Biometrics

Definition:
Biometrics is the science and technology of measuring and analyzing biological data. In information technology, biometrics refers to technologies that measure and analyze human body characteristics, such as DNA, fingerprints, eye retinas and irises, voice patterns, facial patterns and hand measurements, for authentication purposes. Biometrics (or biometric authentication) consists of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In computer science, in particular, biometrics is used as a form of identity access management and access control. It is also used to identify individuals in groups that are under surveillance. Biometric identifiers are the distinctive, measurable characteristics used to identify individuals. The two categories of biometric identifiers include physiological and behavioral characteristics. Physiological characteristics are related to the shape of the body, and include but are not limited to: fingerprint, face recognition, DNA, palm print, hand geometry, iris recognition (which has largely replaced retina), and odour/scent. Behavioral characteristics are related to the behavior of a person, including but not limited to: typing rhythm, gait, and voice. Some researchers have coined the term behaviometrics to describe the latter class of biometrics. More traditional means of access control include token-based identification systems, such as a driver's license or passport, and knowledge-based identification systems, such as a password or personal identification number. Since biometric identifiers are unique to individuals, they are more reliable in verifying identity than token and knowledge-based methods, however, the collection of biometric identifiers raises privacy concerns about the ultimate use of this information.

History of Biometrics:
Biometrics has been around since 29,000 BC when cavemen would sign their drawings with handprints. In 500 BC Babylonian business transactions were signed in clay tablets with fingerprints. The earliest cataloging of fingerprints dates back to 1881 when Juan Vucetich started a collection of fingerprints of criminals in Argentina

Current, emerging and future applications of biometrics: Proposal calls for biometric authentication to access certain public networks:
John Michael (Mike) McConnell, a former vice admiral in the United States Navy, a former Director of US National Intelligence, and Senior Vice President of Booz Allen Hamilton promoted the development of a future capability to require biometric authentication to access certain public networks in his Keynote Speech at the 2009 Biometric Consortium Conference.

A basic premise in the above proposal is that the person that has uniquely authenticated themselves using biometrics with the computer is in fact also the agent performing potentially malicious actions from that computer. However, if control of the computer has been subverted, for example in which the computer is part of a botnet controlled by a hacker, then knowledge of the identity of the user at the terminal does not materially improve network security or aid law enforcement activities . Recently, another approach to biometric security was developed , this method scans the entire body of prospects to guarantee a better identification of this prospect. This method is not globally accepted because it is very complex and prospects are concerned about their privacy. Very few technologists apply it globally.

Biometric functionality:
Many different aspects of human physiology, chemistry or behavior can be used for biometric authentication. The selection of a particular biometric for use in a specific application involves a weighting of several factors. Jain et al. (1999) identified seven such factors to be used when assessing the suitability of any trait for use in biometric authentication. Universality means that every person using a system should possess the trait. Uniqueness means the trait should be sufficiently different for individuals in the relevant population such that they can be distinguished from one another. Permanence relates to the manner in which a trait varies over time. More specifically, a trait with 'good' permanence will be reasonably invariant over time with respect to the specific matching algorithm. Measurability (collectability) relates to the ease of acquisition or measurement of the trait. In addition, acquired data should be in a form that permits subsequent processing and extraction of the relevant feature sets. Performance relates to the accuracy, speed, and robustness of technology used (see performance section for more details). Acceptability relates to how well individuals in the relevant population accept the technology such that they are willing to have their biometric trait captured and assessed. Circumvention relates to the ease with which a trait might be imitated using an artifact or substitute. No single biometric will meet all the requirements of every possible application. A biometric system can operate in the following two modes. In verification mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be. This process may use a smart card, username or ID number (e.g. PIN) to indicate which template should be used for comparison. 'Positive recognition' is a common use of verification mode, "where the aim is to prevent multiple people from using same identity". In Identification mode the system performs a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown individual. The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. Identification mode can be used either for 'positive recognition' (so that the user does not have to provide any information about the template to be used) or for 'negative recognition' of the person "where the system establishes whether the person is who she (implicitly or explicitly) denies to be". The latter function can only be achieved through biometrics since other methods of personal recognition such as passwords, PINs or keys are ineffective.

