2. Introduction
• Biometrics are automated methods of
recognizing a person based on a
• Physiological or
• Behavioral characteristic.
• The features measured are face,
fingerprints, hand geometry, handwriting,
iris, retinal, vein, and voice.
Dr. C. Saravanan, NIT Durgapur,
India
9. Need
• Security breaches and transaction fraud
increases.
• Biometric technologies are becoming the
foundation of an extensive array of highly
secure identification and personal
verification solutions.
• Confidential financial transactions and
Personal data privacy.
Dr. C. Saravanan, NIT Durgapur,
India
10. Applications
• Biometric-based authentication
applications include
• workstation, network, and domain access,
• single sign-on, application logon,
• data protection,
• remote access to resources,
• transaction security and Web security.
Dr. C. Saravanan, NIT Durgapur,
India
11. Basic Image Operations
• Enhancement
• Filter
• Edge Detection
• Localisation
• Smoothning
• Sharpning
• Thresholding
Dr. C. Saravanan, NIT Durgapur,
India
12. Enhancement
• A process of enhancing the visual quality
of images due to nonideal image
acquisition process (e.g., poor illumination,
coarse quantization etc.)
• No reference (original) image is available
for comparison
• Human vision system (HVS) is the
JUDGE.
Dr. C. Saravanan, NIT Durgapur,
India
14. Technique Types
• Point operations
• Histogram Equalization
• Unsharp masking
• Homomorphic filtering
Dr. C. Saravanan, NIT Durgapur,
India
15. Point operations
• Point operations are zero-memory
operations where a given gray level
x∈[0,L] is mapped to another gray level
y∈[0,L] according to a transformation.
• Based only on the intensity of single
pixels.
• Linear
• Applications - Contrast Enhancement /
Feature Enhancement
Dr. C. Saravanan, NIT Durgapur,
India
17. Important point operations
• Image negatives
• Contrast stretching
• Gray-level slicing
• Bit-plane slicing
Dr. C. Saravanan, NIT Durgapur,
India
18. Image negatives
• The transformation is very simple :
s=T(r)
T(r)=(L-1)-r
L is the number of gray levels.
The result of this transformation is that low
intensities are made high and vice versa.
Dr. C. Saravanan, NIT Durgapur,
India
20. Contrast stretching
• Contrast stretching (often called
normalization) attempts to improve the
contrast in an image by “stretching” the
range of intensity values to a desired
range of values.
Pout=(Pin-c)((b-a)/(d-c)) + a
8-bit graylevel images the lower and upper
limits might be 0 and 255, a & b, lowest
and highest pixel values currently present
in the image c & d.
Dr. C. Saravanan, NIT Durgapur,
India
22. Gray-level slicing
• Give a high value for all the gray-levels in
the specified range and a very low value
for all the other gray-levels.
Bit-plane slicing
• The intensity of each pixel of an image is
defined by several bits - highest order bits
are dominant.
Dr. C. Saravanan, NIT Durgapur,
India
24. Histogram Equalisation
• A histogram with a small spread has low
contrast
• A histogram with a wide spread has high
contrast
• An image with its histogram clustered at
the low end of the range corresponds to a
dark image
Dr. C. Saravanan, NIT Durgapur,
India
25. Histogram Equalisation steps
1. Find the running sum of the histogram values
2. Normalize the values from step 1 by dividing by
the total number of pixels
3. Multiply the values from step 2 by the maximum
gray level value and round to the closest integer
4. Map the gray level values to the results from
step 3 using a one-to-one correspondence
Dr. C. Saravanan, NIT Durgapur,
India
26. Histogram Example
Step 1:
Gray level Number of pixels Running Sum
value (Histogram values)
0 10 10
1 8 10+8=18
2 9 10+8+9=27
3 2 29
4 14 43
5 1 44
6 5 49
7 2 51
Dr. C. Saravanan, NIT Durgapur,
India
27. Example continues ...
Step 2: Normalizing by dividing by the total
number of pixels (51) we get 10/51, 18/51,
27/51, 29/51, 43/51, 44/51, 49/51, 51/51
Step 3: Multiply by the maximum gray level
value (7) and round we obtain 1, 2, 4, 4, 6,
6, 7, 7
Step 4: Map the original value to the results
from step 3
Dr. C. Saravanan, NIT Durgapur,
India
31. Homomorphic filter
• Simultaneously normalizes the brightness
across an image and increases contrast.
