Saturday, March 30, 2019

Limitations Of Biometrics

Limitations Of biostatisticsThis paper foc usances on the limitations of biometry and demonstrates how the theory of micklecell commensurate biometry tramp mitigate such limitations. Cancell adequate biostatistics gives biometric administrations, theoretic all(prenominal)y, the ability to re-issue biometric signals. Thus, if a biometric infobase is ever compromised, the biometric run across plunder be re- muckle. Our team up believes that detonatelable biostatistics should be a opera hat manage when utilizing biometric technologies. This paper begins with a background of biometric technologies, the global biometric securities industry, and general limitations of biometry. The main eubstance foc hires on the background, concepts, and mould of cancellable biometrics offered as a resultant role for close to of the limitations address. Finally, an epitome of cancellable biometrics advantages and disadvantages concludes our paper.What is biometrics?To define bi ometrics, you can look at the Greek translation. Bios translates to vitality and metric translates to bill. This leads to a direct translation of biometrics to life measurement. (Biometric Definition-What, 2005) biostatistics is a technique for identification of people that uses body characteristics or behavioral traits and is increasingly macrocosm utilise instead of or in fraternity with other forms of identification ground on something you live with (e.g. ID card) or something you pick out (e.g. password or PIN). (8.5 biometrics) The direct Greek translation of life measurement is fitting because biometrics looks to measure physical or behavioral traits of a human for identification purposes. thither atomic number 18 2 types of biometrics behavioral and physical. Behavioral biometrics measures the characteristics that an person naturally acquires over the span of their lifetime. Examples of this applied science acknowledge speaker recognition, signature verificat ion, and keystroke verification. corporeal biometrics measures the physical characteristics and body measurements of an individual. Examples of this applied science include facial recognition, iris and retinal scan fingerprinting, and desoxyribonucleic acid typing (Biometric Definition-What, 2005). There be also two trends that biometrics can operate in verification and identification. Verification is employ to validate a person a turn a profitst who they claim or present themselves to be. It is a virtuoso to adept match between the acquired templet of the individual and a investment companyd scout for coordinated. This mode relies on individuals entering their biometric entropy into the system prior to trying to gain devil to it (8.5 Biometrics). Identification is the process of trying to figure out who an individual is. This involves a comparison of the individual to a list of guides stored in the entropybase. (Yun, 2003) Physical biometrics can be use for every veri fication or identification while behavioral biometrics is typically alone used for verification purposes. (Biometric Definition-What, 2005)The History of BiometricsBiometrics seems to be a new-fashioned day engineering, exactly its concept was actually applied as utmost back as the ordinal century. Chinese merchants used fingerprinting during the fourteenth century to describe children (Osborn, 2005). In 1890, Alphonse Bertillon developed a form of biometrics known as anthropometrics. Anthropometrics is a method of identifying individuals based on comminuted measurements of their body and physical descriptions. This method fell out of use when it was observed that multiple individuals could hold out the kindred body measurements. (Biometrics History, 2006) Early in the twentieth century, an applied mathematician named Karl Pearson used statistical history and correlation to biometrics research. speck biometric certification was developed during the 1960s and 1970s, mark ing a broad discovery in behavioral biometrics. (Osborn, 2005) Also during this time, the FBI pushed for automating their fingerprint recognition process. This automation was the come on of modern day biometrics, a combination of the biometrics process with information technology. During the 2001 Superbowl in Tampa, Florida, face recognition softwargon program was installed at the stadium to identify known criminals. (Biometrics History, 2006) Post 9/11 t misplayist attacks, in that location was a huge push by the U.S. government to implement biometrics on a large(p) scale. The government began installing facial recognition hardw are and software in airports to identify suspected terrorists. (Osborn, 2005)Generic Biometric SystemWhile there are many biometric technologies in use today, and