A Conceptual Framework for Testing Biometric Algorithms within Operating Systems' Authentication

nauseatingcynicalSécurité

22 févr. 2014 (il y a 3 années et 1 mois)

57 vue(s)

A Conceptual Framework for Testing Biometric Algorithms
within Operating Systems' Authentication
=k
Arslan Br6mme
Biometric Authentication Research Group
Faculty of Informatics, University of Hamburg
Vogt-K011n-Str. 30, 22527 Hamburg, Germany
broemme @ informatik, u ni-
hamburg.de
t
Marcel Kronberg,
Oliver Ellenbeck, Oliver Kasch
Biometric Authentication Research Group
biometrik@informatik.uni-
hamburg.de
ABSTRACT
This paper presents a conceptual framework for testing the
implementation of biometric algorithms within Unix and
Windows NT/2000 operating systems' login authentication.
To support the analysis and evaluation of biometric algo-
rithms, a dat a logging module will be used, enabling the
collection of quantitative data, e.g. timestamps, biometric
raw da~-a, (pre)processed data, and return codes from each
run of a biometric authentication. It is shown how biometric
algorithms and a data logging module can be integrated into
Unix and Windows NT/2000. In addition to the explained
system components a human observer is necessary to collect
extended data like user behavior and environmental condi-
tions, which cannot be automatically recorded by the data
logging module. From the combination of these two types of
data, conclusions on the biometric algorithm in the context
of its implementation in operating systems' authentication
can be drawn. The resulting benefits for the development
of appropriate biometric algorithms concerning aspects of
robustness (security, safety), performance measures and us-
ability will be discussed for iris-biometrics.
Categories and Subject Descriptors
D.4.6 [ Oper at i ng Syst ems]: Security and Prot ect i on--ac-
cess controls, authentication; D.4.m [ Oper at i ng Syst ems]:
Security and Protection--miscsllaneous
General Terms
Algorithms, measurement, security
*~ch assistant and head of the Biometric Authentica-
tion Rescarch Group
tStudent members
Permission to make digital or hard copies of all or part of work for personal
or classroom use is granted without fee provided that copies are not made
or dislributed for profit or commercial advantage, and that copies bear
this notice and the full citation on the first page. To copy otherwise, to
republish, to post on servers or In rediswibute to lists, requires prior specific
p~alnission and/or a fee.
SAC 2002, Madrid, Spain
(~2002 ACM 1-58113-445-2/02/03...$5.00_
Keywords
Biometric authentication, testing biometric algorithms, eval-
uation, robustness, operating system
I. INTRODUCTION
The development of adequate biometric algorithms for au-
thentication requires testing under real-life conditions. The
test results will be used for evaluating a biometric algo-
rithm's degree of fitness (robustness, performance) and the
usability of biometric IT-systems in connection with their
environmental conditions.
Because of the difficulty of reproducing the noise superim-
posed on the recorded signals in various environments and
users' behavior in everyday's usage of a biometric IT sys-
tem, it is not always possible to accurately simulate realistic
environmental conditions in a research laboratory.
In order to record specific dat a from biometric logins in
common classes of operating systems like Unix and Win-
dows, it is useful to define and implement a data logging
module collecting quantitative measurement data like time-
stamps, biometric raw data, sensor system calibration data,
(pre)proceesed data, and return codes of a biometric au-
thentication process for subsequent analysis and evaluation
of a biometric algorithm's robustness (security, safety) and
performance. This module complements a module contain-
ing the biometric algorithrn, a secure biometric database,
and secure communication channels for biometric and other
personal data.
A human observer is also necessary to collect qualitative data
like user behavior in connection with the environmental con-
ditions (usability), which cannot be automatically recorded
by the data logging module.
Section 2 characterizes a process of biometric authentication
with dat a logging, provides a tabular overview of resource
requirements for different biometric techniques in operat-
ing systems' authentication, and describes the data logging
module as a functional unit.
Approaches for integrating biometric algorithms and an ap-
propriate data logging module into the operating system
architectures of Unix and Windows NT/2000 are discussed
273
in section 3.
The evaluation of both, the automatically measured quan-
titative and the manually archived extended data rereads
information about the appropriateness of a biometric algo-
rithm in connection with the environmental conditions of
an application. Section 4 discusses the main aspects of a
conceptual framework for achieving and using this informa-
tion. The expected influence of the conceptual framework
on the development of biometric algorithms will be shown
for iris-biometrics.
The paper closes wi t h concl usi ons and aspect s of f ut ur e work
i n sect i on 5.
2. PROCESS OF BIOMETRIC AUTHENTI-
CATION
Each human being has static and dynamic biological char-
acteristics. In this paper a taxonomy classifying biological
charact eri st i cs i nt o st at i c and dynami c physi ol ogi cal and be-
havi oral charact eri st i cs will be used; e.g. iris and r et i na pat -
t erns, pal m pri nt s, fi ngerpri nt s, hand geomet ri es and face
pr opor t i ons are st at i c physi ol ogi cal, pupi l di l at at i on and
cont r act i on are dynami c physi ol ogi cal, and voice, si gnat ur e,
keyst roke dynami cs, lip movement, gait and gest ure are be-
havi oral.
