Resources
- Identity Use Cases & Scenarios.
- FIDIS Deliverables.
- Identity of Identity.
- Interoperability.
- Profiling.
- Forensic Implications.
- HighTechID.
- D3.1: Overview on IMS.
- D3.2: A study on PKI and biometrics.
- D3.3: Study on Mobile Identity Management.
- D3.5: Workshop on ID-Documents.
- D3.6: Study on ID Documents.
- D3.7: A Structured Collection on RFID Literature.
- D3.8: Study on protocols with respect to identity and identification – an insight on network protocols and privacy-aware communication.
- D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management.
- D3.10: Biometrics in identity management.
- D3.11: Report on the Maintenance of the IMS Database.
- D3.15: Report on the Maintenance of the ISM Database.
- D3.17: Identity Management Systems – recent developments.
- D12.1: Integrated Workshop on Emerging AmI Technologies.
- D12.2: Study on Emerging AmI Technologies.
- D12.3: A Holistic Privacy Framework for RFID Applications.
- D12.4: Integrated Workshop on Emerging AmI.
- D12.5: Use cases and scenarios of emerging technologies.
- D12.6: A Study on ICT Implants.
- D12.7: Identity-related Crime in Europe – Big Problem or Big Hype?.
- D12.10: Normality Mining: Results from a Tracking Study.
- Privacy and legal-social content.
- Mobility and Identity.
- Other.
- IDIS Journal.
- FIDIS Interactive.
- Press & Events.
- In-House Journal.
- Booklets
- Identity in a Networked World.
- Identity R/Evolution.
D3.2: A study on PKI and biometrics
Though the field of biometrics is still in its infancy, it is believed that it will play a critical role in future applications, with special focus on security. Biometrics can offer a number of advantages to various applications, such as electronic commerce, entertainment, access to restricted resources, financial transactions, fight against terrorism, law enforcement, network security, surveillance in airports. These technologies can either replace existing ways of identification and authentication or play a complementary role to the traditional ways, such as PINs, smart cards and passwords.
Several types of biometric identification schemes exist, including:
Face: analyses facial human characteristics
Voice: analyses the tone, pitch, cadence and frequency of a person’s voice
Fingerprint: analyses an individual’s unique fingerprints
Hand geometry: analyses the shape of the hand and the length of the fingers
Iris: analyses the coloured ring surrounding the pupil of the eye
Retina: analyses the capillary vessels at the back of the eye
Vein: analyses the patterns of veins, traces and shapes in the back of the hand and the wrist using infra-red light
Signature: analysis of the way in which a person signs their name
Keystroke dynamics: analysis of the way a person types
The increasing use of biometric technologies however raises questions about their impact on privacy in the public sector, in the workplace, and at home. Privacy mainly refers to every individual’s right to choose and control the use and disclosure of their identity, including their biometrics.
The term biometrics derives from the Greek words ‘bios’, which means life, and ‘metrikos’, which means measure. Hence technologies involving biometrics aim primarily at identifying a person’s particular unique features, either physiological or behavioural.
Biometrics can be distinguished into two major categories; physiological (or passive) and behavioural (or active) biometrics. Physiological biometrics refer to human characteristics which are fixed or stable such as fingerprints, hand geometry, iris pattern and, within biometrics technology, facial image and voice patterns. Behavioural biometrics measure characteristics represented by skills or functions performed by an individual at a specific time for a specific reason, for example a signature or keystroke dynamics. Biometric technologies can also be categorised as static, dynamic, or continual. “Static” refers to measurement of a trait that requires no action at the time of verification. “Dynamic” refers to measurement of a trait while an action is taking place. A written signature, for example, can be measured statically or dynamically, i.e. by examining only the written signature after it has been written or by observing the actual process of signing.
A biometric system is used either to identify or verify a person. Identification is the process of comparing a biometric data sample against all those enrolled in the database with their respective biometric data (reference template) in order to find the identity of the person trying to access the system. Verification however involves the process of comparing a biometric data sample against a single reference template of a particular enrolled individual in order to confirm the identity of that person. When a biometric system correctly identifies a person, then the result of the identification process is a true positive, whereas if the system correctly rejects a person as not matching the person, the result is a true negative.
A series of measures have been set as an attempt to define biometric system performance although these are yet to be enshrined in any International Standard. Biometric systems’ performance is usually estimated by the values of the False Acceptance Rate (FAR) and the False Rejection Rate (FRR). FAR refers to the incorrect identification or verification of an unauthorised individual which is considered to be the most serious security error of a biometric system. FRR refers to failure of the system to identify or verify an authorised individual.
Consequently, the FAR measures the likelihood that a biometric system will produce false acceptance, while the FRR measures the likelihood that a biometric system will produce false rejection, both divided by the number of identification attempts. Obviously, both parameters should be low if the system is to offer adequate security levels and avoid user frustration from repeated or irregular rejection respectively. It should be noted however that although the compilation of comparative evaluations to provide some relative indication are possible, little may be known concerning the conditions under which each set of FAR/FRRs was derived, and thus true comparison is proven to be a rather difficult task. Present day biometric sensors claim FARs as low as 0.0001% but practical experience shows levels at a much higher level. There is usually a trade-off between these two values since the FAR and FRR are generally mutually exclusive, i.e. if the FAR is raised then the FRR is lowered and vice-versa.
Two other measures used in biometrics systems are the Failure to Enrol Rate (FTR), which refers to the ability of the system to enrol a biometric for a user, and the Equal Error Rate (EER), which refers to the cross over point when FRR=FAR.
There are two basic concerns regarding these technologies: the error tolerance and the storage of the templates. The setting of the error tolerance of these systems is critical to their performance. Ideally, False Rejection and False Acceptance errors should be low and the manufacturers should quote them both. FAR and FRR are two measurements which can produce widely varying results dependent on the environmental issues, such as physical location, type of user, and security level setting.
Another factor that may affect the FTR is if, for example, biometric data for Keyboard Dynamics is collated from users that use a keyboard in their current login process and is tested with random users, you could reveal two results. A FTR of 0 would result if 100% of the users type on a keyboard in their day-today work compared with a random sample of people off the street who may or may not have ever used a keyboard. It is possible that 2 out of a hundred people may fit this profile and therefore produce a FTR of 2%.
Single biometric indicators have to contend with noisy sensor data, restricted degrees of freedom, non-universality of the biometric trait and in some cases unacceptable error rates. Certainly fingerprinting, iris scans, and face recognition are cutting-edge identification technologies, although none alone is infallible, see section . Multi-biometric systems however can alleviate these drawbacks, combat spoofing, and increase performance by providing multiple evidences of the same identity.
Two general uses of biometrics can be determined [AMB03]:
Identification
Verification of Identity
In both cases reference data are needed to perform the recognition. While in the case of identification the person from which the biometric data is taken is not known and therefore the whole reference database has to be checked (1:n), in the case of verification the biometric data is checked against one reference data set (1:1). Verification is mainly used for access control.
Biometric methods can be divided into two general classes [AMB03]:
Physiological (or passive) methods
Behavioural (or active) methods
The following chapter gives an overview on current biometric methods without trying to be totally comprehensive. Methods which are experimental, not ready for market or which show severe restriction in their use as a primarily method for identification are not introduced. Among those methods are:
Physiological methods
Retina scan
Vein pattern
Ear prints
Etc.
Behavioural methods
Behaviour of sitting
Voice recognition
Movement of the lips
Gait (the way one walks)
Etc.
Denis Royer | 18 / 40 |