many more than creation invested in and researched on, they all share a similar process eat (Yun, 2003). The adjacent ambit is a basic block diagram of a biometric systemSource (Yun, 20 03)The process al elbow rooms starts with some type of sensing element device. This is what captures the biometric information. The capture information is thence sent through a process phase. Here the information is cleaned up, noise is removed, and the important entropy is deepend. The processed selective information is then coiffure together to form a template. A template is what represents the biometric data within the system. If its the first time the individual is utilize the system, the template is stored within the system. Otherwise, the generated template is compared against an already stored template during the matching process. If the biometric technology is operate in a verification mode, the generated template is matched against a specific stored template. If the technology is operating in an identification mode, the generated template is matched against a list of stored templates. If the matching process yields a positive match, then the individual is granted ac cess to the exertion device. (Yun, 2003)Current spheric Biometric MarketIt is important to consider the prevalence of biometrics. Although it may seem futuristic, biometrics is being used in countries all over the world. According to Prabhakar, Pankanti, and Jain, biometric applications fall into cardinal main categories commercial, government, and forensic. The commercial course of instruction includes applications used in e-commerce, banking, and social networking sites. Governments use biometrics for drivers licenses, immigration control, and e-passports. rhetorical applications include devices used in criminal investigation and prisoner individuation control. (Prabhakar, Pankanti, Jain, 2003)According to BCC research, the global biometric revenue increased from $1.950 billion in 2006 to $2.7 billion in 2007. The compound annual growth rate from 2007 to 2012 was expected to be 21.3% (The Global Biometrics Market, 2007). As you can see from the figure below, the biometri c technology being used ranges from fingerprint scanners, leading the market, to hand geometry scanners.The market statistics high up were derived in 2007. As a means for comparison, our group thought it trump to obtain market research from at least one more source. According to a more recent expression, issued by homeland tribute newswire on January 18, 2011, the market is expected to grow at 18.9% per year until 2015, bring estimated global revenue from biometrics up to $12 billion in 2015. Fingerprint technologies will lock up dominate the market, with face, iris, vein, voice recognition following (Biometrics market expected, 2011). BCC assumed a 21.3% annual growth rate, which would have make 2011 expected revenue virtually $5.8 billion, the actual 2011 global biometric market revenues number $5 billion (Biometrics market expected, 2011). The main point is that the global biometrics market has been growing as expected and is expected to grow.Biometric technology offers substantive advantages, but there are some limitations that need to be addressed as the biometric market continues to grow. For example, although the US has been the leader of the biometric market, scanning of iris or fingerprints to use ATM machines has non been implemented due to secrecy and write down concerns. (Biometric ATMs not, 2005) One of the major limitations is the issue of privacy. The issue of privacy and other limitations, if not resolved, may continue to stop the biometric market growth as seen by Americans lack of biometric ATM machines. The following section will discuss limitations of generic biometric systemsLimitations of BiometricsAn obvious issue with biometrics is costs. The table below was derived from the carrefour offerings of a leading biometrics supplier, digitalPersona, Inc., using the framework from their whitepaper on best practices. This chart includes all aspects of a typical corroboration system. As you can see the cost of biometric technolo gy hardware and software is expensive in itself and costs for training, design, maintenance, and credentials will also be incurred.Category dilateCostTimeTrainingUsers, administrators$100-$1,500 per substance abuser1 hour 5 old ageDesignEnsure compatibility with other systems$1,000-$4,0001 day 10 daysInstallationHardware and software purchases/configure$3,000-$50,00010 days 30 daysUser enrollmentAcquisition of biometrics$50-$ one hundred seventy-five per user.75 hrMaintenanceAdd/modify users$25-$200 per causa0.5 hrSecurityExtra safeguards within system to ensure privacy$500-$20,0001 day 10 daysSource (Best Practices, 2009) some