BIOMETRICS

What is Biometrics:
 Bio”: Life

 “Metric”: to measure

 Biometrics is a science that applies statistical and mathematical methods to data

analysis problems in the biological sciences. Derived from the Greek words “Bio”: Life
and “Metric”: to measure, this technology measures and analyzes a persons
physiological or behavioral characteristics for authentication purposes.

Why use Biometrics?

Unlike the use of other forms of authentication, such as passwords or tokens, biometric
recognition provides a strong link between an individual and a claimed identity.

One area where biometrics can provide substantial help is in guarding against attempts to
establish fraudulent multiple identities or prevent identity fraud. By searching through the stored
references, individuals who appear to have previously enrolled using a different identity can be
highlighted for further investigation. It is very difficult to perform this type of check without the
use of biometrics.

What constitutes a good biometric system is not a simple question because the answer depends
greatly on the requirements of the application. Desirable factors include:

 Accurate discrimination between individuals 

 Speed of operation 
 The ability to deal with present and future numbers of individuals 
 Environmental robustness 
 Ease of use 
 Capable of coping with as much individual variability as possible 
 Social acceptability, i.e. people are happy to use it 
 Secure and robust against potential attackers.

A biometric system can operate in the following two modes

Verification – A one to one comparison of a captured biometric with a stored template to verify
that the individual is who he claims to be. Can be done in conjunction with a smart card,
username or ID number.

1
  Identification – A one to many comparison of the captured biometric against a biometric
database in attempt to identify an unknown individual. The identification only succeeds
in identifying the individual if the comparison of the biometric sample to a template in
the database falls within a previously set threshold.

Types of Biometrics

 Physiological: Physiological are related to the shape of the body. Examples include, but are not
limited to fingerprint, face recognition, DNA, Palm print, hand geometry, iris recognition, which
has largely replaced retina, and odour/scent.

Fingerprints: Principles of fingerprint biometrics

A fingerprint is made of a a number of ridges and valleys on the surface of the finger. Ridges are
the upper skin layer segments of the finger and valleys are the lower segments. The ridges form
so-called minutia points: ridge endings (where a ridge end) and ridge bifurcations (where a ridge
splits in two). Many types of minutiae exist, including dots (very small ridges), islands (ridges
slightly longer than dots, occupying a middle space between two temporarily divergent ridges),
ponds or lakes (empty spaces between two temporarily divergent ridges), spurs (a notch
protruding from a ridge), bridges (small ridges joining two longer adjacent ridges), and
crossovers (two ridges which cross each other).

The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as
the minutiae points. There are five basic fingerprint patterns: arch, tented arch, left loop, right
loop and whorl. Loops make up 60% of all fingerprints, whorls account for 30%, and arches for
10%.

Fingerprints are usually considered to be unique, with no two fingers having the exact same
dermal ridge characteristics.

How does fingerprint biometrics work

The main technologies used to capture the fingerprint image with sufficient detail are optical,
silicon, and ultrasound.

There are two main algorithm families to recognize fingerprints:

 Minutia matching compares specific details within the fingerprint ridges. At registration
(also called enrollment), the minutia points are located, together with their relative
positions to each other and their directions. At the matching stage, the fingerprint image

2
 is processed to extract its minutia points, which are then compared with the registered
template.
 Pattern matching compares the overall characteristics of the fingerprints, not only
individual points. Fingerprint characteristics can include sub-areas of certain interest
including ridge thickness, curvature, or density. During enrollment, small sections of the
fingerprint and their relative distances are extracted from the fingerprint. Areas of interest
are the area around a minutia point, areas with low curvature radius, and areas with
unusual combinations of ridges.

Issues with fingerprint systems

The tip of the finger is a small area from which to take measurements, and ridge patterns can be
affected by cuts, dirt, or even wear and tear. Acquiring high-quality images of distinctive
fingerprint ridges and minutiae is complicated task.