• To make the illumination of an image more even,
the high-frequency components are increased
and low-frequency components are decreased,
because the high-frequency components are
assumed to represent mostly the reflectance in
the scene (the amount of light reflected off the
object in the scene), whereas the low-frequency
components are assumed to represent mostly
the illumination in the scene.
Dr. C. Saravanan, NIT Durgapur,
India
33. Frequency Domain Methods
• Compute Fourier Transform of the image
to be enhanced.
• Multiply the result by a filter
• Take the inverse transform to produce the
enhanced image
• Will diminish camera noise, spurious pixel
values, missing pixel values etc.
Dr. C. Saravanan, NIT Durgapur,
India
37. Neighbourhood Averaging
• Smooth Image F(x,y) = Average pixel
value in a neighbourhood of I(x,y)
• For example, 3 x 3 neighbourhood
• Each pixel value is multiplied by 1/9
• Sum of 9 pixel value is the output
Dr. C. Saravanan, NIT Durgapur,
India
39. Edge Preserving
• Also called Median Filtering
• Median of the neighbourhood pixel values
• More like neighbours
• Edges are preserved
Dr. C. Saravanan, NIT Durgapur,
India
41. Image Sharpening
• Human perception is highly sensitive to
edges and fine details of an image, and
since they are composed primarily by high
frequency components, the visual quality
of an image can be enormously degraded
if the high frequencies are attenuated or
completed removed.
Dr. C. Saravanan, NIT Durgapur,
India
42. Sharpening
• In contrast, enhancing the high-frequency
components of an image leads to an
improvement in the visual quality.
• Image sharpening is widely used in
printing and photographic industries for
increasing the local contrast and
sharpening the images.
• Enhance detail that has been blurred.
Dr. C. Saravanan, NIT Durgapur,
India
44. Edge Detection
• Identifying and Locating sharp
discontinuities in an image.
• Discontinuities are abrupt changes in pixel
intensity.
• Sobel operator / filter
• Canny edge operator
Dr. C. Saravanan, NIT Durgapur,
India
48. Canny Edge Operator
1. Smoothing: Blurring of the image to remove noise.
2. Finding gradients: The edges should be marked where
the gradients of the image has large magnitudes.
3. Non-maximum suppression: Only local maxima should
be marked as edges.
4. Thresholding: Potential edges are determined by
thresholding.
5. Edge tracking by hysteresis: Final edges are
determined by suppressing all edges that are not
connected to a very certain (strong) edge.
Dr. C. Saravanan, NIT Durgapur,
India
52. Finding gradients
• Finds edges where the grayscale intensity
of the image changes the most.
• These areas are found by determining
gradients of the image
• Gradients at each pixel in the smoothed
image are determined by applying Sobel-
operator
Dr. C. Saravanan, NIT Durgapur,
India
53. Non-maximum suppression
• Convert the blurred edges in the image of the
gradient magnitudes to “sharp” edges.
• This is done by preserving all local maxima in
the gradient image, and deleting everything else.
1343
3465
6754
4532
Dr. C. Saravanan, NIT Durgapur,
India
54. Thresholding
• The edge-pixels remaining will probably be
true edges in the image.
• But some may be caused by noise or color
variations.
• Discern between these would be to use a
threshold.
• The Canny edge detection algorithm uses
double thresholding, Strong and Weak.
Dr. C. Saravanan, NIT Durgapur,
India
56. Edge Tracking by Hysteresis
• Strong edges are included in the final
edge image.
• Weak edges are included if and only if
they are connected to strong edges.
Dr. C. Saravanan, NIT Durgapur,
India
57. Biometric Identification
• Biometric identification compares a
biometric "signature" to all the records
stored in a database to determine if there
is a match (1 : N).
• Because it requires comparing each
existing record in the database against the
new biometric characteristic, it can be slow
and is usually not suitable for real-time
applications such as access control or
time and attendance.
Dr. C. Saravanan, NIT Durgapur,
India
58. Biometric Identification
• Biometric identification used most
frequently in such applications as law
enforcement — for instance, the
comparison of a fingerprint from a crime
scene to a database of prints collected
from convicted criminals.
