Biometrics

CC-9013 Biometrics
Dr. C. Saravanan
NIT Durgapur
dr.cs1973@gmail.com

Introduction
• Biometrics are automated methods of
recognizing a person based on a
• Physiological or
• Behavioral characteristic.
• The features measured are face,
fingerprints, hand geometry, handwriting,
iris, retinal, vein, and voice.
Dr. C. Saravanan, NIT Durgapur,
India

Fingerprint
India

Iris and Retina
India

Hand Geometry
India

Handwriting
India

Facial Recognition
India

Vein
India

Need
• Security breaches and transaction fraud
increases.
• Biometric technologies are becoming the
foundation of an extensive array of highly
secure identification and personal
verification solutions.
• Confidential financial transactions and
Personal data privacy.
India

Applications
• Biometric-based authentication
applications include
• workstation, network, and domain access,
• single sign-on, application logon,
• data protection,
• remote access to resources,
• transaction security and Web security.
India

Basic Image Operations
• Enhancement
• Filter
• Edge Detection
• Localisation
• Smoothning
• Sharpning
• Thresholding
India

Enhancement
• A process of enhancing the visual quality
of images due to nonideal image
acquisition process (e.g., poor illumination,
coarse quantization etc.)
• No reference (original) image is available
for comparison
• Human vision system (HVS) is the
JUDGE.
India

Enhanced Image
India

Technique Types
• Point operations
• Histogram Equalization
• Unsharp masking
• Homomorphic filtering
India

Point operations
• Point operations are zero-memory
operations where a given gray level
x∈[0,L] is mapped to another gray level
y∈[0,L] according to a transformation.
• Based only on the intensity of single
pixels.
• Linear
• Applications - Contrast Enhancement /
Feature Enhancement
India

India

Important point operations
• Image negatives
• Contrast stretching
• Gray-level slicing
• Bit-plane slicing
India

Image negatives
• The transformation is very simple :
s=T(r)
T(r)=(L-1)-r
L is the number of gray levels.
The result of this transformation is that low
intensities are made high and vice versa.
India

Contrast stretching
• Contrast stretching (often called
normalization) attempts to improve the
contrast in an image by “stretching” the
range of intensity values to a desired
range of values.
Pout=(Pin-c)((b-a)/(d-c)) + a
8-bit graylevel images the lower and upper
limits might be 0 and 255, a & b, lowest
and highest pixel values currently present
in the image c & d.
India

Gray-level slicing
• Give a high value for all the gray-levels in
the speciﬁed range and a very low value
for all the other gray-levels.
Bit-plane slicing
• The intensity of each pixel of an image is
deﬁned by several bits - highest order bits
are dominant.
India

Histogram Equalisation
• A histogram with a small spread has low
contrast
• A histogram with a wide spread has high
contrast
• An image with its histogram clustered at
the low end of the range corresponds to a
dark image
India

Histogram Equalisation steps
1. Find the running sum of the histogram values
2. Normalize the values from step 1 by dividing by
the total number of pixels
3. Multiply the values from step 2 by the maximum
gray level value and round to the closest integer
4. Map the gray level values to the results from
step 3 using a one-to-one correspondence
India

Histogram Example
Step 1:
Gray level Number of pixels Running Sum
value (Histogram values)
0 10 10
1 8 10+8=18
2 9 10+8+9=27
3 2 29
4 14 43
5 1 44
6 5 49
7 2 51
India

Example continues ...
Step 2: Normalizing by dividing by the total
number of pixels (51) we get 10/51, 18/51,
27/51, 29/51, 43/51, 44/51, 49/51, 51/51
Step 3: Multiply by the maximum gray level
value (7) and round we obtain 1, 2, 4, 4, 6,
6, 7, 7
Step 4: Map the original value to the results
from step 3
India

Histogram equalisation
India

Unsharp masking
• Combine histogram modification and
filtering operations.
Input Image -> filter -> Histogram
modification -> output image
India

Homomorphic filter
• Simultaneously normalizes the brightness
across an image and increases contrast.
• To make the illumination of an image more even,
the high-frequency components are increased
and low-frequency components are decreased,
because the high-frequency components are
assumed to represent mostly the reflectance in
the scene (the amount of light reflected off the
object in the scene), whereas the low-frequency
components are assumed to represent mostly
the illumination in the scene.
India