People with no or few minutia points (surgeons as they often wash their hands with strong
detergents, builders, people with special skin conditions) cannot enroll or use the system. The
number of minutia points can be a limiting factor for security of the algorithm. Results can also
be confused by false minutia points (areas of obfuscation that appear due to low-quality
enrollment, imaging, or fingerprint ridge detail).

Note: There is some controversy over the uniqueness of fingerprints. The quality of partial prints
is however the limiting factor. As the number of defining points of the fingerprint become
smaller, the degree of certainty of identity declines. There have been a few well-documented
cases of people being wrongly accused on the basis of partial fingerprints.

Benefits of fingerprint biometric systems

 Easy to use
 Cheap
 Small size
 Low power
 Non-intrusive
 Large database already available

Applications of fingerprint biometrics

Fingerprint sensors are best for devices such as cell phones, USB flash drives, notebook
computers and other applications where price, size, cost and low power are key requirements.
Fingerprint biometric systems are also used for law enforcement, background searches to screen
job applicants, healthcare and welfare.

 Combining two security methods increases validity.

 Such as
 a card and fingerprints
 Pin number and fingerprints

3
Hand geometry:

Principles of hand biometrics

An individual's hand does not significantly change after a certain age. Unlike fingerprints, the
human hand isn't unique. Individual hand features are not descriptive enough for identification.
However, hand biometric recognition systems are accurate for verification purposes when
combining various individual features and measurements of fingers and hands.

How does hand biometrics work

Biometric hand recognition systems measure and analyze the overall structure, shape and
porportions of the hand, e.g. length, width and thickness of hand, fingers and joints;
characteristics of the skin surface such as creases and ridges. Some hand geometry biometrics
systems measure up to 90 parameters.

As hand biometrics rely on hand and finger geometry, the system will also work with dirty
hands. The only limitation is for people with severe arthristis who cannot spread their hands on
the reader.

The user places the palm of his or her hand on the reader's surface and aligns his or her hand with
the guidance pegs which indicate the proper location of the fingers. The device checks its
database for verification of the user. The process normally only takes a few seconds.

To enroll, the users places his or her hand palm down on the reader's surface.

To prevent a mold or a cast of the hand from being used, some hand biometric systems will
require the user to move their fingers. Also, hand thermography can be used to record the heat of
the hand, or skin conductivity can be measured.

Benefits of hand biometric systems

 Easy to use
 Non intrusive
 Small amount of data required to uniquely identify a user, so a large number of templates
can be easily stored in a standalone device: Hand biometric systems will generally only
require a template size of 10 bytes, which is much smaller than most other biometric
technologies (fingerprint systems require 250 to 1,000 bytes and voice biometric systems
require 1,500 to 3,000 bytes)
 Low FTE (failure to enroll) rates

Weaknesses of hand biometric systems

 Lack of accuracy, so it can only be used for verification

 Size of the scanner
 Fairly expensive, compared with fingerprint systems

4
  Injuries to hands are fairly common and would prevent the hand biometric system from
working properly

Applications of hand biometrics

Hand biometric systems are currently among the most widely used biometric technologies.

 Time and attendance

 Access to restricted areas and buildings: Hand biometric systems are currently used in
appartment buildings, offices, airports, day care centers, welfare agencies, hospitals, and
immigration facilities.

Face: Principles of face biometrics

The dimensions, proportions and physical attributes of a person's face are unique.

How does face biometrics work

Biometric facial recognition systems will measure and analyze the overall structure, shape and
porportions of the face: Distance between the eyes, nose, mouth, and jaw edges; upper outlines
of the eye sockets, the sides of the mouth, the location of the nose and eyes, the area surrounding
the cheekbones.

At enrolment, several pictures are taken of the user's face, with slightly different angles and
facial expressions, to allow for more accurate matching. For verification and identification, the
user stands in front of the camera for a few seconds, and the scan is compared with the template
previously recorded.

To prevent an image / photo of the face or a mask from being used, face biometric systems will
require the user to smile, blink, or nod their head. Also, facial thermography can be used to
record the heat of the face (which won't be affected by a mask).

