Introduction to Biometrics

1
Introduction to Biometrics

• Dr. Bhavani Thuraisingham
• The University of Texas at Dallas
• Lecture 4
• Introduction to Biometrics
• August 31, 2005

2
Outline

• Introduction to Biometrics
• What is Biometrics?
• What is the Process?
• Why Biometrics?
• Biometrics Resources
• What is Secure Biometrics
• Revisiting Topics to be covered
• Some exploratory research areas
• Some useful reference books

3
What is Biometrics?

• Biometrics are automated methods of recognizing a
  person based on a physiological or behavioral
  characteristic
• Features measured Face, Fingerprints, Hand
  geometry, handwriting, Iris, Retinal, Vein and
  Voice
• Identification and personal certification
  solutions for highly secure applications
• Numerous applications medical, financial, child
  care, computer access etc.

4
What is the Process?

• Three-steps Capture-Process-Verification
• Capture A raw biometric is captured by a sensing
  device such as fingerprint scanner or video
  camera
• Process The distinguishing characteristics are
  extracted from the raw biometrics sample and
  converted into a processed biometric identifier
  record
• Called biometric sample or template
• Verification and Identification
• Matching the enrolled biometric sample against a
  single record is the person really what he
  claims to be?
• Matching a biometric sample against a database of
  identifiers

5
Why Biometrics?

• Biometrics replaces Traditional Authentication
  Methods
• Provides better security
• More convenient
• Better accountability
• Applications on Fraud detection and Fraud
  deterrence
• Dual purpose
• Cyber Security and National Security

6
Why Biometrics? (Continued)

• Authentication mechanisms often used are User ID
  and Passwords
• However password mechanisms have vulnerabilities
• Stealing passwords etc.
• Biometrics systems are less prone to attacks
• Need sophisticated techniques for attacks
• Cannot steal facial features and fingerprints
• Need sophisticated image processing techniques
  for modifying facial features

7
Why Biometrics? (Continued)

• Biometrics systems are more convenient
• Need not have multiple passwords or difficult
  passwords
• E.g., characters, numbers and special symbols
• Need not remember passwords
• Need not carry any cards or tokens
• Better accountability
• Can determine who accessed the system with less
  complexity

8
Why Biometrics? (Concluded)

• Dual Purpose
• Cyber Security and National Security
• Access to computer systems and networks
• Fraud detection
• Who has intruded the system?
• Who has entered the building
• Surveillance and monitoring
• Fraud Deterrence
• Because of biometrics systems, people are nervous
  to commit crimes
• Stealing from supermarkets and shops, etc.

9
Biometrics Resources

• Biometrics Consortium is the major resource
• www.biometrics.org
• Another Resource
• http//www.biometricsinfo.org/
• Has Information on
• Who is doing what
• Academia, Industry and Government
• White papers on Biometrics technologies
• Fingerprint detection, facial recognition, Iris
  scanning, - - - -

10
Biometrics Resources What is academia doing?

• Michigan State University
• Developing algorithms for fingerprint detection,
  etc.
• West Virginia University
• Forensic identification initiative
• San Jose State University
• Mathematical concepts

11
Biometrics Resources What is Industry doing?

• Focus is on building faster and cheaper devices
• More accuracy, less false positives and negatives
• Incorporating biometrics into mobile devices,
  Smartcards
• Biometrics in healthcare delivering medication
  to correct patients
• Biometrics in child care Children are picked up
  by those authorized
• Protecting digital content
• Ensuring that voice and video are not altered
• Vendors http//www.biometricsinfo.org/vendors.htm
  

12
Biometrics Resources What is Government doing?

• NSA (National Security Agency)
• Research on protecting critical information
  systems
• DoD (Department of Defense)
• Biometrics Management Office
• Provide Armed forces access to Biometrics systems
  for combat operations
• INS/DHS (Department of Homeland Security
  Immigration and Nationalization Service)
• Biometrics technologies at Airports
• NIST (National Institute of Standards and
  Technologies)
• Major player in Biometrics

13
Activities of NIST

• Measurements, Testing and Standards is NISTs
  mission
• Focus on Biometrics Standards
• Activities
• Biometrics Consortium
• Common Biometric Exchange File Format
• Biometric Interoperability, Performance and
  Assurance Working Group
• BioAPI Consortium
• Various Standards

14
Activities of NIST (Continued)

• Biometrics Consortium is the Government focal
  point for research, development and testing of
  Biometric products and technologies
• Common Biometric Exchange File Format is a
  product of the consortium to develop common
  fingerprint template formats
• Biometrics Interoperability working group
  promotes common definitions and concepts for
  exchanging information between national and
  international partners
• BioAPI consortium develops common Application
  Programming Interfaces for biometrics
  technologies

