You are here: Resources > FIDIS Deliverables > HighTechID > D3.2: A study on PKI and biometrics > 

D3.2: A study on PKI and biometrics

Introduction  Title:
BIOMETRIC METHODOLOGIES
 Physiological (or Passive) Methods

 

Biometric Methodologies

Though the field of biometrics is still in its infancy, it is believed that it will play a critical role in future applications, with special focus on security. Biometrics can offer a number of advantages to various applications, such as electronic commerce, entertainment, access to restricted resources, financial transactions, fight against terrorism, law enforcement, network security, surveillance in airports. These technologies can either replace existing ways of identification and authentication or play a complementary role to the traditional ways, such as PINs, smart cards and passwords.  

Several types of biometric identification schemes exist, including:

  • Face: analyses facial human characteristics

  • Voice: analyses the tone, pitch, cadence and frequency of a person’s voice

  • Fingerprint: analyses an individual’s unique fingerprints

  • Hand geometry: analyses the shape of the hand and the length of the fingers

  • Iris: analyses the coloured ring surrounding the pupil of the eye

  • Retina: analyses the capillary vessels at the back of the eye

  • Vein: analyses the patterns of veins, traces and shapes in the back of the hand and the wrist using infra-red light

  • Signature: analysis of the way in which a person signs their name

  • Keystroke dynamics: analysis of the way a person types

The increasing use of biometric technologies however raises questions about their impact on privacy in the public sector, in the workplace, and at home. Privacy mainly refers to every individual’s right to choose and control the use and disclosure of their identity, including their biometrics.

The term biometrics derives from the Greek words ‘bios’, which means life, and ‘metrikos’, which means measure. Hence technologies involving biometrics aim primarily at identifying a person’s particular unique features, either physiological or behavioural.

Biometrics can be distinguished into two major categories; physiological (or passive) and behavioural (or active) biometrics. Physiological biometrics refer to human characteristics which are fixed or stable such as fingerprints, hand geometry, iris pattern and, within biometrics technology, facial image and voice patterns. Behavioural biometrics measure characteristics represented by skills or functions performed by an individual at a specific time for a specific reason, for example a signature or keystroke dynamics. Biometric technologies can also be categorised as static, dynamic, or continual. “Static” refers to measurement of a trait that requires no action at the time of verification. “Dynamic” refers to measurement of a trait while an action is taking place. A written signature, for example, can be measured statically or dynamically, i.e. by examining only the written signature after it has been written or by observing the actual process of signing.

A biometric system is used either to identify or verify a person. Identification is the process of comparing a biometric data sample against all those enrolled in the database with their respective biometric data (reference template) in order to find the identity of the person trying to access the system. Verification however involves the process of comparing a biometric data sample against a single reference template of a particular enrolled individual in order to confirm the identity of that person. When a biometric system correctly identifies a person, then the result of the identification process is a true positive, whereas if the system correctly rejects a person as not matching the person, the result is a true negative.

A series of measures have been set as an attempt to define biometric system performance although these are yet to be enshrined in any International Standard. Biometric systems’ performance is usually estimated by the values of the False Acceptance Rate (FAR) and the False Rejection Rate (FRR). FAR refers to the incorrect identification or verification of an unauthorised individual which is considered to be the most serious security error of a biometric system. FRR refers to failure of the system to identify or verify an authorised individual.

Consequently, the FAR measures the likelihood that a biometric system will produce false acceptance, while the FRR measures the likelihood that a biometric system will produce false rejection, both divided by the number of identification attempts. Obviously, both parameters should be low if the system is to offer adequate security levels and avoid user frustration from repeated or irregular rejection respectively. It should be noted however that although the compilation of comparative evaluations to provide some relative indication are possible, little may be known concerning the conditions under which each set of FAR/FRRs was derived, and thus true comparison is proven to be a rather difficult task. Present day biometric sensors claim FARs as low as 0.0001% but practical experience shows levels at a much higher level. There is usually a trade-off between these two values since the FAR and FRR are generally mutually exclusive, i.e. if the FAR is raised then the FRR is lowered and vice-versa.

Two other measures used in biometrics systems are the Failure to Enrol Rate (FTR), which refers to the ability of the system to enrol a biometric for a user, and the Equal Error Rate (EER), which refers to the cross over point when FRR=FAR. 

There are two basic concerns regarding these technologies: the error tolerance and the storage of the templates. The setting of the error tolerance of these systems is critical to their performance. Ideally, False Rejection and False Acceptance errors should be low and the manufacturers should quote them both. FAR and FRR are two measurements which can produce widely varying results dependent on the environmental issues, such as physical location, type of user, and security level setting. 

Another factor that may affect the FTR is if, for example, biometric data for Keyboard Dynamics is collated from users that use a keyboard in their current login process and is tested with random users, you could reveal two results. A FTR of 0 would result if 100% of the users type on a keyboard in their day-to­day work compared with a random sample of people off the street who may or may not have ever used a keyboard. It is possible that 2 out of a hundred people may fit this profile and therefore produce a FTR of 2%. 

Single biometric indicators have to contend with noisy sensor data, restricted degrees of freedom, non-universality of the biometric trait and in some cases unacceptable error rates. Certainly fingerprinting, iris scans, and face recognition are cutting-edge identification technologies, although none alone is infallible, see section . Multi-biometric systems however can alleviate these drawbacks, combat spoofing, and increase performance by providing multiple evidences of the same identity.

 

Two general uses of biometrics can be determined [AMB03]:  

 

  1. Identification 

  2. Verification of Identity 

 

In both cases reference data are needed to perform the recognition. While in the case of identification the person from which the biometric data is taken is not known and therefore the whole reference database has to be checked (1:n), in the case of verification the biometric data is checked against one reference data set (1:1). Verification is mainly used for access control.

 

Biometric methods can be divided into two general classes [AMB03]: 

 

  1. Physiological (or passive) methods 

  2. Behavioural (or active) methods 

 

The following chapter gives an overview on current biometric methods without trying to be totally comprehensive. Methods which are experimental, not ready for market or which show severe restriction in their use as a primarily method for identification are not introduced. Among those methods are: 

 

  • Physiological methods 

    • Retina scan 

    • Vein pattern 

    • Ear prints 

    • Etc. 

  • Behavioural methods 

    • Behaviour of sitting 

    • Voice recognition 

    • Movement of the lips 

    • Gait (the way one walks) 

    • Etc. 

 

 

 

 

Introduction  fidis-wp3-del3.2.study_on_PKI_and_biometrics_03.sxw  Physiological (or Passive) Methods
Denis Royer 18 / 40