This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Every human has different traits that distinct each person from the other. These traits can be categorized as behavioural or physiological depending on the nature of the characteristic. Biometrics are methods that can identify or verify the identification of a person based on those characteristics. The most commonly used biometrics are fingerprints, face and hand geometry, iris and signature.
Security systems are using biometric methods for secure authentication for many years. Of course biometrics are usually used only in a small scale, like high security installations. But now advances in technology can provide new ways of implementing biometric-based solutions in a larger scale. For example some manufactures have integrated fingerprint scanners on their mobile computers.
There are two modes of operation on biometric systems. The verification mode that verifies the identity of a specific person and the identification mode that tries to identify a person through the entire biometrics database. Of course biometrics systems for secure authentication are operating on verification mode.
The performance and the efficiency of a system that uses biometrics for identification, is tested and evaluated by multiple studies. The characteristics that are more effectively used for secure authentication are fingerprints and iris scanning.
The use of biometrics systems has introduced many advantages. The most important are the improvement in security, the reduced cost and the significantly reduced fraudulence. The disadvantages are the lack of common standards in industry, the impermanent inefficiency of biometrics to implement on a large scale basis and most of all the denial of the common people to embrace biometrics for identification and verification. The latter is a large issue that needs to be solved in order to implement biometrics in a larger scale.
There are three ways to authenticate the identity of a user [Pfleeger and Pfleeger, 2007].
- Something you know
- Something you have
- Something you are
The ?something you know? attribute refers to something that the user has to remember to prove his identity. These can be passwords, passphrases or PIN numbers. The most common way is the use of a password. The user has to provide the right password to gain access. Passphrases are usually used for secondary level of authentication. For example web sites use passphrases to identify the user if the user has lost or forgot the main password. PIN numbers usually used combined with an identity or a smart card. For example an ATM of a bank needs both the smartcard and the PIN number to authenticate the user.
The ?something you have? attribute refers to something that the user possesses. As a rule, a token is registered to a user in order to authenticate his identity. There are two types of tokens: the storage and the dynamic tokens. The storage tokens are usually smartcards or usb devices. To prevent unauthorized access with a stolen token, tokens are usually combined with a password such as the ATM example of the previous paragraph. The dynamic tokens have many forms that include smartcards and usb devices. The difference is that dynamic tokens provide a one time code that can never be used again. That is why they are more secure than storage tokens.
Finally the ?something you are? attribute refers to a measurable characteristic of a person. These characteristics are called biometrics, and they can be fingerprints, hand geometry etc. Firstly the biometrics of a particular user have to be measured and stored. Then, when a user needs authentication, the newly measured biometrics have to be compared with the stored ones. If they match the authentication is complete. The biometrics are presented in more detail in the next chapter [Reid, 2004].
There is also another way, which is related to where you are. For example the ability to access a specific terminal gives the authorization to the user. But this does not depend on the user himself but to other factors that are not relevant to his identity. Of course this can be combined with another authentication factor in order to make authentication more secure [Hebbes, 2009].
The two main categories of biometrics are the physiological and the behavioural characteristics. The physiological characteristics are related to the shape and the form of a person?s body. The most common are fingerprints, iris and retina, face and hand geometry. The behavioural characteristics are related to a person?s behaviour. Those characteristics include signature, gait, voice and keystroke pattern [Braghin, 2000] and [Liu and Silverman, 2001].
Next are presented the biometric characteristics that are used for authentication and verification [Hong, Jain and Pankanti, 2000].
Fingerprints have been used for identification for many years. Every person?s fingertip has a distinct pattern of furrows and ridges. These are so unique that even identical twins have different fingerprints. Advances in technology make fingerprint based authentication devices more affordable. Nowadays various devices include fingerprint authentication devices and their number is expected to increase in the following years. For example, a new generation of consumer portable computers has incorporated fingerprint authentication.
Hand geometry includes several measurements of a person?s hand. These are the shape of the hand and the widths and lengths of the fingers. The biometric systems that use that technology are widely used. The reason they are so widespread is because this technique is very simple to implement, with low cost and very easy to use. Environmental factors are not affecting the technique?s accuracy. The problem is that hand features can change through the lifespan of a person, especially during childhood. Another disadvantage is that hand geometry biometric devices have to be large because of the physical size of the hand.
Biometrics based on facial characteristics are probably the most common techniques for the identification of a person. They are based on characteristics such as nose, eyes, lips, chin and nose. It is not just the shape of them but the overall analysis of their relative position in the face. The problem of the facial identification is that it is very difficult to identify a person using two different photographs especially when they have different shooting angles. To overstep that obstacle various restrictions are imposed in the image shooting process in order to make a person?s image more distinctive.
