Beruflich Dokumente
Kultur Dokumente
INTRODUCTION
IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALSFAUNDEZ-ZANUY 15
TABLE I
Advantages and Drawbacks of Three Main Authentication Method Approaches
Biometrics It cannot be lost, forgotten, guessed, stolen, shared, etc. In some cases a fake one can be issued.
It is quite easy to check if one person has several It is neither replaceable nor secret.
It can provide a greater degree of security than the possible to replace it.
other ones.
16 IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALS
a hacker to crack the system. According to security
requirements, one of the taxes will be more important
than the other one.
IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALSFAUNDEZ-ZANUY 17
For instance, a hacker has almost N times [7]
more chance to fool an identification system than
a verification one, because in identification he/she
just needs to match one of the N genuine users. For
this reason, commercial applications operating on
identification mode are restricted to small-scale (at
most, a few hundred users). Forensic systems [8, 9]
Fig. 3. General scheme of biometric recognition system.
operate in a different mode, because they provide a
list of candidates, and a human supervisor checks
the automatic result provided by the machine. This V. BIOMETRIC TECHNOLOGIES
is related to the following classification, which is also
associated to the application. Several biometric traits have been proven useful
for biometric recognition. Nevertheless, the general
IV. POSITIVE AND NEGATIVE RECOGNITION scheme of a biometric recognition system is similar, in
all the cases, to that shown in Fig. 3.
The following kinds of applications can be The scheme shown in Fig. 3 is also interesting
established, according to the users attitude [10]. for vulnerability study [11] and improvements by
Negative Recognition: The system must establish means of data fusion [12] analysis. In this paper,
if the person is the one that (implicitly or explicitly) we restrict ourselves to block number one, the other
denies being. The purpose of negative recognition ones being related to signal processing and pattern
is to prevent a single person from using multiple recognition. Although common sense points out that
identities. Classical recognition methods (handheld good acquisition is enough for performing good
tokens and knowledge-based) cannot provide this kind recognition, at least for humans, this is not true.
of recognition. Thus, only biometrics can be used for It must be taken into account that the next blocks,
negative recognition. Government (ID cards, driving numbered 2 to 4 in Fig. 3, are indeed fundamental. A
licenses, etc.) and forensic (criminal investigation, good image or audio recording is not enough. Even
terrorist identification, etc.) applications belong to this for human beings, a rare disorder named agnosia
group, where obviously the user does not want to be exists. Those individuals suffering agnosia are unable
identified and will not be collaborative. to recognize and identify objects or persons despite
Positive Recognition: Those applications that do having knowledge of the characteristics of the objects
not require the user to provide his identity, perhaps for or persons. People with agnosia may have difficulty
convenience (identification requires less operations recognizing the geometric features of an object
from the user than verification, so it is easier to or face or may be able to perceive the geometric
operate), belong to this group. Identity verification features but do not know what the object is used for
is also typically used for positive recognition. It is or whether a face is familiar or not. Agnosia can be
interesting to observe that in this operation mode, limited to one sensory modality such as vision or
the user is interested in being recognized, and will be hearing. A particular case is named face blindness or
collaborative. Otherwise, his/her attempt to enter will prosopagnosia [13] (prosopon is a Greek word for
be rejected. This clearly contrasts with the previous face). Prosopagnosics often have difficulty recognizing
mode. family members, close friends, and even themselves.
Roger Clark summarizes [1] a real case about They often use alternative routes to recognition, but
false identities. It was reported in 1993, the story these routes are not as effective as recognition via
of a pensioner who had defrauded the Department the face. Agnosia can result from strokes, dementia,
of Social Security of $400,000. The defendant had or other neurological disorders. More information
claimed he was born overseas, obviating the need about agnosia can be obtained from the National
for a birth certificate. He adopted multiple names. Organization for Rare Disorders (NORD) [14].