other field of honor of concern with biometrics is the fact that once a biometric meet has been leaked or obtained by an unauthorized source, that image is no longer secure for use with any application (Teoh, Kuan, Lee, 2008). Authentication puppets, such as passwords, keys, and identification cards have always been easily cancellable and renewable , but biometrics have been a concern because users only have, in general, one face, two eyes, one set of fingerprints, etc. (Ratha, Connell, Bolle, 2001). Although it is difficult to do, determined data thieves can extract biometric images and put them to improper use, rendering stolen images useless in terms of security.The figure below demonstrates eight vulnerabilities of ordinary biometric systems.Source (Ratha, Connell, Bolle, 2001).Figure www.fidis.netOnce lord biometric data is obtained, reproductive memory can easily be achieved. Attacks or so the sensor may include inputting fake or copied biometric signal (point 1) or using a counterpart of a genuine biometric, tape with fingerprint, to bypass the sensor (point 2) (Ratha, Connell, Bolle, 2001). The other part of the system, feature extraction method (points 3 and 4), the matching device and purpose (points 4 and 8), the database that holds the biometric images (point 6), and the communication channel between data base and matcher (point 7), are oft harder to attack, but if victoriously br to to each one oneed will result in the theft or alteration of biometric templates which cannot be re pipd (Ratha, Connell, Bolle, 2001).The biggest disadvantage of biometrics is that biometric data cannot be changed or reset. For example, if a password is stolen, a new password can be created. However, if a biometric characteristic is stolen from a database, a new biometric characteristic cannot be issued. Thus, if a biometric database is compromised, that biometric used for authentication purposes cannot be used again.Finally, there is a huge privacy concern, as seen with the USs delay of implementing ATMs with biometric systems. The uniqueness of biometric data raises this concern. There is already an terrific amount of data being collected by social networking sites, employers, the government, retail stores, medical centers, etc., Each entity may identify soul with data that can either be changed or is not merely unique to them, such as an email address or a name (Joe Smith). Thus, if the government wanted information from a retail store about a particular person, they may not be able to determine, from the retailers database, whether it is Joe Smith from California or Joe Smith from Arkansas. Currently to make data overlap possible, data would have to be paired with more data in purchase order to identify the right person and then share information about that person between entities. This idea of data sharing among entities produces a fear in some people with regards to the use of biometrics because biometric data is completely unique to a person. If all these entities have biometric data, data unique to just one individual, all the entities could share data in their databases (cross-matching). For example, data collected by private company can be matched with the governments data. (Ratha, Connell, Bolle, 2001)One solution to this privacy concern is cancellable biometri cs (Ratha, Connell, Bolle, 2001). Cancellable biometrics allows authentication biometric signals to be re-set if a database is every compromised. Basically, cancellable biometrics distorts a biometric signal based on a certain transform during enrollment, and continues to distort it the same way for every presentation and authentication there afterward (Ratha, Connell, Bolle, 2001). If biometric data is ever stolen, a new transform is used and re-enrollment is allowed (Gaddam, Lal, 2010). The following sections further let off cancellable biometrics and how it can mitigate the risks of biometric systems vulnerabilities.History of Cancellable BiometricsThe study and research around cancellable biometrics is relatively new with most research beginning around the turn of the 21st century. Although many have contributed to the field, several publications, including the encyclopaedia of Biometrics (2009) and The diary of the Pattern Recognition Society credit Nalini Ratha with the concepts that led to the insertion of cancellable biometrics (Teoh, Kuan, Lee, 2008). Cancellable biometrics was conceptualized as a way to address the potency downsides and security concerns of ordinary biometrics. In order to prevent the preclusion of a biometric image, cancellable biometrics was created. The goal of cancellable biometrics is to provide biometric authentication that is not only unique to an individual, but one that also has the