It is assumed t hat t hese t ypes of physi ol ogi cal and behav-
i oral charact eri st i cs can be s canned by a speci al sensor sys-
t em (di gi t al or anal og wi t h an anal og- di gi t al - conver t er ) and
recorded di gi t al l y as t i me-seri es of measur ed val ues [8, 18,
3].
A process of biolvtetric authentication ~itlt data logging for
oper at i ng syst ems will be i nt r oduced i n sect i on 2.1. For
an i mpl ement at i on of t he process i nt o the oper at i ng syst em
classes Uni x and Wi ndows, mor e det ai l ed i nf or mat i on about
t he resource r equi r ement s of di fferent bi omet r i c t echni ques
and a f unct i onal uni t for cr eat i ng aut hent i cat i on records
called data Jogging module are necessary. A t abul ar overvi ew
of t he resource r equi r ement s is gi ven for a sel ect i on of bio-
metric techniques in section 2.2 and the data logging module
will be described in section 2.3.
2.1 Process of Biometric Authentication with
Data Logging
I n t hi s paper an event dr i ven process of bi omet r i c aut hen-
t i cat i on wi t h dat a l oggi ng (cf. Fig. 1) is assumed whi ch
st ar t s wi t h a login to an oper at i ng syst em handl ed by a
login dialog. Based on t he l ogi n di al og and t he bi ol ogi cal
charact eri st i cs pr esent ed by t he user a process for capt ur -
i ng or s canni ng of t he charact eri st i cs will t ake place. Thi s
capt ur i ng process resul t s i n bi omet r i c raw dat a and cal i bra-
t i on dat a dependi ng on t he sensor syst em used for a specific
bi omet r i c t echni que.
The biometric raw data in combination with the calibration
data will be called biometric characteristics of a person, be-
cause the scanning process comprises losses of information
depending on the physical resolution of the measurement
equipment (sensor system). After capturing the data will
be handed over to the biometric algorithm which delivers a
mki~[I Imgl l l
Sugl n
mql nl nl l l
b4oenl ~.l l l ml l l Odt hm
pnl l p r m:nJl l ni l
qummv chi n:k,
dmdadl~m Ik
nl r m4dl/~hn
nor mm II,lmd
¢heh
mlgmal M
i m e 4 r
I nl emmrl l nl gal ~m
mgmm
blmns~s4¢" ~ omnpgwl~on 
mgml l ml ~ ,,#iv[ de.l i on
\
\ d,
\
\
\
%
/,n,J
/
/
/
\
\
/
Fi gur e 1: Pr oces s of Bi omet r i c Aut hent i cat i on wi t h
Dat a Loggi ng
result (return code: accept, reject, or error code) for the re-
spective biometric authentication attempt. The authorized
users are assumed to be already eRrolled correctly. There-
fore the identifiers of the biometric signature classes from
t he enr ol l ment process axe avai l abl e i n a secure bi omet r i c
database.
The bi omet r i c al gor i t hm is subdi vi ded i nt o four modul es:
1. t7: preprocess~ng
2. Q: quality chvck, decision F.# nov'realization
3. S: s~gnal processing ~ calculation of biometric sig~a-
ture
4. D: comparison ed decision
The modul es Q and D can end t he aut hent i cat i on process by
a negat i ve deci si on dur i ng t he act ual processi ng of t he bio-
met r i c charact eri st i cs or t he bi omet r i c si gnat ur e reap. Addi -
t i onal l y ell four modul es and t he capturing/scanning process
can st op aut hent i cat i on by gener at i ng an error code. The
specific r et ur n code (accept, reject, or error code) is gi ven
wi t h t he resul t of one bi omet r i c aut hent i cat i on at t empt.
274
I n t he positive case t he modul e P pa~ses t he preprocessed
dat a to t he modul e Q for the qual i t y check and normal i za-
tion. If t he qual i t y meet s t he defined requi rement s Q hands
over the normal i zed dat a t o t he mai n processing modul e 5.
Subsequent l y ,q begins processing the dat a dependi ng on
t he core part of a bi omet ri c algorithm. Next S calculates
t he bi omet ri c si gnat ure, which is derived from t he bi omet -
ric characteristics by using appropri at e one-way cal cul at i on
functions, e.g. hash [unctions. The ori gi nal raw dat a cannot
be reproduced from t he hash values.
In module D the biometric signature is mapped to the bio-
metric signature classes by a verification (1:1) or identifica-
tion (l:n) comparison on a secure biometric database. From
this comparison a decision will be generated which yields an
accept or reject.