Facial thermogram is the image that is produced by the face of a person using an infrared camera. Every human face creates a facial signature when heat goes through the tissues of the skin. This image is unique to each person and it is not susceptible to disguises or even plastic surgery. Although it is unique it depends on various factors such as the temperature of the body or the state of the emotions of a person. Of course the main advantage is that an infrared image can be taken even on a low light environment.
In the human eye, under the retinal surface there are veins that create a unique pattern. Using beams of low intensity it is possible to capture an image of the retina. In order to capture this image, a person has to look on a single spot. The main disadvantage of this technology is that the equipment that is needed for the scanning is very expensive. Despite that it is widely used in installations that require high security.
Iris is the coloured part of the eye. It has a structure very complex and it is unique to each person even on twins. It is very difficult to temper the scan and it can detect even contact lenses. The equipment is still expensive but new developed equipment is expected to be cheaper and friendlier to the user.
The style of writing is unique to each person. On the other hand two signatures by the same person can be different and they depend on the person?s emotional and physical state. The systems that are based on signature identification are accurate enough but are not adequate for large scale implementation. There are two ways of identification. The static, that uses the geometric attributes of the signature and the dynamic, that uses geometric and attributes such as pressure, acceleration, trajectory and velocity.
Speech identification is usually accurate but is also not suitable for large scale identification. There are two ways of identification, the text based and the text independent. The text based needs a predetermine phrase in order to identify a person. Conversely the text independent verification doesn?t need a specific phrase. That?s why it is more accurate, more hard to deceive but more difficult to implement.
Apart from the previous characteristics there is also another group of biometric characteristics that is not so commonly used. Next, are presented the remaining characteristics [Jain, Ross and Prabhakar, 2004].
DNA is unique to each person with the exception of the identical twins. It is used for identification mostly in forensics. There are three factors that prohibit DNA to be used in other applications. Firstly, it is easy to obtain DNA pieces from a person and use them for fraudulence. Secondly, the DNA analysis needs special technology that requires time. Finally, there are also privacy issues about the person?s information that carries a DNA piece.
Ear recognition based on the structure and the shape of the ear. It measures several points from the central point of the ear. It is not expected to be very accurate in identification.
It is a behavioural biometric and it is based on the way that a person walks. It uses footage from a video sequence and measures the movements from various parts of a person?s body during walking. The identification using gait is sufficient only for low security purposes.
Each object has an odor that is distinct and each odor has a unique chemical composition. Any body (human or animal) emits a specific odor. A group of sensors can sense certain chemical compounds in order to identify a person. But it is not certain that it gives reliable results when deodorants are used.
Keystoke dynamics is also a behavioural biometric. Each person uses the keyboard in its own different way. It is not unique but is sufficient for low security identification.
A biometric system collects the biometric data from a person and then compares them to the stored data from the database. There are two different modes on the operation of a biometric system: the verification and the identification mode [Jain, Ross and Prabhakar, 2004].
Verification mode: the system captures the biometric data from the person and then they are compared to the stored data of the specific person. For example, a person is trying to gain access to a system claiming his identity by a card, a user name and password etc. and then the system compares the newly acquired biometric data of the person with the stored data of the person with this identity. Verification is aimed to prevent the use of the same identity by several persons.
Identification mode: the system captures the biometric data from a person and then it compares them with all the stored data of the database. In this situation, the person is not claiming a specific identity and the comparison will be successful or not successful if the person?s biometric data is not in the database. Identification is aimed to avoid the use of the various identities by various persons.
The system that is designed for secure authentication has to operate in verification mode. So, to authenticate a user, it is necessary to insert the biometric data of all the users to the systems database. A secure authentication system in order to function properly has to complete two stages: the enrolment stage and the identification stage [Braghin, 2000].
In the enrolment stage the biometric data are inserted to the systems database. This function is performed only one time. This stage consists by three tasks: scanning, digital representation and recording. Firstly the person is scanned and the biometric characteristics are captured, then they are converted to digital data and finally these data are stored on the systems database.
In the identification stage the system identifies the persons when it is asked to. This function is performed multiple times at the access point. This stage also consists of three tasks: scanning, digital representation and matching. As in the enrolment stage the person is scanned and the characteristic are converted to digital data. Then these data are compared with the data from the systems database. If they match the request is granted, and if they don?t, the request is rejected.