15
Activities of NIST (Concluded)

• NIST is developing standards for the following
• Finger image format for data Interchange
• Face image format for data interchange
• Iris image format for data interchange
• Signature image format for data interchange
• NIST is working with International standards
  organizations for joint standards
• ISO (International Standards Organization)

16
What is Secure Biometrics?

• Study the attacks of biometrics systems
• Modifying fingerprints
• Modifying facial features
• Develop a security policy and model for the
  system
• Application independent and Application specific
  policies
• Enforce Security constraints
• Entire face is classified but the nose can be
  displayed
• Develop a formal model
• Formalize the policy
• Design the system and identify security critical
  components
• Reference monitor for biometrics systems

17
Security Vulnerabilities

• Type 1 attack present fake biometric such a
  synthetic biometric
• Type 2 attack Submit a previously intercepted
  biometric data replay
• Type 3 attack Compromising the feature extractor
  module to give results desired by attacker
• Type 4 attack Replace the genuine feature values
  produced by the system by fake values desired by
  attacker
• Type 5 attack Produce a high number of matching
  results
• Type 6 attack Attack the template database add
  templates, modify templates etc.

18
Security and Privacy for Biometrics

• Privacy of the Individuals have to be protected
• CNN News Release August 29, 2005
• Distorting Biometrics Enhances Security and
  Privacy
• Biometric data converted to numerical strings by
  mathematical algorithm for later use
• If the mathematical templates are stolen could be
  dangerous
• Researchers have developed method to alter the
  images in a defined and repeated way
• Hackers steal the distortion not the original
  face or fingerprint

19
Revisiting Topics Covered

• Unit 1 Biometrics and Other Emerging Topics in
  Information Security (Lecture 1)
• Part I Supporting Technologies (not included in
  Exam)
• Material from book Database and Applications
  Security, CRC Press, Thuraisingham, May 2005
• Unit 2 Information Security (Lecture 2)
• Unit 3 Information Management (Lecture 3)
• Included a demo of suspicious event detection by
  Gal Lavee example of behavioral biometrics

20
Revisiting Topics Covered

• Part II Introduction to Biometrics
• Unit 4 What is Biometrics? Why Biometrics?
  (Lecture 4)
• Chapter 1 of text book material from
  www.biometrics.org
• Unit 5 Designing Biometrics Systems (Lecture 5)
• Chapters 2 and 3 of book additional reference
  material

21
Outline of the Course (Continued)

• Part III Biometrics Technologies
• Chapters 4 9 Reference material
• Unit 6 Finger Scan
• Unit 7 Facial Scan
• Unit 8 Iris Scan
• Unit 9 Voice Scan
• Unit 10 Physiological Biometrics
• Unit 11 Behavioral Biometrics

22
Outline of the Course (Continued)

• Part IV Biometrics Application
• Chapters 10 14 reference material
• Unit 12 Types of Applications
• Unit 13 Citizen Facing Applications
• Unit 14 Employee Facing Applications
• Unit 15 Customer Facing Applications
• Unit 16 Biometrics Markets
• Part V Privacy and Standards
• Chapters 15 17 Reference material, NIST
  activities
• Unit 17 Risks to Privacy
• Unit 18 Privacy Enhanced Biometrics Systems
• Unit 19 Biometrics Standards

23
Outline of the Course (Continued)

• Part VI Securing Biometrics Systems
• Reference material
• Unit 20 Attacks to Biometric Systems
• Unit 21 Designing Secure Biometrics Systems
• Part VII Prototypes and Products
• Reference material
• Unit 22 Overview of Prototypes and Products
• Unit 23 USVISIT and Other Biometrics Systems

24
Outline of the Course (Concluded)

• Unit 24 Conclusion to the Course
• Summarize what we have learnt and provide
  directions
• Appendix Special Topics and Guest Lectures (Not
  included in exams)
• Data Mining for Biometrics Applications
• Towards end of the course given by me
• Privacy preserving data mining
• September 26, 2005 (tentative)
• Other special topics
• E.g., Image processing, October 24, 2005
  (Tentative)

25
Some Exploratory Research Areas not covered

• DNA
• Ear shape
• Odor (human scent)
• Vein-scan (in back of hand or beneath palm)
• Finger geometry (shape and structure of finger or
  fingers)
• Nailbed identification (ridges in fingernails)
• Gait recognition (manner of walking)

26
Some Useful Reference Books

• Biometrics by John D. Woodward Jr., Nicholas M.
  Orlans, Peter T. Higgins
• Paperback 416 pages
• Publisher McGraw-Hill Osborne Media 1st edition
  (December 19, 2002)
• ISBN 0072222271
• Biometric Systems Technology, Design and
  Performance Evaluation by James Wayman (Editor),
  Anil Jain (Editor), David Maltoni (Editor), Dario
  Maio (Editor)
• Hardcover 370 pages
• Publisher Springer 1st edition (December 16,
  2004)
• ISBN 1852335963