Dr. C. Saravanan, NIT Durgapur,
India
59. Biometric Verification
• Biometric verification compares a newly-
scanned biometric characteristic to a
measurement previously collected from
that same person to verify that individual's
identity (1 : 1).
• For instance, when an employee is hired,
that employee's fingerprint will be enrolled
into the company's biometric time and
attendance system.
Dr. C. Saravanan, NIT Durgapur,
India
60. FAR
False Acceptance Rate (FAR)
• is the measure of the likelihood that the
biometric security system will incorrectly
accept an access attempt by an
unauthorized user.
• is stated as the ratio of the number of false
acceptances divided by the number of
identification attempts.
Dr. C. Saravanan, NIT Durgapur,
India
61. FRR
False Recognition Rate (FRR)
• is the measure of the likelihood that the
biometric security system will incorrectly
reject an access attempt by an authorized
user.
• is stated as the ratio of the number of false
rejections divided by the number of
identification attempts.
Dr. C. Saravanan, NIT Durgapur,
India
63. Matching Score Distribution
• A matching algorithm was defined as an
algorithm that make a decision about genuine or
impostor nature of a comparison between two
templates.
• In the first step an Evaluation Algorithm assigns
a similarity score to the comparison. That
similarity score is a value on the range (0..1) and
as higher be the score value more similar the
images.
• The second step decides if the comparison is
genuine or impostor using a frontier threshold or
decision threshold (DT).
Dr. C. Saravanan, NIT Durgapur,
India
64. Receiver Operating Characteristic
(ROC)
• accepted method for summarizing the
performance of imperfect pattern matching
systems.
• parametrically as a function of the decision
threshold,
• the rate of “false positives” on the x-axis
• the rate of “true positives” on the y-axis
• ROC curves are threshold independent
Dr. C. Saravanan, NIT Durgapur,
India
66. Detection Error Trade-off (DET)
• modified ROC curve
• plots error rates on both axes
• giving uniform treatment to both types of
error
• distinguishes different wellperforming
systems more clearly
Dr. C. Saravanan, NIT Durgapur,
India
68. Expected Overall Error
gi TFNMRTFMRTE )()()(
• Expected overall error takes into account the
possibility of different FM and FNM and is given
as
where,
T=threshold
pi=probability of a random user being an imposter.
pg=probability of a random user being genuine.
Dr. C. Saravanan, NIT Durgapur,
India
69. Equal Error Rate (EER)
• EER is the value where FMR and FNMR
are equal.
• Lower be the EER the lower error rate of
the algorithm.
• Select the EER score value as Decision
Threshold (DT) is frequently a good
decision for a regular biometric
application.
Dr. C. Saravanan, NIT Durgapur,
India
70. Myths & Misrepresentations
• Biometric “X” is best for all applications
• Biometric “X” is unique for each individual
• A single number quantifies system
accuracy
• System is “plug and play”
• Real accuracy performance can be
predicted
Dr. C. Saravanan, NIT Durgapur,
India
71. • The vendors reporting best FAR and FRR
has the “most accurate system”
• Multiple biometrics outperform single
biometrics
• “Our biometric system does not use a
decision threshold”
• “Our feature extractor can be used with
any match engine”
• Large templates mean better accuracy
• Face recognition prevents terrorism
Dr. C. Saravanan, NIT Durgapur,
India
72. • Biometrics means 100 percent security
• Biometric systems invade our privacy
• Biometric sensors are unhygienic or
otherwise harmful
Dr. C. Saravanan, NIT Durgapur,
India
73. Biometric System Design Issues
• System Architecture
– Centralised / Distributed Server
– Client Computer
– Device at User End
• Hardware & Software Implementation
– Sample Acquitision
– User Interface
– Biometric Processing Components
Dr. C. Saravanan, NIT Durgapur,
India
74. BSD Issues (continues...)
– Communication Channels
– Database Design
– Interoperability
• Administration Policy
– Integrity of Enrolment
– Quality of Enrolment Samples
– System Configuration
– Exception Handling
– Privacy Measures
Dr. C. Saravanan, NIT Durgapur,
India
75. Biometric System Security
• Includes IT Security
• Earlier related financial
• At present, Passports, Visas, etc.
– Biometric Security Evaluation
– Biometric Transaction Security
– Protection of Biometric Data
Dr. C. Saravanan, NIT Durgapur,
India
76. Authentication Protocol
• is a type of cryptographic protocol with the purpose of
authenticating entities wishing to communicate securely.
