Biometric Techniques – Enhancing Security Standards In High Performance Enterprise
In today’s digital economy, where many important activities are carried out with the help of computer, the need for reliable, simple, flexible and obtain system is a great concern and a challenging issue for the organisation. Day by day security breaches and transaction fraud increases, the need for obtain identification and personal verification technologies is becoming a great concern to the organisation. By measuring something rare about an individual and using that to clarify, an organisation can dramatically enhance their security measures. Awareness of security issues is rapidly increasing among company how they want to protect the information which is a greatest asset that the company possesses. The organisation wants to protect this information from either internal or external threat. Security plays a very important role in the organization and to make computer system obtain, various biometric techniques have been developed. Today biometric techniques are a reliable method of recognising the identity of a person based on physiological or behavioral characteristics. Biometrics techniques adventure human’s rare physical or behavioral traits in order to authenticate people. The features measured are confront, fingerprints, hand geometry, iris, retinal, voice etc. Biometric authentication is increasingly being used in areas like banking, retailing, defense, manufacturing, health industry, stock exchange, public sector, airport security, internet security etc. Biometric technologies are providing a highly-obtain identification and personal verification solutions. Biometric techniques are an attempt in providing a strong solution to many challenging problems in security. Biometrics focuses on the examination of physical or behavioral traits that determine individual identity. Biometrics can he used to verify the identity of an individual based on the measurement and examination of rare physical and behavioral data. Indeed, biometrics techniques increasingly are being viewed as the preferred method to confirm an individual’s identity precisely.
The history of biometric techniques is not new, it trace its origin from the past. The ancient biometric technique which was practiced was a form of finger printing being used in China in the 14th century, as reported by the Portuguese historian Joao de Barros. The Chinese merchants were stamping children’s palm and footprints on paper with ink to discriminate the babies from one another. Biometrics the ancient Greek information is the combination of two words -bio method life, metric method measurement.It is the study of methods for uniquely recognizing humans based upon physical or behavioral characterstics. The physiological characterstics are fingerprint, confront, hand geometry, DNA and iris recognition. Behavioral are related to the behavior of a person like identifying characteristics, study of keystroke, voice etc. consequently a biometric system is essentially a pattern recognition system which makes a personal identification by calculating the authenticity of a specific physiological or behavioral characteristic possessed by the user. Biometric characteristics are collected using a device called a sensor. These sensors are used to acquire the data needed for verification or identification and to transform the data to a digital code. The quality of the device chosen to capture data has a meaningful impact on the recognition results. The devices could be digital cameras for confront recognition, ear recognition etc or a telephone for voice recognition etc. A biometric system operates in verification mode or identification mode. In verification mode the system validates a person identity by comparing the captured biometric data with the biometric template stored in the database and is mainly used for positive recognition. In the identification mode the system captures the biometric data of an individual and searches the biometric template of all users in the database till a match is not found.
DIFFERENT TYPES OF BIOMETRIC TECHNIQUES
o confront Recognition
The biometric system can automatically recognize a person by the confront. This technology works by analyzing specific features in the confront like – the distance between the eyes, width of the nose, position of cheekbones, jaw line, chin ,rare shape, pattern etc. These systems include measurement of the eyes, nose, mouth, and other facial features for identification. To increase accuracy these systems also may measure mouth and lip movement.confront recognition captures characteristics of a confront either from video or nevertheless image and translates rare characteristics of a confront into a set of numbers. These data collected from the confront are combined in a single unit that uniquely identifies each person. Sometime the features of the confront are analyzed like the current changes in the confront while smiling or crying or responding to different situation etc.The complete confront of the person is taken into consideration or the different part of the confront is taken into consideration for the identity of a person. It is highly complicate technology. The data capture by using video or thermal imaging. The user identity is confirmed by looking at the screen. The dominant assistance to using facial recognition as a biometric authenticator is that people are accustomed to presenting their faces for identification and instead of ID card or photo identity card this technique will be advantageous in identifying a person. As the person faces changes by the age or person goes for plastic surgery, in this case the facial recognition algorithm should measure the relative position of ears, noses, eyes and other facial features.
o Hand Geometry:
Hand geometry is techniques that capture the physical characteristics of a user’s hand and fingers. It analyses finger image ridge endings, bifurcations or branches made by ridges. These systems measure and record the length, width, thickness, and surface area of an individual’s hand. It is used in applications like access control and time and attendance etc. It is easy to use, comparatively inexpensive and widely accepted. A camera captures a 3 dimensional image of the hand. A verification template is produced and stored in the database and is compared to the template at the time of verification of a person. Fingerprint identification.Currently fingerprint readers are being built into computer memory cards for use with laptops or PCs and also in cellular telephones, and personal digital assistants. It is successfully implemented in the area of physical access control.
