Biometric Technologies: Advantages and Disadvantages

Biometric Technologies Advantages and DisadvantagesAbstract there have two aims of this project.Firstly is to provide an objective analysis of acquircapable biometric technologies, to identify their strengths and weaknesses and to investigate a broad range of application scenario in where biometric techniques ar better than traditional recognition and assay method.A nonher aim is to initiate a product. Now a solar day about of the online banking and financial organization be trying to convert their existing online banking in scatter source umber or in most different open source platform, so that it could be much reliable, secure and difficult for the hacker to hack much(prenominal) open source management clay. Most of the systems atomic number 18 still using the login ID and password typing functionality which is not secure at each(prenominal) as any(prenominal)body foot secure password by using a hidden Keystroke logger or same this sort of software and another problem is substance ab white plaguer pauperization to repute so umpteen password and designr ID for different web services. From a statistical observation it found that more than 70% mass write wipe out their Username and password, which commode be stolen, lost and stool be misuse by others. If the organizations could integrate secure riffprint or any other biometrics built in functionality so it could be more secure, reliable, easier and hassle free for the user.To get ride from such(prenominal) problem I have tried to develop such a model of secure web service integrating with fingerprint recognition where users no need to remember or insert anymore user name or password. Although in that location has lots of password replacement fingerprint software available in the market moreover as my k outrightledge such software doesnt work for completely platform independent (Java found) secure web service. I have used platform-independent Java 2 Platform Enterprise editio n (J2EE), Netbean, Jboss server, sql selective information base and open source bio-sdk to develop this model.PrefaceAlthough this web service has integrated only with the fingerprint functionality due to limitations of hardware and other resources but in here has critically investigate about the strengths and the trade protection hole of other biometric functionality, so that in future such biometrics functionality can be imply.Another constraint with regard to this report is conviction. To provide more strength and security department for that system, many features could be added like development of better algorithm to press the security hole of the fingerprint software. To cope with the succession changes are an inevitable part of the software or web service development but many have been entirely avoided in this theatrical role as they would not have added any value to the principal exercise of this project.Problem Areas for that Project biometrics is a young technology, therefore relative hardware is not that available in the local market and they are so expensive to buy slightlybodyally.Unfortunately there is no biometrics hardware in the CMSs hardware lab. As well as there is no biometrics software or equipment. It was requested to buy some hardware for this thesis purpose but unfortunately the university was not agree to buy or manage anything which is related to biometrics.Many companies of this biometrics pass alongle were requested somebodyally to help or give information regarding their product but they denied for the marketing reason. in that respect was no biometrics related books in the university library. save the library was unable to provide.So without any technical and theoretical support it was really hard to gain new(a) idea and to make a new product which is related to the biometrics.Some biometrics hardware has been bought personally for this thesis. With the extraordinary help, advice and encourage from the supervisor this work has been done.Section One Background Literature of BiometricsChapter 2Background Literature of BiometricsNow a day biometrics is a well cognize term in the information technology. The profligate of the word biometrics comes from Greek language. Bio means cargo hold and metrics means measurement. So the biometrics is related to the measurement of a living thing. But in the information technology it means an automated mold where a human is recognised or identified using his/her physiological or behavioural signs. The ad hoc physiological distinctions is collected, quantified, calculated, compared with the previous stored characteristic and decided. So it is the process for the appellative not any innovation.2.1 A short history of biometricsIn the normal life a person has been recognised or identified based on face, body structure, height, colour, hair etc. So in that sense the history of biometrics identifiers or characteristics is as old as mankind history. In the anci ent East Asia, plotters used their fingerprint on their products which is the identification of individual. In the ancient Egypt the people use some characteristics such as complexion, eye colour, hair, height to identify trusted traders. But for a long eon biometrics had not been considered as a field of study.At the late 1880, the