Beruflich Dokumente
Kultur Dokumente
Seminar Report
On
Biometric Authentication
Certificate
Date:
Place: Ahmedabad
ACKNOWLEDGEMENT
Firstly I would also like to thank my Faculty Guide,
Mr. Jigar Patel for her guidelines and knowledge
she gave me. Secondly I would like to thank our
concerned faculty for seminar who guided us for
better presentation in a very nice and
encouraging manner.
INDEX
Introduction…………………………………………………………
.…………….1
Biometric Technologies……………………………………….
…………….5
Iris Recognition………………………………………….
………….6
Fingerprint
technology………………………………………….7
Facial
Recognition………………………………………………….7
Voice Recognition……………………………………….
…………8
Hand
geometry……………………………………………………..9
Biometric
Process…………………………………………………………….
.10
Decision Outcome
Performance…………………………………………………………
..13
Summery…………………………………………………………..
…….15
References………………………………………………………….
…17
Conclusion……………………………………………………………
..18
Introduction
Over the past twenty five years microelectronics,
telecommunications and computer engineering
joined forces to precipitate the information
technology revolution in which intellectual
chores were increasingly alleviated by machines.
At the core of this revolution were advances in
materials science, which led to more powerful
and cheaper semiconductors. Cheap
semiconductors in turn allowed rapid advances
in the production of computers, computer
software, and telecommunications equipment,
which in turn led to steep price declines in each
of these industries.
Individuals, businesses, and governments took
advantage of these dramatic price reductions
and major performance improvements and
purchased incessantly, creating a proliferation of
information technology that has changed the
way businesses and governments operate. In so
doing, society transferred the control of critical
processes to networked computers, computer
software and telecommunications systems. It did
so without a clear plan or concern for securing
these individual IT based systems! It did so
without a sense that someone might use these
security flaws to gain access to the IT systems
for the purpose of creating disruptions, effecting
economic havoc and yes, even causing death
and destruction!
Today a vast array of networked physical and cyber
assets virtually control and sustain the
operation of a nation’s critical infrastructure in
all key sectors: agriculture and food, water,
public health, emergency services, defense
industrial base, telecommunications, energy,
transportation, banking and finance, chemical
industry and hazardous materials, and postal
and shipping. Hundreds of thousands of
computers, servers, routers, switches and cable
have become the nervous system of the critical
infrastructure that is vital to the economy and
security of a nation.
The terrorist attacks around the world have forced
all nations to reexamine their national security
focus and place a priority on protecting the
homeland. They have also forced consideration
of a wide array of unconventional threats,
especially cyber attack against the networked
information technology systems combining to
form a nation’s critical infrastructure.
While society has long recognized that each of
these networked physical and cyber assets
represents an attractive and viable target for
those wishing to illegally acquire information or
gain competitive business advantage, and hence
should be protected, it is now just coming to
grips with the reality that these networked
systems are largely unprotected and represent a
means where by terrorists could inflict great
harm on a nation, it’s citizens and businesses.
For example, consider the consequences if
terrorists gained access to IT systems
controlling a nuclear power plant, a chemical
plant, a mass transit system or an airport.
Equally consider the consequences if they
gained accessed to weapons designs held by a
military contractor or to systems controlling the
operation of a major financial institution. The
consequences would be significant; not only for
the key underlying system but for the nation as
a whole. Just as we need to establish a variety of
defenses at physical access points – airports,
seaports, power generation plants, military
bases, so too must we establish defenses at the
virtual points of access to the controlling IT
systems!
It is clear that securing the networked critical
infrastructure as well as the underlying IT
systems against cyber attack must be a priority
for government. Since many of the underlying IT
systems are in the hands of the private sector,
they too must consider this threat a priority and
work collaboratively with government to realize
an immediate and effective solution! The
challenging question for the IT sector is: How do
we secure this vast critical infrastructure on
which a nation’s economy and security now
rests?
