2. What are Biometrics?
• ƒThe term "biometrics" is derived from the Greek
words bio (life) and metric (to measure).
ƒ
• For our use, biometrics refers to technologies for
measuring and analyzing a person's physiological
or behavioral characteristics.
• These characteristics are unique to individuals
hence can be used to verify or identify a person.
2
3. What are Biometrics?
“A biometric is a physiological or behavioral
characteristic of a human being that can
distinguish one person from another and that
theoretically can be used for identification or
verification of identity.”
3
4. Biometrics as Authentication
Authentication depends on
• Something you know, like a password or pass
phase
• Something you have, like a token
• Something you ARE, a measurable trait
Know
HaveBe
4
6. Something you know
• Strong Passwords
1. Min. 8 characters
2. Include upper and lower cases
3. Contain numeric and non numeric characters.
4. Used for certain time period
5. Cannot contain a substring of the user name.
• Weak Passwords
• As user convenience increases, the strength of
authentication decreases.
6
7. Something you have
• Anything that is unique and that the user is
required to possess can be used as an
authenticating token.
• A token is generally issued to one user. It is
used with a password, PIN and user ID.
• If it has been lost or stolen, and if the user ID
presented with it matches, the user is
authenticated.
7
8. Something you have
• Token fall into two general categories:
1. Storage tokens
2. Dynamic tokens
8
9. Something you have
• Storage tokens: Token + Password
a) Smart cards
b) Unique information stored on the token that
identifies the processor.
c) Multi-factor authentication
d) Still has the weakness of passwords
e) Example: ATM card, and Employee ID card
etc.
9
10. Something you have
• Dynamic tokens: Token + Password + One
time authentication code
a) Storage token + One time authentication code
b) Strong authentication
c) But this is inconvenient for the user.
d) Example: Smart cards
10
11. Something you are
• Any physical trait that can be reliably measured
can be used to authenticate and is called a
biometric.
• A biometric is a physical or psychological trait
that can be measured, recorded, and quantified.
• By doing this, we can use that trait to obtain a
biometric enrollment.
• This way, we can say with a degree of certainty
that someone is the same person in future
biometric authentication based on their previous
enrollment authentications.
11
12. Problems with current security systems
• Based on Passwords, or ID/Swipe cards
• Can be Lost.
• Can be forgotten.
• Can be stolen and used by a thief/intruder to
access your data, bank accounts, car etc.
12
13. Problems with current security systems
• With increasing use of IT technology and need to
protect data, we have multiple
accounts/passwords.
• We can only remember so many passwords, so we
end up using things we know to create them
(birthdays, wife/mother name, dog, cat)
• Its is easy to crack passwords, because most of our
passwords are weak!
• If we create strong passwords (that should be
meaningless to us) we will forget them! And there
is no way to remember multiple such passwords.
13
14. Some statistics on User/Passwords
• Case Study: Telesis Community Credit
Union(CA), a California based financial
services provider that manages $1.2 billion in
assets.
• The VP of IT, lead a team to run a network
password cracker as part of an enterprise
security audit last year to see if employees
were following Telesis’ password policies.
• Result: They were far from doing so.
14
15. Some statistics on User/Passwords
• In fact within 30 seconds the team was able to
identify 80% of people’s passwords!
• The team asked employees to change their
passwords and comply with password policies.
• A few days later, the IT team run their
password cracking exercise again.
• This time they still were able to crack 70% of
the passwords!
15
16. • Traditional means of automatic
identification (before biometrics)
– Knowledge-based
• Use “something that you know”
• Examples: password, PIN
– Token-based
• Use “something that you have”
• Examples: credit card, smart card, keys
16
17. • Problems with traditional approaches
– Token may be lost, stolen or forgotten
– PIN may be forgotten or guessed by the imposters
• (25% of people seem to write their PIN on their
ATM card)
• Estimates of annual identity fraud damages per
year:
– $1 billion in welfare disbursements
– $1 billion in credit card transactions
– $1 billion in fraudulent cellular phone use
– $3 billion in ATM withdrawals
17
18. Frauds in industry happens in the
following situations:
• Bank transaction like ATM withdrawals
• Access to computers and emails
• Credit Card purchase
• Purchase of house, car, clothes or jewellery
• Getting official documents like birth certificates or
passports
• Obtaining court papers
• Drivers licence
• Getting into confidential workplace
18
19. • MANY PROBLEMS WITH CURRENT
SECURITY AUTHENTICATION
SYSTEMS.
• ANSWER: USE BIOMETRIC
TECHNOLOGY
• SSO (Single-Sign-On)
19
20. Some Examples of Different Biometrics
• Face
• Fingerprint
• Voice
• Iris
• Hand Geometry
• Retina Scan
• Signatures
• Keystroke scan
• DNA
20
21. • Requirements for an ideal biometric
– Universality
• Each person should have the characteristic
– Uniqueness
• No two persons should be the same in terms of the
characteristic
– Permanence
• The characteristic should not change
21
22. • Issues in a real biometric system
– Performance
• Identification accuracy, speed, robustness, resource
requirements
– Acceptability
• Extend to which people are willing to accept a particular
biometric identifier
– Faked protection
• How easy is it to fool the system by fraudulent methods
22
23. • “Physiological and/or behavioral characteristics”
1. Behavioral:
– User speaks.
– Types on a keyboard.
– Signs name.
2. Physiological:
– Fingerprint
– Hand
– Eyes
– Face
23
24. Key factor of Biometric System
• Enrollment
• Template
• Biometric algorithm
• Live template
• Verification
1. FAR (False acceptance rate)
2. FRR (False rejection rate)
24
25. Enrollment
• In a biometric system, a physical trait needs to
be recorded.
• Recording is referred to as an enrollment.
• Enrollment based on the creation of a template.
25
26. Template
• Digital representation of a physical trait.
• Long string of alphanumeric characters, based
on a biometric algorithm, characteristics or
features of the physical trait.
26
27. Biometric algorithm
• The biometric algorithm can be viewed as the
recipe for turning raw ingredients- like a
physical trait- into a digital representation in
the form of a template.
• The algorithm will also allow the matching of
an enrolled template with a new template just
created for verifying an identity, called a live
template.
27
28. Live template and verification
• Live template and stored template are
compared, the system calculates how closely
they match.
• If the match is close enough, a person will be
verified.
• FAR: Someone else is trying to verify you
• FRR: You fail to match against your own
template
28
29. • “Determine or Authenticate identity”
Identification Systems:
– Who am I?
– Determine Identity
Verification Systems:
– Am I who I claim to be?
– Authenticate Identity
29
30. • “Determine or authenticate identity”
Verification Systems (cont):
– More accurate.
– Less expensive.
– Faster.
– More limited in function.
– Requires more effort by user.
30