biometrics gained the interest as a field of study. The credit was Alphonse Bertillon who was an anthropologist and police clerk. He was tried to identify convicted pitiful to others. He initiative discovered and mentioned that some physical measurement of an adult human is invariant of time. These cabals of measurements are different to human to human. So these measurements can be used to recognize an individual from other (Scottish Criminal Record Office, 2002a). His theory was known as Bertillonage or anthropometry. That time his theory was appreciated and thought to be well established. The main(prenominal) measurements which he suggested are gi ven in the picture 2.1. But in the year 1903, it was found that his theory was wrong for the identical twins. That time an identical twin was found, according to his theory they are single person. So the new theory or new characteristics were looking for the identification.It was state that Sir Edward Henry was the first who interested on finger print for the purpose of identification. He was an Inspector General of Bengal police. In 1986, he ordered to record the prisoners fingerprint as an identification measurement. He tried to introduce the classification system of the fingerprint. In the year 1901, Sir Henry was joined as Assistant Commissioner of the Scotland Yard. After wherefore a finger print bureau was established. That time the failure of the anthropometry system made the finger print system well known. Finger print system was started to use for the purpose of identification of a person. The system is used as same way still today.Automated system to read finger print was first introduced in the early on 1970s. The first finger-print measurement gubbins was first used in 1972 which was known as Identimeter. This device was used at Shearson Hamil named Wall Street Company. The purpose of this device was time keeping and monitoring.Day after day the interest of this biometric system was addd. The decrease of the hardware cost of the computer and improvement of the algorithm increase the research of the biometrics.2.2 Biometric characteristics2.2.1 General requirements for a characteristic using as a biometric identifierIn the biometric history section, it has been discussed that several characteristics were consider as an identifier of human. But many of them were rejected. tally to the Amberg 2003, if a characteristic can be considered as an identifier for the biometric purpose then it should mitigate some requirements such as university (Every human should have that characteristics), uniqueness (That characteristic should be different person to person), permanence (that characteristic should be permanent) and collect ability (that characteristic should be able to collect and that should excessively be measurable). There are some additional requirement can be applied with a these requirement such as performance (It trueness should be high, it should need minimum resources), acceptability (it should be accept everywhere and it should also be acceptable to the future users), fraud resistance (It should have higher security level and can be resistance to fraudulent), cost effective (it users benefit should be many times higher then its using cost).2.2.2 Classification of the characteristics which can be used as biometric identifiersBiometrics characteristics or identifiers can be categorized into two groups. They are Physiological event and Behavioural tint.Physiological type This type of characteristics is related to human body or anatomy. Finger print reading, DNA analysis and face of individual which are frequently used as biometric identifiers of this type. The use of retina and the iris pass on be prospective future. This type pf characteristic can be carve up as genotype and phenotype. A group of people can have the same genotype characteristics. Blood group, DNA analysis these are the two most commonly used genotype characteristics. In differentiate to genotype characteristics, phenotype characteristics can be having only single individual, so this type of characteristics is different from person to person. Finger print, retina and iris are this type of characteristic.Behavioural Characteristics This type of the characteristic is related to human behaviour. Signature is the most commonly used characteristics of this type. Human voice analysis and key stoke is another two characteristics which are now also be used. This kind of characteristics is the indirect measurement of the human body. This type of characteristics has been learned or trained therefore these can be different from time to time. But when a human reach in a certain age, the change of behaviour is negligible, therefore these type characteristic used as identifiers. In the 2.2 the frequently used biometrics characteristics have been shown.2.2.3 Contrast of the biometrics characteristicsA contrast of biometrics characteristics has been given in the table 2.1.Table 2.1 A contrast of the biometrics characteristics ( Jainiste et al. 1999)From the table 2.1, it has been said that the physiological characteristics have the better performance then the behavioural characteristics.From the table 2.1, it has also been seen that some biometrics trait can be regarded more universal, unique and permanent