CS 651 FINAL PAPER

chocolatehookSecurity

Nov 30, 2013 (3 years and 11 months ago)

117 views

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


Accuracy of Biometric Access System



By



Vincent Chepkwony



Colorado Technical University



Department of Computer Science



Denver, Colorado 80111





CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

Abstract


Accuracy of b
iometric verification

system
has attracted attention
recently because it is m
ore secure than knowledge
-

or token
-
based
verification techniques. Multi
-
modal biometric verification can provide
even greater accuracy by combining several forms of biometrics.
However, there are problems with the availability, usability and
acceptability

of the technique
.


Data quality limits the accuracy of biometrics. Poor data quality is
responsible for many or even most matching errors in biometric systems
and may be the greatest w
eakness of some implementations
. The impact
of poor data quality can be

reduced in various ways, many of which
depend on effective methods of automated data quality measurement.


This

paper analyzes the causes and implications of poor quality
biomet
ric data
,

performance of a biometric system
,

prevention, and
potential
remedi
es
.

Current

approaches to the problem and procedural
error have been described and criticized. Finally, a methodology for the
measurement of the accuracy of biometric system with not
-
symmetric
matching fun
ction is proposed and discussed.



CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

Introduction


Bi
ometrics are automated methods of recognizing a person based on a
physiological or behavioral characteristic. Examples of human traits
used for biometric recognition include fingerprints, speech, face, retina,
iris, handwritten signature, hand geometry, an
d wrist veins.

The word "automated" is necessary in the definition because we want to avoid the
inclusion of very common, but significantly less reliable, methods of identification such
as a photograph. We want to ensure that our identification is precise
and accurate. In
addition to automation, there must be three other components: there must be a mechanism
to scan and capture an image of the characteristic being observed; there must be some
processing of the image; and, there must be an interface with an
application.
(
Ronald J.
Hays, January 1996)

The purpose of this paper is to present an overview of biometric
systems, and discuss the justifications for its implementation an
d the
dangers inherent in them.


Because biometric technologies, their application
, and their working
environment are all in their infancy, the research on which this paper is
based has relied heavily on case studies,
literature search, primarily in
the popular and trade press, and interviews with leading figures in the
field.

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

Biometri
c Access System Architecture

Verification/Authentication Mode/Stage Architecture

(Bojan Cukic
,

2005)



2
-
26
Biometric
Data Collection
Transmission
Quality
Sufficient?
Yes
Template Match
Decision
Confidence?
Signal Processing,
Feature Extraction,
Representation
No
Database
Generate Template
Additional image preprocessing,
adaptive extraction/representation
Require new acquisition of
biometric
Approx 512 bytes of
data per template
No
Yes


CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


Enrollment Mode/Stage Architecture



25
25
Biometric
Data Collection
Transmission
Signal Processing,
Feature Extraction,
Representation
Quality
Sufficient?
Yes
No
Database
Generate Template
Additional image preprocessing,
adaptive extraction or
representation
Require new acquisition of
biometric
Approx 512 bytes of
data per template


CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


Ove
rview of Biometric Accuracy


Biometric accur
acy is measured in two ways; the rate of false
acceptance (Type 1)
and the rate

of false rejects (Type 2) .
Every
biometric technique has a differe
nt method of assigning a score to the
biometric match; a threshold value

is defined which determines when a
ma
tch is declared. Scores above the threshold value are designated as a
"Hit" and scores below the threshold are designated as "No
-
Hit."




A Type

2

error occurs if a true match does not generate a scor
e above
the threshold.


A Type 1

error is made when an i
mpostor generates a
match score ab
ove the threshold. If the Type 1 and Type 2
error rates
are plotted as a function of threshold value, they will form curves which
intersect at a given threshold value.

(
Thomas Ruggles, July 10
th

2002
)



Th
e point of inters
ection
is called the crossover accuracy of the system.
In general, as the value of the crossover accuracy increases the inherent
accuracy of the biometric increases
.

It is my opinion that the crossover
accuracy should be a very nearly linear function of da
ta size per record.


For example, given

the high crossover accur
acy for Retinal Scan,

I
would expect that the data size of a Retina Scan would be much higher
that either Iris Scan or Fingerprints.