• AKA, CAVE-based_authentication, Challenge-
handshake authentication protocol (CHAP), CRAM-MD5
Diameter, Digest, Extensible Authentication Protocol
(EAP), Host Identity Protocol (HIP), Kerberos, MS-CHAP,
LAN Manager, NTLM, Password-authenticated key
agreement protocols, Password Authentication Protocol
(PAP), Protected Extensible Authentication Protocol
(PEAP), Protocol for Carrying Authentication for Network
Access (PANA), RADIUS, Secure Remote Password
protocol (SRP), TACACS and TACACS+, RFID-
Authentication Protocols, Woo Lam 92 (protocol)
Dr. C. Saravanan, NIT Durgapur,
India
77. Kerberos
• MIT developed Kerberos
• Kerberos (or Cerberus - Greek monstrous
three-headed guard dog)
• Works on the basis of 'tickets' to allow
nodes communicating over a non-secure
network to prove their identity to one
another in a secure manner.
• Protects against eavesdropping and replay
attacks.
Dr. C. Saravanan, NIT Durgapur,
India
78. Selection of Suitable Biometric
• Ethnic Background
– who will be the users of the biometric system
– education levels and a variety of attitudes
• Employee Education
– technical background of the users.
– higher the technological background less
training required
Dr. C. Saravanan, NIT Durgapur,
India
79. • Frequency of Use
– some biometric systems are more suitable for
high frequency of usage
• User characteristics
– will the users be in a hurry and possibly be a
little bit impatient (public restroom)
Dr. C. Saravanan, NIT Durgapur,
India
80. Biometric Attributes
1. Universal:
Every person must possess the characteristic / attribute.
The attribute must be one that is universal and seldom lost to
accident or disease.
2. Invariance of properties:
They should be constant over a long period of time.
The attribute should not be subject to significant differences based
on age either episodic or chronic disease.
3. Measurability:
The properties should be suitable for capture without waiting time
and must be easy to gather the attribute data passively.
4. Singularity:
Each expression of the attribute must be unique to the individual.
The characteristics should have sufficient unique properties to
distinguish one person from any other.
Dr. C. Saravanan, NIT Durgapur,
India
81. Height, weight, hair and eye color are all attributes that
are unique assuming a particularly precise measure, but
do not offer enough points of differentiation to be useful
for more than categorizing.
5. Acceptance:
The capturing should be possible in a way acceptable to
a large percentage of the population. Excluded are
particularly invasive technologies, i.e. technologies which
require a part of the human body to be taken or which
impair the human body.
6. Reducibility:
The captured data should be capable of being reduced
to a file which is easy to handle.
7. Reliability and tamper-resistance:
The attribute should be impractical to mask or
manipulate. The process should ensure high reliability
and reproducibility.
Dr. C. Saravanan, NIT Durgapur,
India
82. 8. Privacy: The process should not violate
the privacy of the person.
9. Comparable: Should be able to reduce
the attribute to a state that makes it
digitally comparable to others. The less
probabilistic the matching involved, the
more authoritative the identification.
10. Inimitable: The attribute must be
irreproducible by other means. The less
reproducible the attribute, the more likely it
will be authoritative.
Dr. C. Saravanan, NIT Durgapur,
India
83. Zephyr Chart
Dr. C. Saravanan, NIT Durgapur,
India
Zephyr Chart is a navigation aid for pilots designed to display
aviation charts in a format easy to use in the cockpit.
84. Multi Biometrics (MB)
• MB - Reconciliation of Evidence enhances
the recognition accuracy of human
authentication systems.
• Multibiometric systems combine the
information presented by multiple
biometric sensors, algorithms, samples,
units, or traits.
Dr. C. Saravanan, NIT Durgapur,
India
86. MB
• Besides enhancing matching performance,
these systems are expected to
– improve population coverage,
– deter spoofing and
– impart fault tolerance to biometric applications
• Establishes an identity based on who you
are,
– rather than by what you possess, such as an ID card,
– or what you remember, such as a password.
Dr. C. Saravanan, NIT Durgapur,
India
87. Risks with Single Biometric Trait
• Noise in sensed data
• Non-universality
• Upper bound on identification accuracy
• Spoof attacks (voice and signature -
mimic)
• fingerprints can also be spoofed by
inscribing ridge-like structures on synthetic
material such as gelatine and play-doh.