Frequency Domain Methods
• Compute Fourier Transform of the image
to be enhanced.
• Multiply the result by a filter
• Take the inverse transform to produce the
enhanced image
• Will diminish camera noise, spurious pixel
values, missing pixel values etc.
India

Neighbourhood Averaging
• Smooth Image F(x,y) = Average pixel
value in a neighbourhood of I(x,y)
• For example, 3 x 3 neighbourhood
• Each pixel value is multiplied by 1/9
• Sum of 9 pixel value is the output
India

Edge Preserving
• Also called Median Filtering
• Median of the neighbourhood pixel values
• More like neighbours
• Edges are preserved
India

Image Sharpening
• Human perception is highly sensitive to
edges and fine details of an image, and
since they are composed primarily by high
frequency components, the visual quality
of an image can be enormously degraded
if the high frequencies are attenuated or
completed removed.
India

Sharpening
• In contrast, enhancing the high-frequency
components of an image leads to an
improvement in the visual quality.
• Image sharpening is widely used in
printing and photographic industries for
increasing the local contrast and
sharpening the images.
• Enhance detail that has been blurred.
India

Edge Detection
• Identifying and Locating sharp
discontinuities in an image.
• Discontinuities are abrupt changes in pixel
intensity.
• Sobel operator / filter
• Canny edge operator
India

Sobel Operator
• 3 x 3 convolution kernels convolved with
original image.
• * denotes convolution operation
AGx *
101
202
101













 AGy *
121
000
121













India

Canny Edge Operator
1. Smoothing: Blurring of the image to remove noise.
2. Finding gradients: The edges should be marked where
the gradients of the image has large magnitudes.
3. Non-maximum suppression: Only local maxima should
be marked as edges.
4. Thresholding: Potential edges are determined by
thresholding.
5. Edge tracking by hysteresis: Final edges are
determined by suppressing all edges that are not
connected to a very certain (strong) edge.
India

Smoothing

















24542
491294
51215125
491294
24542
159
1
B
The image is ﬁrst smoothed by applying a Gaussian ﬁlter.
India

Finding gradients
• Finds edges where the grayscale intensity
of the image changes the most.
• These areas are found by determining
gradients of the image
• Gradients at each pixel in the smoothed
image are determined by applying Sobel-
operator
India

Non-maximum suppression
• Convert the blurred edges in the image of the
gradient magnitudes to “sharp” edges.
• This is done by preserving all local maxima in
the gradient image, and deleting everything else.
1343
3465
6754
4532
India

Thresholding
• The edge-pixels remaining will probably be
true edges in the image.
• But some may be caused by noise or color
variations.
• Discern between these would be to use a
threshold.
• The Canny edge detection algorithm uses
double thresholding, Strong and Weak.
India

Edge Tracking by Hysteresis
• Strong edges are included in the ﬁnal
edge image.
• Weak edges are included if and only if
they are connected to strong edges.
India

Biometric Identification
• Biometric identification compares a
biometric "signature" to all the records
stored in a database to determine if there
is a match (1 : N).
• Because it requires comparing each
existing record in the database against the
new biometric characteristic, it can be slow
and is usually not suitable for real-time
applications such as access control or
time and attendance.
India

Biometric Identification
• Biometric identification used most
frequently in such applications as law
enforcement — for instance, the
comparison of a fingerprint from a crime
scene to a database of prints collected
from convicted criminals.
India

Biometric Verification
• Biometric verification compares a newly-
scanned biometric characteristic to a
measurement previously collected from
that same person to verify that individual's
identity (1 : 1).
• For instance, when an employee is hired,
that employee's fingerprint will be enrolled
into the company's biometric time and
attendance system.
India

FAR
False Acceptance Rate (FAR)
• is the measure of the likelihood that the
biometric security system will incorrectly
accept an access attempt by an
unauthorized user.
• is stated as the ratio of the number of false
acceptances divided by the number of
identification attempts.
India

FRR
False Recognition Rate (FRR)
• is the measure of the likelihood that the
biometric security system will incorrectly
reject an access attempt by an authorized
user.
• is stated as the ratio of the number of false
rejections divided by the number of
identification attempts.
India

