28-05-2011, 08:07 AM
Security systems using biometrics
ABSTRACT
[attachment=13974]
Authentication plays a very critical role in security-related applications like e-commerce. There are a number of methods and techniques for accomplishing this key process. In this regard, biometrics is gaining increasing attention these days. Security systems, having realized the value of biometrics, use biometrics for two basic purposes: to verify or identify users. There are a number of biometrics and different applications need different biometrics.
As more and more valuable information is made accessible to employees via LAN and WAN, the risks associated with unauthorized access to sensitive data grow larger. Protecting your network with passwords is problematic, as passwords are easily compromised, lost, or inappropriately shared. Whether driven by security, convenience, or cost-reduction, biometrics are proving to be an effective solution for IT/Network Security. Major challenges in deploying biometrics in this environment include accuracy and performance, integrating biometric match decisions with existing systems, interoperability across proprietary technologies, and secure storage and transmission of biometric data.
Biometric technologies are available today that can be used in security systems to help protect assets. Biometric technologies vary in complexity, capabilities, and performance and can be used to verify or establish a person’s identity. Leading biometric technologies include facial recognition, fingerprint recognition, hand geometry, iris recognition, retina recognition, signature recognition, and speaker recognition. Biometric technologies have been used in federal applications such as access control, criminal identification, and border security.
However, it is important to bear in mind that effective security cannot be achieved by relying on technology alone. Technology and people must work together as part of an overall security process. Weaknesses in any of these areas diminish the effectiveness of the security process. The security process needs to account for limitations in biometric technology. For example, some people cannot enroll in a biometrics system. Similarly, errors sometimes occur during matching operations. Procedures need to be developed to handle these situations. Exception processing that is not as good as biometric-based primary processing could also be exploited as a security hole.
INTRODUCTION
Biometrics refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Biometric is the most secure and convenient authentication tool. It cannot be borrowed, stolen, or forgotten and forging one is practically impossible. In information technology, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance.
Biometric technology is fast gaining popularity as means of security measures to reduce cases of fraud and theft due to its use of physical characteristics and traits for the identification of individuals. Biometrics has long been one of the solutions touted by security vendors to meet multi-factor authentication objectives. However, user acceptance and cost issues often prevent organizations from adopting biometrics as a solution. This isn’t to say that other multi-factor solutions are any less cost prohibitive. The capital expenditure and on-going maintenance costs of token-based systems are often higher than those for biometrics.
Biometrics can theoretically be very effective personal identifiers because the characteristics they measure are thought to be distinct to each person. Unlike conventional identification methods that use something you have, such as an identification card to gain access to a building, or something you know, such as a password to log on to a computer system, these characteristics are integral to something you are. Because they are tightly bound to an individual, they are more reliable, cannot be forgotten, and are less easily lost, stolen, or guessed.
Biometrics measure individual's unique physical or behavioral characteristics to recognize or authenticate their identity. Biometric characteristics can be divided in two main classes:
• Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, hand and palm geometry, iris, which has largely replaced retina, and odor/scent.
• Behavioral are related to the behavior of a person. Examples include, but are not limited to typing rhythm, gait, and voice. Some researchers have coined the term behaviometrics for this class of biometrics.
Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral. Of this class of biometrics, technologies for signature and voice are the most developed.
It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:
• Universality - each person should have the characteristic.
• Uniqueness - is how well the biometric separates individually from another.
• Permanence - measures how well a biometric resists aging.
• Collectability - ease of acquisition for measurement.
• Performance - accuracy, speed, and robustness of technology used.
• Acceptability - degree of approval of a technology.
• Circumvention - ease of use of a substitute.
BASIC WORKING PRINCIPLE
A biometric system can provide the following two functions:
• Verification -- Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.
• Identification -- Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.
The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability.
If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area).
In verification systems, the step after enrollment is to verify that a person is who he or she claims to be (i.e., the person who enrolled). After the individual provides whatever identifier he or she enrolled with, the biometric is presented, which the biometric system captures, generating a trial template that is based on the vendor’s algorithm. The system then compares the trial biometric template with this person’s reference template, which was stored in the system during enrollment, to determine whether the individual’s trial and stored templates match. Verification is often referred to as 1:1 (one-to-one) matching. Verification systems can contain databases ranging from dozens to millions of enrolled templates but are always predicated on matching an individual’s presented biometric against his or her reference template.
In identification systems, the step after enrollment is to identify who the person is. Unlike verification systems, no identifier need be provided. To find a match, instead of locating and comparing the person’s reference template against his or her presented biometric, the trial template is compared against the stored reference templates of all individuals enrolled in the system. Identification systems are referred to as 1:N (one-to-N, or one-to-many) matching because an individual’s biometric is compared against multiple biometric templates in the system’s database.
ABSTRACT
[attachment=13974]
Authentication plays a very critical role in security-related applications like e-commerce. There are a number of methods and techniques for accomplishing this key process. In this regard, biometrics is gaining increasing attention these days. Security systems, having realized the value of biometrics, use biometrics for two basic purposes: to verify or identify users. There are a number of biometrics and different applications need different biometrics.