Dr. C. Saravanan, NIT Durgapur,
India
88. Advantages of MB
• If a biometric trait (eg. fingerprint) fails
other trait (eg. voice) aid to authenticate
the person.
• Facilitates the filtering or indexing of
largescale biometric databases. Among
the traits, the simple one may be used for
indexing.
Dr. C. Saravanan, NIT Durgapur,
India
89. • Difficulties has been increased the
spoofing effort. Randomly traits can be
acquired at the time of authentication.
• In case of noise with one traint other trait
could help in authentication.
• Certain traits may not be applicable all the
time, the other traits may be used.
• Highly fault tolerant, because even a trait
fails other traits are available.
Dr. C. Saravanan, NIT Durgapur,
India
90. MB Classifications
• multi-sensor, multi-algorithm,
• multi -instance (left and right index fingers
and left and right irises),
• multi-sample (pose of a face - front, left,
right),
• multi-modal (face and voice) and hybrid.
Dr. C. Saravanan, NIT Durgapur,
India
92. MB Fusion
• Fusion before matching
• Fusion after matching
• Sensor level - multiple sensors - face.
• Feature level - multi features are
consolidated into single feature.
• Score level - generating a single score.
• Rank level - ranking of enrolled identities
• Decision level - access only to the final
recognition decision.
Dr. C. Saravanan, NIT Durgapur,
India
93. Fusion
• Combining different sources of information
for intelligent systems.
• The information are signals delivered by
different sensors and images from various
modalities.
• The fusion concepts and methods gather
tools like weighted average, neural
networks, sub-band filtering, and rules
based knowledge.
Dr. C. Saravanan, NIT Durgapur,
India
94. Fusion Categories
• Multiview - same modality and time -
different places and conditions.
• Multimodal - CT, MRI
• Multitemporal - same scene - different time
• Multifocus - regions based
Dr. C. Saravanan, NIT Durgapur,
India
95. Types of Multisensor Fusion
• Signal-level fusion
• Image-level fusion
• Feature-level fusion
• Symbol-level fusion
Dr. C. Saravanan, NIT Durgapur,
India
96. Fusion Applications
• Intelligent robots
– visual, tactile, force/torque, and other types of sensors
– Stereo camera fusion
• Medical image
– Fusing X-ray computed tomography (CT) and magnetic
resonance (MR) images
• Manufacturing
– Complex machine/device diagnostics
• Military and law enforcement
– Detection, tracking, identification of ocean (air, ground)
target / event
• Remote sensing
97. Image Fusion
• Improves reliability (redundant information)
• Improves capability (complementary info.)
Dr. C. Saravanan, NIT Durgapur,
India
98. IF Techniques
• Pixel values are manipulated to achieve
desired result (SPATIAL Domain).
• Fusion operations are performed on
frequency (TRANSFORM domain).
• Primitive fusion (Averaging Method, Select
Maximum, and Select Minimum),
• Discrete Wavelet transform based fusion,
• Principal component analysis (PCA) based
fusion.
Dr. C. Saravanan, NIT Durgapur,
India
99. • The fusion methods such as averaging, Brovey
method, principal component analysis (PCA)
and Intensity-Hue-Saturation (IHS) based
methods fall under spatial domain approaches.
• Another important spatial domain fusion method
is the high pass filtering based technique.
• The disadvantage of spatial domain approaches
is that they produce spatial distortion in the
fused image.
• Spatial distortion becomes a negative factor
while we go for further processing such as
classification problem
Dr. C. Saravanan, NIT Durgapur,
India
100. IF Methods
• Intensity-hue-saturation (IHS) transform based fusion
• Principal component analysis (PCA) based fusion
• Multi scale transform based fusion:-
– High-pass filtering method
– Pyramid method:-(i) Gaussian pyramid (ii) Laplacian
• Pyramid (iii) Gradient pyramid (iv) Morphological pyramid
– Ratio of low pass pyramid
– Wavelet transforms:- (i) Discrete wavelet transforms (DWT)
(ii) Stationary wavelet transforms (iii) Multiwavelet
transforms
– Curvelet transforms
Dr. C. Saravanan, NIT Durgapur,
India
101. Simple Average
• K (i, j) = {X (i, j) + Y (i, j)}/2
Where X (i , j) and Y ( i, j) are two input
Images
regions of images that are in focus tend to
be of higher pixel intensity
Dr. C. Saravanan, NIT Durgapur,
India
102. Select Maximum
• The value of the pixel P (i, j) of each image
is taken and compared to each other.