The obvious way is to ensure that the only people
granted access to any of the component systems
are those authorized to do so and that they have
their identity confirmed before access is
permitted. Traditional methods of confirming
authorization and identity when approving
physical and logical access, such as confirming a
valid identification document (ID badge), a
password or both, are no longer sufficient: both
have been shown to be easily compromised
especially when confronted by a formidable,
focused effort to secure these items for future
illicit use.
The clear and convincing solution is to deploy
biometric technology to strengthen and secure
access. This will ensure that all persons granted
access are checked to confirm that they are the
same person that was previously enrolled and
vetted through a controlled security check. It
further mandates a "positive identity
confirmation check" as a prerequisite to anyone
gaining access to and using any component of a
nation’s critical infrastructure, whether that is
log on access, subsequent access to a more
sensitive system component, access to data
records or execution of an application.
While use of biometrics is acknowledged as the
solution for enabling positive trusted
identification of a person seeking access, the
unique needs posed by a cyber attack initiated
by someone intending to do harm must be
carefully considered when selecting which
biometric(s) and how they are to be used.
Facial Recognition
A facial recognition device is one that
views an image or video of a person
and compares it to one that is in the
database. It does this by comparing
structure, shape and proportions of
the face; distance between the eyes,
nose, mouth and jaw; upper outlines
of the eye sockets; the sides of the
mouth; location of the nose and eyes;
and the area surrounding the check
bones.
Upon enrolment in a facial
recognition program, several pictures
are taken of the subject at different
angles and with different facial
expressions. At time of verification
and identification the subject stands
in front of the camera for a few
seconds, and then the image is
compared to those that have been
previously recorded.
To prevent a subject from using a
picture or mask when being scanned
in a facial recognition program, some
security measures have been put into
place. When the user is being
scanned, they may be asked to blink,
smile or nod their head. Another
security feature would be the use of
facial thermography to record the
heat in the face.
The main facial recognition methods
are: feature analysis, neural network,
Some facial recognition software algorithms
identify faces by extracting features from an
image of a subject's face.
Other algorithmsnormalize a gallery of face
images and then compress the face data, only
saving the data in the image that can be used
for facial recognition. A probe image is then
compared with the face data.
A fairly new method on the market is three-
dimensional facial recognition. This method
uses 3-D sensors to capture information about
the shape of a face. This information is then
used to identify distinctive features on the face,
such as the contour of eye sockets, nose and
chin.
The advantages of 3-D facial recognition are that it
is not affected by changes in lighting, and it can
identify a face from a variety of angles,
including profile view.
Another new technique in facial recognition uses
the visual details of the skin, as captured in
standard digital or scanned images. This
technique is called skin texture analysis, turns
the unique lines, patterns, and spots apparent in
a person's skin into a mathematical space.
Preliminary tests have shown that using skin
texture analysis in facial recognition can
increase performance in identification by 20 to
25 percent.
The benefits of facial recognition are that it is not
intrusive, can be done from a distance even
without the user being aware they are being
scanned. (i.e.: bank or government office)
What sets apart facial recognition from other
biometric techniques is that it can be used for
surveillance purposes; as in searching for
wanted criminals, suspected terrorists, and
missing children. Facial recognition can be done
from far away so with no contact with the
subject so they are unaware they are being
scanned.
Facial recognition is most beneficial to use for
facial authentication than for identification
purposes, as it is too easy for someone to alter
their face, features with a disguise or mask, etc.
Environment is also a consideration as well as
subject motion and focus on the camera.
Facial recognition, when used in combination with
another biometric method, can improve
verification and identification results
dramatically.
Voice Recognition
A Voice Recognition voiceprint is a
spectrogram. A spectrogram is
a graph that shows a sound's
frequency on the vertical axis
and time on the horizontal axis.
Different speech creates
different shapes on the graph.
Spectrograms also use colour or
shades of grey to represent the
acoustical qualities of sound.
All of our voices are uniquely
different (including twins) and
cannot be exactly duplicated.
Speech is made up of two
components.
A physiological component
(the voice tract) and
a behaviouralcomponent (the
accent)
Some companies use voice
recognition so that people can
gain access to information
without being physically
present, like in a phone call.