o Eye Recognition:
This technique involves scanning of retina and iris in eye. Retina examine technology maps the capillary pattern of the retina, a thin nerve on the back of the eye. A retina examine measures patterns at over 400 points. It analyses the iris of the eye, which is the colored ring of tissue that surrounds the pupil of the eye. This is a highly mature technology with a proven track record in a number of application areas. Retina scanning captures rare pattern of blood vessels where the iris scanning captures the iris. The user must focus on a point and when it is in that position the system uses a beam of light to capture the rare retina characterstics.It is extremely obtain and accurate and used heavily in controlled ecosystem. However, it is expensive, obtain and requires perfect alignment and usually the user must look in to the device with proper concentration. Iris recognition is one of the most reliable biometric identification and verification methods. It is used in airports for travellers.Retina examine is used in military and government organization. Organizations use retina scans chiefly for authentication in high-end security applications to control access, for example, in government buildings, military operations or other restricted quarters, to empowered personnel only. The rare pattern and characteristics in the human iris keep unchanged throughout one’s lifetime and no two persons in the world can have the same iris pattern.
o Voice Biometrics
Voice biometrics, uses the person’s voice to verify or clarify the person. It verifies in addition as identifies the speaker. A microphone on a standard PC with software is required to analyze the rare characteristics of the person. Mostly used in telephone-based applications. Voice verification is easy to use and does not require a great deal of user education. To enroll, the user speaks a given pass phrase into a microphone or telephone handset. The system then creates a template based on numerous characteristics, including pitch, tone, and shape of larynx. Typically, the enrollment course of action takes less than a minute for the user to complete. Voice verification is one of the least intrusive of all biometric methods. Furthermore, voice verification is easy to use and does not require a great deal of user education.
o identifying characteristics Verification
identifying characteristics verification technology is the examination of an individual’s written identifying characteristics, including the speed, speeding up rate, stroke length and pressure applied during the identifying characteristics. There are different ways to capture data for examination i.e. a special pen can be used to recognize and analyze different movements when writing a identifying characteristics, the data will then be captured within the pen. Information can also be captured within a special tablet that measures time, pressure, speeding up and the duration the pen touches it .As the user writes on the tablet, the movement of the pen generates sound against paper an is used for verification. An individual’s identifying characteristics can change over time, however, which can consequence in the system not recognizing empowered users. identifying characteristics systems rely on the device like special tablet, a special pen etc. When the user signs his name on an electronic pad, instead of merely comparing signatures, the device instead compares the direction, speed and pressure of the writing instrument as it moves across the pad.
This method relies on the fact that every person has her/his own keyboard-melody, which is analysed when the user types. It measures the time taken by a user in pressing a particular meaningful or searching for a particular meaningful.
OTHER BIOMETRIC TECHNIQUES ARE
o Vein/vascular patterns: Analyses the
veins in, for example, the hand and the confront.
o Nail identification: Analyses the tracks in the nails.
o DNA patterns: it is a very expensive technique and it takes a long time for verification/identification of a person
o Sweat hole examination: Analyses the way pores on a finger are located.
o Ear recognition: Shape and size of an ear are rare for every person.
o Odour detection: Person is verified or identified by their smell.
o Walking recognition: It analyses the way the person walks.
METHODS OF BIOMETRIC AUTHENTICATION:
o VERIFICATION : is the time of action of verifying the user is who they claim to be.
o IDENTIFICATION : is the time of action of identifying the user from a set of known users.
WORKING OF BIOMETRICS:
All biometric systems works in a four-stage course of action that consists of the following steps.
o Capture: A biometric system captures the sample of biometric characteristics like fingerprint, voice etc of the person who wants to login to the system.
o Extraction: rare data are extracted from the sample and a template is produced. rare features are then extracted by the system and converted into a digital biometric code. This sample is then stored as the biometric template for that individual.
o Comparison: The template is then compared with a new sample. The biometric data are then stored as the biometric template or template or reference template for that person.
o Match/non-match: The system then decides whether the features extracted from the new sample are a match or a non-match with the template. When identity needs checking, the person interacts with the biometric system, a new biometric sample is taken and compared with the template. If the template and the new sample match, the person’s identity is confirmed else a non-match is confirmed.