then the other. Such as Iris, DNA, body odour and finger print. But the Iris, DNA and body odour are promising, they need future research and Experiment. Their cost is high, so they are not cost effective. So, now in present the finger print is one of the most accepted biometric traits.2.3 Establish IdentityNow a da y society has been changed significantly. In the past, everyone of a community knew everyone. But now a day, globalization has been changed the situation. Peoples are now interconnected electronically. They are mobile all around the world. So establishing identity is one of the most important task.2.3.1 Resolving identity of an individualThere are two fundamental problems occurs for this purpose. They are authentication and identification.Authentication problem This problem is also known as verification. This problem arises to confirm or denied anyones asserted identity. When any person claimed an identity then this ope ration process required a comparison. The comparison occurs between submitted biometric samples and the stored samples for the claimed identity. This process is called a one to one comparison. For an example an ambience (automatic teller machine) can be considered. For ATM machine the authentication problem has been solved in a two stages process. First stage is to possess a valid ATM card. The second stage is to know the PIN (Personal Identification Number). If anyone know the other persons PIN and possess his/her correspondence ATM card then that person can claimed the identity of the original ATM card owner identity. This kind of fraud activities have been increasing day after day. According to Jain Et Al, 1999, In 1996 ATM associated swindle activities valued in USA 3 billion US dollar. In the other hand biometrics system promotes a system which can overcome this authentication problem.Recognition problem This is also known as identification problem. This problem occurs when a person has been identified from a set template of selective informationbase. In this problem the persons data has been compared against the data from the database. It is one to many system. An example would help to clear the concept. To identify a criminal a law en take officials some time lifted finger print or other data from the crime scene. After then they compa re the data with the stored data of known criminal. By this way they might be able to identify the criminal.According to the UK Biometrics Working Group (2002), all the biometric matters does not include in the title of verification and identification. Therefore one-third more pair of terms has been introduced. These three pairs are (1) Positive claim of identity and negative claim of identity, (2) expressed claim of identity and implicit claim of identity, and (3) Genuine claim of identity and imposter claim of identity.Positive claim of identity is also known as positive identification. In this process the claimed persons identity should have to be enrolled before and known to the system. An example would help to acquire the process. An online email account customer enters his or her login name and password into the system, the system compared the combination of these two against a set of data where customer data has been stored before. If the combination of the login name and password has been matched then the user has been verified. The process needs only the login and pass word nothing else. So the email provider does not know who is actually using the account. banish claim of identity has been known as negative identification. In this process the claimed persons identity has not been stored before. So the claimed person can enters only one time, after entering his/her identity has been stored in the system and he or she cannot enters again. Such kind of example is American Social Security. According to the Jain Et Al, 1999, around a billon of US dollar has been taken away annually by using multiple identities from the social security welfare in USA.In the case of Explicit Claim of Identity, a person unambiguously declares his identity to the system. The claim may be negative claim or positive claim. His/ her submitted identity has been compared with the stored data in one to one comparison. (One to one comparison has been described in the authenticat ion section). Using ATM card is an example of the positive explicit claim of identity. To realize the negative explicit claim of identity, consider an air port where the face recognition system has been established. If a passenger is similar to a known terrorist person then the system would raise the alarm. Then the passenger needs to claim the explicit negative claim of identity. So the passengers other identity such as finger print, iris etch has been compared against that known terrorist in one to one basis comparison.Implicit claim of identity can be positive or negative claim. In this process a persons identity has been compared in one to many comparison basis against all stored identities.When anyone claims an honest claim to be himself or herself then it is called the genuine claim of identity (UK Biometric Working Group, 2002). In this case his / her identity has been truly matched with the stored identity.Imposter Claim of Identity is the process where anyone claims to be person else is deceit