Biometric methods

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Question 1

A) The Biometric methods plays important role in current user authentication system and it has low FAR/FRR to avoid forgery for easy accessing. At present there are many biometric technique have been implemented to determine the genuine user and several feasible techniques are still under development. ("Siddhesh Angle,reema bhagtani,& hemali chheda 2005 "). Many biometric methods could be enforced in the e-voting such as "Finger-print", "Facial Recognition", "Iris Recognition", " Voice Recognition", "Signature Analysis", "DNA Analysis" and "Multiple Biometric Systems".

The Finger-print technology is most commonly used compared to all other biometric techniques because lower cost, reliability, easy implementation and it also has low FRR/FAR. Iris scan and retinal scan can be used as these are much reliable and has low FAR/FRR but they are expensive to implement. Facial Recognition can also be used, since it has low FAR/FRR but expensive. Speaker Recognition is less reliable as they have high FAR/FRR but it is inexpensive. The Multiple Biometric technique could be implemented in the E-Voting i.e. using one are more biometric technique and combine the result. The outcome is more accurate and reliable compared to the individual biometric techniques results. The FAR/FRR will be very less and which will be very helpful in the E-Voting.(ben edington)

B) Nowadays there are many biometric techniques present, that could be implemented in the E-Voting. The biometric techniques should be reliable and they should be able to secure the system in which they are being used and the result should have Low FAR/FRR ie Accuracy which is crucial in security (Ben edington). From the security point of view it should have Resistence to forgery ie 'internal' biometric should be secure than the 'external' biometric by its nature, so it cannot be modified[International Journal of Information Security (2005), "Proposal for a multifactor biometric authentication method …." Yukeo & Shugeo, Vol. 4, 288-296].

In the above table we can see percentages of FAR and FRR of various biometric techniques, Their Device accuracy settings, Test time, and FTE(Failure To Enroll). The finger Vein has 0.01% of FAR and 1.26% of FRR , Iris scan has 0.01% of FAR and 1.76% of FRR, Palm vein has 0.0118% of FAR and 4.23% of FRR which are compared to all techniques but the palm vein technique is very expensive and difficult to install it. Where as the Fingerprint Precise Biometric technique has 5.83% of FAR and 6.47% of FRR and Fingerprint Bioscript Biometric technique has 1.46% of FAR and 1.67% of FRR. Voice recognition has 7.95% of FAR and 8.64% of FRR these are inexpensive and easy to implement them.(ban edington ).

The best and the ideal biometric method should have 0.00% of FAR and FRR theoretically but practically its impossible for getting the required result. The reliable biometric technique should have less than 1% FAR and Less than 1% of FRR. The most advanced Biometric technique is difficult to implement and are very expensive. According to me Fingerprint Bioscrypt technique should be used For E-Voting as it is less expensive and easily accessed. The important difference between fingerprint bioscrypt and the fingerprint identification is the fingerprint bioscrypt technique will deny or grant ,identify the authorised person if the finger is wet, cut and dry etc.The above figure has shown the percentage of FAR and FRR as well as FTE in Biometric techniques.

C) The main aspect of the biometric system is its susceptibleness to spoofing.It can be defined as self wiled trial to enforce a false acceptance on biometric systems. These all attacks are relevance to behavioural properties and present in most of the biometric techniques available today. .consider some examples in the finger print approach by conventional means the finger print of impersonated person can be taken and it will be photographed digitally and will be reworked by graphics service and the image is transferred using some acids. This will be used to make the latex print of the correct finger.[ E-Voting: International Developments and Lessons Learnt] Faces can be spoofed by capturing the photo, Signature are spoofed by taking the blueprint, For video the recorded data is used for voice recognition. In retina Scan the images can be captured with some complicated instrument. These sre some of the spoofing attacks which could be used in E-Government. (E-Voting and Biometric Systems?

(Analysis of an Electronic Voting System


What risks do they pose for e-Government

security risk analysis on e-Government( The Risk of e-Voting Thomas W. Lauer)

Spoofing pose lot of risk to e-Government, let us do the security risk analysis 'OCTAVE' stands for "Operationally Critical Threat, Asset, and Vulnerability Evaluation " is the method for measuring the risk on the information security which can be comprehensive, context aimed. The risk analysis has three stages

  1. 'Building asset based threat profiles'
  2. 'Identifying threat vulnerabilities'
  3. 'Developing security strategy and plans'

These includes the explanation of asset, actor's identification and motive, The below figure shows some of the 'generic threats' The risk can be analysed and valued by the interrelation between assets, particular threats and susceptibility.

