The term Biometrics is composed of two words − Bio (Greek word for Life) and Metrics (Measurements). Biometrics is a branch of information technology that aims towards establishing one’s identity based on personal traits.
Biometrics is presently a buzzword in the domain of information security as it provides high degree of accuracy in identifying an individual.
Biometrics is a technology used to identify, analyze, and measure an individual’s physical and behavioral characteristics.
Each human being is unique in terms of characteristics, which make him or her different from all others. The physical attributes such as finger prints, color of iris, color of hair, hand geometry, and behavioral characteristics such as tone and accent of speech, signature, or the way of typing keys of computer keyboard etc., make a person stand separate from the rest.
This uniqueness of a person is then used by the biometric systems to −
A biometric system is a technology which takes an individual’s physiological, behavioral, or both traits as input, analyzes it, and identifies the individual as a genuine or malicious user.
The idea of biometrics was present since few years from now. In 14th century, China practiced taking finger prints of merchants and their children to separate them from all others. Fingerprinting is still used today.
In the 19th century, an Anthropologist named Alphonse Bertillion developed a method (named Bertillionage) of taking body measurements of persons to identify them. He had realized that even if some features of human body are changed, such as length of hair, weight, etc., some physical traits of body remain unchanged, such as length of fingers. This method diminished quickly as it was found that the persons with same body measurements alone can be falsely taken as one. Subsequently, Richard Edward Henry from Scotland Yard developed a method for fingerprinting.
The idea of retinal identification was conceived by Dr. Carleton Simon and Dr. Isadore Goldstein in 1935. In 1976, a research and development effort was put in at EyeDentify Inc. The first commercial retina scanning system was made available in 1981.
Iris recognition was invented by John Daugman in 1993 at Cambridge University.
In 2001, Biometrics Automated Toolset (BAT) was introduced in Kosovo, which provided a concrete identification means.
Today, biometric has come up as an independent field of study with precise technologies of establishing personal identities.
With increasing use of Information Technology in the field of banking, science, medication, etc., there is an immense need to protect the systems and data from unauthorized users.
Biometrics is used for authenticating and authorizing a person. Though these terms are often coupled; they mean different.
This process tries to find out answer of question, “Are you the same who you are claiming to be?”, or, “Do I know you?” This is one-to-many matching and comparison of a person’s biometrics with the whole database.
This is the one-to-one process of matching where live sample entered by the candidate is compared with a previously stored template in the database. If both are matching with more than 70% agreeable similarity, then the verification is successful.
It is the process of assigning access rights to the authenticated or verified users. It tries to find out the answer for the question, “Are you eligible to have certain rights to access this resource?”
The conventional methods of information system security used ID cards, passwords, Personal Identification Numbers (PINs), etc. They come with the following disadvantages −
They all mean recognizing some code associated with the person rather than recognizing the person who actually produced it.
In such cases, the security of the system is threatened. When the systems need high level of reliable protection, biometrics comes to help by binding the identity more oriented to individual.
In general, a biometric system can be divided into four basic components. Let us see them briefly −
It is the sensing component of a biometrics system that converts human biological data into digital form.
A Metal Oxide Semiconductor (CMOS) imager or a Charge Coupled Device (CCD) in the case of face recognition, handprint recognition, or iris/retinal recognition systems.
The processing component is a microprocessor, Digital Signal Processor (DSP), or computer that processes the data captured from the sensors.
The processing of the biometric sample involves −
The database stores the enrolled sample, which is recalled to perform a match at the time of authentication. For identification, there can be any memory from Random Access Memory (RAM), flash EPROM, or a data server. For verification, a removable storage element like a contact or contactless smart card is used.
The output interface communicates the decision of the biometric system to enable the access to the user. This can be a simple serial communication protocol RS232, or the higher bandwidth USB protocol. It could also be TCP/IP protocol, Radio Frequency Identification (RFID), Bluetooth, or one of the many cellular protocols.
There are four general steps a biometric system takes to perform identification and verification −
The biometric sample is acquired from candidate user. The prominent features are extracted from the sample and it is then compared with all the samples stored in the database. When the input sample matches with one of the samples in the database, the biometric system allows the person to access the resources; otherwise prohibits.
Biometric Template − It is a digital reference of the distinct characteristics that are extracted from a biometric sample.
Candidate/Subject − A person who enters his biometric sample.
Closed-Set Identification − The person is known to be existing in the database.
Enrollment − It is when a candidate uses a biometric system for the first time, it records the basic information such as name, address, etc. and then records the candidate’s biometric trait.