ability to be changed. Cancellable biometrics does not provide extra security around biometrically authenticated systems, but does provide a way to avoid losing the ability to use biometrics as an authentication method.As its name suggests, cancellable biometrics allows a biometric template to be cancelled and replaced with a new image that is based on the same biometric data, resulting in one of many possible permutations (Teoh, Kuan, Lee, 2008). According to the Encyclopedia of Biometrics (2009), cancellable biometrics allows biometri c images to be reset by encoding each biometric image with a polar aberrancy schema for each application that uses the image (Lee Jain, 2009). In order to assure the security of each permutated biometric image, a unique distortion scheme must(prenominal)(prenominal) be used for each unique application (Teoh, Kuan, Lee, 2008). The use of a distortion scheme creates an image for storage in a database that is not an exact match to the sea captain biometric measure, therefore changing the image is as easy as changing the distortion scheme. Next we will discuss the concepts behind cancellable biometrics that are used to increase the security of biometric authentication and to keep biometric data unique.The Concepts john Cancellable BiometricsThere are three criteria that a cancellable biometric template must meet in order to be useful and secure (1) each cancellable template must be used for only one application, (2) the annulment and reprint procedures must be straightforward , and (3) the template computation must not be able to be reversed in order to harbor the authorized biometric data. These three steps may also be referred to as diversity, reusability, and unidirectional transformation, respectively (Teoh, Kuan, Lee, 2008).Using the same biometric template for multiple applications exposes data to the same menaces that using the same password for multiple applications would. If an unauthorized user gains access to one application, access can be achieved to all applications that use the same template. When using one template for multiple applications, no consequence how strong the security is for the strongest application, the security of all the applications with the same authorization template is only as strong as the weakest link.Addressing the second criteria, that revocation and reissue procedures must be straightforward, is as it says, straightforward. Without a straightforward way to cancel and reissue a biometric template, biometric da ta is subject to interception and physical alteration (Teoh, Kuan, Lee, 2008).The trey criterion, that the computation of the template not be reversible, is also meant to protect the truth and the individuality of the original biometric data (Teoh, Kuan, Lee, 2008). If a computation can be reversed, and the original biometric data is revealed, the biometric measurement will be useless and unsecure. A popular method for creating non-invertible biometric data is to use a hashing function. out-of-pocket to the unique characteristics of individual biometric data, there are several guidelines that a hashing function must take into account when creating non-invertible data. For example, regarding fingerprint data, Tulyakov, Mansukhani, Govindaraju, and Farooq (2007) suggest that hashing functions should have similar hash values for similar fingerprints, different values for fingerprints that are different, that the rotation of a fingerprint should not affect the hash value, and tha t, if fitted minutiae is available, partial fingerprints should be matched. Minutiae refer to uniquely identifiable points on a set of fingerprints (Tulyakov, Farooq, Mansukhani, Govindaraju, 2007).Within cancellable biometrics there are two distortion techniques that are widely recognized, signal region distortion and feature theatre of operations distortion. What signal and feature domain distortion basically provide are ways to either distort a biometric image directly after acquisition or extract features from a biometric image, such as minutiae, and then distort the features, respectively (Ratha, Connell, Bolle, 2001). Signal domain distortion creates an independent image to be registered by a biometric indorser, but still provides landmarks that can be compared to the original image, e.g. points on a persons face or eyes, for authentication. Feature domain distortion extracts template features and scrambles them, providing a sufficient technique for biometric measurement s, such as fingerprints, which would be difficult to preserve accurate minutiae and a similar image (Lee Jain, 2009).How it worksCancellable biometrics is achieved when a normal biometrics model is limited in the lead it is stored in an intentional and repeatable method. This