or false (UK Biometric Working Group, 2002). In this case submitted identity does not match with the stored identity.2.3.2 Verification TechniqueAccording to the Mitnick, 2002, the Verification technique can be divided into three types. They are (1) Knowledge based verification technique, (2) Token based verification technique and (3) Biometric based verification technique.Knowledge based verification systemIn this process some information has been used, that information is secret (combination of pass word/PIN/Memorable words etc), usually the person of the original identity has been supposed to be acquainted with secret information. People may travel from distance to distance, so that their memorable secret information pull up stakes be with them. So it can be said that it will be suitable to use from a distance or remote place.But this type of authentication has some serious drawbacks. By using Trojan horses and Spywares a hacker can know the others secret i nformation. Trojan horses and Spy wares are able to send the key stoke as email. So this knowledge based verification is not a secure system. Most of the times people use their known name as secret information for the knowledge based verification system. So, it might be realizable for the others to guess. Sometimes people do not change their secret information in the knowledge based verification system for a long time. Their secret information is not secure. Sometimes they keep their initial secret information, so that it might be easy to hack. Many types of hacking methods have been developed such as dictionary attack, Hybrid methods, brute force attack etc.In comparison to other technologies, this is cheap and has a large level of security stage.Token based verification systemIn this system the claimed identity person should have something which should be used with the secret information. ATM card is an example of the token based verification system. It can be said that it is mor e secure then the knowledge based verification process because if the token has been lost or stolen then its user can notify.Biometric verification systemIn this system users biometric distinguishing characteristics such as finger print, face, signature, etc have been used which represents the users appearance. These characteristics are moved with the users they are more secure compare to the other two systems. It is quite impossible to use by the unauthorized person. But this system is relatively costly.Actually no system is fully secure. All of the three systems have some serious drawbacks. Secret information can be hacked, unauthorised person can stole the token and use that and it is also possible to copy biometric information and later replay those (Woodward Et Al. 2003). In order to counter these drawbacks, multiple verification systems can be used. ATM card is an example of the combination of knowledge based verification system and token based verification system. If in the f uture, the iris scanner is available then it will be more secure if iris scanner has been used with the ATM card.2.4 The components of a general biometric system and their functionA general biometric system can be divided into five subsystems. They are (1) Data acquisition system, (2) Data transmission system, (3) Signal impact system, (4) Data storage system and (5) Decision making system. In the 2.2 a general biometric system has been shown.Data acquisition system It has been assumed that every biometric system has two characteristics. They are uniqueness and repeatability. Uniqueness represents that every persons biometric trait is different. It will not be same for the two persons. The repeatability represents that the biometric trait will be same over time. In this acquisition system the sensors measure the users biometric characteristics. These characteristics are said as samples which have definite attributes. The type of presentation and the reader quality can affect the sa mple qualities.Data Transmission system Most of the cases the data collection and processing is not at the same location. So there is a one subsystem which function is to transfer the data. In the data transmission system, densification and expansion has been functioned depend on the size of the sample. The standard protocol has been used for compression and expansion. When the facial image has been sent JPEG format has been used. WSQ format has been used for transferring the data of fingerprint and CELP format has been used for the voice.Data processing system there are three parts of signal processing system. They are (1) feature extraction section (2) quality control section, and (3) purpose matching section. At the extraction section the appropriate biometric data has been split from the background information of the sample. This process is called segmentation. For an example, in a face detection system facial image has been separated from the wall or other back ground. After the extraction the quality has been checked. If the quality of the data is very poor then another sample has been asked. After this section, the pattern matching process has been started. After then the stopping point making section. have data from the pattern matching section has been stored to the storage section depends on the function of the