False Acceptance Rate (FAR) − It is the measure of possibility that a biometric system will incorrectly identify an unauthorized user as a valid user.
A biometric system providing low FAR ensures high security.
False Reject Rate (FRR) − It is the measure of possibility that the biometric system will incorrectly reject an authorized user as an invalid user.
Open-Set Identification − The person is not guaranteed to be existing in the database.
Task − It is when the biometric system searches the database for matching sample.
There are a number of applications where biometric systems are useful. Few of them are given below −
Identity establishment of people for authentic citizenship and immigration systems.
A biometric modality is nothing but a category of a biometric system depending upon the type of human trait it takes as input.
The biometrics is largely statistical. The more the data available from sample, the more the system is likely to be unique and reliable. It can work on various modalities pertaining to measurements of individual’s body and features, and behavioral patterns. The modalities are classified based on the person’s biological traits.
There are various traits present in humans, which can be used as biometrics modalities. The biometric modalities fall under three types −
The following table collects the points that differentiate these three modalities −
|Physiological Modality||Behavioral Modality||Combination of Both Modalities|
|This modality pertains to the shape and size of the body.||This modality is related to change in human behavior over time.||This modality includes both traits, where the traits are depending upon physical as well as behavioral changes.|
For example −
For example −
For example −
It depends on health, size, and shape of vocal cord, nasal cavities, mouth cavity, shape of lips, etc., and the emotional status, age, illness (behavior) of a person.
In the subsequent chapters, we will discuss each of these modalities in greater detail.
As depicted earlier, the physiological modalities are based on the direct measurement of parts of human body such as iris, fingerprint, shape, and position of fingers, etc.
There are some physical traits which remain unaltered throughout a person’s life. They can be an excellent resource for identification of an individual.
It is the most known and used biometrics solution to authenticate people on biometric systems. The reasons for it being so popular are there are ten available sources of biometric and ease of acquisition.
Every person has a unique fingerprint which is composed of ridges, grooves, and direction of the lines. There are three basic patterns of ridges namely, arch, loop, and whorl. The uniqueness of fingerprint is determined by these features as well as minutiae features such as bifurcation and spots (ridge endings).
Fingerprint is one of oldest and most popular recognition technique. Fingerprint matching techniques are of three types −
Minutiae Based Techniques − In these minutiae points are found and then mapped to their relative position on finger. There are some difficulties such as if image is of low quality, then it is difficult to find minutiae points correctly. Another difficulty is, it considers local position of ridges and furrows; not global.
Correlation Based Method − It uses richer gray scale information. It overcomes problems of minutiae-based method, by being able to work with bad quality data. But it has some of its own problems like localization of points.
Pattern Based (Image Based) Matching − Pattern based algorithms compare the basic fingerprint patterns (arch, whorl, and loop) between a stored template and a candidate fingerprint.
Facial recognition is based on determining shape and size of jaw, chin, shape and location of the eyes, eyebrows, nose, lips, and cheekbones. 2D facial scanners start reading face geometry and recording it on the grid. The facial geometry is transferred to the database in terms of points. The comparison algorithms perform face matching and come up with the results. Facial recognition is performed in the following ways −
Facial Metrics − In this type, the distances between pupils or from nose to lip or chin are measured.
Eigen faces − It is the process of analyzing the overall face image as a weighted combination of a number of faces.
Skin Texture Analysis − The unique lines, patterns, and spots apparent in a person’s skin are located.
If a candidate face shows different expressions such as light smile, then it can affect the result.
Iris recognition works on the basis of iris pattern in human eye. The iris is the pigmented elastic tissue that has adjustable circular opening in center. It controls the diameter of pupil. In adult humans, the texture of iris is stable throughout their lives. The iris patterns of left and right eyes are different. The iris patterns and colors change from person to person.
It involves taking the picture of iris with a capable camera, storing it, and comparing the same with the candidate eyes using mathematical algorithms.
It is highly accurate as the chance of matching two irises is 1 in 10 billion people.
It is highly scalable as the iris pattern remains same throughout a person’s lifetime.
The candidate need not remove glasses or contact lenses; they do not hamper the accuracy of the system.
It involves no physical contact with the system.
It provides instant verification (2 to 5 seconds) because of its small template size.
National security and Identity cards such as Adhaar card in India.
Google uses iris recognition for accessing their datacenters.
It includes measuring length and width of palm, surface area, length and position of fingers, and overall bone structure of the hand. A person’s hand is unique and can be used to identify a person from others. There are two Hand Geometry systems −
Contact Based − a hand is placed on a scanner’s surface. This placement is positioned by five pins, which guide the candidate hand to position correctly for the camera.
