Introduction to Biometrics

In 2013, Apple introduced the IPhone 5s, which contained breakthrough technology. Known as Touch ID, cell phone users
could now unlock their phones with a simple fingerprint touch on the home button. Before Touch ID, data was significantly
more vulnerable to password attacks, especially when a phone had been stolen or breached. Now with this technology, users
can access their music, files, and sensitive information with just a fingerprint on the screen. Imagine a world where business
keys and house keys are rendered obsolete. Every person that
belongs to a household can enter and leave freely with just a touch of the doorknob, and those who
are not authorized are locked out by a complex security system within the house. Imagine logging
on to your favorite websites without ever using a password or access code. You, the user, are able
to access the entire Internet by a simple scan of your iris. This is all possible with the implementation
of new technologies and techniques known as biometrics.
What is Biometrics?
Biometrics is a cutting edge form of access control that accurately and efficiently identifies
humans. This system uses an individual’s biological and behavioral traits to grant access to an
establishment or a computer network. An electronic device will require individuals to use a distinguishable
feature of their body to positively identify themselves before they are able to bypass
any type of access-control system, such as a security system for a building. Once a match has
been made, the person requesting access will be allowed on the premises by a simple electronic
pulse that opens the door. If the sensor does not find a positive match within its database, it locks
the attempted user out. The military has been using biometrics for an extended period of time to
keep sensitive information secure and to prevent espionage and theft in regards to valuable military
assets. Law enforcement across the nation implements biometrics for record keeping and
on-site access control (i.e., only allowing staff on the premises).
There are two main functions of biometrics. The first function is biometric matching or
verification. Biometric systems are capable of identifying someone out of a crowd by scanning
select biometric characteristics into a database. This is perfectly tailored for law enforcement or
government institutions that are seeking a person of interest. Biometric matching will make it
harder for wanted individuals to elude the law and hide amongst the public. The second application
of biometrics relates to access control through biometric identification. As previously mentioned
before, the Apple IPhone is capable of identifying an individual for the purpose of entry.
Access-control systems will create and store databases of biological traits and compare them to
the individual attempting to gain entry into a device of facility. With the use of a facial or retina
scan, the system will decide who can gain entry to a facility or device with extreme accuracy.
One of the main causes of stolen accounts and information in computer systems is the use of
weak passwords. Hackers are able to crack simple passwords with easily accessible tools, such as
Dictionary Attacks. This form of attack generates combinations of every word possible to steal an
unsuspecting victim’s credentials. Another problem with modern access-control systems is the reliance
on physical keys and key cards. Keys are often lost or stolen, which creates a scary situation for
someone whose business or home is now vulnerable to an unwanted guest. Biometric systems solve
all of these problems by allowing access only to people with a specific biological trait. A key has the
potential of being lost or copied, but a human iris is completely unique and almost impossible to
duplicate. By implementing fingerprint readers on every computer in the facility, businesses would
no longer have to worry about employees sharing passwords and credentials.
Types of Forensic Biometrics
Now that we have established a basic definition of biometrics, let’s examine different types of
biometric systems that exist. Many forms of biometric technologies are available today, but the
majority of them can be split into two different groups. The first group is physiological biometrics,
which contains fingerprints, hand, iris, retina, and facial scans (see Figure 7–1). The second
group is behavioral biometrics, which is much less stable and includes handwriting, voice,
keystroke, and gait recognition.
Physiological Biometrics Fingerprints have been widely used to identify people
for centuries.
This form of biometric technology is the most cost-efficient and easy to install.
With the addition of a fingerprint scanner on a door, an office can grant specific workers access
 FIGURE 7–1 Biometric Security Scan of a Human Hand

to a sensitive area or a network of computers. Hand and vein scans within the hand work almost
the same way. Humans have a unique set of physiological traits pertaining to the hand. When
compared, the vein patterns that run through our hands are unique.
Retina and iris scans have been implemented in many government institutions as well as
other areas with classified information. This technology is much more secure than the use of
fingerprints due to the detailed map of a human eye. Using a tiny camera, a biometric system is
able to take a picture of someone’s eye and compare all of the intricate muscles and fibers that
make it a unique set of characteristics. Eye scanning systems are expensive to install, yet necessary
when trying to protect a valuable asset or piece of information.
Facial scans are the least accurate form of biometrics currently available in the physiological
category. The human face is just as unique as the eye or hand, but the technology available today
has trouble distinguishing subtle traits from still images. This process becomes less accurate
when using biometrics for identification purposes, such as picking a face out of a crowd and
matching it to a database of wanted persons.
Behavioral Biometrics Unlike physiological biometrics, behavioral biometrics is used
infrequently and is much more experimental in design and practice. This category of biometrics
is more concerned with the way a human performs an action, rather than focusing on a specific
physiological trait. Researchers in this field are currently developing technology that can analyze
a human’s brain wave pattern. As technology and computers evolve on a day-to-day basis, the
real-world implementation of behavioral biometrics becomes more of a reality.
Handwriting is the most commonly used type of behavioral biometrics. A sensor can analyze
different stroke patterns, curves, and arches of a signature while comparing it to an original document.
This type of software can also sense the amount of pressure and force that was used in a
questioned signature to determine whether or not it is parallel to the amount of pressure that is
exerted on a pen/pencil.

