Synopsis Of Computer Network Topic: Biometric based security system: issue and challenges.

Submit to: Prof. Anuragini. Submit by: Yogesh Verma. Roll no: B 43. Section: 1207.

Abstract
The challenges in biometrics research activities have expanded recently to include the maintenance of security and privacy of biometric templates beside the traditional work to improve accuracy, speed, and robustness. Revocable biometric templates and biometric cryptosystems have been developed as template protection measures. Revocability means that biometric templates could be revoked in the same way as lost or stolen credit cards are, while biometric cryptosystems aim to generate biometric keys and hashes to be used as proof of identity. Recently developed biometric protection schemes involve the use of

random projections (RP) onto secret personalized domains. We shall demonstrate the result of applying our RP transforms on face biometrics and compare its efficiency with that of the widely used RP technique based on the Gram-Schmidt process. We shall also present the results of experimental work on recognition accuracy before and after applying the proposed transform on feature vectors that are generated by wavelet transformed face images. Some security analysis of our scheme will also be presented. Introduction Although biometric-based authentication is known to be more reliable than traditional authentication schemes, the security of biometric systems can be undermined in a number of ways. A biometric template can be replaced by an imposers template in a system database or be stolen and replayed. As a result, the imposter will gain unauthorized access to a place or a system. Moreover, it has been shown that it is possible to create a physical spoof starting from biometric templates .Andy Adler proposed a hill climbing attack on a biometric system which in a finite number of iterations, generate a good approximation of the target template. Also a method has been proposed in to reconstruct fingerprint images from standard templates which might fool finger print recognition. Public acceptance of biometric systems has a crucial impact on their success due to potential misuse of collected biometric data. Their growing deployment as a proof of identity tool for access control to physical facilities, entitlement to services, and in the fight against crime and terrorism raises some privacy and security concerns. Traditionally, the focus of biometrics research has been on accuracy, speed, cost, and robustness challenges but gradually the scope widened to security and privacy issues of biometric systems. Questions like What if my biometric data has been stolen or misused? require urgent attention not only to reassure users with regards to privacy intrusion but also to prevent misuse and improve accuracy. The concepts of revocability of biometric templates and biometric cryptosystems have been developed as measures to protect biometric templates. Revocability means that biometric templates are no longer fixed overtime and could be revoked in the same way as lost or stolen credit cards are, while biometric cryptosystems mean the generation from of biometric keys and hashes that can be used as proof of identity. The main approaches to protect biometric templates and biometric cryptosystems are based on the use of a noninvertible(infeasible to invert) secret personalized transforms of feature vectors either in the signal domain or the frequency An ideal biometric template protection scheme must satisfy four properties : 1. Diversity: templates cannot be used for cross-matching across different databases in which users can be tracked without their permissions. 2. Revocability: templates can be revoked and new one can be issued whenever needed. 3. Security: it is computationally infeasible to reconstruct the original template from the transformed one. 4. Performance: recognition accuracy must not degrade significantly when the protection scheme is applied. The focus of this paper is the use of random projections as secure transformations Many different aspects of human physiology, chemistry or behavior can be used for biometric authentication. The selection of a particular biometric for use in a specific application involves a weighting of several factors. Jain et a. (1999) identified seven such

factors to be used when assessing the suitability of any trait for use in biometric authentication. 1. Universality means that every person using a system should possess the trait. 2. Uniqueness means the trait should be sufficiently different for individuals in the relevant population such that they can be distinguished from one another. 3. Permanence relates to the manner in which a trait varies over time. More specifically, a trait with 'good' permanence will be reasonably invariant over time with respect to the specific matching algorithm. 4. Measurability (collect ability) relates to the ease of acquisition or measurement of the trait. In addition, acquired data should be in a form that permits subsequent processing and extraction of the relevant feature sets. 5. Performance relates to the accuracy, speed, and robustness of technology used. 6. Acceptability relates to how well individuals in the relevant population accept the technology such that they are willing to have their biometric trait captured and assessed. 7. Circumvention relates to the ease with which a trait might be imitated using an artifact or substitute.

The basic block diagram of a biometric system A biometric system can operate in the following two modes. In verification mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric database in order to verify the individual is the person they claim to be. Three steps involved in person verification. In the first step, reference models for all the users are generated and stored in the model database. In the second step, some samples are matched with reference models to generate the genuine and impostor scores and calculate

the threshold. Third step is the testing step. This process may use a smart card, username or ID number (e.g. pin) to indicate which template should be used for comparison. 'Positive recognition' is a common use of verification mode, "where the aim is to prevent multiple people from using same identity". In Identification mode the system performs a one-to-many comparison against a biometric database in attempt to establish the identity of an unknown individual. The system will succeed in identifying the individual if the comparison of the biometric sample to a template in the database falls within a previously set threshold. Identification mode can be used either for 'positive recognition' (so that the user does not have to provide any information about the template to be used) or for 'negative recognition' of the person "where the system establishes whether the person is who she (implicitly or explicitly) denies to be". The latter function can only be achieved through biometrics since other methods of personal recognition such as password, PIN s or keys are ineffective. The first time an individual uses a biometric system is called enrollment. During the enrollment, biometric information from an individual is captured and stored. In subsequent uses, biometric information is detected and compared with the information stored at the time of enrollment. Note that it is crucial that storage and retrieval of such systems themselves be secure if the biometric system is to be robust. The first block (sensor) is the interface between the real world and the system; it has to acquire all the necessary data. Most of the times it is an image acquisition system, but it can change according to the characteristics desired.