BIOMETRIC DEVICES

By: Chris Miller

COSC 356 001 Dr. Oblitey

 Table of Contents

Introduction……………………...…… ………….………………………………..3

Comparing Biometric Devices… ………………………………………………….3

Physiological Based Devices……………………………………………………...5

Behavioral Based Devices...………………………………………………………..6

Focusing On Facial Recognition…………………………………………………...8

Future Advances….………………………………………………………………..9

Conclusion………………………………………………………………………...10

Appendix…………………………………………………………………………..11

Bibliography……………………………………………………………………....12
 INTRODUCTION

Biometric devices are defined as the study of methods for uniquely recognizing humans

based upon one or more intrinsic physical or behavioral traits. In computing terms it refers to

the ability for a computer to uniquely identify a person based upon uniquely identifiable

physical or behavioral traits of humans. It is in general considered to be the most secure form of

authentication available to date. There exist at present several different types of biometric

devices each with its pros and cons. The focus in today’s world has shifted from trying to find a

perfect type to device to focusing on perfecting facial recognition systems which have become

somewhat the standard in real world applications, they are already in place in many different

locations, such as amusement parks, high security areas, and it was also used in a large scale in

the superbowl for the past several years. This paper will attempt to cover the most popular

types of biometric devices and explain their strengths and weaknesses compared to each other.

COMPARING BIOMETRIC DEVICES

When comparing biometric devices it is important to decide and have an agreed upon

standard as to what a biometric device needs to do, the following listed items are all goals of

biometric devices, when comparing upon them we will have a better understanding of each

device individually.

◦ Universality – Does Each Person Have It?

◦ Uniqueness – Is It Unique Per individual?

 ◦ Permanence – Does It Have Lasting Power?

◦ Collectability – Is It Measured Easily?

◦ Performance – Is The Device Accurate, Fast?

The previous categories are somewhat self explanatory, but I will give some minor details

regarding them. An absolute necessity to measuring authenticity in biometric devices is

uniqueness, without uniqueness the ability to authenticate is completely compromised. The

other attributes are also very important, however they seem to be where different devices vary,

and all biometric devices generally have uniqueness. There are also several other areas in which

comparison of biometric devices is made easier if a standard exist, these include:

◦ Accuracy

◦ Reliability(Causes of Errors)

◦ False Positives

◦ False Negatives

◦ Ease Of Use

◦ Cost

These also are rather self explanatory with the expectation of false positive and false negative. A

false positive is how easy a fake user can impersonate a real user. While a false negative is how

often a real user is denied access. All of these areas of error can be very problematic in a real

life implementation of any biometric security system.

There are several different types of biometric devices, these include:

◦ Fingerprints
 ◦ Face Recognition

◦ Iris Recognition

◦ Retinal Recognition

◦ Hand Geometry

◦ Keystrokes

◦ Voice (could also be classified as a physiological characteristic, however recently

it is more focused on how one speaks to uniquely identify, thus making it

behavioral based)

Physiological Based Devices

I will begin by discussing fingerprint scanners; they are very good at identifying a unique

individual because a fingerprint is very unique to each person. Some factors that may contribute

to a false positive or a false negative reading include: age, dirt, and cosmetics, such as band-

aids. There has also been some controversy as to the ability for someone to obtain a fingerprint

from someone and fraudulently use it to authenticate themselves. These concerns are largely

eliminated with more expensive systems, because they have sensors capable of detecting blood

flow in a finger, thus making fake (non-fingers) and severed fingers fail to be read even if the

print is intact. In general, the rate of errors while using a fingerprint scanner is 1 in 500+. Which

makes them relatively good compared to other devices. Facial recognition is the use of a

camera, or sensor to uniquely identify ones face. They in general are moving away from simply

matching a face to a stored face in a database, which was easy to be fool if a person had grown

a beard, or shaved their face. This also gives the ability to recognize a face without a full view of
the face, or a side view. There are still a few things that could throw off a facial recognition

system which include lighting. More in-depth details on facial recognition system will be

discussed later. Iris scanners authenticate a user by reading the surface of one’s iris. The iris of a

person is considered to be nearly as unique as a fingerprint, with 200 plus points of comparison.

They in general are fairly hard to fool, with an acceptance rate of nearly 1 – 131,000. Which is a

very good number compared to other biometric devices. The iris scan itself is capable of a false

reading only a few things, which include lighting, and glasses. Retinal scanners are similar to iris

scanners, however they read the layer of the blood vessels behind the eye. They are considered

to be highly effective. A major improvement over iris scanners is that retinal scanners are

capable of authenticating those who are blind, or those who have lack of pigment in there iris.

They are however, considered less convenient then iris scanners because of their invasive

nature. They by nature of how the device works require the person who is being authenticated

to be very close to the device itself, which scares some people. In general however, they are

hard to fool, and have an error rate of only 1 in 1,000,000, which is exceptional among all

biometric devices. Hand geometry is one of the first types of biometric devices, given its age,

advancements have made comparable in effectiveness to other biometric devices, however

there are still causes for error. These include age, and hand injury, and well as jewelry and band-

aids. All in all, the rate of spoofing a hand geometry device is relatively low, and the error rate is

1 in 500, making it somewhat similar to fingerprint scanners prior to their implementation of

blood flow sensors being imbedded in fingerprint scanners.

