Biometric Systems Architectures

collarlimabeansSecurity

Feb 23, 2014 (3 years and 3 months ago)

56 views

1


The Architecture of
Biometrics Systems


Bojan Cukic

2
-

2

Biometric Systems Segment
Organization


Introduction


System

architecture

2
-

3



Biometrics


Engineering Definition and Approaches


Definition, Criteria for Selection


Survey of Current Biometrics and Relative Properties


Introduction to socio
-
legal implications and issues

Introduction

2
-

4

Recap



Identification in the 21
st

Century


Dispersion of people from their “Natural ID
Centers”


Social units have grown to tens of thousands
or millions/billions.


Need to assure associations of identity with
end
-
to
-
end transactions
without

physical
presence


Project your presence (ID) instantly,
accurately, and securely across any distance


2
-

5

Identification Methods


We need to achieve this recognition
automatically in order to authenticate
our identity.


Identity is not a passive thing, but
associated with an act or intent involving
the person with that identity


Seek a manageable engineering
definition.

2
-

6

Biometric Identification


Pervasive use of biometric ID is enabled by
a
utomated

systems


Enabled by inexpensive embedded computing and sensing.


Computer controlled acquisition, processing, storage, and
matching using biometrics.


Biometric systems are one solution to increasing
demand for strong authentication of actions in a
global environment.


Biometrics tightly binds an event to an individual


A biometric can not be lost or forgotten, however a
biometric must be enrolled.

2
-

7

What is an Automated Biometric
System?


An automated biometric system uses
biological, physiological or behavioral
characteristics to automatically authenticate
the identity of an individual based on a
previous enrollment event.


For the purposes of this course, human identity
authentication is the focus. But in general, this need
not necessarily be the case.

2
-

8

Characteristics of a Useful Biometric


If a biological, physiological, or behavioral
characteristic has the following properties…


Universality


Uniqueness


Permanence


Collectability




….then it can potentially serve as a
biometric
for a given application
.


2
-

9

Useful Biometrics


1. Universality


Universality
: Every person should possess
this characteristic


In practice, this may not be the case


Otherwise, population of nonuniversality
must be small < 1%

2
-

10

Useful Biometrics


2. Uniqueness


Uniqueness
: No two individuals possess the same
characteristic.


Genotypical


Genetically linked (e.g. identical
twins will have same biometric)


Phenotypical


Non
-
genetically linked, different
perhaps even on same individual


Establishing uniqueness is difficult to prove
analytically


May be unique, but “uniqueness” must be
distinguishable

2
-

11

Useful Biometrics


3. Permanence


Permanence
: The characteristic does not change
in time, that is, it is time invariant


At best this is an approximation


Degree of permanence has a major impact on the
system design and long term operation of biometrics.
(e.g. enrollment, adaptive matching design, etc.)


Long vs. short
-
term stability


2
-

12

Useful Biometrics


4. Collectability


Collectability
: The characteristic can be
quantitatively measured.


In practice, the biometric collection must be
:


Non
-
intrusive


Reliable and robust


Cost

effective for a given application

2
-

13

Current/Potential Biometrics


Voice


Infrared facial thermography



Fingerprints


Face


Iris


Ear


EKG, EEG


Odor



Gait


Keystroke dynamics


DNA


Signature


Retinal scan


Hand & finger geometry


Subcutaneous blood vessel
imaging



What is consensus evaluation of current
biometrics based on these four criteria?



2
-

14

System
-
Level Criteria


Our four criteria were for evaluation of the
viability of a chosen characteristic for use as a
biometric


Once incorporated within a system the
following criteria are key to assessment of a
given biometric for a specific application:


Performance


User Acceptance


Resistance to Circumvention


2
-

15

Central Privacy, Sociological,
and Legal Issues/Concerns


System Design and Implementation must
adequately address these issues to the
satisfaction of the user, the law, and society.


Is the biometric data like personal information (e.g.
such as medical information) ?


Can medical information be derived from the
biometric data?


Does the biometric system store information
enabling a person’s “identity” to be reconstructed or
stolen?


Is permission received for any third party use of
biometric information?


2
-

16

Central Privacy, Sociological,
and Legal Issues/Concerns (2)


Continued:


What happens to the biometric data after the
intended use is over?


Is the security of the biometric data assured
during transmission and storage?


Contrast process of password loss or theft with that of a
biometric.


How is a theft detected and “new” biometric recognized?


Notice of Biometric Use. Is the public aware a
biometric system is being employed?


2
-

17

Biometric System Design


Target Design/Selection of Systems for:


Acceptable overall performance for a given
application


Acceptable impact from a socio
-
legal perspective


Examine the architecture of a biometric
system, its subsystems, and their interaction


Develop an understanding of design choices
and tradeoffs in existing systems


Build a framework to understand and quantify
performance

2
-

18

Automated Biometric Identification: A Comprehensive View

Biometric

Signature

Acquisition

Camera(s),

Si CMOS
System
-
on
-
a
-

chip

Lab on a chip,
Implantable
med. device…

Data Reduction

Classification

Processing

0.0
0.5
1.0
1.5
2.0
2.5
Minutia
extraction

Filtering,
FFT,
wavelets,
Fractals…

Template Storage

Database Search

Match, Retrieval

Databases,

Time series
data

Data Mining

Statistical
Modeling…

Arrhythmia,

SIDS,

Identity

Biological
Agents,

Microbial
pathogens...