Positive / Negative Identification
• False Non-Match Rate (FNMR)
• False Match Rate (FMR)
• False Reject Rate (FRR)
• False Accept Rate (FAR)
• False Positive Identification Rate (FPIR)
• False Negative Identification Rate (FNIR)
India

Matching Score Distribution
• A matching algorithm was defined as an
algorithm that make a decision about genuine or
impostor nature of a comparison between two
templates.
• In the first step an Evaluation Algorithm assigns
a similarity score to the comparison. That
similarity score is a value on the range (0..1) and
as higher be the score value more similar the
images.
• The second step decides if the comparison is
genuine or impostor using a frontier threshold or
decision threshold (DT).
India

Receiver Operating Characteristic
(ROC)
• accepted method for summarizing the
performance of imperfect pattern matching
systems.
• parametrically as a function of the decision
threshold,
• the rate of “false positives” on the x-axis
• the rate of “true positives” on the y-axis
• ROC curves are threshold independent
India

Detection Error Trade-off (DET)
• modified ROC curve
• plots error rates on both axes
• giving uniform treatment to both types of
error
• distinguishes different wellperforming
systems more clearly
India

Expected Overall Error
gi TFNMRTFMRTE   )()()(
• Expected overall error takes into account the
possibility of different FM and FNM and is given
as
where,
T=threshold
pi=probability of a random user being an imposter.
pg=probability of a random user being genuine.
India

Equal Error Rate (EER)
• EER is the value where FMR and FNMR
are equal.
• Lower be the EER the lower error rate of
the algorithm.
• Select the EER score value as Decision
Threshold (DT) is frequently a good
decision for a regular biometric
application.
India

Myths & Misrepresentations
• Biometric “X” is best for all applications
• Biometric “X” is unique for each individual
• A single number quantifies system
accuracy
• System is “plug and play”
• Real accuracy performance can be
predicted
India

• The vendors reporting best FAR and FRR
has the “most accurate system”
• Multiple biometrics outperform single
biometrics
• “Our biometric system does not use a
decision threshold”
• “Our feature extractor can be used with
any match engine”
• Large templates mean better accuracy
• Face recognition prevents terrorism
India

• Biometrics means 100 percent security
• Biometric systems invade our privacy
• Biometric sensors are unhygienic or
otherwise harmful
India

Biometric System Design Issues
• System Architecture
– Centralised / Distributed Server
– Client Computer
– Device at User End
• Hardware & Software Implementation
– Sample Acquitision
– User Interface
– Biometric Processing Components
India

BSD Issues (continues...)
– Communication Channels
– Database Design
– Interoperability
• Administration Policy
– Integrity of Enrolment
– Quality of Enrolment Samples
– System Configuration
– Exception Handling
– Privacy Measures
India

Biometric System Security
• Includes IT Security
• Earlier related financial
• At present, Passports, Visas, etc.
– Biometric Security Evaluation
– Biometric Transaction Security
– Protection of Biometric Data
India

Authentication Protocol
• is a type of cryptographic protocol with the purpose of
authenticating entities wishing to communicate securely.
• AKA, CAVE-based_authentication, Challenge-
handshake authentication protocol (CHAP), CRAM-MD5
Diameter, Digest, Extensible Authentication Protocol
(EAP), Host Identity Protocol (HIP), Kerberos, MS-CHAP,
LAN Manager, NTLM, Password-authenticated key
agreement protocols, Password Authentication Protocol
(PAP), Protected Extensible Authentication Protocol
(PEAP), Protocol for Carrying Authentication for Network
Access (PANA), RADIUS, Secure Remote Password
protocol (SRP), TACACS and TACACS+, RFID-
Authentication Protocols, Woo Lam 92 (protocol)
India

Kerberos
• MIT developed Kerberos
• Kerberos (or Cerberus - Greek monstrous
three-headed guard dog)
• Works on the basis of 'tickets' to allow
nodes communicating over a non-secure
network to prove their identity to one
another in a secure manner.
• Protects against eavesdropping and replay
attacks.
India

Selection of Suitable Biometric
• Ethnic Background
– who will be the users of the biometric system
– education levels and a variety of attitudes
• Employee Education
– technical background of the users.
– higher the technological background less
training required
India

