Biometrics and Authentication Shivani Kirubanandan

Lets Define !

“A biometric is a characteristic of a human being that can distinguish one person from another and that theoretically can be used for identification or physiological verification or behavioral of identity.”

Biometrics as Authentication Authentication depends on • What you have • What you know • What you ARE !

Why Biometrics?

• Identity thefts • Something you know can be stolen • Predicted or hacked • Reliability on manual verification

Application Categories Biometric applications available today are categorized into 2 sectors • Psychological: Iris, Fingerprints, Hand, Retinal and Face recognition • Behavioral: Voice, Typing pattern, Signature

Biometric Authentication Process • • • • • • Acquisition Creation of Master characteristics Storage of Master characteristics Acquisition(s) Comparison Decision

The metrics of Biometrics • FTE – Failure To Enroll • FTA – Failure To Accept • FAR – False Acceptance Rates • FRR – False Reject Rates

Essential parameters • Liveness testing • Tamper resistance • Secure communication • Security Threshold level • Fall back node

Fingerprint recognition • Divides print into loops, whorls and arch • Calculates minutiae points (ridge endings) • Comparisons • authentication

Fingerprint techniques

• • • • Optical Capacitive Thermal Ultrasonic

Disadvantages • Racial issues • Dirt , grime and wounds • Placement of finger • Too big a database to process • Can be spoofed –liveness important!

Hand Geometry • Geometry of users hands • More reliable than fingerprinting • Balance in performance and usability

Disadvantage • Very large scanners

Retinal Scanning • Scans retina into database • User looks straight into retinal reader • Scan using low intensity light • Very efficient – cant be spoofed!

Disadvantages • User has to look “directly” • FTE ratio high in this biometric • Acceptability concerns – – Light exposure Hygiene

Iris Scanner • Scans unique pattern of iris • Iris is colored and visible from far • No touch required • Overcomes retinal scanner issues • Contact lenses an issue?

• • • • • Face recognition User faces camera Neutral expression required Apt lighting and position Algorithms for processing Decision

Issues with Face Recognition?

Issues • Identification across expression • FRR or FAR fluctuate • Easily spoofed • Tougher usability • High Environmental impact

Behavioral • Voice • Signature • Typing pattern

Voice Recognition • Speech input – – – Frequency Duration Cadence • Neutral tone • User friendly

• • • • • • Disadvantages Local acoustics Background noise Device quality Illness , emotional behavior Time consuming enrollment Large processing template

Signature Recognition • Signature measures (dynamic) • • – Speed – Velocity – Pressure Captures images (static) High user acceptance

Issues • Signature variable with • • – Age, illness, emotions Requires high quality hardware High FRR as signatures are very dynamic

Typing Patterns • User typing pattern • – Speed • – Press and Release Rate Unique patterns are generated comparisons

Issues • • • Not very scalable FRR is high Can be spoofed – by simple technology (recorders)

Usability issues in Biometrics • User acceptability • Knowledge of technology • Familiarity with biometric characteristic • Experience with device

Usability issues… • Environment of use • Transaction criticality • Time consuming tasks

Biometric solutions • Educate • Train • Explain Interfaces • Use Trainers • Supervised Playtime

General issues • FTE posses problem • Biometric characteristics are not encrypted • Trust on input device • Cannot authenticate computers!

• Privacy attack?!

Current applications • Banks • Immigration facilities across USA • IDwidget – interesting research • Eyegaze at Stanford

Class task • Sell your biometric product Case1 A bank needs an appropriate authentication mechanism to allow remote user transactions. What kind of multifactor system would you sell them?

Class task… Case 2: • Suggest certain areas in which biometrics would prove disastrous • Note- You may suggest a particular combination of biometrics which may be disastrous to security and privacy

Thank You!!