Unfortunately people can
bypass this system by using a
pre recorded voice from an
authorized person. That's why
some systems will use several
randomly chosen voice
passwords or use general
voiceprints instead prints of
specific words.
A Voice Recognition voiceprint is a spectrogram. A
spectrogram is a graph that shows a sound's
frequency on the vertical axis and time on the
horizontal axis. Different speech creates
different shapes on the graph. Spectrograms
also use colour or shades of grey to represent
the acoustical qualities of sound.
All of our voices are uniquely different (including
twins) and cannot be exactly duplicated. Speech
is made up of two components.
Aphysiological component (the voice tract) and
a behavioural component (the accent)
Some companies use voice recognition so that
people can gain access to information without
being physically present, like in a phone call.
Unfortunately people can bypass this system by
using a pre recorded voice from an authorized
person. That's why some systems will use
several randomly chosen voice passwords or use
general voiceprints instead prints of specific
words.
The voiceprint generated upon enrolment is
characterised by the vocal tract and a cold does
not affect the vocal tract. Only extreme vocal
conditions such as laryngitis will prevent the
system from proper voice recognition.
During enrolment, the user is prompted to repeat a
short phrase or a sequence of numbers. Voice
recognition can utilize various audio capture
devices (microphones, telephones and PC
microphones). The performance of voice
recognition systems may vary depending on the
quality of the audio signal. Random words and
phrases are used so that no unauthorized use is
suspected.
The benefits of voice recognition are that it can
use existing telephone systems, it can be
automated and used with speech recognition
and that it has a low perceived invasiveness.
The weakness of the system is a high false non-
matching rate.
Speech recognition is the computing task of
validating a user's claimed identity by using
characteristics extracted from their voice.
Speaker recognition uses the acoustic features
of speech that are different in all of us. These
acoustic patterns reflect both anatomy (size and
shape of mouth & throat) and learned behaviour
patterns (voice pitch & speaking style),
If a speaker claims to be of a certain identity and
their speech is used to verify this claim. This is
called verification or authentication.
Identification is the task of determining an
unknown speaker's identity.
Speech recognition can be divided into two
methods. Text dependent and text independent
methods. Text dependent relies on a person
saying a pre determined phrase whereas text
independent can be any text or phrase. The
methods can easily be deceived by someone
playing a pre recorded phrase of a person who is
authorized.
A speech recognition system has two phases.
Enrolment and verification. During enrolment,
the speaker's voice is recorded and typically a
number of features are extracted to form a voice
print, template or model.
In the verification phase, a speech sample or
utterance is compared against a previously
created voiceprint. For identification systems,
the utterance is compared against multiple
voiceprints in order to determine the best match
or matches, while verification systems compare
an utterance against a single voiceprint.
Because of this process, verification is faster
than identification.
Voice / speech recognition systems are mostly used
for telephone based applications. Voice
verification is used in government offices,
healthcare, call centres, financial services and
customer authentication for service calls.
To find the best solution for voice and speech
recognition systems, please check out our
sponsors below.
Hand geometry
person's hand/palm and finger are
unique however not as unique as
their fingerprints or irises, for this
reason, businesses and schools
like to use hand
scanner and finger
reader biometrics technology, to
authenticate but not identify its
users.
Authentication is a one-to-one
comparison; it compares your
characteristic with your stored
information. Identification, on the
other hand, is a one-to-many
comparison. In this way, some
people may find it less intrusive.
Hand scanner and
finger reader recognition
systems measure and analyze the
overall structure, shape and
proportions of the hand, e.g.
length, width and thickness of
hand, fingers and joints;
characteristics of the skin surface
such as creases and ridges.
The hand and finger scanner/reader
devices still maintain accuracy
even when hands are dirty, which
are good in construction areas;
and also have the ability to work
under extreme temperatures
ranging from negative 30 to 150
degrees F.
The scanner uses this information to determine the
length, width, thickness and curvature of your
hand or finger, knuckle shape, distance between
joints and bone structure and translucency. It
translates that information into a numerical
template.
Hand scanners and Finger readers are great in
controlling access instead of key or card passes.