[Biometric Authentication System and its functional components]
The Biometric authentication system includes three layered architecture:
o Enroll: A sample is captured from a device, processed into a usable form from which a template is constructed, and returned to the application.
o Verify: One or more samples are captured, processed into a usable form, and then equaled against an input template. The results of the comparison are returned.
o clarify: One or more samples are captured, processed into a usable form, and equaled against a set of templates. A list is generated to show how close the samples compare against the top candidates in the set.
A biometric template is an individual’s sample, a reference data, which is first captured from the chosen biometric device. Later, the individual’s identity is verified by comparing the later collected data against the individual’s biometric template stored in the system. Typically, during the enrollment course of action, three to four samples may be captured to arrive at a representative template. The resultant biometric templates, in addition as the overall enrollment course of action, are meaningful for the overall success of the biometric application. If the quality of the template is poor, the user will need to go by re-enrollment again. The template may be stored, within the biometric device, remotely in a central repository or on a portable card.
Storing the template on the biometric device has the advantage of fast access to the data. There is no dependency on the network or another system to access the template. This method applies well in situations when there are few users of the application. Storing the template in a central repository is a good option in a high-performance, obtain ecosystem. Keep in mind that the size of the biometric template varies from one vendor product to the next and is typically between 9 bytes and 1.5k. For example, as a fingerprint is scanned, up to 100 minutia points are captured and run against an algorithm to create a 256-byte binary template. An ideal configuration could be one in which copies of templates related to users are stored locally for fast access, while others are downloaded from the system if the template cannot be found locally.
Storing the template on a card or a token has the advantage that the user carries his or her template with them and can use it at any empowered reader position. Users might prefer this method because they continue control and ownership of their template. However, if the token is lost or damaged, the user would need to re-enroll. If the user base does not object to storage of the templates on the network, then an ideal solution would be to store the template on the token in addition as the network. If the token is lost or damaged, the user can provide permissible identity information to access the information based on the template that can be accessed on the network. The enrollment time is the time it takes to enroll or register a user to the biometric system. The enrollment time depends on a number of variables such as: users’ experience with the device or use of custom software or kind of information collected at the time of enrollment
Biometric Performance Measures:
o False acceptance rate (FAR) or False match rate (FMR): the probability that the system incorrectly declares a successful match between the input pattern and a non-matching pattern in the database. It measures the percent of invalid matches. These systems are basic since they are commonly used to forbid certain actions by disallowed people.
o False reject rate (FRR) or False non-match rate (FNMR): the probability that the system incorrectly declares failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.
o Receiver (or relative) operating characteristic (ROC): In general, the matching algorithm performs a decision using some parameters (e.g. a threshold). In biometric systems the FAR and FRR can typically be traded off against each other by changing those parameters. The ROC plot is obtained by graphing the values of FAR and FRR, changing the variables implicitly. A shared variation is the Detection error trade-off (DET), which is obtained using normal deviate scales on both axes.
o Equal error rate (EER): The rates at which both accept and reject errors are equal. ROC or DET plotting is used because how FAR and FRR can be changed, is shown clearly. When quick comparison of two systems is required, the ERR is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
o Failure to enroll rate (FTE or FER): the percentage of data input is considered invalid and fails to input into the system. Failure to enroll happens when the data obtained by the sensor are considered invalid or of poor quality.
o Failure to capture rate (FTC): Within automatic systems, the probability that the system fails to detect a biometric characteristic when presented correctly.
o Template capacity: the maximum number of sets of data which can be input in to the system.
For example, performance parameters associated with the fingerprint reader may be:
o a false acceptance rate of less than or equal to 0.01 percent
o a false rejection rate of less than 1.4 percent
o the image capture area is 26×14 mm.
clearly, these two measures should be as low as possible to avoid empowered user rejection but keep out unauthorized users. In applications with medium security level a 10% False Rejection Error will be unacceptable, where false acceptance rate error of 5% is permissible.
False Acceptance When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity. Also known as a kind II error. False Acceptance Rate/FAR
The probability that a biometric system will incorrectly clarify an individual or will fail to reject an impostor. Also known as the kind II error rate.
It is stated as follows:
FAR = NFA / NIIA or FAR = NFA / NIVA
where FAR is the false acceptance rate
NFA is the number of false acceptances
NIIA is the number of impostor identification attempts
NIVA is the number of impostor verification attempts
False Rejection Rate/FRR The probability that a biometric system will fail to clarify an enrollee, or verify the authentic claimed identity of an enrollee. Also known as a kind I error rate.
It is stated as follows:
FRR = NFR / NEIA or FRR = NFR / NEVA
where FRR is the false rejection rate
NFR is the number of false rejections
NEIA is the number of enrollee identification attempts
NEVA is the number of enrollee verification attempts
Crossover Error Rate (CER)
Represents the point at which the false reject rate = the false acceptance rate.
