biometrics - PowerPoint - PowerPoint by wanghonghx


You are the Key
    A Need for Better Security

• One person can have a greater negative
  impact on society than ever before.

• More individuals have more diverse items
  and data to secure than ever before.
Society is Demanding
  We want access to our

 Communication Channels

     We want it to be
       Easy Access

• ATM’s in Gas Stations
• Growing Wireless Internet Access
• Cellular Phone Service
        Easy Access
You have the ability to access your
services and money from anywhere.

  So Does Everyone Else.
Proof of Identity
 To be effective
   it must be
Current Authentication Methods
         What you Have
          Sometimes called a “Token”

      – XON Card
      – Car or House Keys
      – Photo ID*
Current Authentication Methods
          What You Know

     – Lock Combination
     – PIN (Personal ID Number)
     – Password
  Combining Methods
       ATM Card + PIN
  House Key + Home Address

Weaknesses and Vulnerabilities
         Tokens – What You Have

• Token can be lost or stolen.
• Cards can be swiped or cloned.
  – Restaurants
  – Stores
  – Internet
Weaknesses and Vulnerabilities
    Passwords and PINS – What You Know

•   Passwords can be forgotten.
•   Users can be “shoulder surfed”.
•   Weak passwords can be guessed.
•   Strong passwords are often written down.
     Biometrics is the
Oldest Form of Identification.

        Simplest Form:
    “Let me see your face”.
                Who You Are
• Current Methods
  – Photo ID*
    • Driver’s License
    • Kent ID
  – Currently a person has to make the
    comparison between the Photo ID
    and your face.

   A Human Must Recognize You.
           Getting Answers
• Identification
  – “Who are you?”

• Authentication or Verification
  – “Are you who you claim to be?”
Manual Biometric System

    The current system has
     some vulnerabilities.
             The Problem
• The subject who needs to prove identity
  has complete access to the identifying
• Close examination will reveal many
  forged ID’s, but you are dealing with
  variables known as human beings.
          The Human Factor
• People are the biggest security risk.

• Confirmation of ID is usually a repetitive
  task, one that can allow for mistakes or
  intentional failures to occur

• Social Engineering
  – People can be manipulated.
     • The Art of Deception ~ Kevin D. Mitnick
             From the Greek
               Bios = “Life”

        Metron = “Measurement”

Authentication and Identification are based
   on the automated measurement and
    comparison of the biological factors
      that are unique to an individual.
              A Few Terms…
• Test Template – a.k.a. Enrollment Sample
  – Digitized file (usually encrypted ) that contains
    biometric data.

• Enrollment
  – The process that creates the Test Template when the
    new subject is added to the system.
              A Few Terms…
• Challenge Sample
  – The object or information presented for comparison to
    the Test Template to gain access.

• Sensor
  – Device used to capture the biometric data at both the
    enrollment and challenge stages.
      Sample Examples

    Test             Challenge
  Template            Sample
• Door Lock          • House Key
• Password File      • Password
• Driver’s License   • Your Face
Current Biometric Systems
 •   Fingerprint
 •   Facial Geometry
 •   Iris Scan
 •   Vein Pattern Identification
     – Hand/Wrist/Face
     – Retina
               Finger Print
• One of the first biometrics methods.
  – Patented by Randall Fowler, the founder of
    “Identix” in 1978.
• Test template describes geometries of the
  finger print. These details are called
           Finger Print Minutia
A template usually
contains several
types of minutia
and records how
they relate to each
other. The actual
print image is
usually NOT saved
for low security
applications such
as company time
clocks or home
      Fingerprint Advantages
• Fingerprints are easy to use.
• Most systems require little space.
• Test templates can be made from finger
  print cards.
• Fingerprints stay consistent
  throughout life.
• System is as inexpensive as
  $50.00 at Wal-Mart.
    Fingerprint Disadvantages

• Users may have concerns regarding
  touching a sensor touched by other

• An individual’s age and occupation may
  cause some sensors difficulty in capturing
  a complete and accurate image.