By implementing the OCTAVE the three stages will result in the output. Stage 1 gives the critical assets identification, security requirement specification and the explanation of security and threats. Stage 2 answers the important technology elements and its 'Vulnerabilities'. Stage 3 gives assessment of risk for each and every threat, ' protection stratergy' development and risk mitigation plan.

The security suspectability fail to regard the entire voting system in many discussions. Including the software and hardware which makes the voting machine, it also includes the workers at the election, voters which are positioned in various environments. If we consider more magnanimous system including the wokers at the election and the voters will need analyzation of procedures with concentration on correct voting criterion they are 'Ananymity' 'Confendiality', 'Integrity' and 'Auditability'.

By summarising we will come to know some known threats which are listed below

  • Altering the system arrangement, Election results, Election data and Voting.
  • A sole user can caste several votes.
  • Attacking the election at the beginning, Tapping the weak point of cryptography
  • In the election adding the records which are related, By publishing the measures which would make the security of the system less.
  • Audit logs.

The difference among Standard voting and E-voting is that e-voting could be done in private and it is secured in own's house instead of polling at the station in public. The important factor which would help in e-voting is the the discussion and the interaction of the political topics can be made within a limited group. In the voting the important factor which will be mattered is the 'trust' and the biometric validation techniques in which the acceptance of public is required. In both voting system the acceptance from public should be splendid. Near future the best voting system should consider that how the voters should be increased in the acceptance. In the E-Voting the biometric techniques will be used and implemented for security purpose. The Government need to take strong measures to implement the E-Voting successfully and the voters should accept it unanimously.

Following are the the requirements by the public in the E-Voting.

  • Security - only the Correct voters should be accepted by the system and protect from the fraud authentication i e Only the the genuine and the legitimate voters accepted.
  • The privacy of the voter should remain anonymous.
  • The outcome should be transparent and correct.
  • The voting process should be economical.[E-voting and media effects, an exploratory study]

The above table shows some of the statistics of whole voters, and voters who used the E-Voting and the standard voting.[Success Factors of Geneva's e-Voting System Michel Chevallier, Michel Warynski and Alain Sandoz]. Geneva invited around 2,22,000 citizen to vote on a trail basis in a interval of 10 days and finally the voting was arranged for the European and 8 official voting were carried between the year 2003-2005. From the above table we can say that the public was encouraged for E-voting almost 50% of people started to vote and year by year the E-voting is increasing. This shows the interest of public in E-Voting[8].

The main concern for E-Voting is Cost Issue. As the Voters increases the cost also increases. Each voter should spend some money during the starting stage for his/her 'Biometric reader'. Its cost may vary depending on its biometric characteristics which are recorded. The cost may include for initial authentication, different Infrastructure, and for implementation of biometric system[E-Voting: International Developments and Lessons Learnt][Sonja hof].

Other than the cost of Biometric reader, the biometric infrastructure cost should be handled. It has two parts : Voting and the enrolment infrastructure. In the enrolment infrastructure the maintainance and collection of database of biometric templates of all voters is necessary and voting infrastructure must be able to handle the authentication request of all voters within the stipulated period of time of whole E-Voting process. The main feature of this is security, these can be divided types i e Personalization and privacy. For all these the cost is depended of number of voters[samae as above].

Trust issues in relation to the introduction of e-Passports and biometric enabled UK ID Cards. E-Government is nothing but trusting the government which are implemented in the UK and US. It has been implemented in the European Union in august 2006 to fight against forgery and fraud. The passport contains the RFID Circuit which contains the the data of the passport holder and passport data is stored.The E-passport can be recognised by the logo.[ The Biometric Passport.The Technical Requirements and Possibilities of Using

The data is are mainly in the digital version of what is printed in passport.Some of the important trust in relation to E-passport and ID cards are the voters should have the same Duties and rights.In the UK Data Protection Act the subjects related to data is collected and choice is made whether to provide or not to provide the information.not to provide their information ie the data must be protected in the E-Government services. And these services requires brokerage of service and co-operation of interagencies,These should abide by the laws[Privacy Concerns, Trust in Government and Attitudes to Identity Cards in the United Kingdom].

The E-Government must be transparent, The Government should be Bounded to identify,Evaluate and select the initiatives in transparent manner Which is a very critical issue For successfull of E-Government. [ The Effects of E-Government on Trust and Confidence in Government].'"Digital Identity" Should be in E-Government which can be implemented with flexibility with its global interpolability and measurability which is required. [same above referene] E-Government should be 'responsive', 'Efficient', 'Effective' and 'User acceptance'.

