Presentation is loading. Please wait.

Presentation is loading. Please wait.

Biometrics Angela Sasse – Dept of Computer Science.

Similar presentations

Presentation on theme: "Biometrics Angela Sasse – Dept of Computer Science."— Presentation transcript:

1 Biometrics Angela Sasse – Dept of Computer Science

2 GA10 Authentication 3: Biometrics Goals of this lecture 1.What are biometrics? 2.How they are applied 3.Usability and security issues

3 GA10 Authentication 3: Biometrics biometric = biological or behavioural property of an individual that can be measured and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals biometric sample = analog or digital representation of biometric characteristics prior to biometric feature extraction process and obtained from a biometric capture device or biometric capture subsystem (raw data) biometric template = stored biometric features, applied to the biometric features of a recognition biometric sample during a comparison to give a comparison result. See for a good FAQ on Biometric jargon

4 GA10 Authentication 3: Biometrics Some basics Enrolment = capture of biometric feature and generation of biometric sample and/or template Full images or templates –templates are more efficient –Images can be used to reverse- id/create new templates Verification using ID + biometric, or identification (biometric compared to database

5 GA10 Authentication 3: Biometrics Physical/behavioural Physical Fingerprint Finger / Palm Vein Hand geometry Face recognition Iris Retina Earshape Behavioural Voice print Dynamic Signature Recognition (DSR) Typing pattern Gait recognition Heart rate analysis

6 GA10 Authentication 3: Biometrics Enrolment Crucial for security and subsequent performance –In some context, identity of enrolee needs to be checked –Biometrics enrolled need to be genuine (see attacks) good enough quality to work Enrolment procedure needs to be formalised –Staff need to be trained –Staff need to be trustworthy or closely checked Time taken to carry out enrolment often under- estimated

7 GA10 Authentication 3: Biometrics FTE FTE (failure to enrol) rate = proportion of people who fail to be enrolled successfully FTAs: users can be enrolled but biometric sample too poor quality to verify Reasons for FTE/FTA –Biometric not present or temporarily inaccessible –Biometric not sufficiently prominent or stable Problem for Universal Access – may exclude -Older users -Disabled -Equipment may be too difficult to use

8 GA10 Authentication 3: Biometrics FTE in UKPS enrolment trial FaceIrisFinger Quota0.15%12.30%0.69% Disabled2.73%39%3.91% UKPS (UK Passport Service) enrolment trial 2004

9 GA10 Authentication 3: Biometrics FAR & FRR FAR (False Acceptance Rate) –accepting user who is not registered –mistaking one registered user for another –High security: FAR of.01% acceptable FRR (False Rejection Rate) – rejecting legitimate user High FRRs reduce usability, high FARs reduce security –customer-based applications tend to raise FAR

10 GA10 Authentication 3: Biometrics Performance User performance depends on –frequency of use: Frequent users complete faster and with fewer errors, infrequent users need step-by-step guidance and detailed feedback –Degree of cooperation –Total usage time (not just for matching) Quality of enrolled and presented samples has key impact (e.g. fingerprints 1 or 10 at a time?) Different performance for identification and verification (1-1 verification or 1-many identification)

11 GA10 Authentication 3: Biometrics


13 "We were aiming for it to scan 12 pupils a minute, but it was only managing 5 so has been temporarily suspended as we do not want pupils' meals getting cold while they wait in the queue." Careful balancing of business process requirements and security requirements needed

14 GA10 Authentication 3: Biometrics Total Usage Process Time quoted by suppliers often only refer to capture of live image & matching –Walk up to machine –Put down bags, remove hats, etc. –Find token (if used) –Put on token (if used) –Read token –Wait for live image to be captured & matched –Walk away & free machine for next user –Plus average number of rejections & re-tries Average seconds, longer with infrequent users

15 GA10 Authentication 3: Biometrics FRR in UKPS enrolment trial FaceIrisFinger Quota Time: 30.82% 39 sec 1.75% 58 sec 11.70% 1 min 13 sec Disabled Time: 51.57% 1 min 3 sec 8.22% 1 min 18 sec 16.35% 1 min 20 sec

