Seminar On

Biometrics-Based Authentication
 What is Authentication?
• It is the process by which someone or something
is given a valid authenticity so that he can access a
particular application or thing.
E.g.
• password and user ID for users.
• Providing PIN to identification card users.
• Giving gate pass to the employees of a company.
 Why biometrics?
Biometrics is concerned with identifying a person
based on his or her physiological or behavioral
characteristics.
Biometrics are unique human feature such as
finger prints, hand geometry, face and iris or
retinal patterns, DNA and voice.
Being the intrinsic properties of an individual,
these are difficult to surreptitiously duplicate and
nearly impossible to share.
 Where it is needed?
Reliable user authentication is becoming
an increasingly important task in the Web-
enabled world. The value of reliable user
authentication is not limited to just
computer or network access. Many other
applications in everyday life also require
user authentication, such as banking, e-
commerce, and physical access control to
computer resources, and could benefit from
enhanced security.
 Consequences of insecure
authentication
• The consequences of an insecure
authentication system in a corporate or
enterprise environment can be catastrophic,
and may include loss of confidential
information, denial of service, and
compromised data integrity.
 Advantages
• Biometric readings, which range from several
hundred bytes to over a megabyte, have the
advantage that their information content is usually
higher than that of a password or a pass phrase.
Simply extending the length of passwords to get
equivalent bit strength presents significant usability
problems. It is nearly impossible to remember a 2K
phrase, and it would take an annoyingly long time to
type such a phrase (especially without errors).
Fortunately, automated biometrics can provide the
security advantages of long passwords while
retaining the speed and characteristic simplicity of
short passwords.
 Human traits used for authentication
TRAITS METHOD
Fingerprints The patterns of friction ridges and valleys on an individual’s
fingerprints.

Face An image of the person’s face is captured in the visible spectrum

using the infrared patterns of the facial heat emission.

Speech An acoustics of speech differ between individual.

Iris pattern Iris of the eye is the colored area surrounding the pupil. it is unique
and are obtained through a video based image acquisition system.

Hand and finger Physical characteristics such as the length, width, thickness, and
geometry surface area of the hands are measured using a system.

Signature This involves the dynamic analysis of a signature to authenticate a

person. The measured parameters are speed, pressure, and angle used
by a person when signing a document.
 What it involves
Biometrics based authentication involves the following steps
i. Signal acquisition from the user
ii. A invariant template is stored in the database.
iii. A template is derived from the newly acquired signal
iv. The corresponding template is retrieved from the database
and is matched with the present template. The matcher
arrives at a decision based on the closeness of the two
templates by taking into account geometry and other
acquisition variables.
 Finger print authentication
• Fingerprints are a distinctive feature and remain invariant over the
lifetime of a subject, except for cuts and bruises. A fingerprint
impression is acquired, typically using an inkless scanner. Several
such scanning technologies are available. A typical scanner
digitizes the fingerprint impression at 500 dots per inch (dpi) with
256 gray levels per pixel. The digital image of the fingerprint
includes several unique features in terms of ridge bifurcations and
ridge endings, collectively referred to as minutiae.

• The next step is to locate these features in the fingerprint image,

using an automatic feature extraction algorithm. Each feature is
commonly represented by its location (x, y) and the ridge
direction at that location (). Due to the elasticity of the human
skin, the relationship between minutiae may be randomly
distorted from one impression to the next.
 Finger print authentication

• In the final stage, the matcher subsystem attempts to

arrive at a degree of similarity between the two sets of
features after compensating for the rotation, translation,
and scale. This imilarity is often expressed as a score.
Based on this score, a final decision of match or no-
match is made. A decision threshold is first selected. If
the score is below the threshold, the fingerprints are
determined not to match; if the score is above the
threshold, a correct match is declared. Often the score is
simply a count of the number of the minutiae that are in
correspondence.
 Vulnerable to attack
• Presenting fake biometrics at the sensor
• Resubmitting previously stored digitized biometrics
signals
• Tampering with the biometric feature representation
• Corrupting the matcher
• Attacking the channel between the stored templates
and the matcher
• Overriding the final decision
 Override the attack
• Encrypted communication can eliminate at least
remote attacks
• The matcher and the database reside at a secure
location
• Use data-hiding techniques to embed additional
information directly in compressed fingerprint images.
• Create on-line fingerprint authentication systems for
commercial transactions that are secure against replay
attacks
• The digital signature of a submitted signal can be used
to check only for its integrity
 conclusion
• Biometrics-based authentication has many
usability advantages over traditional systems such
as passwords.
• The greatest strength of biometrics, the fact that
the biometrics does not change over time, is at the
same time its greatest liability. Once a set of
biometric data has been compromised, it is
compromised forever.