Stated in percentage
Good for comparing different biometrics systems
A system with a CER of 3 will be more accurate than a system with a CER of 4
BIOMETRICS USE IN INDUSTRY
Punjab National Bank (PNB) installed its first biometric ATM at a village in Gautam Budh Nagar (UP) to spread financial inclusion. “The move would help illiterate and semi-literate customers to do banking transaction any time.
Union Bank of India biometric smart cards launched. Hawkers and small traders could avail loan from the bank using the card.
In Coca-Cola Co., hand-scanning machines are used to replace the time card monitoring for the workers. In New Jersey and six other states, fingerprint scanners are now used to crack down on people claiming welfare benefits under two different names.
In Cook County, Illinois, a complex camera that analyzes the iris patterns of an individual’s eyeball is helping ensure that the right people are released from jail. At Purdue University in Indiana, the campus credit union is installing automated teller machines with a finger scanner that will eliminate the need for plastic bankcards and personal identification numbers.
MasterCard International Inc. and Visa USA Inc., the world’s two largest credit card companies, have begun to study the feasibility of using finger-scanning devices at the point of sale to verify that the card user is really the card holder. The scanners would compare fingerprints with biometric information stored on a microchip encased in the credit card.
Walt Disney World in Orlando has started taking hand scans of people who buy yearly passes. These visitors now must pass by a scanner when entering the park preventing them from lending their passes to other people.
The technology also received extensive attention at summer’s Olympic Games Atlanta, where 65,000 athletes, coaches and officials used a hand-scanning system to go into the Olympic Village.
Selection of Biometric Techniques:
There are a lot of decision factors for selecting a particular biometric technology for a specific application.
1. Economic Feasibility or Cost:-The cost of biometric system implementation has decreased recently; it is nevertheless a major obstacle for many companies. Traditional authentication systems, such as passwords and PIN, require comparatively little training, but this is not the case with the most commonly used biometric systems. Smooth operation of those systems requires training for both systems administrators and users.
2. Risk examination:-Error rates and the types of errors vary with the biometrics deployed and the circumstances of deployment. Certain types of errors, such as false matches, may present basic risks to business security, while other types of errors may reduce productivity and increase costs. Businesses planning biometrics implementation will need to consider the permissible error threshold.
3. Perception of Users:-Users generally view behavior-based biometrics such as voice recognition and identifying characteristics verification as less intrusive and less privacy-threatening than physiology-based biometrics.
4. TechnoSocio Feasibility:-Organizations should focus on the user-technology interface and the conditions in the organizational ecosystem that may influence the technology’s performance. The organization should create awareness among the users how to use the techniques and should conquer the psychological factors as user fears about the technology. Organization has to also consider the privacy rights of users while implementing the biometric techniques.
5. Security: Biometric techniques should have high security standards if they will be implemented in high obtain ecosystem. The biometric techniques should be evaluated on the basis of their features, possible risk and area of application, and placed under a comprehensive risk examination.
6. User friendly and social acceptability -Biometric techniques should be strong and user friendly to use and they should function dependably for a long period of time. The techniques should not divide the society into two group i.e. digital and non digital society.
7. Legal Feasibility-Government has to form a regulatory statutory framework for the use of biometric techniques in various commercial applications. It should form a standard regulatory framework for use of these techniques in commercial applications or transactions. If required the framework has to be regulated and changed time to time.
8. Privacy-As biometric techniques rely on personal physical characteristics, an act has to be made to protect the individual’s privacy data not to be used by other. A data protection law has to be produced in order to protect the person’s privacy data.
Criteria for evaluating biometric technologies.
The reliability and acceptance of a system depends on the effectiveness of the system, how the system is protected against unauthorized alteration, knowledge or use, how the systems provide solutions to the threats and its ability and effectiveness to clarify system’s abuses.
These biometric methods use data compression algorithms, protocols and codes. These algorithms can be classified in three categories:
o Statistical modeling methods,
o Dynamic programming,
o Neural networks.
The mathematical tools used in biometric procedure need to be evaluated. Mathematical examination and proofs of the algorithms need to be evaluated by experts on the particular fields. If algorithms implement “wrong” mathematics then the algorithms are wrong and the systems based on these algorithms are unprotected. If the algorithms used in the biometric methods have “leaks”, or if efficient decoding algorithms can be found then the biometric methods themselves are unprotected and consequently the systems based on these methods become unsafe.