M
A
T
C
H
?

Action…
Logical/Phys.
Access (IA,
medical, bio)

Biometric

Signature

Selection

Iris, Hand,

Face, …

Voice, Electro
-
physiological

Musculo
-
skeletal,

Molecular, DNA

Microbial …

2
-

19

Biometric Systems Segment
Organization


Introduction


System

Architecture

20

System Architecture



Application



Authentication Vs. Identification



Enrollment, Verification Modules



Architecture
Subsystems

2
-

21

Biometric Applications

Four general classes:


Access
(Cooperative, known subject)


Logical Access
(Access to computer networks, systems, or
files)


Physical Access
(access to physical places or resources)


Transaction Logging


Surveillance

(Non
-
cooperative, known subject)


Forensics

(Non
-
cooperative or unknown subject)

2
-

22

Biometric Applications (2)


Transactions

via

e
-
commerce


Search

of

digital

libraries


Computer

logins



Access

to

internet

and

local

networks


Document

encryption


Credit

cards

and

ATM

cards


Access

to

office

buildings

and

homes


Protecting

personal

property


Tracking

and

storing

time

and

attendance


Law

enforcement

and

prison

management


Automated

medical

diagnostics


Access

to

medical

and

official

records
.


2
-

23

System Architecture


Architecture Dependent on Application:


Identification: Who are you?


One to Many (millions) match (1:Many)


One to “few” (less than 500) (1:Few)


Cooperative and Non
-
cooperative subjects


Authentication: Are you who you say you are?


One to One Match (1:1)


Typically assume
cooperative

subject


Enrollment and Verification Stages common to
both.

2
-

24

System Architecture (2)

Enrollment :

Capture and processing of user biometric
data for use by system in subsequent authentication
operations.


Acquire and Digitize

Biometric Data

Extract

High Quality Biometric

Features/Representation

Formulate

Biometric

Feature/Rep Template

Database

Template

Repository

Authentication/Verification :

Capture and processing of
user biometric data in order to render an authentication
decision based on the outcome of a matching process of
the stored to current template.

Acquire and Digitize

Biometric Data

Extract

High Quality Biometric

Features/Representation

Formulate

Biometric

Feature/Rep Template

Template

Matcher

Decision

Output

2
-

25

System Architecture (3)


Authentication Application:


Enrollment Mode/Stage Architecture


Biometric

Data Collection

Transmission

Signal Processing,

Feature Extraction,

Representation

Quality

Sufficient?

Yes

No

Database

Generate Template


Additional image preprocessing,
adaptive extraction or
representation

Require new acquisition of
biometric

Approx 512 bytes of
data per template

2
-

26

System Architecture (4)


Authentication Application:


Verification/Authentication Mode/Stage Architecture


Biometric

Data Collection

Transmission

Quality

Sufficient?

Yes

Template Match

Decision

Confidence?

Signal Processing,

Feature Extraction,

Representation

No

Database

Generate Template

Additional image preprocessing,
adaptive extraction/representation

Require new acquisition of
biometric

Approx 512 bytes of
data per template

No

Yes

2
-

27

Architecture Subsystems


Data Collection


Transmission


Signal Processing/Pattern Matching


Database/Storage


Decision


What comprises these subsystems and how
do they interact with other elements (what
are their interface and performance
specifications?)

2
-

28

Architecture Subsystems (2)


Data Collection Module


Biometric choice, presentation of biometric,
biometric data collection by sensor and its
digitization.

Biometric Data Collection

Transmission

Biometric

Presentation

Sensor

Recollect

Signal Processing

Feature Extraction

Representation

2
-

29

Architecture Subsystems (3)


Transmission Module


Compress and encrypt sensor digital data, reverse
process.

Recollect

Biometric Data Collection

Transmission

Biometric

Presentation

Sensor

Compression

Transmission

Decompress

Encryption

Decryption

Signal Processing,

Feature Extraction,

Representation

2
-

30

Architecture Subsystems (4)


Signal Processing/Matching Module


Be aware of potential transmission prior to match

Transmission

Signal Processing

Feature Extraction,

Representation

Compression

Transmission

Decompress

Encryption

Decryption

Yes

No

Template Match

Database

Generate Template

Reprocess


Quality

Control

Recollect

Decision

Confidence?

No

Yes

2
-

31

Architecture Subsystems


Database module


In what form is biometric stored? Template or raw data?

Transmission

Signal Processing

Feature Extraction,

Representation

Compression

Transmission

Expansion

Encryption

Decryption

Yes

No

Template Match

Generate Template

Reprocess

Decision

Confidence?

Quality

Control

Recollect


Biometric Template
: A file
holding a mathematical
representation of the identifying
features extracted from the raw
biometric data.

Database

Templates

Images

No

Yes

2
-

32

Architecture Subsystems


Decision module


Is there enough similarity to the stored information to
declare a match with a certain confidence ?

Transmission

Signal Processing

Feature Extraction,

Representation

Compression

Transmission

Decompress

Encryption

Decryption

Reprocess


Decision

Confidence?

Decision

Confidence?

Quality

Control

Recollect

Database

Templates

Images

Template Match

Generate Template

No

No

Yes

Yes