User:Venuslindsay/sandbox

ABSTRACT Biometrics is the automated recognition of individuals based on their behavioral and biological characteristics.A biometric characteristic is biological or behavioral property of an individual that can be measured and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals. "Biometric identification is inherently more secure than passwords and most other commonly used identification methods,A password, a smart card or Visa card — anybody could take and use those. But biometrics allows the system to know actually who's using it, with certainty, and that has a lot of applications. In the development of biometric identification systems, physical and behavioral characteristics for recognition are required.

CHAPTERER-1 History of biometrics The term "biometrics" is derived from the Greek words bio (life) and metric (to measure).Biometrics is becoming an interesting topic now in regards to computer and network security, however the ideas of biometrics have been around for many years. Possibly the first known example of biometrics in practice was a form of finger printing being used in China in the 14th century, as reported by explorer Joao de Barros. He wrote that the Chinese merchants were stamping children's palm prints and footprints on paper with ink to distinguish the young children from one another. This is one of the earliest known cases of biometrics in use and is still being used today. In the 1890s, an anthropologist named Alphonse Bertillion sought to fix the problem of identifying convicted criminals and turned biometrics into a distinct field of study. He developed 'Bertillonage', a method of bodily measurement whichgot named after him. The problem with identifying repeated offenders was that the criminals often gave different aliases each time they were arrested. Bertillion realized that even if names changed, even if a person cut his hair or put on weight, certain elements of the body remained fixed, such as the size of the skull or the length of their fingers. His system was used by police authorities throughout the world, until it quickly faded when it was discovered that some people shared the same measurements and based on the measurements alone, two people could get treated as one. After this, the police used finger printing, which was developed by Richard Edward Henry of Scotland Yard, instead. Essentially reverting to the same methods used by the Chinese for years. However the idea of biometrics as a field of study with usefull identification applications, was there and interest in it has grown. Today we have the technology to realise the aims, and to refine the accuracy of biometric identification, and therefore the possibility of making it a viable field.

CHAPTER-2 FUNDAMENTALS

Biometric Recognition By measuring an individual's suitable behavioral and biological characteristics in a recognition inquiry and comparing these data with the biometric reference data which had been stored during a learning procedure, the identity of a specific user is determined. Biometric characteristics A biometric characteristic is biological or behavioral property of an individual that can be measured and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals. Biometric Sample A biometric sample is the analog or digital representation of biometric characteristics prior to the biometric feature extraction process and obtained from a biometric capture device or a biometric capture subsystem. Example: electronic face photograph. A biometric sample usually is delivered from a sensor, the main component of a biometric capture device. Generally, the biometric sample, often called raw data, comprises more information than is necessary for recognition. In many cases, the biometric sample is a direct image of the biometric characteristic such as a photograph.

Biometric Features

Biometric features are information extracted from biometric samples which can be used for comparison with a biometric reference. Example: characteristic measures extracted from a face photograph such as eye distance or nose size etc. The aim of the extraction of biometric features from a biometric sample is to remove any superfluous information which does not contribute to biometric recognition. This enables a fast comparison, an improved biometric performance, and may have privacy advantages

Biometric Reference A biometric reference comprises one or more stored biometric samples, biometric templates, or biometric models attributed to a biometric data subject which can be used for comparison. Stored biometric features are called a biometric template. A biometric model is a stored function (dependent on the biometric data subject) generated from biometric features which is applied to the biometric features of a recognition biometric sample during a comparison to give a comparison result.

CHAPTER-3 ENROLMENT To be able to recognize a person by their biometric characteristics and the derived biometric features, first a learning phase must take place. The procedure is called enrolment and comprehends the creation of an enrolment data record of the biometric data subject (the person to be enrolled) and to store it in a biometric enrolment database. The enrolment data record comprises one or multiple biometric references and arbitrary non-biometric data such as a name or a personnel number.