Hand and fingers cannot be forgotten or lost for
someone to steal and gain access to your
facility.
The benefits of hand and finger recognition are
many. It is easy to use and non-intrusive; a
small amount of data is required to identify the
users so more templates can be easily stored in
one stand alone devise; low failure to enrol
rates.
Hand and finger scanner recognition systems are
best used for verification due to less accurate
detection compared to fingerprint detection and
can be more expensive than these devices. Some
drawbacks, Minor injuries to hands may occur,
and weight fluctuations can prevent the device
from working properly. Sometimes systems
need to be updated regularly to accommodate
these changes.
Hand and finger readers are generally optical,
although they may incorporate other reader
technologies such as capacitive sensors also
used in a "liveness" test. Other technologies
include ultrasound, and thermal imaging. In this
respect hand and finger readers are similar to
fingerprint readers.
Some palm and finger scanners have the capability
of capturing 10-print fingerprints, as well as
palm prints. Low resolution hand and finger
readers (generally less than 100 dpi) can
effectively only record principal lines and
wrinkles. High resolution hand and finger
readers (generally greater than 400 dpi) are able
to record point features and minutiae.
Some hand and finger recognition systems scan
the entire hand and fingers, while others allow
the hand and finger images to be segmented in
order to improve performance and reliability. In
general terms, reliability and accuracy is
improved by searching smaller data sets.
Hand and finger biometrics systems are the most
widely used scanning devices and are used for
time & attendance, and access to restricted
areas and buildings. They exist in apartment
buildings, offices, airports, day care centres,
hospitals and immigration facilities.
Introduction (personal identification using biometrics)
Biometric identifiers (required properties for a biometric
measure)
sco re
A pp l ic a tio n d ec isio n
DATA AQUISITION
The data acquisition module contains the input
device or sensor that reads the biometric
information from the user. It is the link between
the physical domain and the logical domain.
In order to recognise a user successfully, the
sampled biometric characteristic must be similar
to the user’s reference template to which it is
compared. This imposes requirements on the
data collection sensor, and may impose training
requirements for the users. All sensors in a
given system must be similar enough that a
feature collected by one sensor will closely
match the same feature collected at other
sensors – and also that collected during
enrolment – so that the user can be recognized
at any location.
Depending on the biometric technology being
used, environmental conditions such as lighting,
background noise, weather, can impact on the
performance of the data acquisition module.
FEATURE EXTRACTION
The feature extraction module receives the raw
biometric data from the data acquisition module
and extracts the distinguishing features from
the raw data, transforming it into the form
required for storage and matching. Even for the
same biometric characteristic, there are various
ways of extracting the distinguishing features.
These are often proprietory.
This module may perform a quality analysis of the
raw data to determine if it is satisfactory for
use. If the data fails the quality test, the user
may need to supply the biometric characteristic
again.
The raw biometric data may be pre-processed prior
to the feature extraction to remove noise or to
be normalised in some way.
Typically, it is not possible to reconstruct the raw
data from the extracted features.
Some biometric systems compare raw data, in
which case this module is not required.
MATCHING MODULE
The matching module receives the processed data
from the feature extraction system and
compares it with the biometric template from
the storage module. The matching module has a
key role in the biometric architecture.
The matching module measures the similarity of
the claimant sample with a enrolled template.
Each comparison yields a score, which is a
numeric value indicating how closely the sample
and the template match. There are different
methods for computing the score and some
typical examples are: distance metrics,
probabilistic measures, and neural network-
based methods.
STORAGE MODULE
The storage module maintains the reference
templates for enrolled users. It may contain a
single template for each user or thousands of
templates depending on the system architecture
or intended use.
The template may be physically stored in
physically protected storage within the
biometrics device, a conventional database on a
computer, or in a portable token such as a
smartcard.
Collateral information, such as name, identification
number, etc, binding the owner to his/her
reference template may also be stored together
with the reference template.