For each name, he entered himself on the Electoral Thus, biometric recognition, even when performed
Roll, obtained a Tax File Number and submitted by humans, is not a trivial task. It is an extremely
a tax return (for amounts which did not incur the complicated process performed by our brain!
payment of a tax), nominated on various application Table II summarizes some possibilities for different
forms the names of various companies as previous biometric traits acquisition. Obviously, properly
employers, visited doctors and acquired various speaking, some sensors require a digitizer connected
certificates from them, and using these obtained at its output, which is beyond the scope of this paper.
membership of a roadside assistance association, We consider that block number one produces a digital
insurance polices, union membership, Medicare, and signal which can be processed by a digital signal
government concession cards. Obviously, this case can processor (DSP) or personal computer (PC).
only be detected by means of crossed searches using Fig. 4 shows some biometric traits, and Fig. 5
biometric data. some biometric scanners.
18 IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALS
TABLE II
Some Biometric Traits and Possible Acquisition Sensors
Biometric
Trait Sensor Comments
Fingerprint Ink+paper+scanner Classical method is becoming old-fashion, because the ink is annoying. However, it can
acquire from nail to nail borders, and the other methods, especially when using low-cost
devices, provide a limited portion of the fingerprint.
Optical It is the most widely used and easy-to-operate technology. It can acquire larger surfaces
than the capacitive ones, but due to optical phenomenon, it shows some distortions.
Capacitive They are easy to integrate into small, low-power and, low-cost devices. However, they are
more difficult to operate than the optical ones (wet and/or warm fingers).
Ultrasound They are not ready for mass-market applications yet. However, they are more capable of
penetrating dirt than the other ones, and are not subject to some of the image-dissolution
problems found in larger optical devices.
Face Photo-camera Nowadays almost all the mobile phones have a photo-camera, enabling face recognition
applications. They provide high resolutions and quality.
Video-camera A sequence of images alleviates some problems, such as face detection and offers more
possibilities. Although they were expensive some decades ago, currently it is possible to
acquire cheap webcams. They produce smaller resolutions than photo-cameras. Thus,
theoretically, the user should be closer to the camera than using a photo-camera, in order
to obtain the same resolution.
Speech Microphone The telephone system provides a ubiquitous network of sensors for acquiring speech
signals. Even for non-telephone applications, sound cards and microphones are low-cost,
easy-to-operate, and readily available.
Iris Kiosk-based systems The camera searches for eye position. They are the most expensive ones and the easier to
operate.
Physical access devices The device requires some user effort: a camera is mounted behind a mirror. The user must
locate the image of his eye within a 1-inch by 1-inch square surface on the mirror.
Desktop cameras The user must look into a hole and look at a ring illuminated inside. These equipments
are the cheapest ones, but they have proven fairly difficult for some users, who are unable
to be enrolled on the system.
Retina Retina-scanner A relative large and specialized device is required. It must be specifically designed for
retina imaging. Image acquisition is not a trivial matter.
Signature Ball The system recognizes the signature analyzing its shape. This kind of recognition is
pen+paper+scanner/camera known as off-line, while the other ones are on-line.
Graphics tablet It acquires the signature in real time. Some devices can acquire: position in x and y-axis,
pressure applied by the pen, azimuth and altitude angles of the pen with respect to the
tablet (see Fig. 11). It is very difficult to replicate the dynamic information (pressure,
azimuth, altitude, etc.) for each digitized signature point. Thus, it is safer than the previous
one.
PDA Stylus operated PDAs are also possible. They are becoming more popular, so there are
some potential applications.
Hand-geometry Hand-scanning device Commercial devices consist of a covered metal surface, with some pegs for ensuring the
correct hand position. A series of cameras acquire three dimensional (3D) images of the
back and the sides of the hand. Obviously they are not general purpose devices (you
cannot use them for another matter), and the price is high.
Conventional scanner Some research groups at universities have developed systems based on images acquired by
a conventional document scanner. Thus, the cost is reduced, but the acquisition time is at
least 15 seconds per image. They just provide the hand profile, but it is possible to take
advantage of the palmprint.
Conventional camera Some research groups at universities have developed systems based on images acquired by
conventional cameras. Using some bricolage it is possible to obtain a 3D image. They
are faster than the previous acquisition method, and do not suffer the problem of
palm-print flattening.
Palm-print Document scanner Although there are not commercial applications, some research groups at universities have
developed systems based on images acquired by a conventional document scanner.
Resolution must be higher than for hand-geometry, which implies larger acquisition times.