During one biometric authentication attempt the following
data - timestamps t and data d from the different modules
- can be collected in a secure data logging database:
 tl-" st art of login
- - dl: login specific ~er and session data
 t2, ta: s t ar t/end of capturing/a_canning process
-- d2: biometric raw data ~ sensor syst em calibra-
tion data
 t4, ts: s t ar t/end of preprocessing
- - d3: i nt ernal dat a of modul e P
- d4: preprocessed dat a
 ts, t~,: s t ar t/end of quality check, decision ~t normal-
ization
- d_s: internal data of module Q
de: normalized data
 ts, tg: s t ar t/end of signal processing ~ calculation of
biometric signature
-- dr:i nt er nal dat a of modul e S
ds: bi omet ri c si gnat ure
 r i O, t l l: s t ar t/end of comparison ~ decision
- dy: i nt ernal dat a of modul e D
- dl0: result of login at t empt (ret urn code)
It is assumed t hat al l communi cat i on channel s to dat abases
used for the bi omet ri c aut hent i cat i on process are secured
by usi ng crypt ographi c met hods. Crypt ographi cal l y secured
communi cat i on channel s wi t h local bi omet ri c dat abases or
with bi omet ri c dat abase servers in a net work are called se-
cure biometric channels. Addi t i onal l y it is supposed t hat
bi omet ri c dat abases and dat a logging dat abases are secured
by at least a privacy-fulfilling access management system,
which is an i nst ance of any access control concept like manda-
tory access control ( MAC) and discretionary access control
(DA C) which can be a real i zat i on of various securi t y policies
like t he role-based access control ( RBA C) [3].
2.2 Resource Requirements of Biometric Tech-
niques
Different bi omet ri c (measurement ) t echni ques need differ-
ent resources from operat i ng syst ems to enabl e bi omet ri c
aut hent i cat i on on t he t echni cal basis of measuri ng a bio-
logical characteristic. Fi gure 2 gives a t abul ar overview of
resource requi rement s.
Five types of resources are considered:
"o
3ody par t bi ol ogi cl char ct er i s t i c >
f ace geomet r y X
iris X
r et i n ( vei ns) X
head voi ce
lip movement
dent al X
ear X
t ongue X
hand geomet r y X X
hnd f i nger pr i nt X X
pal m pr i nt X X
cer ebr i c br ai n waves ( EEG)
i nt ui t i onal act s - X
DNA X
body ges t ure - X
odor
movement pat t erns X
mot ori c pos t ure X X
signing X X
>
x
x
x
x
x
B
T
m
m
~E
~m
3ml
~.Rm
IgP.,
X X
X
X
Fi gur e 2: Resour ce Requi r ement s
ni ques
i Video/.image]
Video lstrea~h]
Audio "[streard ]
Scan [.Jingle v'alues]
Scan "[time series]
f or Bi omet ri c Tech-
I n general two t ypes of resources are necessary: single valued
data like video images and single valued scans and stream
data like video st reams, audio st reams, and t i me series scans.
For the sensor syst ems it is assumed t hat video dat a are
recorded by CCD cameras, audio dat a by microphones, and
scans can be done by various ki nds of sensors. All sensors
axe connect ed to hardware interfaces which can be accessed
by usi ng appropri at e drivers. The hardware of the sensor
syst ems is encapsul at ed t o avoid physical attacks and mis-
use.
2.3 Data Logging Module
To enabl e the collection of dat a from an event driven bio-
met ri c aut hent i cat i on process it is useful to define a func-
t i onal uni t called data logging module which provides four
mai n funct i ons to st ore the collected dat a i n authentication
records of a secure dat a logging dat abase:
 Creat e an aut hent i cat i on record
Updat e of an aut hent i cat i on record
* Insert single values into an aut hent i cat i on record
 Pass st ream values to an aut hent i cat i on record
An aut hent i cat i on record consists of the dat a from tz (st art
of login at t empt ) ... tal (end of modul e D) and da (user
ID, client machi ne ID, bi omet ri c al gori t hm ID and version
number ) ... dl0 ( r et ur n code)(cf. 2.1).
Fi gure 3 shows two possibile ways of i ncl udi ng a dat a log-
ging modul e and a secure dat a logging dat abase into t he
275
[ t,] at art of IowIn
[Jill end of modul e D
[ d,] Iogl n mpeclll© date
[da:r,] vl d~ [ i mage]
[ d,:r ] ] vi deo [ | l r mem]
r
[d=:r~] audi o [ll~ruam] r
[ d~r4] mean [ t i ngl e vel um] --
[de=re] mn [ eme | erl l m]
[ d.] I nt l u~l d dutm h'Unl p r
d ] mul l l L
v
l aggi ng
Nodul e
m
mmml ~t ~.
Fi gure 3: Dat a Fl ow bet ween Bi omet ri c Aut hent i -
cat i on Process, Dat a Loggi ng Modul e, and Secure
Dat a Loggi ng Dat abase
bi omet r i c aut hent i cat i on process:
I. The dat a l oggi ng dat abas e is par t of t he dat a l oggi ng mod-
ule.