The manner in which an individual types on a keyboard is unique. This can be measured in biometrics
using keystroke dynamics. People type at different speeds and also approach pressing each
key with their own personal technique. Software is now available that can measure exactly how
someone types by using various samples over time to learn unique keystroke dynamics. This can be
useful in a computer terminal where many different people may have access to the same device. The
software will be able to authenticate exactly who is sitting at the computer at any set time just by
analyzing how they are typing. This technology has the ability to sense an intrusion by a hacker trying
to operate under the credentials of another user and can potentially protect volumes of information.
We have all seen movies or science fiction shows where someone is magically granted access
to a home or facility by saying their name or “Open up.” This is now a reality with voice recognition.
Many companies are installing voice recognition technology in areas that require clearance,
and acceptance of these systems is much greater as they don’t require intrusive technologies such
as a hand or eye scan. A microphone is used to measure pitch and subtle dynamics in a person’s
voice to yield a positive or negative match, which is especially useful in access-control systems.
Depending on how the software is set up, each person may have to speak his or her name or a
specific phrase to gain positive access. Some cell phone companies are experimenting with this
technology as a layer of security when accessing private data on a mobile phone.
The last form of behavioral biometrics is gait recognition. Gait refers to the cycle of walking,
which is composed of several stages and is unique for everyone. Every person has a different
posture, step length, speed, and foot positioning in regards to the way they walk from one place
to another. The system analyzes people from a distance and attempts to find a match based on
patterns that are familiar. This type of biometrics is not very accurate and, like many others in the
behavioral category, is still experimental. Gait recognition would be useful in practice to pick out
a person of interest from a distance.
Enrolling and Extracting Biometric Data
Biometric systems use different algorithms and steps to accomplish what each is designed to do.
This varies between physiological and behavioral systems, as well as systems designed to authenticate
or identify individuals. The equipment and technology for every biometric system varies
greatly as well. For instance, an iris scanner is going to contain a camera as its main component,
whereas a voice recognition system will use a sensitive microphone. Regardless of the varied
components, biometric systems typically operate using the same series of steps (see Table 7–1).
The first process that each biometric system must perform is known as the enrollment process.
The enrollment process captures a person’s biometric data and stores in a database for later use. It
works by collecting data through a sensor and sending it to a data acquisition module. The biometric
sensor may consist of various different setups to gather data from the user. Popular equipment
includes NIR (near infrared) cameras or digital wavelength cameras to gather data from a human face.

The data preprocessing module collects and enhances only what is needed for each individual
system. In the example of a voice recognition system, the data preprocessing module would
remove any background noise from a recorded entry. It would enhance the voice of the user and
make an effort to isolate it from other noise in the recording. This module also serves the function
of normalizing any corrupt or inaccurate data. For an iris scanner, this would include the task of
eliminating blur or excessive light in the captured eye image.
Once the information completes its run through a data preprocessing module, feature
extraction
begins. The feature extraction module does most of the heavy lifting for the system.
This module is responsible for finding patterns in the traits extracted by the sensor by using mathematical
equations. Every system uses different equations and algorithms to judge unique characteristics,
and accuracy can vary from system to system. For a retina scan, the feature extraction
module may use equations that judge the distance between muscle fibers in the eye. For a fingerprint,
this module can determine subtle loop, whorl, and arch changes with almost perfect
accuracy.
The feature extraction module is debatably one of the most complex and important
components of a biometric system.
After select features have been collected, a template is generated of relevant information
and is stored in a database. The template generation module is responsible for saving all of the
raw data produced by feature extraction and putting it into a simple and easy to read format for
the system. This module compares a user to the rest of the data and makes each individual biometric
file smaller, which makes it time efficient. The template generation module saves all files
to the database, and it is encrypted to meet the needs of the end user. It is necessary to secure
database files to prevent a breach of the biometric system and the possible loss of private
biometric
data.