The basic block diagram of a biometric system

The first time an individual uses a biometric system is called enrollment. During the enrollment, biometric information from an individual is captured and stored. In subsequent uses, biometric information is detected and compared with the information stored at the time of enrollment. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and the system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired. The second block performs all the necessary pre-processing: it has to remove artifacts from the sensor, to enhance the input (e.g. removing background noise), to use some kind of normalization, etc. In the third block necessary features are extracted. This step is an important step as the correct features need to be extracted in the optimal way. A vector of numbers or an image with particular properties is used to create a template. A template is a synthesis of the relevant characteristics extracted from the source. Elements of the biometric measurement that are not used in the comparison algorithm are discarded in the template to reduce the filesize and to protect the identity of the enrollee. If enrollment is being performed, the template is simply stored somewhere (on a card or within a database or both). If a matching phase is being performed, the obtained template is passed to a matcher that compares it with other existing templates, estimating the distance between them using any algorithm (e.g. Hamming distance). The matching program will analyze the template with the input. This will then be output for any specified use or purpose (e.g. entrance in a restricted area)

Performance:
The following are used as performance metrics for biometric systems:

false accept rate or false match rate (FAR or FMR): the probability that the system incorrectly matches the input pattern to a non-matching template in the database. It measures the percent of invalid inputs which are incorrectly accepted. false reject rate or false non-match rate (FRR or FNMR): the probability that the system fails to detect a match between the input pattern and a matching template in the database. It measures the percent of valid inputs which are incorrectly rejected.

receiver operating characteristic or relative operating characteristic (ROC): The ROC plot is a visual characterization of the trade-off between the FAR and the FRR. In general, the matching algorithm performs a decision based on a threshold which determines how close to a template the input needs to be for it to be considered a match. If the threshold is reduced, there will be less false non-matches but more false accepts. Correspondingly, a higher threshold will reduce the FAR but increase the FRR. A common variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes. This more linear graph illuminates the differences for higher performances (rarer errors). equal error rate or crossover error rate (EER or CER): the rate at which both accept and reject errors are equal. The value of the EER can be easily obtained from the ROC curve. The EER is a quick way to compare the accuracy of devices with different ROC curves. In general, the device with the lowest EER is most accurate. failure to enroll rate (FTE or FER): the rate at which attempts to create a template from an input is unsuccessful. This is most commonly caused by low quality inputs. failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric input when presented correctly. template capacity: the maximum number of sets of data which can be stored in the system.

Issues and concerns:

Privacy and discrimination It is possible that data obtained during biometric enrollment may be used in ways for which the enrolled individual has not consented. For example, biometric security that utilizes an employee's DNA profile could also be used to screen for various genetic diseases or other 'undesirable' traits. Danger to owners of secured items When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. For example, in 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car. Cancelable biometrics One advantage of passwords over biometrics is that they can be re-issued. If a token or a password is lost or stolen, it can be cancelled and replaced by a newer version. This is not naturally available in biometrics. If someone's face is compromised from a database, they cannot cancel or reissue it. Cancelable biometrics is a way in which to incorporate protection and the replacement features into biometrics. It was first proposed by Ratha et al. Several methods for generating cancelable biometrics have been proposed. The first fingerprint based cancelable biometric system was designed and developed by Tulyakov et al. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature

of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al. and Savvides et al., whereas other methods, such as Dabbah et al., take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancellable templates more accessible for available biometric technologies. Soft biometrics Soft biometrics traits are physical, behavioural or adhered human characteristics, which have been derived from the way human beings normally distinguish their peers (e.g. height, gender, hair color). Those attributes have a low discriminating power, thus not capable of identification performance, additionally they are fully available to everyone which makes them privacy-safe.

Countries applying biometrics: Australia

Visitors intending to visit Australia may soon have to submit to biometric authentication as part of the Smartgate system, linking individuals to their visas and passports. Biometric data are already collected from some visa applicants by Immigration. Australia is the first country to introduce a Biometrics Privacy Code, which is established and administered by the Biometrics Institute. The Biometrics Institute Privacy Code Biometrics Institute forms part of Australian privacy legislation. The Code includes privacy standards that are at least equivalent to the Australian National Privacy Principles (NPPs) in the Privacy Act and also incorporates higher standards of privacy protection in relation to certain acts and practices. Only members of the Biometrics Institute are eligible to subscribe to this Code. Biometrics Institute membership, and thus subscription to this Code, is voluntary.

