Docstoc

Biometrics

Document Sample
Biometrics Powered By Docstoc
					Section 2.3.5 – Biometrics




                             1
                                                       Biometrics
• Biometric refers to any measure
  used to uniquely identify a person
  based on biological or physiological
  traits.
• Generally, biometric systems
  incorporate some sort of sensor or
  scanner to read in biometric
  information and then compare this
  information to stored templates of
  accepted users before granting
  access.


                                                                                                                                                                     2
  Image from http://commons.wikimedia.org/wiki/File:Fingerprint_scanner_in_Tel_Aviv.jpg used with permission under the Creative Commons Attribution 3.0 Unported license
Requirements for Biometric Identification
 • Universality. Almost every person should have
   this characteristic.
 • Distinctiveness. Each person should have
   noticeable differences in the characteristic.
 • Permanence. The characteristic should not
   change significantly over time.
 • Collectability. The characteristic should have
   the ability to be effectively determined and
   quantified.
                                                3
        Biometric Identification


                               Reader
Biometric



            Feature vector


                                             Comparison algorithm




            Reference vector




                                        matches       doesn’t match

                                                                      4
       Biometric Measurement
Possible Outcomes:

  1.   Correct person accepted
  2.   Imposter rejected
  3.   Correct person rejected (False Rejection)
  4.   Imposter accepted (False Acceptance)




                                             CIT 380: Securing
                                                   Slide #5
                                             Computer Systems
  False Positives and Negatives
Tradeoff between
  •   False Accept Rate
  •   False Reject Rate
  •   Crossover Error Rate




                             CIT 380: Securing
                                   Slide #6
                             Computer Systems
       Candidates for Biometric IDs
•   Fingerprints
•   Retinal/iris scans
•   DNA                  Public domain image from
                         http://commons.wikimedia.org/wiki/File:Fingerprint_Arch.jpg


•   “Blue-ink” signature                                                                          Public domain image from
                                                                                                  http://commons.wikimedia.org/wiki/File:Retinal_scan_securimetrics.jpg




•   Voice recognition
•   Face recognition
•   Gait recognition         Public domain image from
                             http://commons.wikimedia.org/wiki/File:CBP_chemist_reads_a_DNA_profile.jpg



•   Let us consider how each of these scores in terms of
    universality, distinctiveness, permanence, and
    collectability…
                                                                                                                                                        7
                 Fingerprints
Capacitive measurement, using differences in
electrical charges of whorls on finger to detect those
parts touching chip and those raised.




                                             CIT 380: Securing
                                                   Slide #8
                                             Computer Systems
                Brandon Mayfield
• Fingerprints found in 2004 Madrid bombing.
• Brandon arrested May 6, 2004.
• FBI claimed “100 percent positive” match.
   – Held under a false name.
   – Then transferred to unidentified location.
• Spanish police identify fingerprint as belonging to an Algerian
  man May 21, 2004.
• Brandon released May 25, 2004.




                                                      CIT 380: Securing
                                                            Slide #9
                                                      Computer Systems
                          Eye Biometrics
• Iris Scan
    – Lowest false accept/reject rates
       of any biometric.
    – Person must hold head still and
       look into camera.
• Retinal Scan
    – Cataracts and pregnancy change
       retina pattern.
    – Lower false accept/reject rates
       than fingerprints.
    – Intrusive and slow.




CIT 380: Securing Computer Systems
                                           Slide #10
    Other Types of Biometrics
     Physiological            Behavioral

•   DNA                 •   Gait recognition
•   Face recognition    •   Keyboard dynamics
•   Hand geometric      •   Mouse dynamics
•   Scent detection     •   Signatures
•   Voice recognition




                                         CIT 380: Securing
                                              Slide #11
                                         Computer Systems
     Biometrics are not infallible
What are False Accept and Reject Rates?
Do the characteristics change over time?
     – Retina changes during pregnancy.
     – Fingerprint damage due to work/pipe smoking.
     – Young and old people have fainter fingerprints.
Is it accurate in the installed environment?
     – Is someone observing fingerprint or voiceprint checks?
     – i.e., did you collect biometric from the person?




                                                    CIT 380: Securing
                                                         Slide #12
                                                    Computer Systems
    Biometrics can be compromised.
Unique identifiers, not secrets.
   – You can change a password.
   – You can’t change your iris scan.
Examples:
   – You leave your fingerprints every place.
   – It’s easy to take a picture of your face.
Other compromises.
   – Use faux ATM-style devices to collect biometrics.
   – Obtain all biometric templates from server.

                                                     CIT 380: Securing
                                                          Slide #13
                                                     Computer Systems
    Use and Misuse of Biometrics
Employee identification.
   – Employee enters login name.
   – System uses fingerprint to verify employee is who he
     claims to be.
   – Problem: Does biometric match the employee?
Criminal search (Superbowl 2001)
   – System uses face recognition to search for criminals in
     public places.
   – Problem: Does any biometric in database match anyone in
     a crowd of people?
   – Assume system is 99.99% accurate and 1 in 10million
     people is a terrorist. Result: 1000 false positives for each
     terrorist.
                                                      CIT 380: Securing
                                                           Slide #14
                                                      Computer Systems

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:6
posted:11/7/2012
language:English
pages:14