Keystroke Keyboard Although not used habitually, standard keyboards can measure how long keys are held
down and duration between key instances, which is enough for recognition.
IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALSFAUNDEZ-ZANUY 19
Fig. 4. Examples of biometric traits.
How does a Biometric System Work? to present the required biometric feature (for example
an Iris system can fail to enroll the iris of a blind eye),
Usually biometric systems require two consecutive those unable to produce an image of sufficient quality
steps. at enrolment, as well as those unable to reproduce
Enrollment: In a similar fashion as humans do, their biometric feature consistently (the system cannot
the system needs a learning procedure, before being reliably match their template in attempts to confirm
able to recognize (it is obviously hard to recognize that the enrollment is usable).
a person that has not been seen before). The Recognition: Once the user is enrolled, the
purpose of enrollment is to have users characteristics system can work in identification or verification
registered for later use. The procedure consists of the mode, using the block diagram shown in Fig. 3,
following steps. and the systematic explained in previous sections
a) The input signal is acquired (block 1 in Fig. 3) (one-to-many comparisons for identification, and
by means of a biometric scanner. If possible, the one-to-one for verification using the claimed identity
quality of the sensed signal is checked. If it is below a by the user).
threshold, a new acquisition is performed. Each technology presents differences. For this
b) Some measurements are extracted from this reason, a short summary of the most successful ones
signal (block 2 in Fig. 3) by means of digital signal is included.
processing.
c) Measured parameters of previous step are used Face
to work out a model for the given user. Some times,
the whole set of extracted features are stored, and Face recognition is probably the most natural
used as model. This model will be compared with the way to perform a biometric authentication between
features extracted from input signals on recognition human beings. Face recognition can rely on single
mode. still images, multiple still images, or video sequence.
The proportion of individuals for whom the system Although traditionally most efforts have been devoted
is unable to generate repeatable templates is defined as to the former one, the latest ones are quickly emerging
failure to enroll (FTE) rate. FTE includes those unable [15], probably due to the reduction of price in
20 IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALS
Fig. 5. Some commercial biometric scanners.
image and video acquisition devices. For instance, Obviously, it can also be applied to other biometric
a sequence of images can provide a unimodal data traits. However, a video camera lets us easily obtain a
fusion scheme, where the verification relies on a set consecutive sequence of images in a short time period.
of images, rather than on a single one. Fig. 6 shows For fingerprints, for instance, it would not have too
an example where each test consists of a single still much sense, and it would be time consuming, to ask
image (on the left) and the best match of five still the user for five consecutive acquisitions.
images. We can observe an improvement on the FRR
with a minor degradation on FAR (FRR plot shifts to Fingerprint
the right in larger amount than FAR, yielding more
separation between plots and less critical trade-off Fingerprint recognition looks at the patterns
for threshold setting up). This is similar to the PIN found on a fingertip. Several algorithms exist.
keystroke on ATM cashiers, where three attempts are Interested readers can find more details in [7]. The
offered. This strategy avoids inconveniences for users, use of fingerprints as a biometric is both the oldest
with a negligible degradation on PIN vulnerability. mode of computer-aided recognition, and the most
IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALSFAUNDEZ-ZANUY 21
Fig. 8. Block diagram for 2D hand-geometry recognition.
22 IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALS
Fig. 11. Illustration of possible failure to acquire problems for
some users.
Fig. 10. User interaction with a desktop iris camera. a measure that help you to achieve the required
distance (see Fig. 10).
using palm-prints, some experiments have been Some users, such as eastern people, experiment
performed at universities using this information alone, problems with iris scanners because the eyelid can
and combined with hand-geometry for improved occlude the iris. In this case, some manual actuation
accuracy. must be done in order to remove the occlusion (see
Fig. 11).
Fig. 12 shows an image of an eye and the detected
Iris
iris and pupil (using the Hough transform). The
Iris recognition offers a very high capability to occlusion caused by the eyelid is evident. Thus, some
distinguish between individuals, even between the iris portions cannot be used.
users left and right eyes. It has been estimated that Feature extraction provides an iris code, which is
the probability that two irises would be identical by normally produced by a 2-D Gabor filter. An iris code
random chance is approximately 1035 [18]. It is even can be regarded as a point of the vertices of a logical
higher than fingerprints. However, it is difficult to unit square in the complex plane. Interested readers
use. Especially when using the lowest cost devices. can find more details in [19].