• Frequency of Use
– some biometric systems are more suitable for
high frequency of usage
• User characteristics
– will the users be in a hurry and possibly be a
little bit impatient (public restroom)
India

Biometric Attributes
1. Universal:
Every person must possess the characteristic / attribute.
The attribute must be one that is universal and seldom lost to
accident or disease.
2. Invariance of properties:
They should be constant over a long period of time.
The attribute should not be subject to significant differences based
on age either episodic or chronic disease.
3. Measurability:
The properties should be suitable for capture without waiting time
and must be easy to gather the attribute data passively.
4. Singularity:
Each expression of the attribute must be unique to the individual.
The characteristics should have sufficient unique properties to
distinguish one person from any other.
India

Height, weight, hair and eye color are all attributes that
are unique assuming a particularly precise measure, but
do not offer enough points of differentiation to be useful
for more than categorizing.
5. Acceptance:
The capturing should be possible in a way acceptable to
a large percentage of the population. Excluded are
particularly invasive technologies, i.e. technologies which
require a part of the human body to be taken or which
impair the human body.
6. Reducibility:
The captured data should be capable of being reduced
to a file which is easy to handle.
7. Reliability and tamper-resistance:
The attribute should be impractical to mask or
manipulate. The process should ensure high reliability
and reproducibility.
India

8. Privacy: The process should not violate
the privacy of the person.
9. Comparable: Should be able to reduce
the attribute to a state that makes it
digitally comparable to others. The less
probabilistic the matching involved, the
more authoritative the identification.
10. Inimitable: The attribute must be
irreproducible by other means. The less
reproducible the attribute, the more likely it
will be authoritative.
India

Zephyr Chart
India
Zephyr Chart is a navigation aid for pilots designed to display
aviation charts in a format easy to use in the cockpit.

Multi Biometrics (MB)
• MB - Reconciliation of Evidence enhances
the recognition accuracy of human
authentication systems.
• Multibiometric systems combine the
information presented by multiple
biometric sensors, algorithms, samples,
units, or traits.
India

MB
• Besides enhancing matching performance,
these systems are expected to
– improve population coverage,
– deter spoofing and
– impart fault tolerance to biometric applications
• Establishes an identity based on who you
are,
– rather than by what you possess, such as an ID card,
– or what you remember, such as a password.
India

Risks with Single Biometric Trait
• Noise in sensed data
• Non-universality
• Upper bound on identification accuracy
• Spoof attacks (voice and signature -
mimic)
• fingerprints can also be spoofed by
inscribing ridge-like structures on synthetic
material such as gelatine and play-doh.
India

Advantages of MB
• If a biometric trait (eg. fingerprint) fails
other trait (eg. voice) aid to authenticate
the person.
• Facilitates the filtering or indexing of
largescale biometric databases. Among
the traits, the simple one may be used for
indexing.
India

• Difficulties has been increased the
spoofing effort. Randomly traits can be
acquired at the time of authentication.
• In case of noise with one traint other trait
could help in authentication.
• Certain traits may not be applicable all the
time, the other traits may be used.
• Highly fault tolerant, because even a trait
fails other traits are available.
India

MB Classifications
• multi-sensor, multi-algorithm,
• multi -instance (left and right index fingers
and left and right irises),
• multi-sample (pose of a face - front, left,
right),
• multi-modal (face and voice) and hybrid.
India

MB Fusion
• Fusion before matching
• Fusion after matching
• Sensor level - multiple sensors - face.
• Feature level - multi features are
consolidated into single feature.
• Score level - generating a single score.
• Rank level - ranking of enrolled identities
• Decision level - access only to the final
recognition decision.
India

Fusion
• Combining different sources of information
for intelligent systems.
• The information are signals delivered by
different sensors and images from various
modalities.
• The fusion concepts and methods gather
tools like weighted average, neural
networks, sub-band filtering, and rules
based knowledge.
India

Fusion Categories
• Multiview - same modality and time -
different places and conditions.
• Multimodal - CT, MRI
• Multitemporal - same scene - different time
• Multifocus - regions based
India

Types of Multisensor Fusion
• Signal-level fusion
• Image-level fusion
• Feature-level fusion
• Symbol-level fusion
India