II. The dat a l oggi ng dat abase is l ocat ed on a biometric
database server out si de the dat a logging modul e and can
be accessed by a secure communi cat i on channel.
For mul t i modal bi omet r i c I T syst ems it is necessary t o en-
abl e t he col l ect i on of mor e t han one dat a st r eam at once.
Ther ef or e t he dat a l oggi ng modul e needs to be mul t i t hr eaded.
To st ar t t he col l ect i on from more t han one resource at a t i me
a five bi t st r i ng Jr1 r2 ra r4 rs] can he defined, whi ch repre-
sent s t he flow of dat a on [dz:rl] ... [d2:rs] i n figure 3.
The above data can be collected automatically. Additional
useful information can be gained by manual data collection
as described in section 4.
3. OPERATING SYSTEMS' AUTHENTICA-
TIONS
Authentication by IT-systems can he clone by means of one
or more elements of the following sets of methods for prov-
ing the authenticity of a person who seeks access to an IT-
system: User possession (e.g. key, chipcard), user knowledge
(e.g. user identifier, password), user attribute (e.g- finger-
print, face proportion, iris and retina patterns), or user lo-
cation (e.g, location by GPS, location in a defined physical
area) [3].
I n t he following section~ t he aut hent i cat i on concept s usi ng
user name and password, suppor t ed by defaul t by Uni x (cf.
3.1) and Windows NT/2000 (cf. 3.2), and the integration
of biometric authentication (cf. 2.2) and an appropriate
data logging module (cf. 2.3) into both classes of operating
systems will be described.
3.1 Uni x Authentication
I n t he i nst ances of Uni x oper at i ng syst ems consi dered here,
a user is aut hent i cat ed dur i ng l ogi n and dur i ng r unt i me of
the session by a user name and a password. The most used
I (ol d f ashi oned) F
PAH mwmre mget t y
PAMconHguration
Fi gure 4: Compari son of mget t y and PAM- aware-
mget t y
l ogi n pr ogr am for a uni x shell is mgetty. A password ent er ed
by a user is encr ypt ed and compar ed t o t he st ored encr ypt ed
password. I nf or mat i on about users is st ored i n a file called
/etc/passzvd (cf. Fig. 4). All users have read access t o t hi s
file. To i ncrease security, different cr ypt ogr aphi c al gori t hms
(e.g. t he MD5 hash al gor i t hm) can be used. The shado~niz~g
technique provi des read access t o t he password files t o t he
super user onl y [9].
3.1.1 Pluggable Authentication Modules (PAM)
The Pluggable Authentication Modules ( PAM) provi de an in-
t erface for user aut hent i cat i on, abs t r act i ng from t ype and lo-
cat i on of user dat abases. Ther e is no need for i mpl ement i ng
an aut hent i cat i on met hod di r ect l y i nt o an appl i cat i on [15].
Consecut i ve execut i on and combi nat i ons of different aut hen-
t i cat i on met hods based on user possessi on, user knowl edge,
user at t r i but e, or user l ocat i on can be confi gured wi t h PAM.
A PAM architecture consists of PAM aware applications
(special PAM aware versions of e.g. ftpd, telnetd, and lo-
g/n), a PAM configuration file, and a set of PAM modules
(e.g. Kerberoa). The configuration file links a PAM aware
application with PAM modules [16, 14].
3.1.2 Biometric Authentication with Data Logging by
Using PAM
Assuming a Unix system with an installed and configured
PAM framework, it is necessary to take into account that
there are no standardized resource access interfaces com-
pared to the Application Programming Interfaces (APe) of
Windows NT/2000 operating systems (cf. 3.2).
Some resource interfaces such as Video4Linux (bttv module
for tv-grabber cards) or open sound system (OSS, an inter-
face for audio cards) are currently under development for
Linux. The resources required by different biometric tech-
niques (cf. Fi g. 2) can be accessed by usi ng appr opr i at e
dri vers (kernel modul es).
A biometric authentication method implemented into Unix
with PAM requires a PAM aware application (PAM aware
rngett?#) and a special biorrLetric PAM module. The PAM
aware application provides a specific login dialog and cap-
tures/scans the biometric raw data according to the respec-
276
s] ml mw Mb'y mkm
I " I
PAN-mwam
lpp|lcltlon
.......... ~ .......... ~ -J,'tT~-£~ -~;ff,;,
I ,- H -:---.-I
.......... ~" -" - ~Tg~-dr.3-~ ~ iig ~ ;~ ~ ~
I --" H --" I
blml141h'lc Ilgarllthm ucure blomlb.lc
dll~ihll
m~,~,, m d| m
logging dmWlba Im
Fi gure 5: Bi omet ri c Aut hent i cat i on and Dat a Log-
gi ng wi t h PAM
WINLOGON.EXE I
, .-°,- I- I
J Application
5SPI.DLL
A°'.:A=:::--.-
HSVl O.DLL I ~
Fi gur e 6: Wi ndows NT/2000 Component s for Au-
t hent i cat ion
tire biometric technique (c£ Fig. 4). Subsequently, the data
will be passed on to the biometric PAM module, by using
the configuration file (cf. Fig. 5).