Fig. 10 shows the user interaction with the system for
a desktop camera, with the help of a measure. The Signature
distance between user and camera must be around half
a meter. Then, the user must center his eye in order to Signature is probably the most accepted method
see a ring inside the camera aperture. Some systems for recognition. We frequently use it when signing
provide a spot of light: when the light fills up the credit card receipts, checks, etc. In addition,
circle, it means that the user is at the correct distance. biometrics presents a serious drawback when
If the light is larger than the circle, he/she is too close. compared with classical methods of passwords and
If the light does not fill the circle completely, this tokens (while it is possible to obtain a new card
means that he/she is too far. Other cameras provide a number, it is not possible to replace any biometric
luminous circle that turns, for instance, from orange data, which should last forever) [11]. However,
to green when the user is properly set. These last signature is an exception, because users can change
systems are more complicated to operate, because you their signature. Although, theoretically, a person could
just receive binary information: correct/incorrect, but learn to sign in exactly the same manner as another
you do not know the correct movement to perform. In person, in practice, it is very difficult to replicate the
addition, you should show a naked eye, so in most dynamic information (pressure, azimuth, altitude, etc.,
of the cases (depending on shadows and reflexes) see Fig. 13) for each digitized signature point (pixel),
you must take your glasses off, and perhaps to use which cannot be ascertained from examining a written
Fig. 12. Example of iris detection on the left and associated feature extraction on the right.
IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALSFAUNDEZ-ZANUY 23
TABLE III restricted to high-level government, military, and
Comparison of Different Biometric Technologies corrections applications.
(L = Low, M = Medium, H = High)
Table III compares some properties of different
Characteristic Face Fingerprint Speech Hand Iris Signature biometric technologies. It is interesting to observe
that nobody can claim that a given technology
Ease of use M/H H H H L/M H
outperforms the other ones for all the aspects.
Accuracy M H M M H M/L
Acceptability H M H M/H L/M H
Table IV summarizes the main weaknesses and critical
Security M H M M H M/L situations for each technology.
Permanence M H M/L M/H H M/L Another important issue is the accuracy of each
technology. For this purpose, it is more reliable to
look at the figures of well-established competitions,
where a group of universities and private companies
evaluate their own technology using a common
database. This makes feasible the direct comparison
between competing algorithms and lets us provide a
realistic number about the state-of-the-art for those
evaluated technologies. However, we must take
into account that, in general, each experiment has a
different set of users, so it is not possible to compare
the verification errors of a same population, using
different technologies. It is just an approach of each
technology.
Fig. 13. Azimuth and inclination angles of the pen with respect Table V summarizes the results of some studies,
to plane of graphic card. such as FVRT (Face Recognition Vendor Test) [21],
CESG (Communications Electronics Security Group)
signature or by observing a person signing. For a [22], FVC (Fingerprint Verification Competition)
more complete description of signature recognition, [23] and NIST (National Institute of Standard
you can read [20]. Technologies) [24], and SVC (Signature Verification
Competition) [25]. This table is an update of [26]. A
nice property of CESG evaluation is that all the results
Retina have been obtained with the same set of 200 users.
This technology involves analyzing the layer
of blood vessels situated at the back of the eye. VI. SECURITY AND PRIVACY
For this purpose, a low-intensity light source must
enter through the pupil. It is extremely accurate, but A nice property of biometric security systems
requires the user to look into a receptacle and focus is that security level is almost equal for all users
on a given point. Thus, although it works well, it in a system. This is not true for other security
has not been accepted by users, and applications are technologies. For instance, in an access control based
TABLE IV
Drawbacks of Main Biometric Systems
Fingerprint Certain users do not have fingerprints (elder people, some Asian populations, manual workers with
acid, cement, etc.).
Some fingerprint scanners cannot acquire fingerprints that are too oily, dry, wet, warm, etc.
Iris Eye trauma is rarely present, but still possible. Although this system is quite robust, it is not popular
nor the sensors are widely-introduced.
