Biometrics part 1 - engweb.info

collarlimabeansSecurity

Feb 23, 2014 (3 years and 5 months ago)

75 views

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Authentication and Biometrics


Part1

Mark Clements

Andrew Adekunle

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Introduction


Biometrics and security


Human characteristics


Biometric system overview


Performance measures for different systems


Decision thresholds


Receiver operating characteristics


Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometrics


What does it look like?

Face Recognition

Finger
-
print Recognition

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometrics


What does it look like ?

Iris Recognition

Palm
-
feature recognition

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometric Systems: Definitions


Biometrics: Automated recognition of
individuals based on their behavior and
biological characteristics*


Biometric System: a pattern recognition system
to identify and / or verify a person’s identity.


Biometrics can be used in civilian, military,
domestic security and IT applications.


*ISO SC 37


Standing Committee Document 2 version 6, Jul 06, ISO


International Standardisation Organisation

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Human Characteristics: Physiological
and Behavioral


Inalterable:


Chemical
composition of body


Face


DNA


Fingerprints


Hand geometry


Retina scans




Alterable:


Handwritten
signatures


Voice prints


Gait

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Human Characteristics
-

parameters


Universality

-

Everyone should have this
trait/feature


Uniqueness

-

no two persons should share the
same trait


Collectability



The trait can be measured


Permanence



Should display low variance with
time



A K Jain, L Long, S Pankanti and R Bolle, “An identity authentication system using fingerprint”, Proc. IEEE, Vol 85, No 9, pp
. 1
365
-
1388, 1997

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometric System Measurements


Performance



Achievable accuracy,
resource requirements, robustness


Acceptability



To what extent are
people willing to accept it


Circumvention



How easy is it to fool
the system?


Engineering and Management of Secure Computer Networks

Computer and Communication Department

Two Modes of operation


Verification


E.g., checking that a passport holder is
actually that person (1 from a set)


Identification


E.g. identifying a criminal from DNA left
at the scene of a crime (one from
population)

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometric General System

Source: IEEE Spectrum, 2006, Anil K Jain and Sharathchandra Pankanti

Engineering and Management of Secure Computer Networks

Computer and Communication Department


Logical block diagram of a biometric system

[1]

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometrics: Modes of Operation

Enrollment Mode:


Users Biometric data is acquired and stored in a database. A
template is formed and labeled with an identity. The identity
is later used for authentication.

Authentication/Verification Mode :


A user’s biometric data is acquired again to:

1)
VERIFY
who the user is by
comparing only templates of those
claimed identity
,

OR

2)
IDENTIFY
the user by comparing the acquired information
against templates corresponding
to all users
.

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometrics: Top Level View

Biometric
Signal

Presentation

Sensor

Data Collection

Templates

Exemplars

Data Storage

Sensor Module

Recognition

Patter
n
Match

Error
Estimate

Decision

Match

Accept

Projection

Extraction

Selection

Features

Quality Control

Feature Extraction / Selection

Transmission
Module

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Authentication and Identification


Authentication

is a “gatekeeper” to other identity management
and security tasks.




Identification
---

Who am I ?


Establish a person’s identity


(1 : N Matching)




Verification
---

Am I who I claim to be?


Involves confirming or denying person’s identity


(1 : 1 Matching)

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Habituation


Key factor in biometric systems that will be
used daily or routinely


User behaviour may change in time


The input could increase in quality


users learn how system operates


Could decrease in quality



carelessness.

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Common Biometric Signals Used


Finger Biometrics ranked well


Acceptance: 9/10, Easy: 8.5/10, ROI: 7/10 (e.g. savings on password resets),
Deployable: 9.9/10, Non
-
invasive: 8/10, Mature: 9.9/10, FAR:8, FRR: 8, Size: 9,
Habituation: 8.5


Face Biometrics, heavily researched


Acceptance: 8.5/10, Easy: 6/10, ROI: 5.5/10 (e.g. specialized cameras, little economy
for scale), Deployable: 6/10, Non
-
invasive: 9/10, Mature: 7/10, FAR:7.5, FRR: 7.5, Size:
6, Habituation: 7.5


Voice Biometrics , heavily researched


Acceptance: 8.5/10, Easy: 5/10, ROI: 5.5/10 (e.g. training required often), Deployable:
8/10, Non
-
invasive: 9/10, Mature: 7/10, FAR:6, FRR: 5.5, Size: 9.9, Habituation: 7.5


Iris Biometrics, Highly Invasive


Acceptance: 4/10, Easy: 4/10, ROI: 4.5/10 (e.g. training required often), Deployable:
6/10, Non
-
invasive: 1/10, Mature: 6/10, FAR:9, FRR: 7.5, Size: 6, Habituation: 5