• The greatest pixel value is assigned to the
corresponding pixel of the output image.
• This algorithm chooses the in-focus
regions from each input image by
choosing the greatest value for each pixel,
resulting in highly focused output.
Dr. C. Saravanan, NIT Durgapur,
India
103. DWT
• Wavelets can be described by using two
functions viz.
• the scaling function f (t), also known as
“father wavelet” and
• the wavelet function or “mother wavelet”.
Mother wavelet (t)
• undergoes translation and scaling operations to
give self similar wavelet families.
Dr. C. Saravanan, NIT Durgapur,
India
104. • The wavelet transform decomposes the
image into low-high, high-low, high-high
spatial frequency bands at different scales
and the low-low band at the coarsest scale
• The L-L band contains the average image
information whereas the other bands
contain directional information due to
spatial orientation.
Dr. C. Saravanan, NIT Durgapur,
India
105. Dr. C. Saravanan, NIT Durgapur,
India
Higher absolute values of wavelet coefficients in the
high bands correspond to salient features such as
edges or lines.
108. PRINCIPAL COMPONENT
ANALYSIS (PCA)
• Statistical Procedure
• Transforms a number of correlated variables into
a number of linearly uncorrelated variables
called principal components.
• The first principal component accounts for as
much of the variance in the data as possible and
• Each succeeding component accounts for as
much of the remaining variance as possible.
Dr. C. Saravanan, NIT Durgapur,
India
109. Different Names of PCA
• discrete Karhunen–Loève transform (KLT) in signal
processing,
• the Hotelling transform in multivariate quality control,
• Proper Orthogonal Decomposition (POD) in mechanical
engineering,
• Singular Value Decomposition (SVD) of X (Golub and
Van Loan, 1983),
• Eigenvalue Decomposition (EVD) of XTX in linear
algebra,
• Factor Analysis (for a discussion of the differences
between PCA and factor analysis,
Dr. C. Saravanan, NIT Durgapur,
India
110. • Eckart–Young theorem (Harman, 1960), or
Schmidt–Mirsky theorem in sychometrics,
• Empirical Orthogonal Functions (EOF) in
meteorological science,
• Empirical Eigenfunction decomposition (Sirovich,
1987),
• Empirical Component Analysis (Lorenz, 1956),
• Quasiharmonic modes (Brooks et al., 1988),
• Spectral Decomposition in noise and vibration,
and empirical modal analysis in structural
dynamics.
Dr. C. Saravanan, NIT Durgapur,
India
111. Multimodal Biometrics
• Multimodal Biometrics are systems that are
capable of using more than one physiological or
behavioural characteristic for enrolment,
verification or identification.
• will use a combination of the following
recognition technologies, up to three of them, to
compare the identity of a person.
• If one of the technologies fails for any reason,
your system can still use another one or two.
Dr. C. Saravanan, NIT Durgapur,
India
114. Forms of Biometric Identification
• Some forms of behavioural biometric
identification include the following:
– Keystroke or Typing Recognition
– Speaker identification or Recognition
• Some forms of physical biometric
identification include the following:
– Fingerprint – Iris
– Retina – Finger Geometry
– Signature/Handwriting – Voice
– Facial Proportions – Hand Geometry
Dr. C. Saravanan, NIT Durgapur,
India
115. Benefits
• The benefits of multimodal biometrics is
that by using more than one means of
identification, your system can retain a
high threshold recognition setting and your
system administrator can decide the level
of security that is needed.
Dr. C. Saravanan, NIT Durgapur,
India
116. Need
• There is a great need for multimodal biometrics as most
biometric systems used in real applications are
unimodal, which means they rely on only one area of
identification.
• Some examples of these are fingerprints, faces and
voices and these systems are quite vulnerable to many
problems such as noisy data, non-universality and
spoofing.
• This leads to a high false acceptance rate and false
rejection rate, limited discrimination capability, and lack
of permanence.
