 380: Securing Computer Systems Slide #9 Brandon Mayfield Fingerprints found in 2004 Madrid bombing. Brandon arrested May 6, 2004. FBI claimed “100 percent positive” match. – Held under a false name. – Then transferred to unidentified location. Spanish police identify fingerprint as belonging to an Algerian man May 21, 2004. Brandon released May 25, 2004.
10
CIT 380: Securing Computer Systems Slide #10 Eye Biometrics Iris Scan – Lowest false accept/reject rates of any biometric. – Person must hold head still and look into camera. Retinal Scan – Cataracts and pregnancy change retina pattern. – Lower false accept/reject rates than fingerprints. – Intrusive and slow.
11
CIT 380: Securing Computer Systems Slide #11 Other Types of Biometrics Physiological DNA Face recognition Hand geometric Scent detection Voice recognition Behavioral Gait recognition Keyboard dynamics Mouse dynamics Signatures
12
CIT 380: Securing Computer Systems Slide #12 Biometrics are not infallible What are False Accept and Reject Rates? Do the characteristics change over time? – Retina changes during pregnancy. – Fingerprint damage due to work/pipe smoking. – Young and old people have fainter fingerprints. Is it accurate in the installed environment? – Is someone observing fingerprint or voiceprint checks? – i.e., did you collect biometric from the person?
13
CIT 380: Securing Computer Systems Slide #13 Biometrics can be compromised. Unique identifiers, not secrets. – You can change a password. – You can’t change your iris scan. Examples: – You leave your fingerprints every place. – It’s easy to take a picture of your face. Other compromises. – Use faux ATM-style devices to collect biometrics. – Obtain all biometric templates from server.
14
CIT 380: Securing Computer Systems Slide #14 Use and Misuse of Biometrics Employee identification. – Employee enters login name. – System uses fingerprint to verify employee is who he claims to be. – Problem: Does biometric match the employee? Criminal search (Superbowl 2001) – System uses face recognition to search for criminals in public places. – Problem: Does any biometric in database match anyone in a crowd of people? – Assume system is 99.99% accurate and 1 in 10million people is a terrorist. Result: 1000 false positives for each terrorist.
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.