overall biometric section.Data storage section From the pattern matching section, some featured of data has been stored as data storage section as template. The main purpose is to compare with the incoming feature. If the overall system is based on one to one matching then the data storage section can be decentralized but if the overall system has been functioned for the one to many matching then the central data base has been needed.Decision making system Quality score and the matching score have been sent to the finding making section from the processing section. The finding making system decide the sample has been accepted or denied. T he policy is specific depends on the system security expectation. If the number of false non match incident has been increased then the number of false match will be decreased.2.5 Performance of a biometric systemThe main focus of a biometric system is to ensure the security where only the authorised used can be accepted and non authorised users are denied. The system processing speed is usually given to less priority. The main considerable factors of a biometric system are mainly described by some terms such as Failure to En-roll Rate (FTE), Failure to Acquire Rate (FTA), dour Acceptance rate (FAR), specious Rejection rate (FRR), dark consort Rate (FMR), sour Non Match Rate (FNMR) etc.False Match Rate (FMR) This represents the serious type of fault of a biometric system. This occurs when an authorised users biometric information match to an unauthorised persons identity. In this case the signal processing system produces a high matching score of a non corresponding template.Fa lse Non Match Rate (FNMR) In this case the authorised persons biometric features are unable to produce enough high matching score to qualify. This is the opposite of FMR. One of the main reasons of FNMR is partially less quality of the biometric features. relation of FMR and FNMR for the different biometric system The main aim of a biometric security system is to reduce the rate of False Match Rate (FMR). On the other hand if the False Non Match Rate can be reduced then the system will be more fast and reliable. But all the time there is a relationship between FMR and FNMR. In the 2.4, relationships have been shown for different biometric system. Higher False Match Rate (FMR) is not acceptable, but for the low FMR the False Non Match Rate (FNMR) is considerably higher in every system.Failure to En-roll Rate (FTE) Sometimes the biometric system cannot make a valid template for some users. Although biometric characteristics are universal but some case there are differences. For an exa mple for a very low number of peoples finger print cannot be enrolled in the system such person who use their hands aggressively such as construction workers or carpenter. So Failure to En-roll rate is the ratio of the number of the people whose biometric features cannot be enrolled to system to the number of the total person who use the system. In the 2.5 a practical test dissolving agent has been shown where Failure to En-roll (FTE) has been measured for the different system (Mansfield Et Al.2001).Failure to Acquire Rate (FTA) Sometimes the system cannot acquire data of the desired quality due to the readers/sensors, instrumental problem, environmental problem, affray level of data, background data etc. Simply Failure to Acquire Rate (FAR) represents those biometric sample which cannot get high quality score to go the decision making section.False Acceptance Rate (FAR) and False Rejection Rate (FRR) these two terms are related to the False Match Rate and False Non Match Rate. Fa lse Acceptance Rate (FAR) and False Rejection Rate (FRR) are related to the whole biometric system. On the other hand the False Match Rate and the False Non Match rate are related to the single matching process. So in the case of FAR and FRR, Failure to Acquire Rate of the system should be included. According to Mansfield Et Al.2001, relationships can concluded as followFAR () = (1-FTA) FMR ()FRR () = (1-FTA) FNMR () + FTAHere, FAR- False Acceptance Rate- Decision thresholdFTA- Failure to Acquire RateFMR- False Match RateFRR- False Rejection RateFNMR- False Non Matching RateEach point of the receiver operating characteristics (ROC) curves is corresponded to a definite threshold decision making score which has a particular False Rejection Rate and False Acceptance Rate. For the Forensic purpose, False Rejection Rate should be lowest and for the high security access purpose, False Acceptance Rate should be lowest.Section Two Biometric Technology2.1 Physiological BiometricIn this secti on has mentioned about the pattern of fingerprint, hand geometry, pattern of iris, facial, retinal and vascular characteristics as a possible biometric identifier.2.1.1 Fingerprint PatternFingerprint is the oldest, popular and definitely the most widely publicly acceptable originate biometric identifiers. It perfectly meets the necessary criteria for of a biometric identifier like universality, distinctively, persistent and collectability.They are impressions of the friction ridges on the surface of the hand. In the most application and in this thesis as well, the primary concern is focused on the ridges located above the end joints of fingers. However, in certain forensic