Biometricmodalities robinson

Page 1

The Application of Biometrics in User Authentication and Access Control Systems Maura Robinson MBA, MSHFID 175 Forest St. Waltham, MA robinso_maur@bentley.edu (508)740-6910

ABSTRACT

Biometric identification is the process of verifying the user of a system through recognizing a physical or behavioral characteristic or trait. The purpose of the following writing is to provide an overview of biometric technology as it relates to authentication and access control. Using industry research and expert findings, this paper illustrates the definition of biometrics, its various modalities, current and future uses of the technology, and the benefits and limitations associated with using a biometric based system. This writing intends to emphasize the role that biometrics is projected to play in future user authentication and access control systems across the areas of government, law enforcement and commerce. Biometric technology will continue to grow within the field of HCI as the need for more efficient security processes increases. Author Keywords

Biometrics, Modalities, Biometric System, User Authentication, Access Control, Security, Verification ACM Classification Keywords

H.5.m. Information interfaces and presentation (e.g., HCI): Miscellaneous INTRODUCTION

Biometric recognition is fast becoming the leading technological vehicle for user authentication and access control due to the improved security results and convenience it provides. The following writing delivers an overview of biometric technology in the context of user identification. It will cover the definition of biometrics, its various modalities, current

and future applications of the technology, and the benefits and limitations associated with the implementation of a biometric based authentication and access control system. WHAT ARE BIOMETRICS?

The literal meaning of the word “biometric” is life measurement. [1] A biometric is a physical or behavioral characteristic that differs between individuals and can be appropriated as a unique identifier for the user of a system. Systems that employ biometrics operate in one of two modes: identification and verification. Through identification mode, a system recognizes an individual by searching through the templates of all users in a database until a match is identified. [2] In verification mode, a user claims an identity by inputting information such as a username or pin number. The system then compares this data with the individual’s template that is stored in the system, with the purpose of identifying whether or not the claim is true. [3] Verification mode is used primarily for positive recognition systems with the intention of preventing multiple users from assuming the same identity. Identification mode is commonly used in negative recognition systems, with the objective of preventing a single user from assuming multiple identities. [4] Categories of Biometrics

Biometrics can be broken into two sub categories: physiological characteristics, and behavioral characteristics. [5]Physiological characteristics encompass any bodily traits existing in a user’s physical anatomy. These traits include: ear and facial recognition, ocular recognition, fingerprint scan, palm print recognition, vein patterns, odor recognition and DNA matching. [6] Behavioral traits are comprised of developmental nuances that individuals have formed


over time. These characteristics include: gait, signature, typing patterns, and voice recognition. [7] Each of these modalities will be explored in greater detail later in this writing. Biometric Criteria

In order to qualify as a valid biometric trait, a characteristic must meet a certain criteria in order to ensure its efficiency. The first stipulation is that the trait must be universal, meaning that every potential user comprises this same characteristic.[8] The second requirement is distinctiveness, ensuring that the trait varies enough among individuals to be a reliable differentiator.[9]The third specification is that the trait must be permanent and resistant to age and variance over time. [10]The final condition is that the attribute must be measurable, and quantifiable in order to secure collectable results. [11] There are a few additional criteria to ensure that a biometric feature is a suitable choice for a system. These requirements are developed on the basis of designing an efficient and scalable interface. These standards include: Performance, referring to the accuracy, speed, and robustness of technology used; Acceptability, referencing the degree of approval of a technology, and finally; Circumvention of spoofing, gauging the degree of difficulty in developing a substitute. [12] MODALITIES OF BIOMETRIC TECHNOLOGY

Biometric technology has several vehicles for application through multiple modalities. As mentioned earlier, these modalities are broken down into two overarching categories; Physical and Behavioral. Each modality has unique benefits and drawbacks and should be considered on the basis of its application in a system.[13] In the following paragraphs, each existing modality will be explored. Physical Modalities Finger Print Recognition

Physical modalities were some of the first relied upon methods for human identification, beginning with the collection of fingerprints to identify criminals in the 19th century. [14] Today, the fingerprint scan is the most commonly used modality in biometric technology. [15] Fingerprint scanning is the collection of physical attributes of the formation of skin tissue on the pad of a user’s finger. Each human has a structure containing ridges and valleys of dermal tissue on his or her finger tip that serve as a unique identifier. [16]

Each finger also bears an emblematic fingerprint.[17] For this reason, fingerprints for multiple digits are captured to ensure higher integrity data. Fingerprint data can be captured through multiple methods including optical, capacitive, and ultrasound. [18] One drawback to the fingerprint scanning modality is that it sometimes violates the essential biometric validity criteria, specifically permanence and universality, as some users may not have fingerprints due to genetic disorders, or acquire a large number of cuts on their fingers due to occupational implications that constantly change the makeup of the fingerprint. [19] Palm Recognition