(
Zdenek Riha
, 2000
)

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


Biometric Technologies

There are many
biometric technologies to suit different types of applications. To
choose the right biometric to be highly fit for the particular situation, one has to navigate
through some complex vendor products and keep an eye on future developments in
technology and s
tandards. Here comes a list of biometrics:

Fingerprints

-

A fingerprint looks at the patterns found on a fingertip. There are
a variety of approaches to fingerprint verification, such as traditional police method,
using pattern
-
matching devices, and thing
s like moire fringe patterns and ultrasonics.
This seems to be a very good choice for in
-
house systems.
(
Anil Jain, 2004
)

Hand geometry

-

This involves analyzing and measuring the shape of the hand.
It might be suitable where there are more users or where
user access the system
infrequently. Accuracy can be very high if
desired

and flexible performance tuning and
configuration can accommodate a wide range of applications.
Retina

-

A retina
-
based
biometric involves analyzing the layer of blood vessels situat
ed at the back of the eye.
This technique involves using a low intensity light source through an optical coupler to
scan the unique patterns of the retina. Retinal scanning can be quite accurate but does
require the user to look into a receptacle and focus

on a given point
.

(
Arun Ross
)


Iris

-

An iris
-
based biometric involves analyzing features found in the colored
ring of tissue that surrounds the pupil. This uses a fairly conventional camera element and
requires no close contact between the user and the r
eader. Further, it has the potential for
higher than average template
-
matching performance
.

(
Paul Rosenzweig, June 21
st

2004
)


CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


Applications of Biometric Access Systems

Biometric access control systems consist of a reader or scanning device, software that
converts the gathered information into digital form and a database that stores the
information for comparison with previous records.

These readers, or scanning devices, can scan for a fingerprint,

hand geometry, signature,
retina, facial recognition, voic
e print, vascular pattern and even DNA. This technology
can be used for a number of applications including time and attendance reporting,
building access control, verification of signatures, point
-
of
-
sale identity verification,
process control security and

cellular phone security
.

(
Bashar Masad, September 2006
)

Verification is a sim
ple process for users
. A PIN number

for example

is entered into a
keypad, a magnetic stripe/barcode card is swiped or a proximity card is used to touch the
biometric reader. As a

result, the reader pulls up a template taken of the person’s
biometric data at the time of enrollment. If the resulting template matches the stored
template, the person is verified
.

(
Vaclav Matyas 2000
)

Although this can be considerably more convenient th
an current access methods such as
passwords and cards, many think of the technology as confined to heightened security
applications. It is true that biometrics are used to check employees coming into almost
every airport and to guard almost every nuclear p
lant. These access systems are also the
mode of entry at embassies around the world. However, the majority of implementations
are used in common, everyday locales including hair salons and restaurants.

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

Design Challenges and Accuracy of Biometrics Access Sy
stems

The main goal of any access control system is to keep some people out and allow others
to get in. Although this sounds simple, some key factors must be considered early on
when designing a biometric application. These include user acceptance, through
put,
accuracy, encryption and identity theft aversion.

User acceptance of the access control device is one of the most critical factors in the
success of a biometric
-
based implementation. In order to prevent improper use, which
can cause access errors, the

device should not cause discomfort or concern and must be
easy to use
. (
Rahul Shah,

Ingersoll Rand Security Technologies,2006
)

Throughput, which is application
-
dependent, is the total time required to use the device.
The elapsed time from presentation to
identity verification is known as verification time.
Most readers can verify identity within one second.
(
Bill Spense
,

May 20
th

2006
)

However, when considering the use of biometrics for access control, the total time it
takes a person to use the reader mu
st be considered. This includes the time it takes to
enter the ID number and the time required to get into the right position for scanning. The
total time required for each person varies.

Accuracy is vital to the acceptance of the biometric type chosen. I
f it does not accurately
read the person’s biometric input, the system will no longer be used for access control
because of its inaccuracies. Letting the wrong people in or denying access to the correct
CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

people poses serious problems. The two errors a unit
can make are false acceptance and
false rejection
.

(
Paul Bleicher, Biometric Comes of Age, December, 2005
)

System designers set this numeric score to accommodate the system’s desired level of
accuracy, which is measured by the False Accept Rate (FAR) and F
alse Rejection Rate
(FRR).

The FAR is the probability that an unauthorized user will be allowed to pass for someone
else. This error rate must be low enough to present a real deterrent for a given
application. In today’s biometric access control systems,
FAR ranges from .0001% to
0.1%. In comparison, the biometric hand geometry reader used on the front entry area of
60% of U.S. nuclear power plants has a FAR of
0.1 %
.
(
Lantronix
-
september
, 2006
)

False Rejection Rate is just as crucial as FAR. The FRRs quot
ed for currently available
systems vary from .00066% to 1.0%. A low FRR is important because this type of error
can occur with almost every use of the access control device
.

(
Recognition Systems Inc
.)


When constructing an accuracy test, one of the first q
uestions to consider is "
How many
samples
must be used in order to be sure that the final, overall test result represents the
'True' accuracy of the system?
This is also
referred

to as the “true mean accuracy” of the
system.
"


(
Bio
-
tech Inc
,

2005
)

On one h
and, testing is expensive in terms

of money, time, and resources and

the test
must be rigorous enough to yield a very close approximation of the inherent matching
capabilities of the biometric system in question.

