Secure and Private Identification through Biometric Systems 1 Keshav Rawat, 2 Dr. Chandra Kant 1 Assistant Professor, Deptt. of Computer Science & Informatics, C.U. Himachal Pradesh Dharamshala 2 Assistant Professor, Deptt. of Computer Science & Applications, K.U. Kurukshetra 1 keshav79699@gmail.com, 2 ckverma@gmail.com Abstract- Recognizing identity is becoming a very crucial problem for all of us. With the advancement of research and development, the field of biometrics provides recognising an individual identity based on personal physiology or behaviour. Biometric systems works on the method of recognising system for individual person based on their behavioural and physiological characteristics. There are various biometric traits available like face recognization, fingerprint detection, hand print, iris detection, DNA, key stoke, signature and voice recognisation for restrict fraudulent attacks by unauthorised persons. There are some fundamental problem with biometric technology- Sensor techniques, apply on large population and broad recognisation method. In this paper we discuss an overview of biometrics and some important research issues for establishing identity through biometric technology efficiently secure and private. Keywords: biometrics, Identity authentication, security, challenges, recognition. I. INTRODUCTION Biometric systems measure the biological data either in physical or behaviour properties of an individual, and authenticate the identity of individual with secure and trustworthy way[1]. There are various techniques are available now a days for secure authentication like- face recognition, fingerprint detection, hand print, iris detection, DNA, key stoke, signature and voice recognition. Since many physical and behavioural properties of an individual are unique, hence biometric provides a more reliable system for authorization than other security system like cryptography, ID card, passwords etc [2]. The biometric system uses pattern recognition methods that works by acquiring physiology or behaviour data from an individual, extracting a feature set from the acquired data and comparing this for database. Any characteristics can be used as a biometric identifier, if every person posses this and it also varies from one individual to others and do not change over a period of time. The physiological properties are those properties which are commonly used in biometric identification including face recognition, fingerprint detection, hand print, iris detection, DNA. While the behaviour properties of an individual are those properties which are commonly used in biometric identification including key stoke, signature and voice recognition etc. Universabilit Performance Verification Parameters Efficiency Uniqueness Identification Fig.1: Basic criteria for Biometric system Thus a biometric based authentication scheme is a powerful alternative to other authentication techniques. Biometric can be used with password to enhance the security offered by the authentication system. Biometric system will make our society safer, reduce fault and lead to user convenience. There are various criteria for biometric security system: uniqueness, universality, permanence, collectability, performance, acceptability and circumvention [3]. As mentioned above, uniqueness is one of the most important requirement for biometric data. It will measure how differently and uniquely the biometric system will be able to identify individual among groups of users.
II. WORKING OF BIOMETRIC SYSTEM Biometric systems translate data derived from behavioural or physiological properties into templates, which are used for sequential matching. The complete processes in stages are described below. [4] Biometric Data (finger print, DNA...) Data base Sensor device Feature Extractor Matching program Application Device Fig.2: Typical Biometric recognition system Registration and submission - In this process individuals initial biometric data are collected, assessed, processed, and stored in database for biometric system. Registration done in both 1:1 and 1: n systems and submission is a process in which user give the physiological or behavioural data to scanning system Acquisition/ sensor device The hardware which is used to acquire biometric data. The following acquisition devices are operational with biometric systems: Biometric technique Facial recognition Fingerprint Hand geometry Iris-scan Retina-scan Signature-scan Keystroke-scan Voice recognition Acquisition Device Video camera, PC camera, single-image camera Desktop peripheral, PCMCIA card, mouse, chip or reader embedded in keyboard Proprietary wall-mounted unit Infrared-enabled video camera, PC camera Proprietary desktop or wall-mountable unit Signature tablet, motion-sensitive stylus Keyboard or keypad Microphone, telephone Biometric data the data which is provide to sensor devices for recording of a physiological or behavioural properties, which is acquired during submission, and used to generate biometric templates in data base. Also referred to as biometric data. The following biometric data types are associated with biometric systems: Technology Facial recognition Fingerprint Iris-scan Retina-scan Hand geometry Signature-scan Keystroke-scan Voice recognition Biometric Sample Facial Image Fingerprint image Iris Image Retina Image 3-D image of top and sides of hand and fingers Image of signature and record of related dynamics measurements Recording of typed characters Voice recording