Palm recognition is a related modality. This technique involves the capture of the physical attributes of a user’s hand, once again collecting information on the unique formation of the dermal tissue. Palm prints are considered even more distinctive than fingerprints due to the larger surface area. [20] Palm prints can be captured by way of a low to medium resolution hand scanner. Ear Recognition

Ear recognition is one of the least conventional modalities for biometric identification. Through this modality identifiers are determined by measuring prominent areas of cartilage from a center point on the ear. [21] This geometric pattern is recorded and matched using identification mode systems. [22]The ear recognition modality is still the subject of exploratory research, as the distinctiveness of individual ear features is not definitive. [23] Facial Recognition

Facial recognition records either; the physical shape and spatial layout of facial features including the nose, eyes, eyebrows, chin, and lips; or a complete image of the face of a user. [24] In some instances, a weighted combination of the two is applied in order to identify matches. [25] The face of a user can also be analyzed using a thermogram, which detects the heat radiated by the body using infrared imaging. [26] The facial recognition modality sometimes encounters difficulty obtaining images that meet specifications in order for a system to accurately identify a user, for example, obtaining the appropriate lighting and angle, or detecting a face in a larger background. Facial Recognition offers many benefits to the user due to the noninvasive nature of the technique. [27]


Vein Recognition

Body Odor Recognition

Vein patterns can be detected through this infrared technology as well. In this modality, the vein structure of a user’s hand can be discerned by way of infrared sensors that scan the back of the user’s fist to detect heat in order to develop a comprehensive image of the user’s unique vein structure. [28] Although a highly distinctive attribute, the cost of the thermograms that enable this technology is very high, forfending the widespread use of this modality.

Body odor recognition is a technique through which a user’s distinct body odor is captured and analyzed using odor sensing instruments. [34] These odor sensing instruments are comprised of chemical sensors, each designed to detect a group of aromatic compounds as a scent travels over them through the air. [35] The system records the combination of chemical compounds that combine to create an individual's scent in order to confirm a user’s identity. [36] The effectiveness of this unconventional modality remains up for debate because several factors can influence an individual’s scent including deodorants and perfumes. [37]

Ocular Recognition

Ocular recognition is a modality that has had a pervasive history in popular culture, most notably from the neo nior science fiction blockbuster, Minority Report. In the film, Tom Cruise plays a fugitive who requires an eye transplant while on the run as not to be identified by the futuristic machines used by the authorities to verify citizens. In today’s biometric practice, there are multiple forms of ocular recognition. Two of the most major areas of analysis focus on the retina, and the iris. Retinal recognition, also referred to as retinography, works through the process of identifying blood vessel patterns that exist in the center of the retina. [29] This data is collected through shining a low intensity infrared scanner directly into a user’s pupil while he or she remains in a static position and focuses on a fixed object. These cameras generally capture up to one hundred data points from one scan. [30] Although this modality is highly accurate, it is not a reliable form of identification for all users over time, as there several diseases including retinopathy, macular degeneration, and glaucoma , that can weather the blood vessels of the retina, thus altering the structure of veins. [31] Iris recognition captures the patterns of the fibrous and vascular tissue that comprises a user’s iris. This includes striations, rings, pits, freckles, furrows and corona, but not does include color as a factor to determine identity. [32] Systems that employ this modality use tiny infrared cameras to capture a black and white, high contrast, high resolution image of the iris. The infrared quality in combination with high contrast properties capture patterns for users with every eye color, even those irises with no distinguishable pattern in visible light. [33] The system then analyzes the photo based on the spatial qualities of the distinctive features of the eye in order to verify identity.

DNA Recognition

DNA matching is a modality that presents several challenges, however is becoming increasingly applied due to its accuracy. It is the ultimate identifier of a user, as DNA contains the genetic code of human beings. [38] There are several downsides that pertain to this modality including the ease of which DNA could be unknowingly stolen from a user. It is also expensive, and requires a longer processing time than other modalities. DNA should be considered for systems that require the strictest security precautions.[39] DNA concludes the list of physical biometric modalities that will be discussed in this paper. Behavioral modalities are another form of biometric identification. Behavioral characteristics relate to minutiae that exist in a user’s behavioral tendencies. The following paragraphs will describe emerging forms of behavioral modalities in biometric technology. Behavioral Modalities Gait Recognition

Gait recognition is used to identify a user based on the idiosyncratic nuances of a person’s walk. Walking motions vary based on several factors including muscular limits, joint conditions and other physical factors. [40] Gait based modalities capture data using video sequence footage, and are used primarily in lowsecurity conditions. [41] Signature Recognition