Germany
The biometrics market in Germany will experience enormous growth until the year 2009. "The market size will increase from approximately 120 million (2004) to 377 million " (2009). "The federal government will be a major contributor to this development". In particular, the biometric procedures of fingerprint and facial recognition can profit from the government project. In May 2005 the German Upper House of Parliament approved the implementation of the ePass, a passport issued to all German citizens which contain biometric technology. The ePass has been in circulation since November 2005, and contains a chip that holds a digital photograph and one fingerprint from each hand, usually of the index fingers, though others may be used if these fingers are missing or have extremely distorted prints. "A third biometric identifier iris scans could be added at a later stage". An increase in the prevalence of biometric technology in Germany is an effort to not only keep citizens safe within German borders but also to comply with the current US deadline for visa-waiver countries to introduce biometric passports. In addition to producing biometric passports for German citizens, the German government has put in place new requirements for visitors to apply for visas within the country. "Only applicants for long-term visas, which allow more than three months' residence, will be affected by the planned biometric registration program. The new work visas will also include fingerprinting, iris scanning, and digital photos".

Germany is also one of the first countries to implement biometric technology at the Olympic Games to protect German athletes. "The Olympic Games is always a diplomatically tense affair and previous events have been rocked by terrorist attacksmost notably when Germany last held the Games in Munich in 1972 and 11 Israeli athletes were killed". Biometric technology was first used at the Olympic Summer Games in Athens, Greece in 2004. "On registering with the scheme, accredited visitors will receive an ID card containing their fingerprint biometrics data that will enable them to access the 'German House'. Accredited visitors will include athletes, coaching staff, team management and members of the media". As a protest against the increasing use of biometric data, the influential hacker group Chaos Computer Club published a fingerprint of German Minister of the Interior Wolfgang Schuble in the March 2008 edition of its magazine Datenschleuder. The magazine also included the fingerprint on a film that readers could use to fool fingerprint readers.

India
India is undertaking an ambitious mega project to provide a unique identification number to each of its 1.25 billion people. The Identification number will be stored in central databases. consisting the biometric information of the individual. If implemented, this would be the biggest implementation of the Biometrics in the world. India's Home Minister, P Chidambaram, described the process as "the biggest exercise... since humankind came into existence". The government will then use the information to issue identity cards. Officials in India will spend one year classifying India's population according to demographics indicators. The physical count began on February 2011. See Unique Identification Authority of India for more information.

United States
Starting in 2005, US passports with facial (image-based) biometric data were scheduled to be produced. Privacy activists in many countries have criticized the technology's use for the potential harm to civil liberties, privacy, and the risk of identity theft. Currently, there is some apprehension in the United States (and the European Union) that the information can be "skimmed" and identify people's citizenship remotely for criminal intent, such as kidnapping. The US Department of Defense (DoD) Common Access Card, is an ID card issued to all US Service personnel and contractors on US Military sites. This card contains biometric data and digitized photographs. It also has laser-etched photographs and holograms to add security and reduce the risk of falsification. There have been over 10 million of these cards issued. According to Jim Wayman, director of the National Biometric Test Center at San Jose State University, Walt Disney World is the nation's largest single commercial application of biometrics. However, the US-VISIT program will very soon surpass Walt Disney World for biometrics deployment.

The United States (US) and European Union (EU) are proposing new methods for border crossing procedures utilizing biometrics. Employing biometrically enabled travel documents will increase security and expedite travel for legitimate travelers. NEXUS is a joint Canada-United States program operated by the Canada Border Services Agency and U.S. Customs and Border Protection. It is designed to expedite travel cross the US-Canada border and makes use of biometric authentication technology, specifically "iris recognition biometric technology". It permits pre-approved members of the program to use self-serve kiosks at airports, reserved lanes at land crossings, or by phoning border officials when entering by water.

Learn about Different Types of Multi-biometric Systems :

Multi-biometric systems have come a long way by addressing biometric issues and concerns in a better manner. With constant research in the field, the developers and manufacturers have come up with different types of multi-biometric systems, each one to entertain the specific requirements. You can continue reading further to learn about various multi-biometric systems available in the market.