change in the pattern can be initiated by several methods, however this topic is still in development and a single industry best practice has not yet been distilled. Instead of the actual values from the biometric sensor being stored, a value that is the combination of the modifier and the sensors reading is stored. In the result that the biometrics is impersonated or the database is compromised, the modifier can be changed and the user can be authenticated with the system. (Ratha, Connell, Bolle, 2001)Modifiers can be anything from a random number, a personal identification number, or even another biometric reading. The combination of these two items, similar to two-factor authentication, can create a uni que key that uses both an individually unique value with the independent but derived from the biometric. (Ratha, Connell, Bolle, 2001)Once the biometric reader scans the individual, an algorithm is applied to the value. This transformation can happen in either the scanning device or post-processed within the computer system before it is validated against the record within the database. These readers can be hardware devices that join to a computer network or appliances which are self-contained. After successful verification of credentials the user is granted authentication. (Ratha, Connell, Bolle, 2001) Demo use ppt slides to explain the images and how they are distorted and stored for cancellable biometrics.Advantages of Cancellable BiometricsDifferent entities and different applications use different transforms for the same signals. This prevents the sharing between databases of different entities (Gaddam, Lal, 2010). For example, a law enforcement internal representation will use one transform for a fingerprint scan, and a commercial entity will use a different transform for the same fingerprint scan. This idea of diversity makes cross-matching impossible. As seen in the figure below, the merchant takes the biometric data from the customer and compares it to a transform from one of the transform databases associated with a particular service (Ratha, Connell, Bolle, 2001). This should ease privacy concerns as different transforms are held in different databases per entity.Source (Ratha, Connell, Bolle, 2001)Also, the authentication server never stores original biometrics (Ratha, Connell, Bolle, 2001). The benefit is that the risk of identity theft is significantly cut because the transforms are non-invertible. Even if a hacker accessed a template database, there would be no way for he/she to figure out the original biometric.The reusability feature, described in the section titled The Concepts Behind Cancellable Biometrics of this paper, protects the biometric authentication process from becoming obsolete. If cancellable biometrics did not offer re-usability and data continually was compromised, theoretically, people would start to run out of body parts to use.Limitations of Cancellable BiometricsCancellable biometrics is not the solution to all of the limitations of biometrics. Cancellable biometrics provides a solution for privacy concerns and resetting issues related to biometrics. However, it does not come the enormous cost associated with biometrics. Also, it does not prevent the use of a copied biometric signal (Ratha, Connell, Bolle, 2001). For example, if someone found a way to obtain a copy of a fingerprint and used that copy of the genuine biometric to access a system/account/place etc., matching could be possible and access could be granted. Cancellable biometrics prevents identity theft by the use of non-invertible transforms and it increases privacy by preventing data sharing among entities because original biome tric data is never stored, it doesnt prevent people from using copies of genuine biometrics. As discussed in the section Limitations of Biometrics, biometric systems are subject to attack. Cancellable biometrics does not prevent an attack, however, if a biometric database or other parts of the system are compromised, a new transform can be used for the authentication process and the hacker will not be able to obtain the original biometric. Thus it mitigates the damage, but not the risk of attack. Another limitation of cancellable biometrics is the trade-off of higher protection for higher error rates. The invertible feature increases protection of original data, but causes a decrease in recognition accuracy (Cheung, Kong, Zhang, Kamel, You, Lam). This may lead to a higher dark rejection rate. A higher false rejection rate is inefficient and costly. final stageThe global biometric market is expected to continue growing. However, limitations of generic biometric systems may subordi nate the market growth from its full potential. General limitations of generic