A biometric authentication system has to be consisted by four main components: [Rejman-Greene, 2002]
- A sensor that is able to capture the biometric characteristics
- An algorithm that is able to compare the input data with the systems stored data
- An evaluation module that is able to decide if the result of the comparison is accepted or not
- A working framework for the application and the secondary processes (both software and hardware)
The system that uses only one biometric characteristic by a single source is called unimodal. To improve the performance of such a system another kind of system is developed which is called multimodal. Multimodal systems combine data from multiple sources. There are four basic types of multimodal systems: [Jain and Ross, 2004]
- Use of multiple sensors to gather data for the same characteristic
- A system that has only one sensor but the data are processed by multiple algorithms
- Use multiple units to capture the same characteristic (such as different fingerprint of the same person)
- A system that uses multiple characteristics of a person.
In that way biometric systems improve performance, increase people coverage and reduce fraudulence.
In order to compare and evaluate the performance of the various biometric characteristics, there are a number of issues to be considered. Firstly, each characteristic has to comply with the following requirements: [Jain, Ross and Prabhakar, 2004].
- Universality: when each person possess the specific characteristic
- Distinctiveness: when two person do not share the same characteristic
- Permanence: when a certain characteristic can not be altered or changed
- Collectability: when a characteristic can be easily measured
- Performance: refers to the speed, accuracy and robustness of the system and also the factors that affects the operation of the system.
- Acceptability: refers to the extension of the acceptance of a specific biometric system in the lives of the common people.
- Circumvention: refers to how easy the system can be fooled.
For the design of a biometrics system that is able to perform authentication, there are three more issues to be considered [Hong, Jain and Pankanti, 2000].
The following table shows the performance and the comparison between the different biometric characteristics. (where H: High, M: Medium, L: Low)
In order to measure the accuracy of biometrics for an authentication system there are various statistical measurements. The most common are the False Acceptance Rate (FAR) and the False Rejection Rate (FRR) [Crosbie, 2005].
- False Acceptance Rate (FAR): the probability to authorize a person with stolen identity
- False Rejection Rate (FRR): the probability to reject a person with valid identity
These measurements do not measure only the biometric characteristic but the system that uses the specific characteristic in accordance with it. Various projects and studies evaluate systems that use only a specific characteristic for authentication. But generally the biometrics that perform better in terms of False Acceptance Rate (FAR) and the False Rejection Rate (FRR) are the iris scanning and the fingerprints [Reid, 2004].
ADVANTAGES AND DISADVANTAGES
The use of biometrics in secure authentication has many advantages but also has many disadvantages. The main advantages are the following: [Braghin, 2000]
The user authentication using biometrics is much stronger than the use of a simple username and password or a smartcard. The system is able to identify the person who uses the smartcard and in that way reduces the possibility of fraudulence.
The costumer service is much more efficient. There are systems that do not require identification proofs by the user. Thus, a user does not have to provide additional proofs except his own biometrics. This makes security stronger against credentials which are stolen or just lost.
User?s biometrics can not be compromised. Biometrics is not something you have but something you are. So, a stolen card or a stolen password cannot be used unless they are used by the right user.
The need of a special operator or employee is no longer present. Biometric secure authentication systems do not require operators to function. Of course, the whole system depends on the authentication algorithm to make the right decision.
In general the use of biometrics in secure authentication improves security and reduces cost and fraud attempts [Crosbie, 2005].
Despite the advantages there are also many disadvantages. The main disadvantages are the following: [Braghin, 2000]
The industry does not develop standards for the use of biometrics in secure authentication. Therefore, different companies support different technologies even for the same biometrics. For example a shop that support biometric authentication has to possess various authentication devices in order to support transactions with multiple companies.
The technologies that are developed for biometrics authentication are usually adequate only for a small group of people. Tests show that the technologies that are capable to positively identify a person from a large group are only two: fingerprints and iris. So, in order to use and the other biometrics, advances in technology have to be made.
The concern of the public is high about privacy and security issues. Privacy issues, probably is the most important matter against the wide use of biometrics. Most of the people are concerned about the loss of their anonymity and the possible misuse of their private data. Many people refuse to provide their biometrics. Therefore the widespread use of such technology depends on the change of the public?s view on this matter.
Remote systems can not handle well biometric authentication systems. A major problem is that the remote system has to communicate with the central system in order to make the verification. Easily a person can send tampered data. In that way the system can be fooled. Therefore, mobile systems are not suitable for this type of authentication. The solution relies on secure connection.
Stolen biometric data cannot be restored. Once stolen, the biometric data cannot be renewed as a password or a smartcard.
Authentication that is based on biometric characteristics is now closer to widespread implementation than ever. The advantages are very significant and the disadvantages are gradually diminishing. Advances in technology can give solutions to old technical problems. However, the most important problem is the privacy issue. Common people are reluctant to give their personal data for security usage. Therefore the success of the biometrics authentication systems lies on the necessity for more security and the change of view of the common people on this issue.