The biometric PAM module returns a result to the PAM
aware application and accepts or rejects the biometric au-
thentication attempt. The biometric algorithm (modules P,
Q, S and D of the biometric authentication process) will
be implemented into the biometric PAM module. The data
logging module (cf. 2.3) will be used by PAM aware applica-
tions and biometric PAM modules to log the timestamps ta
-.. t11 and the data dl ... dzo of the biometric authentication
process (cf. Fig. 1)_
3.2 Wi ndows NT/2000 Aut hent i cat i on
In Windows NT/2000, authentication is based on password
verification of a registered user. A special unit of the oper-
ating syst em which is called security subsystem provides the
aut hent i cat i on services used duri ng login processes.
The security subsyst em also provides further security ser-
vices like access control and audi t i ng and is the central au-
thority for security services in Wi ndows NT/2000.
Fi gure 6 specifies the i nt eract i ng component s involved in au-
thentication. Detailed i nformat i on about the security sub-
syst em can be found in [1]. There are two different processes,
the interactive login process WI NLOGON.EXE and t he lo-
cal security autAority LSASS.EXE. WI NLOGON.EXE is a
privileged process which handles interactive user logins and
]ogouts. The process captures the login dat a such as user-
name and password and sends t hem to the LSASS.EXE for
verification. Bot h processes use dynami c libraries to provide
several security services.
AppIIrmUan
mgPZ.DLL
Fi gur e 7: Wi ndows NT/2000 Component s for Bi o-
met r i c Aut hent i cat i on
WINLOGON.EXE uses a special dynamic link library called
graphical identification and authentication interface (GINA ).
GINA provides login dialogs and the event driven function-
ality of the winlogon process.
L SASS.EXE uses an authentication package to verify the
login data. The aut hent i cat i on package is i mpl ement ed as a
dynamic link library (DLL) as well. Aut hent i cat i on packages
axe for i nst ance MSVI_0.DLL for Windows NT Lan Manager
(NTLM) aut hent i cat i on and KERBEROS.DLL for Kerberos
aut hent i cat i on. For verification the login dat a is stored in
dLfferent databases, dependi ng on the security pacl~ge.
If NTLM authentication is used, the verification will be car-
ried out against the stored dat a in the secumty account man-
ager (SAM) dat abase which is a special part of the registry.
If Kerberos is used for aut hent i cat i on, t he verification will
be carried out agai nst the stored dat a in the active directory
[18].
3.2.1 Bi omet ri c Aut hent i cat i on wi t h Dat a Loggi ng in
Wi ndows NT/2000
Wi ndows NT/2000 provides services for video and audio
capt uri ng. These can be used for capt uri ng dat a for bio-
met ri c aut hent i cat i on. The video .for ~indmos API and di-
rectshow API provide a set of st andard functions and in-
terfaces for capt uri ng audio and video data. Ot her captur-
i ng/scanni ng devices need appropri at e drivers.
In order to provide biometric authentication in Windows
NT/2000 it is necessary to add new components to the secu-
rity subsystem. A new biometric GINA.DLL provides user
dialogs for capturing biometric log-in data and enables an
interactive biometric login.
Following the biometric authentication process (cf. 2.1) the
modules P and Q of the biometric algorithm can be placed
in the GINA.DLL as well. The modules S and D axe placed
inside a biometric authentication package [10].
A new biometric security service provider (SSP) provides a
uniform interface for applications encapsulating the services
of the authentication package (cf. Fig. 7). In this case the
module P is preferably placed in the biometric authentica-
tion package and not in the biometric GINA.DLL.
The data logging module (cf. 2.3) will be used by the bio-
277
met r i c GI NA.DLL and t he bi omet r i c aut hent i cat i on package
to log t he t i mest aanps t l ... t l l and t he dat a dx ... dl0 of
t he bi omet r i c aut hent i cat i on pr ocess (cf. Fi g. 1).
4. TESTING BIOMETRIC ALGORITHMS
FOR AUTHENTICATION
The t est i ng of bi omet r i c al gor i t hms is an i mpor t ant i ssue
for t he devel opment of appr opr i at e met hods for oper at i ng
syst ems' aut hent i cat i on in connect i on wi t h envi r onment al
condi t i ons.
Testing limited to the environmental conditions of l abor s-
t ori es and t est i ng in appl i cat i ons wi t hout dat a l oggi ng for
subsequent analysis axe not sufficient for the developer of
specialized biometric algorithms e.g. iris-biometrics.
For improving the biometric algorithms' robustness there is
a need for testing them under real-life conditions by using a
biometric authentication process with a supplementary data
logging mechanism (cf. 2.1) for the measurement of quanti-
tative data and human observations for collecting extended
data.