Fusion Applications
• Intelligent robots
– visual, tactile, force/torque, and other types of sensors
– Stereo camera fusion
• Medical image
– Fusing X-ray computed tomography (CT) and magnetic
resonance (MR) images
• Manufacturing
– Complex machine/device diagnostics
• Military and law enforcement
– Detection, tracking, identification of ocean (air, ground)
target / event
• Remote sensing

Image Fusion
• Improves reliability (redundant information)
• Improves capability (complementary info.)
India

IF Techniques
• Pixel values are manipulated to achieve
desired result (SPATIAL Domain).
• Fusion operations are performed on
frequency (TRANSFORM domain).
• Primitive fusion (Averaging Method, Select
Maximum, and Select Minimum),
• Discrete Wavelet transform based fusion,
• Principal component analysis (PCA) based
fusion.
India

• The fusion methods such as averaging, Brovey
method, principal component analysis (PCA)
and Intensity-Hue-Saturation (IHS) based
methods fall under spatial domain approaches.
• Another important spatial domain fusion method
is the high pass filtering based technique.
• The disadvantage of spatial domain approaches
is that they produce spatial distortion in the
fused image.
• Spatial distortion becomes a negative factor
while we go for further processing such as
classification problem
India

IF Methods
• Intensity-hue-saturation (IHS) transform based fusion
• Principal component analysis (PCA) based fusion
• Multi scale transform based fusion:-
– High-pass filtering method
– Pyramid method:-(i) Gaussian pyramid (ii) Laplacian
• Pyramid (iii) Gradient pyramid (iv) Morphological pyramid
– Ratio of low pass pyramid
– Wavelet transforms:- (i) Discrete wavelet transforms (DWT)
(ii) Stationary wavelet transforms (iii) Multiwavelet
transforms
– Curvelet transforms
India

Simple Average
• K (i, j) = {X (i, j) + Y (i, j)}/2
Where X (i , j) and Y ( i, j) are two input
Images
regions of images that are in focus tend to
be of higher pixel intensity
India

Select Maximum
• The value of the pixel P (i, j) of each image
is taken and compared to each other.
• The greatest pixel value is assigned to the
corresponding pixel of the output image.
• This algorithm chooses the in-focus
regions from each input image by
choosing the greatest value for each pixel,
resulting in highly focused output.
India

DWT
• Wavelets can be described by using two
functions viz.
• the scaling function f (t), also known as
“father wavelet” and
• the wavelet function or “mother wavelet”.
Mother wavelet (t)
• undergoes translation and scaling operations to
give self similar wavelet families.
India

• The wavelet transform decomposes the
image into low-high, high-low, high-high
spatial frequency bands at different scales
and the low-low band at the coarsest scale
• The L-L band contains the average image
information whereas the other bands
contain directional information due to
spatial orientation.
India

India
Higher absolute values of wavelet coefficients in the
high bands correspond to salient features such as
edges or lines.

PRINCIPAL COMPONENT
ANALYSIS (PCA)
• Statistical Procedure
• Transforms a number of correlated variables into
a number of linearly uncorrelated variables
called principal components.
• The first principal component accounts for as
much of the variance in the data as possible and
• Each succeeding component accounts for as
much of the remaining variance as possible.
India

Different Names of PCA
• discrete Karhunen–Loève transform (KLT) in signal
processing,
• the Hotelling transform in multivariate quality control,
• Proper Orthogonal Decomposition (POD) in mechanical
engineering,
• Singular Value Decomposition (SVD) of X (Golub and
Van Loan, 1983),
• Eigenvalue Decomposition (EVD) of XTX in linear
algebra,
• Factor Analysis (for a discussion of the differences
between PCA and factor analysis,
India

• Eckart–Young theorem (Harman, 1960), or
Schmidt–Mirsky theorem in sychometrics,
• Empirical Orthogonal Functions (EOF) in
meteorological science,
• Empirical Eigenfunction decomposition (Sirovich,
1987),
• Empirical Component Analysis (Lorenz, 1956),
• Quasiharmonic modes (Brooks et al., 1988),
• Spectral Decomposition in noise and vibration,
and empirical modal analysis in structural
dynamics.
India

Multimodal Biometrics
• Multimodal Biometrics are systems that are
capable of using more than one physiological or
behavioural characteristic for enrolment,
verification or identification.
• will use a combination of the following
recognition technologies, up to three of them, to
compare the identity of a person.
• If one of the technologies fails for any reason,
your system can still use another one or two.
India