Signature analysis is one of the oldest, and most popular biometric modalities; having been used as a form of personal verification for hundreds of years across multiple industries. An example of this would be a signature on a contract or a check. Today this data


can be recorded in various ways, but most commonly using a touch pad with a utensil to inscribe the signature. [42] DSV, dynamic signature verification, is a tool used to monitor several components of a signature including speed, pressure and stroke order. [43] One of the biggest pitfalls of this modality is that signature varies in each consecutive impression a user creates, and can be influenced factors including emotional state and physical restriction. [44]A signature can also be easily duplicated by a forger to gain access to a system. These two problem areas make it one of least secure modalities for user identification. Typing Recognition

Typing recognition, also referred to as keystroke dynamics, captures a user’s original style of typing on a keyboard. The typing pattern is usually recorded using keystroke logging. Although this modality is not proven to be the most highly differentiating characteristics of a user, it does lend sufficient enough data to verify an identity in low security systems. [45] Voice Recognition

Voice recognition is the final modality of the behavioral identifiers discussed in this paper, although it is often considered a hybrid of both physiological and behavioral biometrics. [46] A user’s voice is determined by a combination of physical factors that aid in the coalescence of sound. These aspects including the formation of attributes such as the vocal tract, the mouth, nasal cavities, and lips. [47] Behavioral attributes also play a role in forming a user’s voice, for example emotional state, use of products such as cigarettes, and aging over time. [48]The distinctiveness of voice per user is not the most reliable attribute, however it is ideal for many interfaces, specifically phone based systems. [49] BIOMETRIC SYSTEMS

APPLICATIONS

IN

CURRENT

Biometric modalities are presently used in multiple industries that rely on secure systems to protect access to sensitive information including government, law enforcement, and commerce. Government functions that currently employ biometric systems include border control, national ID matching, passport matching, driver’s license, and welfare-disbursement. [50] Biometric systems in law enforcement focus around forensic applications such as terrorist identification, corpse identification, paternity testing, and criminal investigation. [51]. Biometric implementations for commercial use include access

control, credit card verification, electronic data security and network login. [52] As technology develops and the risk of security breaching becomes increasingly larger, biometric systems hold much potential to gain popularity due to the ability to improve security while offering convenience to users. BIOMETRIC SYSTEMS

APPLICATIONS

IN

FUTURE

There is much information circulating about interfaces that could benefit from the implementation of biometric technology in the future. One of the biggest emerging industries that stands to gain from biometric security measures is internet privacy and cyber security. With more data moving to cloud based technology, cyber security is a large concern in regards to data privacy and protection. Biometrics in the modalities of fingerprint recognition, iris scanning, and facial recognition could replace the traditional use of passwords or pin numbers. [53] Biometric technology can also be applied to securing commercial products such as motorcycles and vehicles. New technology is emerging from Australia that allows users of motorcycles to start their bike using a fingerprint scan that is linked directly to the ignition. [54] This allows for keyless entry, as well as guarantees that the owner will be the only user of the motorcycle. [55] This biometric technology could easily be applied to other forms of transportation, specifically automobiles. Airport security is also an area that stands to be greatly influenced by biometric technology in the future. Kingsford Smith International Airport in Sydney Australia has recently embarked on initiatives to run trails for SmartGate technology, a biometric system that would allow self-service for incoming airplane travelers. [56] The system would work in a two-step process, first verifying whether or not a user is qualified to use the system, and then employing facial recognition technology to verify a user’s identity and process the user’s passport and customs transactions. [57]This biometric system is designed to upgrade processes in the airport by improving efficiency, while also enhancing the quality of security. Disease control is another way biometric technology could be applied to create benefits in the future. Biometric screenings of travelers entering from areas with high rates of infectious diseases could serve as a means of determining entry into a country, and help limit the dispersion of the infection.


Future Modalities

There are also several emerging modalities that are being developed in biometric fields, and will be applied in the biometric systems of the future. Heartbeat recognition is a modality that records the electrocardiogram, abbreviated to ECG of a user. This detects a user’s distinctive heart beat pattern as a means of identification. [58] Gesture recognition captures a user’s body movements and translate them into a mathematical pattern. This modality is recorded using a camera vision field similar to the technology used in gait recognition. Finally, lip recognition verifies a user’s identity based on the finer points of an individual’s lip movements, while also factoring in the user’s lip shape. [59] As technology improves and the need for strengthened security measures continues to grow, biometric technology will become more and more pervasive in systems from government to commerce. Jim Demitrieus, Chief Executive Officer of EyeLock Inc and industry expert, spoke at a Cyber Security conference held in Washington D.C. this past June. In his speech he stated, “The future belongs to biometrics; we cannot keep relying on these tried and failed methods. Biometrics is experiencing tremendous growth and will play an integral role in changing the way consumers interact and authenticate their identities across their trusted digital networks from banking to healthcare.” [60] POSITIVE IMPLICATIONS TECHNOLOGY