The quant i t at i ve dat a col l ect ed by an event dr i ven bi omet -
ric aut hent i cat i on process are aut omat i cal l y l eggabl e t i me-
s t amps t t ... t l l and dat a dl ... di s f r om t he [ogin process
of t he oper at i ng syst em, t he capt ur i ng/s canni ng process of
t he sensor syst em, and f r om t he modul es P, Q, 8 and D of
t he bi omet r i c al gor i t hm descr i bed in sect i on 2.1.
Addi t i onal knowl edge lay an exper t is necessar y t o t r ans-
form t he quant i t at i ve dat a t o qual i t at i ve dat a. A human
obser ver pr ovi des ext ended l oggi ng of t he l ogi n appl i cat i on.
The i nt er pr et at i on of quant i t at i ve meas ur ement dat a from
l abor at or y t est s, t he col l ect i on of dat a f r om human observa-
t i ons in appl i cat i ons, and cr i t er i a for eval uat i on of bi omet r i c
syst ems and devi ces axe wel l known [12, 2, 5, 4, 11, 13].
To furt her s uppor t t he anal ysi s and eval uat i on of bi omet r i c
al gor i t hms in t he appl i cat i on of oper at i ng s ys t ems' aut hen-
t i cat i on a concept ual f r amewor k is pr esent ed in sect i on 4.1.
In sect.ion 4.2 t he possi bl e benefi ci al aspect s of t est i ng wi t hi n
appl i cat i ons will be shown for i r i s- bi omet r i cs. Sect i on 4.3
di scusses possi bi l i t i es of i mpr ovi ng bi omet r i c al gor i t hms, in
general by usi ng t he concept ual f r amewor k.
4.1 A Conceptual Framework for Testing Bio-
metric Algorithms
For adapt i ng t o em appl i cat i on (e.g. office, bank t er mi nal,
f act or y) t hi s f r amewor k s t ar t s wi t h t he opt i on of choosi ng
an envi r onment consi st i ng of a bi omet r i c t echni que and an
oper at i ng syst em. The bi omet r i c t echni que is a t upl e con-
si st i ng of a bi omet r i c met hod (e.g. iris r ecogni t i on, speaker
r ecogni t i on, face r ecogni t i on), an appr opr i at e sensor syst em
(e.g. CCD camer a, mi cr ophone), and adequat e dri vers for
t he oper at i ng syst em. The oper at i ng s ys t em can be sel ect ed
out of a Uni x deri vat i ve, Wi ndows NT, or Wi ndows 2000.
The concept ual f r amewor k is i l l ust r at ed in fi gure 8.
In t he next st ep t he bi omet r i c aut hent i cat i on pr ocess wi t h
dat a l oggi ng (cf. 2.1), t he dat a l oggi ng modul e (cf. 2.3), a
mppi l ut i nn
i nv| ~mwm~t
I -
Ol~r~lng
U~ WI ~cl om mm'[=amm
I mpl mnt ~par l met m~m
I
I. +
w~Jn I mbml wr y
t ul:l ng of t he
+
bl omebt c i l | odt hm
 dl hl n I ppl l cl Oon
bl om~c n~l mr ehm "m
fllmamm ~m" sl ~dPI c
moot l c~kl on
/
Fi gur e S: Concept ual Fr amewor k f or Tes t i ng Bi o-
met r i c Al gor i t hms
secur e bi omet r i c dat abas e, secur e communi cat i on channel s
and t he chosen bi omet r i c al gor i t hm wi t h r espect t o t he re-
sour ce r equi r ement s (cf. 2.2) wi l l be i mpl ement ed al ong t he
ar chi t ect ur al descr i pt i on of t he pr ocess i nt o an oper at i ng
s ys t em (cf. 3.1 and 3.2).
Subs equent l y t he first t est s and eval uat i ons are execut ed in
a l abor at or y whi ch del i vers t he fi rst f eedback cycl es to t he
paxamet er i zat i on of t he bi omet r i c al gor i t hm. In a next st ep
t he appl i cat i on is t est ed in i t s envi r onment whi ch aft er an
eval uat i on wi l l lewd agai n t o f eedback cycl es for appl i cat i on
dependent par amet er i zat i on of t he bi omet r i c al gor i t hm.
Af t er sever al i t er at i on st eps an eval uat i on of t he bi omet r i c
t echni que's fi t ness for t he speci fi c appl i cat i on will be gener-
at ed whi ch i ni t i at es t hi s f r amewor k wi t h anot her bi omet r i c
t echni que or del i vers a final overal l t est resul t.