Forms of Biometric Identification
• Some forms of behavioural biometric
identification include the following:
– Keystroke or Typing Recognition
– Speaker identification or Recognition
• Some forms of physical biometric
identification include the following:
– Fingerprint – Iris
– Retina – Finger Geometry
– Signature/Handwriting – Voice
– Facial Proportions – Hand Geometry
India

Benefits
• The benefits of multimodal biometrics is
that by using more than one means of
identification, your system can retain a
high threshold recognition setting and your
system administrator can decide the level
of security that is needed.
India

Need
• There is a great need for multimodal biometrics as most
biometric systems used in real applications are
unimodal, which means they rely on only one area of
identification.
• Some examples of these are fingerprints, faces and
voices and these systems are quite vulnerable to many
problems such as noisy data, non-universality and
spoofing.
• This leads to a high false acceptance rate and false
rejection rate, limited discrimination capability, and lack
of permanence.
India

Applications
• Strong Potential:
– Physical access
– Civil ID
– Criminal ID
• Moderate Potential:
– Network/PC access
– Kiosk/ATM
• Modest Potential:
– Retail/POS
– Surveillance
– eCommerce
– telephony
India

Reliability
• Multimodal systems are more reliable because
using many independent biometrics that meet
very high performance requirements and they
counteract the problems listed above.
• They also effectively deter spoofing because it is
near impossible to spoof multiple biometric traits
and the system can request the user to present
random traits that only a live person can do.
India

Biometric System Security
• Most biometric systems will advertise a False
Accept Rate (FAR) and False Reject Rate (FRR)
to characterize the security provided by the
system.
• The FAR tells you how often someone will be
recognized successfully when he/she should not
have been recognized, and the FRR tells you
how often someone who should have been
recognized successfully is not recognized.
India

• The FAR is an upper bound on security.
• The FAR assumes random and real
samples of the biometric characteristic are
presented to the system.
• Attackers don’t have to use random or real
samples; they are much more likely to pick
samples intelligently and achieve a much
higher FAR.
India

• The attacker can do this in two ways.
• First the attacker can use a copy of the biometric
characteristic of a valid user collected by the system to
produce a fake biometric characteristic that will allow
access.
• This attack is called a physical spoof attack and will
allow the attacker to bypass the biometric system.
• This attack is like finding a password written down or
watching a valid user enter a password, copying it, and
using it to gain access to the system.
India

• Second, if the attacker does not have a copy of the
biometric characteristic of a valid user, the attacker can
attempt to create a fake biometric characteristic by
guessing “intelligently” or the attacker can use a
database of real samples of invalid users “intelligently”
instead of randomly.
• As the guesses get better, the attacker will likely bypass
the biometric system in fewer attempts than presenting
random samples.
India

• This is loosely comparable to an attacker
using a dictionary to attack a password
based system rather than randomly going
through all possible passwords of the
proper lengths.
India

Liveness
• For biometric systems, liveness detection
makes both attacks more difficult.
• However, while liveness detection is
improving in biometric systems overall,
many systems employing liveness
detection are still susceptible to physical
spoof attacks.
India

• Rather than attacking using samples of the
biometric characteristic, other attacks on a
biometric system may be possible, such
as cryptographic attacks, network attacks,
operating system attacks, etc.
• All these potential vulnerabilities must be
considered when implementing a biometric
system with the intent of enhancing
system security.
India

Eight Types of Attacks
• Type 1 attack involves presenting a fake
Biometric
– (e.g., finger made from silicon, face mask, lens
including fake iris texture) to the sensor.
• The second type of attack is called a replay
attack,
– because an intercepted biometric (with or without
the cooperation of the genuine user) data is
submitted to the feature extractor, bypassing the
sensor.
India

• In the third type of attack, the feature
extractor module is replaced with a Trojan
horse program
– that functions according to its designer's
specifications
India

• In the fourth type of attack, genuine
feature values are replaced with values
(synthetic or real) selected by the attacker.
• In the fifth type of attack, the matcher is
replaced with a Trojan horse program.
• The attacks on the template database
(e.g., addition, modification, or removal of
templates) constitute the sixth type of
attack.
India