Feature extraction this process include various degrees of image or data processing in order to locate a enough amount of accurate data. Biometric physiological and behavioural properties used in feature extraction include the following: Technology Fingerprint Voice recognition Facial recognition Iris-scan Retina-scan Hand-scan Signature-scan Keystroke-scan Feature Extracted Location and direction of ridge endings and bifurcations on fingerprint Frequency, cadence and duration of vocal pattern Relative position and shape of nose, position of cheekbones Furrows and striations in iris Blood vessel patterns on retina Height and width of bones and joints in hands and fingers Speed, stroke order, pressure, and appearance of signature Keyed sequence, duration between characters Template A comparatively small but highly unique file which is derived from the features of a individuals s biometric data sample, used to perform biometric matches. III. VERIFICATION AND IDENTIFICATION IN BIOMETRIC SYSTEM In the verification process, the system validates an individual s identity by comparing the acquired biometric data with individual s biometric template(s) stored in the biometric database [5] and in the identification process, the system recognizes an individual by searching the templates of all the individuals in the biometric database for a match. Therefore, the system conducts a one-to-many comparison to establish an individual s identity [4]. Fig.3: Verification and identification tasks of a biometric system IV. BIOMETRICS TECHNIQUES Biometric systems used either in physical or behaviour properties of an individual for secure authentication like- face recognition, fingerprint detection, hand print, iris detection, DNA, key stoke, signature and voice recognition which is shown in fig 4.
Fingerprint- Liveness detection of fingerprint can be mainly performed using intrinsic properties i.e. by using touch less optical imaging from TBS and ultrasound imaging from ultra scan cooperation [4]. Precipitation patterns, pulse measurement can also be used for the same purpose. Iris- Iris liveness detection can be performed on the principle of red eye effect. This principle is effective when angle between light source, eye and camera is less than 2.5 degrees. Also user can be asked to blink the eyes and changing the level of illumination results in change of the size of pupil. This is a bodily response type of liveness detection. Face The best method for live face detection is based on bodily response to external stimuli. The user can be asked to show various profile of his face at sensor. Image acquisition is another method which depicts the change in confidence level of a person than a dummy face. Involuntary properties involving pupil change, light level and response of muscles are also some of the documented methods. Voice- Dynamic liveness is most effective method for liveness detection of this trait. In this we can match lip movement of the trait to that earlier recorded for verification. Also asking user to speak sentences and digits in varying speed help to detect spoof at identification. (i) (ii) (iii) (iv) (v) (vi) (vii) Fig.4: Examples of biometrics data (i) fingerprint (ii) Face (v) signature (vi) Iris (vii) voice (iii) hand geometry (iv) keystroke Hand Geometry: Hand geometry recognition systems are based on a number of measurements taken from the human hand, including its shape, size of palm, and lengths and widths of the fingers. Keystroke: It is hypothesized that each person types on a keyboard in a characteristic way. This behavioural biometric is not expected to be unique to each individual but it is expected to offer sufficient discriminatory information that permits identity verification. Signature: The way a person signs his or her name is known to be a characteristic of that individual. Signatures require contact with the writing instrument and an effort on the part of the user, they have been accepted as a method of authentication. V. CHALLENGES Biometrics provides greater security and convenience than traditional methods of person identification; still there are some challenges in biometric technology. These challenges are: accuracy, scale, security and privacy (shown in fig. 5) [6]. %
Fig.5: Challenges of biometric systems Accuracy The crucial assurance of the perfect biometrics is that when a biometric identifier sample is presented to the biometric system, it will recommend the correct decision. Unlike traditional systems, a sensible biometric system does not make perfect match decisions and can make two basic types of errors false match and false non match. In False Match, biometric system incorrectly declares a successful match between the input pattern and a non-matching pattern and in False Non-match, the biometric system incorrectly declares failure of match between the input pattern and a matching pattern in the database (identification) or the pattern linked with the correctly claimed identity (verification). Security In spite of numerous advantages of biometrics-based personal authentication