BIOMETRIC RECOGNITION For the purpose of recognition, the biometric data subject (the person to be recognized) presents his or her biometric characteristic to the biometric capture device which generates a recognition biometric sample from it. From the recognition biometric sample the biometric feature extraction creates biometric features which are compared with one or multiple biometric templates from the biometric enrolment database. Due to the statistical nature of biometric samples there is generally no exact match possible. For that reason, the decision process will only assign the biometric data subject to a biometric template and confirm recognition if the comparison score exceeds an adjustable threshold. The following factors are needed to have a successful biometric identification method: • The physical characteristic should not change over the course of the person's lifetime • The physical characteristic must identify the individual person uniquely • The physical characteristic needs to be easily scanned or read in the field, preferably with inexpensive equipment, with an immediate result • The data must be easily checked against the actual person in a simple, automated way. Other characteristics that may be helpful in creating a successful biometric identification scheme are: • Ease of use by individuals and system operators • The willing (or knowing) participation of the subject is not required • Uses legacy data (such as face recognition or voice analysis).

CHAPTER-4 REQUIREMENTS FOR A BIOMETRIC CHARACTERISTICS Many different aspects of human physiology, chemistry or behavior can be used for biometric authentication. The selection of a particular biometric for use in a specific application involves a weighting of several factors. identified seven such factors to be used when assessing the suitability of any trait for use in biometric authentication. Universality means that every person using a system should possess the trait. Uniqueness means the trait should be sufficiently different for individuals in the relevant population such that they can be distinguished from one another. Permanence relates to the manner in which a trait varies over time. More specifically, a trait with 'good' permanence will be reasonably invariant over time with respect to the specific matching algorithm. Measurability (collectability) relates to the ease of acquisition or measurement of the trait. In addition, acquired data should be in a form that permits subsequent processing and extraction of the relevant feature sets. Performance relates to the accuracy, speed, and robustness of technology used Acceptability relates to how well individuals in the relevant population accept the technology such that they are willing to have their biometric trait captured and assessed. Circumvention relates to the ease with which a trait might be imitated using an artifact or substitute. CHAPTER-5 BIOMETRIC CHARACTERISTICS Biometric characteristic	Description of the features Fingerprint	Finger lines, pore structure Signature (dynamic)	Writing with pressure and speed differentials Facial geometry	Distance of specific facial features (eyes, nose, mouth) Iris	Iris pattern Retina	Eye background (pattern of the vein structure) Hand geometry	Measurement of fingers and palm Finger geometry	Finger measurement Vein structure of hand	Vein structure of the back or palm of the hand or a finger Ear form	Dimensions of the visible ear Voice	Tone or timbre DNA	DNA code as the carrier of human hereditary Odor	Chemical composition of the one's odor Keyboard strokes	Rhythm of keyboard strokes (PC or other keyboard)

CHAPTER-6 AUTHENTICATION Authentication may take advantage of biometrics by using a biometric characteristic as identifier or as verifier. When using biometrics as an identifier, uniqueness (very low FAR) is an essential requirement especially for large user numbers. When using biometrics as a verifier, the biometric characteristic may be either viewed as a secret or as public. In the latter case, it is essential that a fake detection is provided against mechanical copies of the biometric characteristic. METHODS Biometrics "Who I am" Biometrics uses nature's oldest system to identify people -- via unforgettable and unchanging physical characteristics. From time immemorial, humans have had to perform recognition tasks themselves. Today, technology is advanced enough to assist us or even relieve us of recognition tasks. Secret Knowledge "What I know" Here authentication takes the form of secret PINs and passwords, which the user has to keep track of. The person to be authenticated has to share the secret knowledge with the authenticator. Previously, this was the simplest method of authentication for machines. Secret knowledge can be applied also where several persons have to be authenticated in a simple way without distinction.