As more and more valuable information is made accessible to employees via LAN and WAN, the risks associated with unauthorized access to sensitive data grow larger. Protecting your network with passwords is problematic, as passwords are easily compromised, lost, or inappropriately shared. Whether driven by security, convenience, or cost-reduction, biometrics are proving to be an effective solution for IT/Network Security. Major challenges in deploying biometrics in this environment include accuracy and performance, integrating biometric match decisions with existing systems, interoperability across proprietary technologies, and secure storage and transmission of biometric data.
Biometric technologies are available today that can be used in security systems to help protect assets. Biometric technologies vary in complexity, capabilities, and performance and can be used to verify or establish a person’s identity. Leading biometric technologies include facial recognition, fingerprint recognition, hand geometry, iris recognition, retina recognition, signature recognition, and speaker recognition. Biometric technologies have been used in federal applications such as access control, criminal identification, and border security.
However, it is important to bear in mind that effective security cannot be achieved by relying on technology alone. Technology and people must work together as part of an overall security process. Weaknesses in any of these areas diminish the effectiveness of the security process. The security process needs to account for limitations in biometric technology. For example, some people cannot enroll in a biometrics system. Similarly, errors sometimes occur during matching operations. Procedures need to be developed to handle these situations. Exception processing that is not as good as biometric-based primary processing could also be exploited as a security hole.
INTRODUCTION
Biometrics refers to methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. Biometric is the most secure and convenient authentication tool. It cannot be borrowed, stolen, or forgotten and forging one is practically impossible. In information technology, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance.
Biometric technology is fast gaining popularity as means of security measures to reduce cases of fraud and theft due to its use of physical characteristics and traits for the identification of individuals. Biometrics has long been one of the solutions touted by security vendors to meet multi-factor authentication objectives. However, user acceptance and cost issues often prevent organizations from adopting biometrics as a solution. This isn’t to say that other multi-factor solutions are any less cost prohibitive. The capital expenditure and on-going maintenance costs of token-based systems are often higher than those for biometrics.
Biometrics can theoretically be very effective personal identifiers because the characteristics they measure are thought to be distinct to each person. Unlike conventional identification methods that use something you have, such as an identification card to gain access to a building, or something you know, such as a password to log on to a computer system, these characteristics are integral to something you are. Because they are tightly bound to an individual, they are more reliable, cannot be forgotten, and are less easily lost, stolen, or guessed.
Biometrics measure individual's unique physical or behavioral characteristics to recognize or authenticate their identity. Biometric characteristics can be divided in two main classes:
• Physiological are related to the shape of the body. Examples include, but are not limited to fingerprint, face recognition, DNA, hand and palm geometry, iris, which has largely replaced retina, and odor/scent.
• Behavioral are related to the behavior of a person. Examples include, but are not limited to typing rhythm, gait, and voice. Some researchers have coined the term behaviometrics for this class of biometrics.
Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral. Of this class of biometrics, technologies for signature and voice are the most developed.
It is possible to understand if a human characteristic can be used for biometrics in terms of the following parameters:
• Universality - each person should have the characteristic.
• Uniqueness - is how well the biometric separates individually from another.
• Permanence - measures how well a biometric resists aging.
• Collectability - ease of acquisition for measurement.
• Performance - accuracy, speed, and robustness of technology used.
• Acceptability - degree of approval of a technology.
• Circumvention - ease of use of a substitute.
BASIC WORKING PRINCIPLE
A biometric system can provide the following two functions:
• Verification -- Authenticates its users in conjunction with a smart card, username or ID number. The biometric template captured is compared with that stored against the registered user either on a smart card or database for verification.
• Identification -- Authenticates its users from the biometric characteristic alone without the use of smart cards, usernames or ID numbers. The biometric template is compared to all records within the database and a closest match score is returned. The closest match within the allowed threshold is deemed the individual and authenticated.
The main operations a system can perform are enrollment and test. During the enrollment, biometric information from an individual is stored. During the test, biometric information is detected and compared with the stored information. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and our system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block features needed are extracted. This step is an important step as the correct features need to be extracted and the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of all the characteristics extracted from the source, in the optimal size to allow for adequate identifiability.
If enrollment is being performed the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area).
In verification systems, the step after enrollment is to verify that a person is who he or she claims to be (i.e., the person who enrolled). After the individual provides whatever identifier he or she enrolled with, the biometric is presented, which the biometric system captures, generating a trial template that is based on the vendor’s algorithm. The system then compares the trial biometric template with this person’s reference template, which was stored in the system during enrollment, to determine whether the individual’s trial and stored templates match. Verification is often referred to as 1:1 (one-to-one) matching. Verification systems can contain databases ranging from dozens to millions of enrolled templates but are always predicated on matching an individual’s presented biometric against his or her reference template.
In identification systems, the step after enrollment is to identify who the person is. Unlike verification systems, no identifier need be provided. To find a match, instead of locating and comparing the person’s reference template against his or her presented biometric, the trial template is compared against the stored reference templates of all individuals enrolled in the system. Identification systems are referred to as 1:N (one-to-N, or one-to-many) matching because an individual’s biometric is compared against multiple biometric templates in the system’s database.