Voice Illness can modify the voice (cold, flu, aphonia, etc.).
Acquisition devices and environments can vary significantly, for instance in mobile phone access.
This degrades the recognition rates.
Hand geometry Weight increases or decreases, injuries, swelling, water retention, etc. can make recognition impossible.
Some users can be unable to locate the hand correctly due to paralysis, arthrosis, etc.
24 IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALS
TABLE V
Verification Error Rate Pairs Chosen from Results of Benchmark Testing for Several Biometrics and from Different Tests
Hand CESG 200 users, mainly age > 25 1 3% 0.3% 0.0% 0.0%
CESG 200 users, mainly age > 25 3 1% 0.15% 0.0% 0.0%
Iris CESG 200 users, mainly age > 25 1 2% 0.0001% 0.5% 0.0%
CESG 200 users, mainly age > 25 3 0.25% 0.0001% 0.5% 0.0%
Note: FRR = false rejection rate, FAR = false acceptance rate, FTE = failure to enroll rate, FTA = failure to acquire rate.
IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALSFAUNDEZ-ZANUY 25
[15] Zhou, S. K. [22] Mansfield, T., Kelly, G., Chandler, D., and Kane, J.
Face recognition using more than one still image: What is Biometric product testing final report.
more? Available online: http://www.cesg.gov.uk/site/ast/
In A. Z. Li, et al. (Eds.) Lecture Notes In Computer biometrics/media/BiometricTestReportpt1.pdf, Mar. 2001.
Science LNCS 3338, Sinobiometrics. [23] Maio, D., Maltoni, D., Capelli, R., Wayman, J. L., and Jain,
New York: Springer Verlag, 2004, 212223. A. K.
[16] Faundez-Zanuy, M., and Monte, E. FVC2000: Fingerprint verification competition.
State-of-the-art in speaker recognition. IEEE Transactions on Pattern Analysis Machine
IEEE Aerospace and Electronic Systems Magazine, 20, 5 Intelligence, 24 (Mar. 2002), 402412.
(May 2005), 712. [24] Martin, A., and Przybocki, M.
[17] Faundez-Zanuy, M., and Navarro-Merida, G. M. The NIST 1999 speaker recognition evaluation: An
Biometric identification by means of hand geometry and overview.
a neural net classifier. Digital Signal Processing, 10, 13 (2000), 118.
Lecture Notes in Computer Science LNCS 3512, [25] Yeung, D., Chang, H., Xiong, Y., George, S., Kashi, R.,
IWANN05, June 2005, 11721179. Matsumoto, T., and Rigoll, G.
[18] Hallian, P. W. SVC2004: First international signature verification
Recognizing human eyes. competition.
Geometric Methods Computer Vision, 1570 (1991), Lecture Notes on Computer Science LNCS-3072.
214216. New York: Springer Verlag, 2004, 1622.
[19] Zhang, D. D. [26] OGorman, L.
Automated Biometrics, Technologies and Systems. Comparing passwords, tokens and biometrics for user
Boston: Kluwer Academic Publishers, 2000. authentication.
[20] Faundez-Zanuy, M. Proceedings of the IEEE, 91, 12 (Dec. 2003), 20212040.
State-of-the-art in signature recognition. [27] Faundez-Zanuy, M.
IEEE Aerospace and Electronic Systems Magazine, 20, 7 Biometric recognition: Why not massively adopted yet?
(July 2005), 2832. IEEE Aerospace and Electronic Systems Magazine, 20, 8
[21] Phillips, P. J., Grother, P., Micheals, R. J., Blackburn, D. M., (Aug. 2005), 2528.
Tabassi, E., and Bone, J. M. [28] Faundez-Zanuy, M.
FRVT 2002: Evaluation report. Privacy issues on biometric systems.
Available online: http://www.frvt.org/DLs/FRVT 2002 IEEE Aerospace and Electronic Systems Magazine, 20, 2
Evaluation Report.pdf, Mar. 2003. (Feb. 2005), 1315.
26 IEEE A&E SYSTEMS MAGAZINE VOL. 21, NO. 6 JUNE 2006 PART 3: TUTORIALS