4.1. I Bi omet r i c Meas ur es
For t he ex~l uat i on of bi omet r i c appl i cat i ons severed mes-
sures (e.g. per f or mance meaBures, di st ance measur e) are
known. For a det ai l ed descr i pt i on of t he measur es: I~/se
accept ance rate ( FAR), f al se rej ect i on rate ( FRR), equal er-
r or r at e ( EER), recei ver operating curoe ( ROC), f al se mat ch
rat e ( FMK), f al se non- mat ch rat e ( FNMR), f ai l ure to ac-
quire, emd bin error rate pl ease refer t o [17, 8, 18]. It shoul d
be kept in mi nd t hat we can di f f er ent i at e bet ween fal se re-
j ect s and cor r ect rej ect s onl y on t he level of t he exper t's
i nt er pr et at i on of t he quant i t at i ve dat a.
An overall rej ect i on rate (OB_R) can be defi ned by t he s um
of t he correct rej ect i on rate and t he FRR ( ORR= CRR +
FRR). Anal ogous t he overall accept ance rate ( OAR) is
equal t o t he s um of t he correct accept ance rate ( CAR) and
278
the FAR ( OAR -~ CAR + FRR). An often used di st ance
measure is
d' = II M~"~F °m~'r-- Mf ~'~'~ II
1 a S'D 2 "
d-prime describes the distance between A4~po~t~ and
J~/sffi,~i~ffi in the number of mean intervals_
4.2 Expected Benefits from Using the Concep-
tual Framework for Iris-Biometrics
The discipline of iris-biometrics is dedicated to the develop-
ment of algorithms for measuring, classifying and recogniz-
ing the patterns of the human iris for the usage in biometric
authentication systems. The human iris is the biological
characteristic which presumably provides the highest relia-
bility of a person's identity [6, 18].
The iris is part of the optical syst em "eye" and fulfills the
function of an apert ure [7]. The human iris is a phenotypical
biological characteristic which is not genotypical (based on
DNA). The iris is divided into two mai n parts, the pupil-
lary and ciliary area. Observable features are e.g. crypts,
contraction furrows, striations, pits, collagenous fibers, fil-
aments, serpentine vasculature, rings, and freckles [18 I. A
detailed description of the biological function of the iris is
given in [7].
In order to receive a biometric si gnat ure of the human iris
by anal yzi ng its digital image, first a scan of the eye with
respect to lighting conditions (visible and infrared light,
cornea reflections) and sensor calibration will be done. Next,
the dat a of the iris will be extracted by finding the edges of
the pupil and the limbus in the image. Wi t h the help of
image processing algorithms, features of the iris can be an-
alyzed to calculate biometric signatures [3].
Additional information about the following chosen aspects
from testing algorithms for iris-biometrics within applica-
tions by using the biometric authentication process are ex-
pected from the modules P and Q (cf. 2.1):
 P: Preprocessing
- PI : Coordinates of center points of pupil and lira-
bus
- /~: Visibility of the circular edge of pupil
- Pa: Visibility of the circular edge of limbus and
extraction of iris ring by using P~ and Pa
- P4: Position and influence of the upper eyelid
- Ps: Position and influence of the lower eyelid
- Ps: Position and influence of the eyelashes
- P7: Localization of reflections from environment
lighting conditions, P4, Ps, and Pe
Q: Quality Check, Decision and Normalization
- QI : Checking of presence of reflections at prede-
fined areas, e.g. reflections in the pupi l or at the
edge of/>4 and Ps
-- Q2: Checking the changing of the contrast at
pupil and limbus
- Qa: Checking the degree of visibility of the iris
and coverage by/>4 and Ps on image
- Q4: Checking the defined basic requirements for
the iris image (required percentage or arees of vis-
ibility and superi mposi ng reflections)
This part of a more general classification scheme for iris-
biometrics algorithms shows aspects handl ed by digital iris
analysis. They can be expected from a real-life test. The
classification scheme is associated wi t h the modul e construc-
t i on of a biometric al gori t hm i n the process of biometric
aut hent i cat i on (cf. 2-1).
4.3 Improving Biometric Algorithms for Ap-
plications ?
In the course of our proj ect Biometric Authentication Sys-
tems we have identified a demand for evaluation met hods
t hat go beyond general product tests.
Laboratory tests form a solid basis of evaluation, yet they
lack sufficient data logging and, by nature, cannot provide
realistic quantitative data from an actual application con-
text. Laboratory evaluation set-ups can neither predict nor
simulate an adequate set of possible environmental condi-
tions, errors, frauds, or attacks.
To be aware, however, of these influencing factors is cru-
cial for developing robust, reliable, and efficient biometric
algorithms. For this reason laboratory testing environments
have to be augmented by tests under real-life conditions.
With the authentication within frequently used operating
systems like Unix derivatives and Windows NT/2000 we
have chosen a class of wide-spread applications.
Employing our framework in the daily university working
scenario we can derive representative quantitative data for
the development of enhanced biometric algorithms.
With privacy aspects borne in mind we have designed our
biometric authentication process ~rith data logging in a se-
cure way wi t h respect to appropri at e access control mecha-
nisms for the biometric dat abase and dat a logging database.
For communi cat i on onl y cryptographically secured commu-
ni cat i on channels will be used. Each part i ci pant needs to
agree to our consent form, which guarantees the use of per-
sonal data including profile data and biometric raw data for
research purposes only.