DECISION OUTCOMES
A ge
Performance
The following are used as performance metrics for
biometric systems: false accept rate or false match
rate (FAR or FMR) – the probability that the system
incorrectly matches the input pattern to a non-
matching template in the database. It measures the
percent of invalid inputs which are incorrectly
accepted. false reject rate or false non-match rate
(FRR or FNMR) – the probability that the system fails
to detects a match between the input pattern and a
matching template in the database. It measures the
percent of valid inputs which are incorrectly rejected.
receiver operating characteristic or relative operating
characteristic (ROC) – The ROC plot is a visual
charactization of the trade-off between the FAR and
the FRR.
In general, the matching algorithm performs a decision
based on a threshold which determines how close to a
template the input needs to be for it to be considred a
match. If the threshold is reduced, there will be less
false non-matches but more false accepts.
Correspondingly, a higher threshold will reduce the
FAR but increase the FRR. A common variation is the
Detection error trade-off (DET), which is obtained
using normal deviate scales on both axes. This more
linear graph illuminates the differences for higher
performances (rarer errors). equal error rate or
crossover error rate (EER or CER) – the rate at which
both accept and reject errors are equal.
The value of the ERR can be easily obtained from the
ROC curve. The ERR is a quick way to compare the
accuarcy of devices with differnt ROC curves. In
general, the device with the lowest ERR is most
accurate. Obtained from the ROC plot by taking the
point where FAR and FRR have the same value. The
lower the EER, the more accurate the system is
considered to be. failure to enroll rate (FTE or FER) –
the rate at which attempts to create a template from
an input is unsuccessful. This is most commonly
caused by low quality inputs. failure to capture rate
(FTC) – Within automatic systems, the probability that
the system fails to detect a biometric input when
presented correctly. template capacity – the maximum
number of sets of data which can be stored in the
system.. As the sensitivity of the biometric device
increaes, the FAR decreases but the FRR increases.
References
www.oberthurusa.com/pns-sc-sc101-gloss.asp
http://en.wikipedia.org/wiki/Biometrics
http://www.thefreedictionary.com/biometric+id
entification
http://www.webopedia.com/TERM/B/biometrics.h
tml
http://biometrics.cse.msu.edu/fingerprint.html
http://onin.com/fp/fphistory.html
http://eprints.eemcs.utwente.nl/1569/
www.hitl.washington.edu/scivw/EVE/IV.Definition
s.html
http://www.education.uiowa.edu/icater/at_glossa
ry.htm
www.angelfire.com/anime3/internet/communicati
ons.htm
http://www.the-write-
words.net/lexiques/lexique_v.html
http://searchsecurity.techtarget.com/sDefinition/
0,,sid14_gci946211,00.html
http://www.thenakedscientists.com/html/columni
sts/dalyacolumn8.htm
http://www.bergen.org/EST/Year5/DNA_finger.ht
m
http://en.wikipedia.org/wiki/Genetic_fingerprinti
ng
http://ctl.ncsc.dni.us/biomet
%20web/BMRetinal.html
Conclusion
Biometric measures of one kind or another have been
used to identify people since ancient times, with
handwritten signatures, facial features, and
fingerprints being the traditional methods. Systems
have been built that automate the task of recognition,
using these methods and newer ones, such as hand
geometry, voiceprints, and iris patterns.
These systems have different strengths and weaknesses.
In automatic operation, most have error rates of the
order of 1% (though iris recognition is better, hand
geometry slightly better, and face recognition worse).
There is always a trade-off between the false accept
rate (the fraud rate) and the false reject rate (the
insult rate). The statistics of error rates are deceptively
difficult.
If any biometric becomes very widely used, there is
increased risk of forgery in unattended operation:
voice synthesizers, photographs of irises, fingerprint
molds, and even good old-fashioned forged signatures
must all be thought of in system design.
These do not rule out the use of biometrics, as traditional
methods such as handwritten signatures are usable in
practice despite very high error rates. Biometrics are
usually more powerful in attended operation, where,
with good system design, the relative strengths and
weaknesses of the human guard and the machine
recognition system may complement one another.
Finally, many biometric systems achieve most or all of
their result by deterring criminals rather than being
effective at identifying them.