Dr. C. Saravanan, NIT Durgapur,
India
117. Applications
• Strong Potential:
– Physical access
– Civil ID
– Criminal ID
• Moderate Potential:
– Network/PC access
– Kiosk/ATM
• Modest Potential:
– Retail/POS
– Surveillance
– eCommerce
– telephony
Dr. C. Saravanan, NIT Durgapur,
India
118. Reliability
• Multimodal systems are more reliable because
using many independent biometrics that meet
very high performance requirements and they
counteract the problems listed above.
• They also effectively deter spoofing because it is
near impossible to spoof multiple biometric traits
and the system can request the user to present
random traits that only a live person can do.
Dr. C. Saravanan, NIT Durgapur,
India
119. Biometric System Security
• Most biometric systems will advertise a False
Accept Rate (FAR) and False Reject Rate (FRR)
to characterize the security provided by the
system.
• The FAR tells you how often someone will be
recognized successfully when he/she should not
have been recognized, and the FRR tells you
how often someone who should have been
recognized successfully is not recognized.
Dr. C. Saravanan, NIT Durgapur,
India
120. • The FAR is an upper bound on security.
• The FAR assumes random and real
samples of the biometric characteristic are
presented to the system.
• Attackers don’t have to use random or real
samples; they are much more likely to pick
samples intelligently and achieve a much
higher FAR.
Dr. C. Saravanan, NIT Durgapur,
India
121. • The attacker can do this in two ways.
• First the attacker can use a copy of the biometric
characteristic of a valid user collected by the system to
produce a fake biometric characteristic that will allow
access.
• This attack is called a physical spoof attack and will
allow the attacker to bypass the biometric system.
• This attack is like finding a password written down or
watching a valid user enter a password, copying it, and
using it to gain access to the system.
Dr. C. Saravanan, NIT Durgapur,
India
122. • Second, if the attacker does not have a copy of the
biometric characteristic of a valid user, the attacker can
attempt to create a fake biometric characteristic by
guessing “intelligently” or the attacker can use a
database of real samples of invalid users “intelligently”
instead of randomly.
• As the guesses get better, the attacker will likely bypass
the biometric system in fewer attempts than presenting
random samples.
Dr. C. Saravanan, NIT Durgapur,
India
123. • This is loosely comparable to an attacker
using a dictionary to attack a password
based system rather than randomly going
through all possible passwords of the
proper lengths.
Dr. C. Saravanan, NIT Durgapur,
India
124. Liveness
• For biometric systems, liveness detection
makes both attacks more difficult.
• However, while liveness detection is
improving in biometric systems overall,
many systems employing liveness
detection are still susceptible to physical
spoof attacks.
Dr. C. Saravanan, NIT Durgapur,
India
125. • Rather than attacking using samples of the
biometric characteristic, other attacks on a
biometric system may be possible, such
as cryptographic attacks, network attacks,
operating system attacks, etc.
• All these potential vulnerabilities must be
considered when implementing a biometric
system with the intent of enhancing
system security.
Dr. C. Saravanan, NIT Durgapur,
India
127. Eight Types of Attacks
• Type 1 attack involves presenting a fake
Biometric
– (e.g., finger made from silicon, face mask, lens
including fake iris texture) to the sensor.
• The second type of attack is called a replay
attack,
– because an intercepted biometric (with or without
the cooperation of the genuine user) data is
submitted to the feature extractor, bypassing the
sensor.
Dr. C. Saravanan, NIT Durgapur,
India
128. • In the third type of attack, the feature
extractor module is replaced with a Trojan
horse program
– that functions according to its designer's
specifications
Dr. C. Saravanan, NIT Durgapur,
India
129. • In the fourth type of attack, genuine
feature values are replaced with values
(synthetic or real) selected by the attacker.
• In the fifth type of attack, the matcher is
replaced with a Trojan horse program.
• The attacks on the template database
(e.g., addition, modification, or removal of
templates) constitute the sixth type of
attack.
Dr. C. Saravanan, NIT Durgapur,
India
130. • In the seventh type of attack, the
templates are tampered (stolen, replaced,
or altered)
– in the transmission medium between the
template database and matcher.
• Lastly, the matcher result (accept or reject)
can be overridden by the attacker.