ROI: Return on investment , FAR: False Accept Rate, FRR: False Reject Rate

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Commonly Used Biometrics: Face

o
Technical challenges at operational level


Immense variability in 3D face object appearance


Highly complex and non
-
convex (curved) signal distribution


High dimensional signals in a Small 3D space to learn the signals

This is what I
look like

These are the contours of
my face

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Characteristics: Comparison

Biometric

Universality

Accuracy

Stability

User
Acceptability

Cost

Circumvention

Face

H

L

M

H

L

L

Fingerprint

M

H

H

H

L

L

Voice

M

L

L

H

L

L

Iris

H

H

H

L

H

H

Signature

L

L

L

H

L

L

Gait

M

L

L

H

L

M

Palm
-
print

M

H

H

M

M

M


Each Biometric characteristic has its own strength and weakness


The design of a biometric system depends on signal availability and
application

Kostas Platantiotis, Indetity, Privacuyand Security Institute, University of Toronto

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometric Systems: Authentication Accuracy


Decision Errors & Sensitivity


Consequences of errors


Classification of errors


ROC curves


Engineering and Management of Secure Computer Networks

Computer and Communication Department

Airport Security


We set up a system to check if a person is carrying a
weapon


This tests whether a person can board a plane


It does not matter what the test technology actually
is


Test result is positive or negative


Buzzer will sound


Engineering and Management of Secure Computer Networks

Computer and Communication Department

What about errors?


What if our test is inaccurate?


What are the consequences of inaccurate
testing?


Does the reason for the test in the first place
affect what we expect from the test itself?


What if the test were for cancer instead?

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Airport Security Screening

Four outcomes of the test

Terrorist

Innocent

Buzzer sounds

TP


FP


Buzzer silent

FN


TN


Engineering and Management of Secure Computer Networks

Computer and Communication Department

Consequences of Error


Each of the four outcomes has a different
consequence


See handout


Please complete and discuss

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Test Sensitivity


If we consider the airport screening


What will happen if we lower the decision
threshold for the test?


How do the test results differ?


Is there a social aspect to such a test?


What does adjustment of sensitivity mean for
different tests or applications?

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Statistical Errors


Null hypothesis


the default state of nature


Alternative hypothesis


opposite state of nature

H
0

= the null hypothesis

H
1

= the alternative hypothesis


E.g. H
0

= the man is innocent

What is H
1

for this example?

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Testing a Hypothesis


Truth

H
0

H
1



Decision

Accept H
0

Right decision

Type II Error

Reject H
0



Type I Error


Right decision

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Type I and Type II Errors

Moulton (1983), stresses the importance of:


avoiding the

type I errors

(or

false positive
) that
classify

authorized users

as

imposters
.


avoiding the

type II errors

(or

false negatives
)
that classify

imposters

as

authorized
users

(1983, p.

125).


Engineering and Management of Secure Computer Networks

Computer and Communication Department

Mathematically speaking…


If TP, TN, FP, FN are expressed as fractions


TP + FN = 1


TN + FP = 1


The sensitivity of a system is TP


The specificity of the system is TN


Sometimes expressed as TPR, TNR (R = rate)


Engineering and Management of Secure Computer Networks

Computer and Communication Department

Receiver Operating Characteristic (ROC)


Sometimes called ROC curve


Plots true positive rate against false positive rate


Shows how device performs as the threshold is
varied


Engineering and Management of Secure Computer Networks

Computer and Communication Department

[2]

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Biometric Signals: Authentication
-

Signal Acquisition Errors


Failure to Enroll Rate

The expected proportion of the population for whom
the system is unable to generate repeatable
templates.


Failure to Acquire Rate


The expected transactions for which the system is
unable to capture or locate an image or signal of
sufficient quality.

Engineering and Management of Secure Computer Networks

Computer and Communication Department

Summary


Uses
human physiological characteristics


Can be invasive or passive


Measures, stores and checks against this


Has statistical measures


Type 1 and type II errors exist


Decision thresholds vary for the application


ROC can help work out a good test.


Engineering and Management of Secure Computer Networks

Computer and Communication Department

References


[1] http://commons.wikimedia.org/wiki/File:Biometric_system_diagram.png


www.anaesthetist.com/mnm/stats/roc/Findex.htm


[2]http://upload.wikimedia.org/wikipedia/commons/archive/3/36/2010
1011161259!ROC_space
-
2.png


Moulton, R.T., “Network Security”,

Datamation
, Vol.29, No.7, (July 1983),
pp.

121

127.