5. CONCLUSIONS AND FUTURE WORK
In this paper we have introduced a biometric authentica-
tion process with data logging embedded into a conceptual
framework for testing biometric algorithms. Operat i ng sys-
tems' aut hent i cat i on has served as a first test-bed for our
approach.
Quantitative dat a measurement by using an appropriate bio-
metric authentication process (cf. 2.1) and extended data
collection by human observations axe essential for the de-
velopment of adequate biometric algorithms. The presented
conceptual framework supports both types of data to be in-
volved into the development phases of biometric algorithms
by providing feedback cycles.
The future work of this project is to consider a biometric
enrollment process with data logging and to include this ad-
ditional process into an integrated (conceptual) framework.
The presented framework could also be generalized with re-
spect to further operat i ng syst ems' aut hent i cat i on but also
279
with regard to other applications requiring authentication.
Anot her research aspect is to find classes of standardized/-
normalized basic biometric algorithms for different biometric
techniques, which are paramet eri zed during the tests in lab-
oratories and applications.
Used in future university education an implementation of
the framework will enable supervised students to develop
and evaluate different biometric algorithms in projects and
theses for the biometric authentication within standard op-
erating systems.
6. REFERENCES
[1] Microsoft Developer's Library.
ht t p://msdn.mi crosoft.com, 2001.
[2] Biometrics Working Group (BWG): Best Practices in
Testing and Report i ng Performance of Biometric
Devices, Version 1.0, ht t p://www.cesg.gov.uk/
bi omet ri cs/, January 2000.
[3] A. BrSmme. A Discussion on Privacy Needs and
(Mis)Use of Biometric IT-Syst ems. In Proceedings of
the IFIP WG 9.6/11.7 Working Conference on
Security and Control of I T in Society (SCITS-II),
15-16 June 9001, Bratlslava, Slovakia, pages 145--156,
2001.
[4] F- Biillingen and A. Hillebrand. Vergleichende
Untersuchung biometrischer Identifik~tionssysteme
(BIOIS) - Teiluntersuchung Technikfolgen-
Absch~itzung. Technical report, Bundesamt fiir
Sicherheit in der Informat i onst echni k (BSI) und
b'~auenhofer Inst i t ut fiir Graphische
Dat enverarhei t ung (IGD), March 2000.
[5] Bundesamt fiir Sicherheit in der Informationstechnik
(BSI). Studie BIOIS: Vergleichende Untersuchung
bioznetr£scher [dentifikationssysteme - Technische
Untersuchung, Oftener Abschlussbericht, May 2001.
[6] J. G. Daugman. Recognizing Persons by their
Iris-Patterns. In [8], 1999.
[7] W. M. E. Hart. Adler's Physiology of the Eye -
Clinical Application. Mosby-Year Book Inc., 1992.
[8] A. K. Jain, R. BoUe, mad S. E. Pankanti. Biometrics-
Personal Identification in Networked Society. Kluwer
Academic Publishers, 1999.
[9] T. Klein. L~nux-Sicherheit: Security mi t
Open-Source-So, ware_ dpunkt-Verlag, Heidelberg,
2001.
[I0] M. Kronberg. Implementation sines biometrischen
Authentisierungssystems in Windows NT. Mester~s
thesis, Supervisors: K. Brunnstein and A. BrSmme.
Faculty of Informatics, University of Hamburg, AGN,
2001.
[11] G. E. Lassmann. Bewertungskriterien zur
Vergleichbarkeit biometrischer Verfahren -
Kriterienkatalog. Technical report, Arbeitsgruppe 6:
Biometrische Identifikationsverfahren, TeleTrust
Deutschland e.V., August 1998.
[12] T. Mansfield, G. Kelly, D. Chandler, and J. Kane.
Biometric Product Test i ng Final Report. Technical
report, Centre for Mathematics and Scientific
Computing, National Physical Laboratory, 2001.
[13] D. Polemi. Biometric Techniques: Review and
Evaluation of Biometric Techniques for Identification
and Authentication - Final Report. Technical report,
Institute of Communication and Computer Systems,
National Technical University of Athens, April 1995.
[14] V. Samar and C. Lai. Making Login Services
Independent of Authentication Technologies.
Technical report, SunSoft, Inc., 1995.
[15] V. Sarnar and R. J. Schemers. Unified Login with
Pluggable Authentication Modules (PAM). Technical
report, SunSoft, Inc., 1995.
[16] R. E. Walsh. Single Sign-On in Windows NT, 2000 &
The Solaris Operating Environment: A Review.
Technical report, Sun Laboratories, 2001.
[17] J. L. E. Wayman. National Biometric Test Center -
Collected Works 1997-2000, August 2000.
[18] D. D. Zha~g. Aut omat ed Biometrics - Technologies
and Systems. Kluwer Academi c Publishers, Boston,
2000.
280