biometric systems include enormous costs, fake enrollment, physical copies bypassing sensors, attacks on the system parts and/or database, threat to privacy of individuals, and failure to reset biometrics. Cancellable biometrics provides a solution to some of generic biometric system limitations. With cancellable biometrics, a biometric template must have three criteria (1) each cancellable template must be used for only one application, (2) the revocation and reissue procedures must be straightforward, and (3) the template computation must not be able to be reversed in order to protect the original biometric data. These three criteria, also known as diversity, reusability, and one-way transformation (Teoh, Kuan, Lee, 2008), disallow data-sharing among entities, protect the overall biometrics from becoming obsolete, and prevent a hacker from obtaining genuine biometrics. Our team believes that due to the demand for biometrics in general, cancellable biometrics has a potential market. IBM has been researching and developing cancellable biometrics. According to an article off IBMs website, Helping enhance security and protect identities, several large banks have been talking with IBM about the use of cancellable biometrics. Cancellable biometrics also is relevant to sectors of the government like the IRS, Social Security administration, and law enforcement organizations (Helping enhance security-). Thus, cancellable biometrics may evolve from research and development into a marketable tool that may refresh the global biometrics market.Work Cited8.5 Biometrics. University of Leicester. Retrieved April 26, 2011 from. mention (8.5 Biometrics)Biometric ATMs not being used in U.S. (2005, October 11). Retrieved April 25, 2011from http// (Biometric ATMs not, 2005)Biometric Definition What Is Biometrics? Biometrics Tec hnology Explained. (2005)Retrieved April 25, 2011 from .Citation (Biometric Definition-What, 2005)Biometrics History. (2006). NSTC Subcommittee on Biometrics,April 18, 2011. .Citation (Biometrics History, 2006)Biometrics market expected to hit $12 billion in 2015. (2011, January 18).Retrieved April 25, 2011 from http// (Biometrics market expected, 2011)Best Practices for Implementing Fingerprint Biometrics in Application. (2009).DigitalPersona. Retrieved April 25, 2011 from http// (Best Practices, 2009)Cheung, H.K, Kong, A., Zhang, D., Kamel, M., You, J., You, T., Lam. H-W., (n.d.). Ananalysis on accuracy of cancellable biometrics based on biohashing. Unpublished manuscript, discussion section of Computing, Hong Kong Polytechnic University, China. Retrieved April 22, 2011 from h ttp// (Cheung, Kong, Zhang, Kamel, You, Lam)Gaddam, S.V.K, Lal, M. (2010). Efficient cancellable biometric key generationscheme for cryptography. International Journal of Network Security, 11(2), 61-69. Retrieved April 22, 2011 from http// (Gaddam, Lal, 2010)Helping enhance security and protect identities. IBM. Retrieved April 26, 2011 fromhttp// enhance security-)Lee, S.Z., Jain, A.K. (2009). Encyclopedia biometrics. Retrieved April 22, 2011 fromhttp// (Lee Jain, 2009)Osborn, A. (2005, August 17) Biometrics History the Hi story of Biometrics from retiring(a)to Present. Video Surveillance Systems, Security Cameras CCTV Equipment Guide. April, 25, 2011. .Citation (Osborn, 2005)Piuri, Vincenzo (2008) Fingerprint Biometrics via low-cost Sensors and Webcams.IEEE. Retrieved April 25, 2011 from http// (Piuri, 2008)Prabhakar, S, Pankanti, S, Jain, A. K. (2003, March). Biometric recognition securityand privacy concerns. IEEE Security and Privacy. Retrieved April 25, 2011 from http// (Prabhakar, Pankanti, Jain, 2003)Ratha, N.K., Connell, J.H., Bolle, R.M. (2001). Enhancing security and privacy inbiometrics-based authentication systems. IBM Systems Journal , 40(3), 614-634 Retrieved April 22, 2011 from http// ing+security+and+privacy+in+biometrics-based+authentication+systemsaq=faqi=g1aql=foq=pbx=1bav=on.2,or.r_gc.r_pw.fp=f4864d47f9f205c8biw=1366bih=583Citation (Ratha, Connell, Bolle, 2001)Teoh, A.B.J., Kuan, Y.W., Lee, S. (2008). Cancellable biometrics and annotations onbiohash. Journal of the Pattern Recognition Society, 41(6), 2034-2044 Retrieved April 22, 2011 from http// (Teoh, Kuan, Lee, 2008)The Global Biometrics Market. (2007, December). Retrieved April 25, 2011 fromhttp// (The Global Biometrics Market, 2007)Tulyakov, S, Farooq, F, Mansukhani, P, Govindaraju, V. (2007). Symmetric hashfunction s for secure fingerprint biometric systems. Pattern Reconition Letters, 28(16), 2427-2436. Retrieved April 22, 2011 from http// (Tulyakov, Farooq, Mansukhani, Govindaraju, 2007)Yun, W. (2003) The 123 of Biometric Technology. web Accessed 18 April 2011from (Yun, 2003)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.