Personal Possession "What I have" Examples for authentication are having a key, ID card, passport (with or without a chip), or more generally a token, which allows entrance, for example, into a private room. Essential for this method is the existence of secret features which are to be shared between token and the authenticator (or at least the inability to get the token copied combined with a copy detection). Combination Systems For security reasons, often two or all three of the above methods are combined, e.g., a bank card with a PIN. Only combined systems are able to fulfill the requirements of "strong" authenticationThere does not appear to be any one method of biometric data gathering and reading that does the "best" job of ensuring secure authentication. Each of the different methods of biometric identification have something to recommend them. Some are less invasive, some can be done without the knowledge of the subject, some are very difficult to fake. • Face recognition Of the various biometric identification methods, face recognition is one of the most flexible, working even when the subject is unaware of being scanned. It also shows promise as a way to search through masses of people who spent only seconds in front of a "scanner" - that is, an ordinary digital camera. Face recognition systems work by systematically analyzing specific features that are common to everyone's face - the distance between the eyes, width of the nose, position of cheekbones, jaw line, chin and so forth. These numerical quantities are then combined in a single code that uniquely identifies each person. • Fingerprint identification Fingerprints remain constant throughout life. In over 140 years of fingerprint comparison worldwide, no two fingerprints have ever been found to be alike, not even those of identical twins. Good fingerprint scanners have been installed in PDAs like the iPaq Pocket PC; so scanner technology is also easy. Might not work in industrial applications since it requires clean hands. Fingerprint identification involves comparing the pattern of ridges and furrows on the fingertips, as well as the minutiae points (ridge characteristics that occur when a ridge splits into two, or ends) of a specimen print with a database of prints on file. • Hand geometry biometrics Hand geometry readers work in harsh environments, do not require clean conditions, and forms a very small dataset. It is not regarded as an intrusive kind of test. It is often the authentication method of choice in industrial environments. • Retina scan There is no known way to replicate a retina. As far as anyone knows, the pattern of the blood vessels at the back of the eye is unique and stays the same for a lifetime. However, it requires about 15 seconds of careful concentration to take a good scan. Retina scan remains a standard in military and government installations. • Iris scan Like a retina scan, an iris scan also provides unique biometric data that is very difficult to duplicate and remains the same for a lifetime. The scan is similarly difficult to make (may be difficult for children or the infirm). However, there are ways of encoding the iris scan biometric data in a way that it can be carried around securely in a "barcode" format. (See the SF in the News article Biometric Identification Finally Gets Started for some detailed information about how to perform an iris scan.) • Signature A signature is another example of biometric data that is easy to gather and is not physically intrusive. Digitized signatures are sometimes used, but usually have insufficient resolution to ensure authentication. • Voice analysis Like face recognition, voice biometrics provide a way to authenticate identity without the subject's knowledge. It is easier to fake (using a tape recording); it is not possible to fool an analyst by imitating another person's voice. CHAPTER-7 ADVANTAGES OF BIOMETRIC SYSTEMS Advancing automation and the development of new technological systems, such as the internet and cellular phones, have led users to more frequent use of technical means rather than human beings in receiving authentication. Personal identification has taken the form of secret passwords and PINs. Everyday examples requiring a password include the ATM, the cellular phone, or internet access on a personal computer. In order that a password cannot be guessed, it should be as long as possible, not appear in a dictionary, and include special symbols such as +, -, %, or #. Moreover, for security purposes, a password should never be written down, never be given to another person, and should be changed at least every three months. When one considers that many people today need up to 30 passwords, most of which are rarely used, and that the expense and annoyance of a forgotten password is enormous, it is clear that users are forced to sacrifice security due to memory limitations. While the password is very machine friendly, it is far from user-friendly. There is a solution that returns to the ways of nature. In order to identify an individual, humans differentiate between physical characteristics such as facial structure or sound of the voice. Biometrics, as the science of measuring and compiling distinguishing physical characteristics, now recognizes many further features as ideal for the definite identification of even an identical twin. Examples include a fingerprint, the iris, and vein structure. In order to perform recognition tasks at the level of the human brain (assuming that the brain would only use one single biometric characteristic), 100 million computations per second are required. Only recently have standard PCs reached this speed, and at the same time, the sensors required to measure characteristics are becoming cheaper and cheaper. Therefore, the time has come to complement the password with a more user friendly solution - biometric authentication.