The SSL/TLS will normally designed to reassure and protected between client and the sever. The low level data will deal with the transport layer security which will integrate the messages and which also cryptanalysis by using PKI algorithm like DIFFIE-HELMAN/RSA. And client and server will be acknowledgement at same time. This includes high degree exchanging signals, which is very confidential/protected way. Changing confidential message between server and client fugacious and will close the path after the communication. The communication between client and server takes place at logical level. Large number of personal and classified data in relation with debit and credit details will be used to pay taxes. Since client and server are engaged with common organisation for the causes of data exchange as security. Previously X.Digital certificate used to issue by the authority such as Veri sign etc. to identify the genuine users, its just like public issuance by the server to determine the clients. But in B2C, asymmetrical protocol like SSL protocol is used at the trust level for a client by the server. The authentication of the client is done by using digital certificate provided by the service provided. The channel collaboration starts once authentication process is done using cryptanalysis suite. Separate session key will be assign every time and as soon as the session ends, the given key will be discarded due to prevent from the intruder from eavesdropping[Sitalakshmi Venkatraman, Indika Delpachitra].The performance of web tls is powerfully linked to performance of web servers which are un-encrypted. On the reuse rate of the session, the performance of tls server will have good affect on server throughput when adding up of RSA-Acceletor.The cost performance of tls web server is Some what (13%-58%)in the 'PKI'.[ Rolf Oppliger1, Ralf Hauser2, David Basin3, Aldo Rodenhaeuser4, and Bruno

Vulnerabilities of SSL/TLS[valid soft Online Transaction Integrity SSL/TLS/PKI - Only Part of the Solution][ssl/tls also]
  • Man in middle attack(MITM) possibili ty using DNS-Poisoning attack.
  • Changing of traffic During start or last of traffic by inserting text.
  • 'Phishing'.
  • 'Web Spoofing'.
  • Brute Force Attacks.
  • Attackers can delete bytes at the messages end.
  • Theoretically the vulnerabilities are cipher text attacks beside "PKCS #1 version 1.5" and "version 2.0" and "CBC encryption mode".


  1. Reema Bhagtani, Hemali Chheda , Reema Bhagtani,(2005) " BIOMETRICS : A FURTHER ECHELON OF SECURITY" Department of Biomedical Engineering, Thadomal Shahani Engineering College, T.P.S III, Bandra, Mumbai-50
  2. Ben Edgington (2007), "A White Paper Your quest for the ideal biometric:is it in vain?Introducing Hitachi's Finger Vein Technology ", 2007.
  3. International Journal of Information Security (2005), "Proposal for a multifactor biometric authentication method …." Yukeo & Shugeo, Vol. 4, 288-296
  4. Thomas M. Buchsbaum (2005)"E-Voting: International Developments and Lessons Learnt" Expatriates DivisionFederal Ministry for Foreign Affairs Ballhausplatz Vienna, AUSTRIA 2005
  5. Sonja hof "E-Voting and Biometric Systems?" Institute of Applied Computer Science,Division: Business, Administration and Society; University of Linz, AUSTRIA
  6. TADAYOSHI KOHNO_ ADAM STUBBLEFIELD† AVIEL D. RUBIN‡ DAN S. WALLACH (2004)"Analysis of an Electronic Voting System" 2004.
  7. Thomas W. Lauer " The Risk of e-Voting" School of Business Administration, Oakland University,USA
  8. D Anne-Marie Oostveen & Peter van den Besselaar(2003) "E-voting and media effects, an exploratory study" Paper for the EMTEL Conference, London, April 2003
  9. Michel Chevallier, Michel Warynski and Alain Sandoz "Success Factors of Geneva's e-Voting System" State Chancery, Republic and Canton of Geneva, Switzerland
  10. Alexander H Trechsel and Fernando Mendez(2005)"The European Union and E-Voting"Routledge Taylor and Francis Group LONDON 2005.
  11. Piotr Porwik (2009)"The Biometric Passport. The Technical Requirements and Possibilities of Using" International Conference on Biometrics and Kansei Engineering 2009.
  12. Adam N. Joinson (2009)" Privacy Concerns, Trust in Government and Attitudes to Identity Cards inthe United Kingdom" 42nd Hawaii International Conference on System Sciences 2009.
  13. Caroline Tolbert, Karen Mossberger(2004)" The Effects of E-Government on Trust and Confidence in Government"2004.
  14. Sitalakshmi Venkatraman, Indika Delpachitra" Biometrics in banking security: a case study"
  15. Rolf Oppliger1, Ralf Hauser2, David Basin3, Aldo Rodenhaeuser4, and Bruno Kaiser5" A Proof of concept Implementation of SSL/TLSSession-Aware User Authentication" eSECURITY Technologies Beethovenstrasse G¨umligen PrivaSphere AG, Fichtenstrasse