16 GA10 Authentication 3: Biometrics Performance: Smartgate Sydney Airport Problem: speedy & secure immigration Technology: Face recognition system Users: Quantas air crew (2000) Performance: –FAR less than 1% –FRR 2% –could be faster (average 12 secs) Several re-designs necessary, including updating of image templates

17 GA10 Authentication 3: Biometrics Example: BKA face recognition trial Railway station with 20,000 passengers/day 2 month trial of 3 systems 200 people on watch list, who passed through every day, making no effort to conceal their identity FAR fixed at.1% (= 23 false alarms/day) Best performing system at under most favourable detected caught 60% (down to 20%)

18 GA10 Authentication 3: Biometrics Usability Issues: Finger Which finger? How to position –Where on sensor? –Which part of finger? –Straight or sideways? Problems: arthritis, long fingernails, handcreme, circulation problems

19 GA10 Authentication 3: Biometrics Which finger?

20 GA10 Authentication 3: Biometrics Finger position?

21 GA10 Authentication 3: Biometrics Usability Issues: Iris What is it – iris or face? One or both eyes? One eye: how to focus? Distance adjustment Positioning –rocking or swaying Glasses and contact lenses –about half of population wear them –Target area difficult to see when glasses are removed Example: Project IRIS at Heathrow

22 GA10 Authentication 3: Biometrics Focussing

23 GA10 Authentication 3: Biometrics Height adjustment Often not sufficient for very short (under 1.55 m) or very tall (over 2.10) people, or wheelchair users Need to use hand to adjust –If card needs to be held, other things users carry or hold need to be put down

24 GA10 Authentication 3: Biometrics Height adjustment

25 GA10 Authentication 3: Biometrics … but users may not realise this … or be reluctant to touch equipment, or think it takes too long

26 GA10 Authentication 3: Biometrics Usability Issues: Face What is it? Where do I stand? Where do I look/what am I looking at? Standing straight, keeping still Neutral expression Hats, changes in (facial) hair, makeup

27 GA10 Authentication 3: Biometrics Distance

28 GA10 Authentication 3: Biometrics Neutral expression

29 GA10 Authentication 3: Biometrics User Acceptance Issues –Finger Hygiene, Hygiene, Hygiene Association with forensics/criminals Finger chopped off

30 GA10 Authentication 3: Biometrics

31 Liveness detection Detects movement, pulse, blood flow Fitted to several systems, but tends to increase FRR Users: fine, but do the criminals know about it?

32 GA10 Authentication 3: Biometrics User Acceptance Issues - Iris Iris –Risk to health (e.g. damage to eyes, triggering epilepsy) –Covert medical diagnosis Illnesses (iridology) Pregnancy Drugs Minority Report attacks

33 GA10 Authentication 3: Biometrics User Acceptance Issues - Face Covert identification Surveillance/tracking –Direct marketing

34 GA10 Authentication 3: Biometrics User Acceptance – General Issues Data protection – threat to privacy Abuse by employer, commercial organisations, state, or malicious individuals –Mission creep –Increasing capability of technology – e.g. iris recognition at a distance –Integration with other technologies – e.g. RFID Doubts about reliability –Sophisticated attackers –Can government really keep systems secure? –Cheap systems and successful attacks erode confidence

35 GA10 Authentication 3: Biometrics

36 Simple –Activate latent prints: breathing, bag with warm water Sophisticated –Lift print with tape or photograph Gelatine print (gummy bear attack) – lasts 1x Silicone print Attacks - Finger

37 GA10 Authentication 3: Biometrics CCC strikes again Pay-by-touch system in German supermarket chain Superglue Plastic bottle cap Digital camera PC with laser printer Plastic foil Wood glue Published fingerprint of German Home Secretary

38 GA10 Authentication 3: Biometrics Attacks - Iris Simple –Picture of eye stuck on glasses Sophisticated –Coloured contact

39 GA10 Authentication 3: Biometrics Attacks - Face Simple –Replay attack (Photo or video of person) –Glasses with strong frames Sophisticated –Mask (Mission Impossible attack)

Download ppt "Biometrics Angela Sasse – Dept of Computer Science."

Similar presentations

Ads by Google