systems over traditional security systems based on token or knowledge, they are vulnerable to attacks that can decrease their security considerably. Ratha et al. [8] analyzed these attacks, and grouped them into eight classes. Fig. 6 shows these attacks along with the components of a typical biometric system that can be compromised. Type 1 attack involves presenting a fake biometric (e.g., synthetic fingerprint, face, iris) to the sensor. Submitting a previously intercepted biometric data constitutes the second type of attack (replay). In the third type of attack, the feature extractor module is compromised to produce feature values selected by the attacker. Genuine feature values are replaced with the ones selected by the attacker in the fourth type of attack. Matcher can be modified to output an artificially high matching score in the fifth type of attack. The attack on the template database (e.g., adding a new template, modifying an existing template, removing templates, etc.) constitutes the sixth type of attack. The transmission medium between the template database and matcher is attacked in the seventh type of attack, resulting in the alteration of the transmitted templates. Finally, the matcher result can be overridden by the attacker. Schneier [9] compares traditional security systems with biometric systems. The lack of secrecy (e.g., leaving fingerprint impressions on the surfaces we touch), and non-replaceability (e.g., once the biometric data is compromised, there is no way to return to a secure situation, unlike replacing a key or password) are identified as the main problems of biometric systems. Besides this, there are other attacks that can be launched against an application whose resources are protected using biometrics [10], [11]. Privacy Privacy is the ability to lead your life free of intrusions, to remain autonomous, and to control access to your personal information. As the incidence and magnitude of identity fraud increase, strong biometrics such as fingerprints will increasingly come into play for positively recognizing individuals, conventional technologies which are based on passwords or keys can not deliver this functionally. A reliable biometric system provides a secure identity of the individual [6].
Fig.6: Biometric system Vulnerabilities Scaling In the Biometric system, the size of the database does not actually matter since it basically involves a 1:1 match. In the case of large scale identification and verification systems containing a total of N identities, sequentially performing N 1:1 matches is not effective. Typical approaches to scaling comprise using efficient pattern classifications and any hardware systems. VI. CONCLUSION Biometrics-based personal authentication system is one of the important pattern recognition applications which are becoming increasingly popular, compared to traditional systems that are based on passwords or key. The scope of this paper is intended to expand the popularity of biometric technology performance for their effective extensive deployment. The biometric systems are not always fully accurate or secure. In this paper, we have explored the fundamental of biometrics as a means of automatic individual identification. Security and privacy are crucial problem for effective biometric systems; the various security attacks on biometric system are raising concerns for all of us. The challenge is to design secure and efficient biometric system that will recognize identify of individual without any problem occurred by security attacks. The researches in various departments of government and commercial companies are building this recognition system more secure and usable which will soon replace traditional authentication systems. REFERENCES [1] A. K. Jain, "Biometrics", in The World Book Encyclopedia. [2] K. Jain, A. Ross and S. Pankanti, "Biometrics: A Tool for Information Security", IEEE Transactions on Information Forensics and Security Vol. 1, No. 2, pp. 125-143, June 2006. [3] Michael E. Schuckers, "Some Statistical Aspects of Biometric Identification Device Performance", 2001 [4] www.biometricsinfo.org [5] D. Maltoni, D. Maio, A. K. Jain, and S. Prabhakar, Handbook of Fingerprint Recognition. Springer- Verlag, 2003. [6] Anil K. Jain, Sharath Pankanti, Salil Prabhakar, Lin Hong, Arun Ross, James L. Wayman, Biometrics: A Grand Challenge, in the Proceedings of International Conference on Pattern Recognition, Cambridge, UK, Aug. 2004. [7] A. K. Jain, Arun Ross and U. Uludag Biometrics Template security: Challenges and solutions in Proc. of European Signal Processing Conference September 2005. [8] N. Ratha, J. H. Connell, and R. M. Bolle, An analysis of minutiae matching strength, in Proc. Int. Conf. Audio and Video-based Biometric Person Authentication, Halmstad, Sweden, Jun. 2001, pp. 223 228. [9] B. Schneier, The uses and abuses of biometrics, Comm. ACM, vol. 42, no. 8, pp. 136, Aug. 1999. [10] L. O Gorman, "Comparing passwords, tokens, and biometrics for user authentication", Proceedings of the IEEE, Vol. 91, No. 12, Dec. 2003, pp. 2019-40. [11] U. Uludag and A. K. Jain, Attacks on biometric systems:a case study in fingerprints, in Proc. SPIE-EI Security,Steganography and Watermarking of Multimedia Contents VI,San Jose,CA, Jan2004,pp.622-633.