• In the seventh type of attack, the
templates are tampered (stolen, replaced,
or altered)
– in the transmission medium between the
template database and matcher.
• Lastly, the matcher result (accept or reject)
can be overridden by the attacker.
India

Attacks depend on
(i) biometric modality (e.g., it is harder to physically
replicate a retina scan than it is to forge a
signature),
(ii) type of sensor (2D vs. 3D face sensors),
(iii) type of matcher operating on the same
biometric (face matchers based on texture
vs. geometry), and
(iv) the security settings (reflected via False Accept
Rate) of the biometric system.
India

Face Synthesis
India

Fingerprint Watermarked in
Face
India

Secure Sytems Properties
(i) accuracy
(ii) rapid
(iii) reliable
(iv) protecting privacy rights
(v) cost effectively
(vi) user-friendly
(vii) minimal changes to the existing
infrastructures
India

Liveness Detection Methods
• Fingerprints
– periodicity of sweat and the sweat diffusion
pattern were used to detect fake fingerprints.
– liveness detection method based on skin
elasticity properties
– The user is asked to deliberately rotate his finger
when removing it from the sensor surface thus
producing considerable skin distortion which is
later used as a fingerprint liveness measure.
India

– An odour sensor (electronic nose) is used to discriminate
the skin odour from that of other materials such as latex,
silicone or gelatine.
• Iris
– the spectrographic properties of different parts of the eye
(tissue, fat, blood, melanin pigment), the coaxial retinal
back reflection (the red eye effect) and
– the four Purkinje reflections caused by each of the four
optical surfaces comprised inside the eye.
– very high quality cameras required.
India

– permanent oscillation that the eye pupil
presents even under uniform lighting
conditions
– measure the pupil response to a sudden
lighting event
– infrared light reflections from the moist
cornea
India

Vulnerabilities of Biometric
Systems
• Administration: Intentional or unintentional
administrative mistakes.
• User: A legitimate user wants to upgrade
his privileges to the administrative level.
• Enrolment: Breaking registration
procedures.
• Spoofing: A fake biometric is used for
authentication as a legitimate user.
India

• Mimicry: Attacker mimics the biometric characteristics of
the legitimate user.
• Undetect: Attacks undetected by the system may
encourage new attacks.
• Fail secure: Result of abnormal utilization conditions of
biometric system or IT environment.
• Bypass: Bypassing biometric system for access. This can
be achieved by surpassing physical barriers, forcing a
legitimate user to present his biometric to the sensor, or by
cooperation of legitimate user.
India

• Corrupt attack – Weakening the system by
making changes in the IT environment or
biometric system. Modification or
replacement of system parameters is an
example.
• Degrade: Certain software in the IT
environment decreases the system’s
security level.
India

• Tamper: Counterfeiting the hardware of
the system.
• Residual: Latent fingerprints may be used
to make artificial fingerprints or accepted
directly by the sensor.
India

• Cryptological attack: Encryption can be broken in data
transmission and this biometric data can be used for
another type of attack (e.g. replay attack).
• Brute force attack: Attacker presents the biometric
characteristic to the system repeatedly in order to be
authenticated.
• This type of attack depends on FAR parameter.
• Evil twin attacks: Biometric characteristic of imposter is
very similar to the enrolled user’s biometric.
India

• Fake template: Introducing fake biometric
template into the database or onto smart cards.
• Noise: Access can be gained by the attacker
when noise is applied to the system.
• Poor image: Quality supervision may be utilized.
If low quality images are accepted for
registration then attacker may hope to deceive
the system as in the case of noisy images.
• Weak ID: Similar to “poor image” weakness, and
tries to fake the system by weak templates.
India

Any Questions ?
India

References
 Biometrics: Identity Assurance in the Information Age, John D.
Woodward Jr.
 Biometrics: Advanced Identity Verification: The Complete Guide,
Julian Ashbourn
 Biometrics: Identity Verification in a Networked World, Samir Nanavati
 Digital Image Processing, Gonzalez and Woods
 Wikipedia
India

Biometrics

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Biometrics

Ähnlich wie Biometrics (20)

Mehr von National Institute of Technology Durgapur

Mehr von National Institute of Technology Durgapur (8)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Biometrics