The main facial recognition methods are: feature analysis, neural network, eigenfaces, and
automatic face processing.

Benefits of face biometric systems

 Not intrusive, can be done from a distance, even without the user being aware of it (for
instance when scanning the entrance to a bank or a high security area).

Weaknesses of face biometric systems

5
  Face biometric systems are more suited for authentication than for identification
purposes, as it is easy to change the proportion of one's face by wearing a mask, a nose
extension, etc.
 User perceptions / civil liberty: Most people are incomfortable with having their picture
taken.

Applications of face biometrics

Access to restricted areas and buildings, banks, embassies, military sites, airports, law
enforcement.

Eyes: Principles of iris biometrics

The iris is the elastic, pigmented, connective tissue that controls the pupil. The iris is formed in
early life in a process called morphogenesis. Once fully formed, the texture is stable throughout
life. It is the only internal human organ visible from the outside and is protected by the cornea.
The iris of the eye has a unique pattern, from eye to eye and person to person.

How does iris biometrics work

An iris scan will analyze over 200 points of the iris, such as rings, furrows, freckles, the corona
and will compare it it a previously recorded template.

Glasses, contact lenses, and even eye surgery does not change the characteristics of the iris.

To prevent an image / photo of the iris from being used instead of a real "live" eye, iris scanning
systems will vary the light and check that the pupil dilates or contracts.

Benefits of retina biometric systems

 Highly accurate: There is no known case of a false acceptance for iris recognition
 Not intrusive and hygienic - no physical contact required

Weaknesses of retina biometric systems

 The user must hold still while the scan is taking place

Applications of iris biometrics

6
Applications include: Identity cards and passports, border control and other Government
programmes, prison security, database access and computer login, hospital security, schools,
aviation security, controlling access to restricted areas, buildings and homes.

DNA: Principles of DNA biometrics

Humans have 23 pairs of chromosomes containing their DNA blueprint. One member of each
chromosomal pair comes from their mother, the other comes from their father. Every cell in a
human body contains a copy of this DNA. The large majority of DNA does not differ from
person to person, but 0.10 percent of a person's entire genome would be unique to each indiviual.
This represents 3 million base pairs of DNA.

Genes make up 5 percent of the human genome. The other 95 percent are non-coding sequences,
(which used to be called junk DNA). In non-coding regions there are identical repeat sequences
of DNA, which can be repeated anywhere from one to 30 times in a row. These regions are
called variable number tandem repeats (VNTRs). The number of tandem repeats at specific
places (called loci) on chromosomes varies between individuals. For any given VNTR loci in an
individual's DNA, there will be a certain number of repeats. The higher number of loci are
analysed, the smaller the probability to find two unrelated individuals with the same DNA
profile.

DNA profiling determines the number of VNTR repeats at a number of distinctive loci, and use
it to create an individual's DNA profile. The main steps to create a DNA profile are: isolate the
DNA (from a sample such as blood, saliva, hair, semen, or tissue), cut the DNA up into shorter
fragments containing known VNTR areas, sort the DNA fragments by size, and compare the
DNA fragments in different samples.

Benefits of DNA biometric systems

 Accurate: the chance of 2 individuals sharing the same DNA profile is less than one in a
hundred billion with 26 different bands studied.

Weaknesses of DNA biometric systems

 DNA matching is not done in real-time

 Intrusive: a physical sample must be taken, while other biometric systems only use an
image or a recording
 Civil liberty issues and public perception

Applications of DNA biometrics

DNA evidence has been used in courts of law since 1985 to prove guilt or innocence. It is also
used for paternity testing, identification of missing or dead people.

7
  Behavioral: Behavioral are related to the behavior of a person. Examples include, but are not
limited to typing rhythm, gait, and voice. Some researchers[1] have coined the term
behaviometrics for this class of biometrics.

Voice: Principles of voice biometrics

Our voices are unique to each person (including twins), and cannot be exactly replicated.