CHAPTER-8 BIOMETRIC CAPTURE DEVICE

Biometric characteristic	Sensor Fingerprint (Minutia)	capacitive, optic, thermal, acoustic, pressure sensitive Signature (dynamic)	Tablet Facial Structure	Camera Iris pattern	Camera Retina	Camera Hand geometry	Camera Finger geometry	Camera Vein structure of the the hand	Camera (infrared) Ear form	Camera Voice (Timbre)	Microphone DNA	Chemical Lab Odor	Chemical sensors Keyboard Strokes	Keyboard Comparison: Password	Keyboard

CHAPTER-9 EFFECTIVENESS OF A BIOMETRIC AUTHENTICATION SYSTEM False Acceptance Rate (FAR) The FAR is the frequency that a non authorized person is accepted as authorized. Because a false acceptance can often lead to damages, FAR is generally a security relevant measure. FAR is a non-stationary statistical quantity which does not only show a personal correlation, it can even be determined for each individual biometric characteristic (called personal FAR). False Rejection Rate (FRR) The FRR is the frequency that an authorized person is rejected access. FRR is generally thought of as a comfort criteria, because a false rejection is most of all annoying. FRR is a non-stationary statistical quantity which does not only show a strong personal correlation, it can even be determined for each individual biometric characteristic (called personal FRR). Failure To Enroll rate (FTE, also FER) The FER is the proportion of people who fail to be enrolled successfully. FER is a non-stationary statistical quantity which does not only show a strong personal correlation, it can even be determined for each individual biometric characteristic (called personal FER). Those who are enrolled yet but are mistakenly rejected after many verification/identification attempts count for the Failure To Acquire (FTA) rate. FTA can originate through temporarily not measurable features ("bandage", non-sufficient sensor image quality, etc.). The FTA usually is considered within the FRR and need not be calculated separately, see also FNMR and FMR. False Identification Rate (FIR) The False Identification Rate is the probability in an identification that the biometric features are falsely assigned to a reference. The exact definition depends on the assignment strategy; namely, after feature comparison, often more than one reference will exceed the decision threshold. Further Implicit Measures False Match Rate (FMR). The FMR is the rate which non-authorized people are falsely recognized during the feature comparison. In contrast to the FAR, attempts previously rejected due to poor (image-) quality (Failure to Acquire, FTA) are not accounted for. Whether a falsely recognized biometric characteristic leads to increases in FAR or FRR depends upon the application. (There are applications, which define a successful recognition as a rejection, when, for example, double release of identification cards for a person with a false identity is prevented by comparing the actual reference features with the centrally stored reference features of all cards released so far.) False Non-Match Rate (FNMR). The FNMR is the rate that authorized people are falsely not recognized during feature comparison. In contrast to the FRR, attempts previously rejected due to poor (image-) quality (Failure to Acquire, FTA) are not accounted for. Whether a falsely recognized biometric characteristic leads to increases in FAR or FRR depends upon the application. CHAPTER-10 BIOMETRICS IS MORE "SECURE" THAN PASSWORDS This question at least poses two problems: biometrics is not equal to biometrics, and the term "secure" is in fact commonly used, but it is not exactly defined. However, we can try to collect pros and cons in order to find at least an intuitive answer. It is a matter of fact that the security of password protected values in particular depends on the user. If the user has to memorize too many passwords, he will use the same passwords for as many applications as possible. If this is not possible, he will go to construct very simple passwords. If this will also fail (e.g., if the construction rules are too complex), the next fall-back stage is to notify the password on paper. This would transform "secret knowledge" into "personal possession". Of course, not every user will react this way. Rather the personal motivation plays an important role: is he aware of the potential loss caused by careless handling of the password? It is easy if the user is the owner. But often foreign possession (e.g., that of the employer) has to be guarded, whose value one often can hardly estimate. If motivation is missing, any password primarily tends to be felt bothersome. In this case, and that seems to be the normal case, it is assumed that biometrics has considerable advantages. Contrariwise, passwords feature an unbeatable theoretic protection ability: an eight-digit password which is allowed to contain any symbol from an 8-bit alphabet offers 1020 possible combinations! This is a real challenge for any biometric feature. The requirements are obvious: such a password is maximally difficult to learn, it must not be written down, it must not be passed to anyone, the input must take place absolutely secret, it must not be extorted, and the technical implementations must be perfect. This leads us to the practical aspects: the implementation must be protected against replay attacks, keyboard dummies (e.g., false ATMs), wiretapping etc. Even biometric features have to cope with such problems. However, it can be assumed that hijacking biometric features is not easier than sniffing a password, provided the implementation expense is comparable! Conclusion: Surely, there are cases where passwords offer more security than biometric features. However, these cases are not common!