applications, the area of importance is broader including the fingers, the palm and the writers palm (WOODWARD ET AL. 2003).Since early 1970 Federal Bureau of Investigation (FBI) has initiated extensive research and development efforts on fingerprint identification. Their main aim was to invent an automated finge rprint identification system (AFIS), so that it could be helpful for forensic purposes (RUGGLES 1996).2.1.1.1 Feature and TechnologyThere are two main elements in fingerprint matching technique firstly minutiae matching and secondly pattern matching.In the bellows shows regarding the primary technique that analyzes basic minutia typesMacroscopic overview, universal pattern matching, focus on the integral go down of ridges -these could be categorized into three groups loops, whorls and arches. Every individual fingerprint should be fit into one of these three categories that shown in the bellowsNow a day most of the application depends on the minutiae matching. If a fingerprint scan device capture a typical fingerprint image then there could be identify around 30 to 60 minutia patterns. Federal Bureau of Investigation (FBI) has confirmed that it is not possible for two individuals, even for monozygotic twins also to have more than eight common minutiae. For matching minutiae are ex amine with type, shape, co-ordinate location (x,y) and direction. In the bellows has shown about the automated minutiae matching process based on these attributesIn the above describes a case in where the input image (in left) is trying to match against a stored template (in right). 39 minutiae were spy in the input, while the template contained 42 different minutiae. The matching algorithm identified 36 matching data points.(Source Prabhakar 2001)In the above , inputted image (in left) has detected 64 minutiae while in the template (in right) contain 65 different minutiae. The algorithm identified 25 completely non-matching data points.There need a scanning or capture device to obtain such images. Since 1970s, lots of researches have been done to develop and improve such devices. As a result optical, capacitive, ultrasonic, thermoelectric, radio frequency and touch less scanners has invented and now a day most of them become less expensive and available in the market.Optical devi ce / scanner The first method to capture the fingerprint image was the optical scanning technique. Frustrated total internal reflection is the main principle of the functioning of such scanner. In that case the finger is placed on the glass platen and illuminated by the laser light. The surface of the finger reflects certain amounts of light depending on the depth of the ridges and valleys and then reflectance is captured by a CCD (charge-coupled device) camera that constitutes of an array of light sensitive diodes called photosites (OGORMAN 1999).The big advantage of such device is they are cheaper among all of the automated biometric devices and also available in the local market. The disadvantage for such device is it could be easily fooled by impostors. The latent fingerprint left on the scanning surface, its a big drawback of such device as anybody can collect the latent fingerprint image from there to spoof.Optical Scanner digital Persona has used to integrate the fingerprint scanning support for the product of that project are using popular U.are.U fingerprint recognition systems depicted in the below . In October 2003, the US Department of Defence has chosen digital persona scanner to secure network security at desktops in its offices in Washington, D.C. (digital persona 2009).Capacitive Scanner / devices since their first appearance in 1990, such devices have become very popular. A capacitive scanner is a solidness device, which incorporates a sensing surface composed of an array of about 100.000 conductive plates over which lies a dielectric surface. When a user touches the sensor, the human skin acts as the other side of the array of capacitors. The measurement of voltage at a capacitor decreases with the growing distance between the plates. Therefore, the capacitance measured at the ridges of a fingerprint will be higher than the capacitance measured at the valleys. These measurements are then analyzed in a way similar to a sonar scan of the ocea n bottom, resulting in a video signal depicting the surface of the fingerprint (OGORMAN 1999).The advantage of capacitive scanners is its very high accuracy rate. Another big advantages that they are much harder to fool than optical scanners since the process requires living tissue. As the users need to touch the silicon chip itself, solid-state scanners are susceptible to electrostatic discharge (ESD). Recent chip designs were specifically developed to withstand high levels of ESD and frequent handling. modern capacitive device manufacturer like Veridicom claims that their chips will survive around 1 million touches (Ryan 2002).Thermoelectric device It is silicon based. It measures the difference of temperature between the ridges touching the surface of the sensor and the valleys distant from them (OGorman 1999).Although thermic scanning is very promising but it is still an uncommon method. A company named Atmel proponents of this technique. It uses finger sweep method to capture f ingerprint in a tiny si