How does voice biometrics work

Speech includes two components: a physiological component (the voice tract) and a behavioural
component (the accent). It is almost impossible to imitate anyone's voice perfectly. Voice
recognition systems can discriminate between two very similar voices, including twins.

The voiceprint generated upon enrolment is characterised by the vocal tract, which is a unique a
physiological trait. A cold does not affect the vocal tract, so there will be no adverse affect on
accuracy levels. Only extreme vocal conditions such as laryngitis will prevent the user from
using the system.

During enrollment, the user is prompted to repeat a short passphrase or a sequence of numbers.
Voice recognition can utilize various audio capture device (microphones, telephones and PC
microphones). The performance of voice recognition systems may vary depending on the quality
of the audio signal.

To prevents the risk of unauthorised access via tape recordings, the user is asked to repeat
random phrases.

Benefits of voice biometric systems

 Ability to use existing telephones

 Can be automated, and coupled with speech recognition systems
 Low perceived invasiveness

Weaknesses of voice biometric systems

 High false non-matching rates

Applications of voice biometrics

Voice biometric systems are mostly used for telephony-based applications. Voice verification is
used for government, healthcare, call centers, electronic commerce, financial services, customer
authentication for service calls, and for house arrest and probation-related authentication.

Signature:

How does a signature biometric system work

8
Biometric signature recognition systems will measure and analyze the physical activity of
signing, such as the stroke order, the pressure applied and the speed. Some systems may also
compare visual images of signatures, but the core of a signature biometric system is behavioral,
i.e. how it is signed rather than visual, i.e. the image of the signature.

Benefits of signature biometric systems

 While it is easy to copy the image of a signature, it is extremely difficult to mimick the
behavior of signing
 Low False Acceptance Rates (FAR)
 People are used to sign documents, so signature recognition systems are not perceived to
be invasive

Weaknesses of signature biometric systems

 People may not always sign in a consistent manner

Keystroke :

 Requires no special hardware

 Methods are transparent to users increasing user acceptance

 Can be used for cryptographically stronger secrets for login and encryption

 How it works

 The user types his password or phrase on the keyboard. The system then records the timing of
the typing and compares the password itself and the timing to its database. Verification takes
less than 5 seconds.

 Where its used

 Recording companies, technology firms, digital rights management companies – against piracy;

 Accuracy

 Vulnerabilities

Applications of Biometrics

9
Accuracy: Accuracy is the most critical characteristic of a biometric
identifying verification system. If the system cannot accurately separate
authentic persons from impostors, it should not even be termed a
biometric identification system.

 Usability Metrics
Failure to Enroll (FTE): Failure to Enroll Errors occur when
the technology is unable to read the characteristics of a
given person. They are based upon the quality of the data
obtained The failure to enroll rate is multiplied by the
number of expected users

 Medicine Intake
 Hoarseness
 Sticky fingers
 Cataract
 Rare skin diseases

10
 Failure to Acquire (FTA): Failure to Acquire occurs when the
technology is not presented with sufficient usable data to
make a decision. Those who are enrolled but are mistakenly
rejected after many verification/identification attempts
count for the Failure To Acquire (FTA) rate. either
accidentally or on purpose

 Smudged finger prints

 Retina alignment
 Mumbling
 Hand positioning

 Performance Metrics
 False Acceptance Rates (FAR)
 False Rejection Rates (FRR)
es that the chance of fooling the system is 1:10000.

False Rejection Rate (FRR): This signifies how often a real

user will not be verified successfully. authorized person is
rejected access. The False Reject Rates quoted for current
biometric systems range from 0.00066% to 1.0%. A high rate
translates into more user retries; hence usability suffers.

Crossover: Error curves give a graphical representation of a

biometric device's "personality." The point where false

11
accept and false reject curves crossover is called the "Equal
Error Rate." The Equal Error Rate provides a good indicator
of the unit's performance. The best technologies have the
lowest Equal Error Rate.

12