• Users may have religious concerns.
          Facial Geometry
• Compares measurements of various facial
  landmarks such as the distance from nose
  to chin, distance between the eyes
• A functional test template can be
  generated from a photograph
• Currently used in airports
  to identify terrorists and
  other “Persons of Interest”
• 2001 Super Bowl
         Super Bowl XXXV
• Baltimore Ravens Vs. New York Giants
• Baltimore won the game 34–7
• 19 individuals with outstanding warrants
  were identified by a face recognition
  system from over 100,000 other
• Tampa Police and ACLU Court Battle.
• Tampa Police currently use a facial
  recognition system in the downtown area.
  Facial Geometry Advantages
• No contact required
• Sensors are high quality video cameras
• With a telephoto lens the camera can be a
  distance from the subject
• Can be used without the subject’s
• Test Template can be made from a photo
  – Drivers License photos are now stored with
    the rest of your DMV data
Facial Geometry Disadvantages
• Sensitive to changes in lighting,
  expression, and facial position

• Faces change over time

• Face can be obscured
  by hats, hair, etc.
                Iris Scan
• Records the unique pattern and colors that
  make up the area surrounding the pupil
       Iris Scan Advantages
• No contact with sensor required
• Protected organ less prone to injury and
• Believed to be highly
   stable over lifetime
• As unique as a
     Iris Scan Disadvantages
• Public concerns related to scanning the
  eye with a light source
• Acquisition of an iris image requires more
  training and skill than most biometrics
• Can be affected by contact lenses
    Vein Pattern Identification
• This technology uses a combination of
  thermal imaging and visible light scanning.
• Various body areas can be used to create
  the test template. Face, hands, and retina
  are common sources for biometric data.
     Vein Pattern Advantages
• Considered as unique as finger prints
• Easy to implement a robust liveliness
  aspect to the sensor
• Fewer of the
  biological limitations
  associated with
Vein Pattern Disadvantages
• Use of this method requires some training.
• This is believed to
  be stable over adult
  lifespan, but changes
  occur as
  children grow.
• Scanning device
  takes up a larger
  space than other
  biometric sensors.
• Liveliness systems detect the signs of a
  living biometric sample.
      No Life - No Access.

• Pulse, temperature, and moisture are
  some of the aspects that are detected.
• This aspect authenticates the Challenge

• Public awareness of liveliness
  requirements protects users.
  – 2005 Malaysia, Mercedes owner lost finger to
    car thieves.
 Challenge Sample Processing
• Challenge Sample is collected.
• Tests for liveliness, if available, are done.
• Challenge Sample is then compared to the
  enrollment test template.
• Some variance is expected.
  – A true “perfect match” can cause a system to
    disallow access.
• If the match score is above the threshold,
  access is granted.
       A Few More Terms…

• Threshold
  – Level required for an acceptable match
    • Higher threshold requires a better match score.
    • Lower threshold requires a lower match score.
         A Few More Terms…

• False Rejection
  – System denies access when Test Template
    and Challenge Sample that SHOULD match
    do not, due to:
    •   Bad challenge sample
    •   Sensor problem
    •   Match criteria requirement too high
    •   Inconvenient
       A Few More Terms…

• False Acceptance
  – System allows access when Test Template
    and Challenge Sample that should NOT
    match do, due to:
    • User’s defeat of the system
    • Match criteria requirement too low
    • System malfunction
         Additional Security
• Implementing a PIN or Token with a
  biometric system is common.
• Recorded video surveillance: full-time or
  event-triggered by a failed challenge
• Duress systems
• Mantraps
          Duress Systems
• Those desperate for access might try to
  steal the biometric key, that is - You!

• Implemented to keep the biometric key,
  also know as a person, safe while
  maintaining security.
            Duress Systems
• Allows access but also set off alarms or
  initializes other countermeasures.
  – Right index finger lets you in.
  – Right middle finger lets you in and
    calls for help.
  – Right ring finger lets
    you in, calls for help, and
    locks down more
    sensitive areas of
    the building.
• Usually used in very high security areas
• Can be combined with duress systems
• One at a time
  through the trap
• Contains subjects
  who have failed the
  security challenge
• This system uses an open format to allow
  security personal to identify the person in
  the trap; these are usually used to control
  access inside of a facility.
     Systems in Development

• Body Odor Identification
  – An Electronic Nose

• Body Salinity Identification
  – Exploits natural level of salt
            in the body.
You are the Key

To top