Multi Sensor Biometric Systems:

As the name suggest, these biometric systems consist of multiple sensors to capture the data more than once and then combine them to deliver accurate data matching process. For instance, 2D cameras as well as infrared sensors can be used in a multi-biometric system to capture the images of an individual in different types of illuminations. The process provides a higher sophistication level to the security offered by these systems.

Multi Algorithm Biometric Systems:

Algorithms are important parts of biometric systems to carry out the process of sampling and identification. How about combining more than one algorithm to enhance the level of security? The multi-algorithm biometric systems are economical than other types, as extra sensors and other devices are not required. Though, one can expect them to be more complex.

Multi Sample Biometric Systems:

In this type of biometric systems, the multiple samples of the same physical trait are captured to produce samples that are good enough to provide more secure identification. For instance, apart from the front profile of a persons face, the side profiles can also be used to prepare the identification samples.

Multi Instance Biometric Systems:

You have 10 fingers and 2 irises and thus, biometric technology can make use of all the fingers or both the irises to prepare different instances and combine them to form specific biometric samples. As it is clear, better biometric access control arrangements can be acquired using the procedure.

Multi modal Biometric Systems:

A simple way of enhancing the utility of biometrics is to combine samples from two physically uncorrelated features of an individual and the resulting system can be called the multimodal biometric system. For example, voice patterns can be combined with face recognition or iris patterns with fingerprints and so on. Going further, the hybrid biometric systems have been devised to combine, say two iris samples with three face patterns and so on.

Biometrics: Uses and Abuses

Biometrics are seductive. Your voiceprint unlocks the door of your house. Your iris scan lets you into the corporate offices. You are your own key. Unfortunately, the reality isn't that simple. Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognize faces. On the telephone, your voice identifies you. Your signature identifies you as the person who signed a contract. In order to be useful, biometrics must be stored in a database. Alice's voice biometric works only if you recognize her voice; it won't help if she is a stranger. You can verify a signature only if you recognize it. To solve this problem, banks keep signature cards. Alice signs her name on a card when she opens the account, and the bank can verify Alice's signature against the stored signature to ensure that the check was signed by Alice. There is a variety of different biometrics. In addition to the three mentioned above, there are hand geometry, fingerprints, iris scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.). The technologies are different, some are more reliable, and they'll all improve with time.

Biometrics are hard to forge: it's hard to put a false fingerprint on your finger, or make your iris look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is he and not someone else. On the other hand, some biometrics are easy to steal. Imagine a remote system that uses face recognition as a biometric. ``In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file.'' What are the attacks here? Take a Polaroid picture of Alice when she's not looking. Then, at some later date, mail it in and fool the system. The attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify when and where the picture was taken--only that it matches the picture of Alice's face on file--we can fool it. A keyboard fingerprint reader can be similar. If the verification takes place across a network, the system may be unsecure. An attacker won't try to forge Alice's real thumb, but will instead try to inject her digital thumbprint into the communications. The moral is that biometrics work well only if the verifier can verify two things: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can't do that, it can't work. Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look. Biometrics also don't handle failure well. Imagine that Alice is using her thumbprint as a biometric, and someone steals the digital file. Now what? This isn't a digital certificate, where some trusted third party can issue her another one. This is her thumb. She has only two. Once someone steals your biometric, it remains stolen for life; there's no getting back to a secure situation. And biometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it's not hard to imagine some very unsecure situations arising. Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. They are useful as a replacement for a PIN, or a replacement for a signature (which is also a biometric). They can sometimes be used as passwords: a user can't choose a weak biometric in the same way they choose a weak password. Biometrics are useful in situations where the connection from the reader to the verifier is secure: a biometric unlocks a key stored locally on a PCM-CIA card, or unlocks a key used to secure a hard drive. In those cases, all you really need is a unique hard-to-forge identifier.

National Conference on Recent Advances in Soft Computing and Knowledge Discovery

19-21 January 2012

REGISTRATION FORM Name Organization Designation Qualification Specialization Address Telephone E-mail Area in which the paper submitted Title of the paper Co- authors names(s) Accomodation Required Payment Details DD Number: Date: : : : : Amount: Bank: Yes / No : : : : : : : : :

Signature of the Applicant

Signature of the Principal