Different algorithms offer different degrees of security, it depends on how hard they are to break. If the cost required to break an algorithm is greater than the value of the data then we are probably safe. In our case where biometric methods are used in financial transactions where a lot of money is involved it makes it worth it for an intruder to use the money for cryptanalysis.
The cryptographic algorithms or techniques used to implement the algorithms and protocols can be unprotected to attacks. Attacks can also be conceived against the protocols themselves or aged standard algorithms. consequently criteria should be set for the proper evaluation of the biometric methods addressing these theoretical concerns.
The evaluation of the biometric systems is based on their implementation. There are four basic steps in the implementation of the biometric systems which impose the formation of evaluative criteria.
o Capture of the users attribute.
o Template generation of the users attribute.
o Comparison of the input with the stored template for the empowered user.
o Decision on access acceptance or rejection.
Applications of biometric techniques
Biometrics is an emerging technology which has been widely used in different organization for the security purpose. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. It can be used during transactions conducted via telephone and Internet (electronic commerce and electronic banking). Due to increased security threats, many countries have started using biometrics for border control and national ID cards. The use of biometric identification or verification systems are widely used in different companies in addition as the government agencies. The applications where biometric technique has its presence are
o Identity cards and passports.
o Banking, using ATMs, Accessing Network Resource
o Physical access control of buildings, areas, doors and cars.
o Personal identification
o Equipment access control
o Electronic access to sets (e-banking, e-commerce)
o Travel and Transportation, Sporting Event
o Border control
o Banking and finance, Shopping Mall
o Airport security
o Cyber security
o Time Management in Organization
o Voice Recognition(Telebanking)
o Prison visitor monitoring system.
o Voting System
Prospects of Biometric Techniques:
The biometric industry is at an beginning stage in India, but is growing fast to capture the complete market. This technique is expanding both into private and public areas of application. Biometric applications need to interconnect to multiple devices and legacy applications. The industry market and consumer markets are adopting biometric technologies for increased security and convenience. With the decreasing price of biometric solutions and improved technology, more organization is coming forward to implement this technology. The without of a standard regulatory framework is a major drawback in implementing biometrics in organisation.It is not widely accepted by the users because some organization and society have the opinion that this technology is inappropriate and the privacy data of the users are lost. If proper regulatory framework is not established it will not be accepted by the organization in addition as by the user. The devices manufactured for biometric techniques has to comply with standards Increased IT spending in the government and financial sector offers better opportunities for such deployments. already though there are no global mandated or regulatory frame works as of now, they are expected to arrive very soon.
Standarad law and regulation will open a wide market for biometrics in electronic legal and commercial transactions.
The anti-terrorism act has introduced has a wide scope for the biometric techniques to be implemented.
Consumer privacy data has to be protected in order to be widely accepted by the user.
Integration of biometric with different legacy application and hardware.
Biometric technique has a great need in the telecommunication domain.
The notebook and laptop manufacturer has already implemented the biometric techniques like finger printing for the enhancement of the security.
The biometric industry must address major challenges related to performance, real-world utility, and possible privacy impact in order for biometrics to reach their complete possible
Many companies are also implementing biometric technologies to obtain areas, continue time records, and enhance user convenience.
An interesting biometric application is linking biometrics to credit cards.
Other financial transactions could assistance from biometrics, e.g., voice verification when banking by phone, fingerprint validation for e-commerce, etc. The market is huge, and covers a very wide range of hardware, applications and sets.
The future of this technology is booming. With the rapid increase of fraud and theft in commercial transaction; it is a great concern for the organization to use biometric as meaningful instrument in eliminating the fraud and flaws in the traditional security approach. Both businesses and consumers are eager for greater security in commercial transactions. The technology is increasingly reliable and affordable, and the question of the legal enforceability of electronic contracts is settled. While consumers recognize the benefits of biometric authentication, they are reluctant to fully accept the technology without adequate assurances that companies will keep their biometric information secret and unprotected to various safeguards and the existing law provides a limited measure of protection for biometric information so greater protection should be offered to consumers so that their personal information is not misused. Biometrics will play vital roles in the next generation of automatic identification system. Biometric identifiers must be considered when implementing a biometric-based identification system. The applicability of specific biometric techniques depends heavily on the application domain. Biometrics must be implemented properly to be effective and the consequences considered. Biometrics will become increasingly common in day-to-day activities where proper identification is required. The real future of the technology lies in creating a biometric trust infrastructure that allows private sector and the public sector to manager security needs. Ultimately, such an infrastructure would allow people to move to various locations worldwide while maintaining their security clearance as defined by their physiological and behavioral identities.