Dr. C. Saravanan, NIT Durgapur,
India
132. Attacks depend on
(i) biometric modality (e.g., it is harder to physically
replicate a retina scan than it is to forge a
signature),
(ii) type of sensor (2D vs. 3D face sensors),
(iii) type of matcher operating on the same
biometric (face matchers based on texture
vs. geometry), and
(iv) the security settings (reflected via False Accept
Rate) of the biometric system.
Dr. C. Saravanan, NIT Durgapur,
India
136. Secure Sytems Properties
(i) accuracy
(ii) rapid
(iii) reliable
(iv) protecting privacy rights
(v) cost effectively
(vi) user-friendly
(vii) minimal changes to the existing
infrastructures
Dr. C. Saravanan, NIT Durgapur,
India
137. Liveness Detection Methods
• Fingerprints
– periodicity of sweat and the sweat diffusion
pattern were used to detect fake fingerprints.
– liveness detection method based on skin
elasticity properties
– The user is asked to deliberately rotate his finger
when removing it from the sensor surface thus
producing considerable skin distortion which is
later used as a fingerprint liveness measure.
Dr. C. Saravanan, NIT Durgapur,
India
138. – An odour sensor (electronic nose) is used to discriminate
the skin odour from that of other materials such as latex,
silicone or gelatine.
• Iris
– the spectrographic properties of different parts of the eye
(tissue, fat, blood, melanin pigment), the coaxial retinal
back reflection (the red eye effect) and
– the four Purkinje reflections caused by each of the four
optical surfaces comprised inside the eye.
– very high quality cameras required.
Dr. C. Saravanan, NIT Durgapur,
India
139. – permanent oscillation that the eye pupil
presents even under uniform lighting
conditions
– measure the pupil response to a sudden
lighting event
– infrared light reflections from the moist
cornea
Dr. C. Saravanan, NIT Durgapur,
India
140. Vulnerabilities of Biometric
Systems
• Administration: Intentional or unintentional
administrative mistakes.
• User: A legitimate user wants to upgrade
his privileges to the administrative level.
• Enrolment: Breaking registration
procedures.
• Spoofing: A fake biometric is used for
authentication as a legitimate user.
Dr. C. Saravanan, NIT Durgapur,
India
141. • Mimicry: Attacker mimics the biometric characteristics of
the legitimate user.
• Undetect: Attacks undetected by the system may
encourage new attacks.
• Fail secure: Result of abnormal utilization conditions of
biometric system or IT environment.
• Bypass: Bypassing biometric system for access. This can
be achieved by surpassing physical barriers, forcing a
legitimate user to present his biometric to the sensor, or by
cooperation of legitimate user.
Dr. C. Saravanan, NIT Durgapur,
India
142. • Corrupt attack – Weakening the system by
making changes in the IT environment or
biometric system. Modification or
replacement of system parameters is an
example.
• Degrade: Certain software in the IT
environment decreases the system’s
security level.
Dr. C. Saravanan, NIT Durgapur,
India
143. • Tamper: Counterfeiting the hardware of
the system.
• Residual: Latent fingerprints may be used
to make artificial fingerprints or accepted
directly by the sensor.
Dr. C. Saravanan, NIT Durgapur,
India
144. • Cryptological attack: Encryption can be broken in data
transmission and this biometric data can be used for
another type of attack (e.g. replay attack).
• Brute force attack: Attacker presents the biometric
characteristic to the system repeatedly in order to be
authenticated.
• This type of attack depends on FAR parameter.
• Evil twin attacks: Biometric characteristic of imposter is
very similar to the enrolled user’s biometric.
Dr. C. Saravanan, NIT Durgapur,
India
145. • Fake template: Introducing fake biometric
template into the database or onto smart cards.
• Noise: Access can be gained by the attacker
when noise is applied to the system.
• Poor image: Quality supervision may be utilized.
If low quality images are accepted for
registration then attacker may hope to deceive
the system as in the case of noisy images.
• Weak ID: Similar to “poor image” weakness, and
tries to fake the system by weak templates.
Dr. C. Saravanan, NIT Durgapur,
India
147. References
Biometrics: Identity Assurance in the Information Age, John D.
Woodward Jr.
Biometrics: Advanced Identity Verification: The Complete Guide,
Julian Ashbourn
Biometrics: Identity Verification in a Networked World, Samir Nanavati
Digital Image Processing, Gonzalez and Woods
Wikipedia
Dr. C. Saravanan, NIT Durgapur,
India