OF

BIOMETRIC

There are many benefits to using a system that utilizes biometric technology. First, biometric traits cannot be stolen, borrowed, or lost. They are naturally occurring, innate characteristics of a user. [61] Second, biometric authentications are more difficult to duplicate or forge and offer greater security than a password, badge, or code could provide. [62] Third, biometric characteristics are exclusive to a single user and cannot be shared or borrowed. The sole user must be there for the transaction in order to offer up the data. [63] Fourth, biometric authentication can eradicate the use of a password or security card, improving convenience for the user. [64] Finally, biometric systems are in general very durable, and highly inextricable in the event of an attacks of brute force. [65] NEGATIVE IMPLICATIONS TECHNOLOGY

OF

BIOMETRIC

Despite the benefits provided by using biometric based technology, there are several areas for improvement to be considered. One drawback is non-universality, meaning that although all users are expected to exhibit a biometric trait, there is always a possibility that a particular user group will not possess the exact feature needed to initiate the system. [66] Another limitation is the risk of a mismatch of data due to a user’s improper interaction with the system. This occurs when the data gathered from the user during the verification process is different from the data recorded in the template. [67] Depending on the modality used, this could cause severe issues to arise, for example if the user was upset or nervous during the template voice recognition recording, causing the voice to be altered, and thus incorrectly represented in the system. [68] Noise sensed data is another drawback in the application of biometric technology. This occurs when the data collected from a user is distorted due to either a physical in discrepancy on the part of the user or a misfiring of machinery such as a sensor that has accumulated dirt and is not working properly. [69] These conditions can cause the data to be matched incorrectly or falsely rejected. The degree of distinctiveness could also be a cause for concern when using biometric technology. [70] Although this factor is heavily considered in the selection and validation of a biometric trait, it is possible that there may be inter-class similarities that limit the uniqueness of a trait. [71] This can cause identity confusion if used with a large sample group where the likelihood of similarity is increased. [72] The final limitation discussed in this paper is the risk of spoof attacks when implementing biometric technology. A fraud may attempt to access a user’s identity by mimicking a behavior trait such as gait or verbal tendency. [73] It is also probable that an imposter may create a prosthetic physical trait such as fingerprint in order to thwart a system. [74] These are a few negative possibilities to take into account when considering a biometric technology system. CONCLUSION

Biometric technology will continue to grow as security needs call for more efficient systems and authentication protocols. There are many benefits


provided to both the organizations and their users that decide to employ biometric technology as the primary form user identification and access control. As technology improves, many of the drawbacks of biometric implementation will be remedied. Biometric identification will continue to be adopted in the field of HCI, eventually replacing the current authentication actions such as passwords and pin numbers. REFERENCES

1. Biometrics Institute. "Types of Biometrics." · About Biometrics · Biometrics Institute. Biometrics Institute, 2011. Web. 06 Dec.2014. <http://www.biometricsinstitute.org/pages/types-ofbiometrics.html>. [38, 39] 2. Find Biometrics. "White House Event Focuses on Cyber Security and Biometrics." RSS 20. Global Identity Management, June 2014. Web. 07 Dec. 2014. <http://findbiometrics.com/white-house-eventfocuses-on-cyber-security-and-biometrics/>. [60]

3. Jain, A.k., A. Ross, and S. Prabhakar. "An Introduction to Biometric Recognition." IEEE Transactions on Circuits and Systems for Video Technology 14.1 (2004): 4-20. Web. [2-4,8-13,17,2028,31,33,41-46, 52, 61-65, 68-74] 4. Trader, John. "The Future of Biometrics." Web log post. M2Sys. N.p., 7 Nov. 2014. Web. 7 Dec. 2014. <http://blog.m2sys.com/category/future-ofbiometrics/>. [53-59] 5. Vallone, Peter. “DNA as a Biometric.” Biometric Consortium Conference. Tampa, FL. 27 September, 2011. Biochemical Science Division Speaker PowerPoint Presentation. [5] 6. Wilson, Chuck. Vein Pattern Recognition: A Privacy-enhancing Biometric. Boca Raton: Taylor & Francis, 2010. Print [1,6,7, 14-16,18,19,29,30,32,3437, 40,47-51, 66,67]


Turn static files into dynamic content formats.

Create a flipbook
Issuu converts static files into: digital portfolios, online yearbooks, online catalogs, digital photo albums and more. Sign up and create your flipbook.