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


Causes of Biometric inaccuracy


Biometric
identification relies on technology that is far from proven,
and major organizational adjustments are needed to cope with it. There
are many practical problems involved in complex and largely automated
schemes, and in coping with exceptions, system outages

and claims of
database error.


Systems that entail a central registry of personal identities raise much
more substantial issues. The adequacy of data protection laws in dealing
with these issues to the satisfaction of the public is in doubt. A
biometric p
rint may, for example, be considered to be in the public
domain. Alternatively, people may find that they are required to provide
a biometric print in many unforeseen or unintended future
circumstances
.

(
Simon G Davies, Information Technology, 1994
)

Some b
iometric technologies are discriminatory.

A nontrivial percentage of the
population cannot present suitable features to participate in certain biometric systems.
Many people have fingers that simply do not "print well." Even if people with "bad
prints" rep
resent 1% of the population, this would mean massive inconvenience and
suspicion for that mino
rity
. (
Denise Masi PhD, Biometric
Consortium,

2005
)




CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

Methods of improving Biometric Accuracy


To improve the accuracy of Biometric access system, detail
conside
ration must be tabled before any Biometric system is put into
use. The reason behind this is that
once a fingerprint or other biometric
source has been compromised it is compromised for life, because users
can never change their fingerprints.


Therefore,
in

order for the biometrics to be ultra
-
secure and to provide
more
-
than
-
average accuracy, more then one form of biometric
identification is required. Hence the need arises for the use of
multimodal biometrics.

Biometric fusion combines biometric
character
istics derived from:



One or more modalities or technologies (algorithms, sensors)




Multiple characteristics derived from samples Multiple or
repeated biometric instances



Multiple or repeated biometric instances

The main goal of
multi
-
biometric Fusion

is to

identify or authenticate individuals more
effectively
than when using a single matcher and
the results would include:

improved
accuracy,
improved system robustness and fault tolerance and finally, improved system
efficiency

(Bradford T. Ulery, Biometric C
onsortium Conference, 2005
)



CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007

Conclusion


Biometric measures of one kind or another have been used to identify people since
ancient

time
s, with
facial features, and fingerprints being the traditional

methods.
Systems have been built that automate the task
of recognition, using

these methods and
newer ones, such as hand geometry, voiceprints, and iris patterns.


These systems have different strengths and weaknesses. In automatic operation, most

have error rates of the order of 1% (though iris recognition is
better, hand geometry

slightly better, and face recognition worse). There is always a trade
-
off between the

false
accept rate (the fraud rate) and the false reject rate (the insult rate). The statistics

of error
rates are deceptively difficult.


If any bio
metric becomes very widely used, there is increased risk of forgery in
unattended

operation: voice synthesizers, photographs of irises, fingerprint molds, and

even good old
-
fashioned forged signatures must all be thought of in system design.


Biometric sys
tems u
se scores
to express the similarity between a pattern
and a biometric template. The higher the score, the higher the similarity
is between them. As described in the previous section, access to the
system is granted only, if the sco
re for an authorize
d individual

or the
person that the pattern is
verified against
is higher then a certain
threshold
.

(
Korves, H 2005
)

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007


REFERENCES

The following sources were used in the compilation of this report:

A Performance Evaluation of Biometric Identification Devices
, J.
Holmes, L. Wright, R. Maxwell (Sandia National Laboratories,
SAND91
-
0278/UC
-
906, June 1997)

Biometrics: Who Goes There?

J. Fenn (Gartner Group, Inc., Spring
1995).

Personal Identifier Project Executive Summary

(State of California
Department of Motor
Vehicles (CA DMV), 16 May 1990)

Electronics Benefits Transfer
-

Use of Biometrics To Deter Fraud In
The Nationwide EBT Program, GAO/OSI
-
95
-
20 (September 1995).

Carroll J.M. (1991) Confidential Information Sources, 2nd edition,
Butterworth
-
Heinemann, New Yo
rk, 1991

Korves, H., L. Nadel, B. Ulery, and D. Masi, “Multi
-
biometric Fusion:
From Research to Operations”, Sigma, Mitretek Systems, summer

2005,
pp.
39
-
48,

http://www.mitretek.o
rg/home.nsf/Publications/SigmaSummer2005

Security Park magazine 2007.Retrieved on August 13, 2007 from:

http://www.securitypark.co.uk/article.asp?articleid=26389

Hays, Ronald
http://www.biometrics.org/REPORTS/INSPASS.html

CS 651 FINAL PAPER


Author: Vincent Chepkwony Created on: August 14, 2007