BEHAVORIAL BASED DEVICES

The previously mentioned biometric devices are all what would be considered
physiological based devices. They are all based upon intrinsic traits that a particular person

themselves has. There is an additional broad category of biometric devices based upon

behavioral traits of human beings; these include keystrokes, and voice recognition. These types

of biometric devices are less common, and in some instances more expensive and difficult to

implement given the added complexities involved in authenticated a user, because information

must be thoroughly analyzed, and not just matched to a previously stored template. Key stroke

biometric devices authenticate a user based on the rhythmic typing patterns used by

individuals. These include time it which it takes for an individual to type a most of the time

secret password. It may also include in some more expensive models the ability of sensing hand

placement on the keyboard. Given the fact that a secret password is also required, the keystroke

analyzer is considered relatively secure, and however it is not very frequently implemented.

Some weaknesses to the devices include fatigue and injury, all of which would alter the way one

types a passphrase. Voice recognition is considered a behavioral based biometric device

because typically in the advancements of biometric devices the focus of voice recognition is on

how a person speaks, and not what they say. Thus, these devices often measure pauses,

accents, as well as what the person says. The fact that the said statement is often unknown, and

it acts like a password offers some additional security to this device; however it is not

considered to be a very secure method of authentication. Typically, these types of biometric

devices are used for server or PC which only have a few authenticated users. The cost of these

types of devices varies, but it is in general a relatively expensive system to implement. Many

outside factors contribute to the devices not being very secure, which include weather, and

background noise. The focus of future advancements seems to be focusing on eliminating or at

least lessening the effects of outside noises on such devices.

FOCUSING ON FACIAL RECOGNITION

As previously mentioned, I would address facial recognition systems with further detail

given their increasing popularity. Today the world of biometric research is focusing on perfecting

and implementing wide scale facial recognition systems. From systems which are used today

such as law enforcement systems and border/immigration control the field of facial recognition

biometrics is expanding to include wide-spread large scale identification of suspects or specific

people, even in a large crowded room. The type of technology that completes this type of task is

currently in use by the military, but still has a large number of false positives and false negatives

when attempting to match a known face. Things such as wearing mask, sunglasses and making

gestures are enough to obstruct some of the poorer models. In many test cases these devices

proved to only have a 60-70% success rate. The company Facelt is becoming a popular

manufacturer of facial recognition systems. Currently they have a system which can distinguish

a face to a high degree of accuracy using the distance and shape of certain facial “landmarks”

including the distance between the eyes, width of the nose, depth of the eye socket. Ect.

Future advances in the area of facial recognition look promising, the focus appears to be

shifting from traditional 2D “image mapping” to 3D facial recognition. By measuring the face in

a 3D model, the image cannot be interfered by light, and is capable of profiling a face from a

complete 90 degree angle. There are also recognition software devices that are using the

texture of skin in identifying subjects that are currently being researched. The company Identix

has developed a scanner that in test results was capable of identifying between identical twins.
This type of recognition has focused on eventually implementing facial texture analysis in

conjunction with another form of facial recognition to help eliminate the number of false

readings. These systems are currently capable of identifying even through glasses and

beard/mustache growth. However they are incapable of recognizing a face because of

sunglasses, and lighting/resolution issues that are working to be resolved currently.

In conclusion it appears as though the majority of scientist and researchers have

concluded that the shift to facial recognition biometric security devices has shifted so that this

agreed upon standard will be used in everyday modern life during such activities like using a

passport, and withdrawing money from an ATM without a pin number.

FUTURE ADVANCES

The future of biometrics appears to be very bright; however there appear to be some

major concerns. The majority of concerns focus around privacy. The question remains, who, if

anyone can be trusted with vital personal information from millions of people that is who can

be the trust anchor for distributing this information, and do so in a way that is a impossible as

possible to intercept. Given this problem some new forms of encryption information need to be

developed. In addition to this privacy concern, there is also the privacy concern regarding the

possible misuse of personal information. It needs to be determined if someone with bad

intentions could use the information regarding your facial configuration for example what can

they do with it, and what additional security measures can be put into place to guarantee that

the person is who they say they are.

There are some future technological advances that are expected in the near future. A

large project undertaken by the U.S. government is to create some form of biometric passport
device, something that will aid in the tracking of immigrants to this country, not so much the

actions of U.S. citizens, this of course will only been known as time passes, and may cause other

security issues itself. There are some additional consciences about how biometric devices such

as facial recognition can be implemented widespread, but be able to encapsulate all, if at worst

well of 95% of people are able to be authenticated through a device, or a combination of

devices. This includes coming up with more additional ways to authenticate people with facial

deformities, identical twins, and perhaps make the facial recognition system even easier to use,

so that there is little if any use time for the device, thus keeping the public using the device

happy.

CONCLUSION

In conclusion, it can be seen from this paper that there are many different types of

biometric devices, each of which have positive and negative attributes about them. These

devices include the more popular choices like fingerprint scanners and facial recognition

systems, as well as less common, older systems, like hand geometry and keystroke sensors. It

can be seen that facial recognition appears to be the upcoming standard; however it still has its

problems, which are in the process of being solved. The future of biometrics looks promising;

however it will not be without challenges. There are major privacy concerns about who should

have access to vital very private data, regardless if this data is useful on its own or not.

Regardless of the advances however, it appears as though traditional problems like encrypting

data will still need to be address, and advanced. There will need to be some additional

concentrations on implementing this type of authentication for all people, which proves to be a
very difficult task, given the wide range of person body appearances.

APPENDIX
 BIBLIOGRAPHY

Bonsor, Kevin (2007). How Facial Recognition System Works. Retrieved 11 11, 2008, from
HowStuffWorks Web site: http://electronics.howstuffworks.com/facial-recognition.htm

Rathka, N.K. Enhancing security and privacy in biometrics-based authentication systems.

Retrieved 11 11, 2008, from IBM Research Journal Web site:
http://researchweb.watson.ibm.com/journal/sj/403/ratha.html