Contact Less − In this approach neither pins nor platform are required for hand image acquisition.
If candidate’s hand is with jewelry, plaster, or arthritis, it is likely to introduce a problem.
Nuclear power plants and military use Hand Geometry Recognition for access control.
Retina is the lining layer at the back of the eyeball that covers 65% of the eyeball’s inner surface. It contains photosensitive cells. Each person’s retina is unique due to the complex network of blood vessels that supply blood.
It is a reliable biometric as the retina pattern remains unchanged throughout the person’s life, barring the patterns of persons having diabetes, glaucoma, or some degenerative disorders.
In retinal scanning process, a person is asked to remove lenses or eyeglasses. A low-intensity infrared light beam is casted into a person’s eye for 10 to 15 seconds. This infrared light is absorbed by the blood vessels forming a pattern of blood vessels during the scan. This pattern is then digitized and stored in the database.
It is highly reliable as the error rate is 1 out of a crore samples (which is almost 0%).
It is not very user friendly as the user needs to maintain steadiness that can cause discomfort.
It tends to reveal some poor health conditions such as hypertension or diabetes, which causes privacy issues.
Accuracy of the results is prone to diseases such as cataracts, glaucoma, diabetes, etc.
Apart from security applications, it is also used for ophthalmological diagnostics.
Deoxyribo Neuclic Acid (DNA) is the genetic material found in humans. Every human barring identical twins, is uniquely identifiable by the traits found in their DNA, which is located in the nucleus of the cell. There are number of sources from which DNA patterns can be collected such as blood, saliva, nails, hair, etc.
Within cells, DNA is organized in long double helix structure called chromosomes. There are 23 pairs of chromosomes in humans. Out of the 46 total chromosomes, the offspring inherits 23 chromosomes from each biological parent. 99.7% of an offspring’s DNA is shared with their parents. The remaining 0.3% DNA contains repetitive coding unique to an individual.
The fundamental steps of DNA profiling are −
Separating the DNA from sample acquired from either of blood, saliva, hair, semen, or tissue.
Separating the DNA sample into shorter segments.
Organizing the DNA segments according to size.
Comparing the DNA segments from various samples.
The more detailed the sample is, the more precise the comparison and in turn the identification of the individual is.
DNA Biometrics differs from all others in the following ways −
It needs a tangible physical sample instead of image.
DNA matching is done on physical samples. There is no feature extraction or template saving.
It provides the highest accuracy.
Behavioral biometrics pertains to the behavior exhibited by people or the manner in which people perform tasks such as walking, signing, and typing on the keyboard.
Behavioral biometrics modalities have higher variations as they primarily depend on the external factors such as fatigue, mood, etc. This causes higher FAR and FRR as compared to solutions based on a physiological biometrics.
Gait is the manner of a person’s walking. People show different traits while walking such as body posture, distance between two feet while walking, swaying, etc., which help to recognize them uniquely.
A gait recognition based on the analyzing the video images of candidate’s walk. The sample of candidate’s walk cycle is recorded by Video. The sample is then analyzed for position of joints such as knees and ankles, and the angles made between them while walking.
A respective mathematical model is created for every candidate person and stored in the database. At the time of verification, this model is compared with the live sample of the candidate walk to determine its identity.
It is non-invasive.
It does not need the candidate’s cooperation as it can be used from a distance.
It can be used for determining medical disorders by spotting changes in walking pattern of a person in case of Parkinson’s disease.
For this biometric technique, no model is developed with complete accuracy till now.
It may not be as reliable as other established biometric techniques.
It is well-suited for identifying criminals in the crime scenario.
In this case, more emphasis is given on the behavioral patterns in which the signature is signed than the way a signature looks in terms of graphics.
The behavioral patterns include the changes in the timing of writing, pauses, pressure, direction of strokes, and speed during the course of signing. It could be easy to duplicate the graphical appearance of the signature but it is not easy to imitate the signature with the same behavior the person shows while signing.
This technology consists of a pen and a specialized writing tablet, both connected to a computer for template comparison and verification. A high quality tablet can capture the behavioral traits such as speed, pressure, and timing while signing.
During enrollment phase, the candidate must sign on the writing tablet multiple times for data acquisition. The signature recognition algorithms then extracts the unique features such as timing, pressure, speed, direction of strokes, important points on the path of signature, and the size of signature. The algorithm assigns different values of weights to those points.
At the time of identification, the candidate enters the live sample of the signature, which is compared with the signatures in the database.
To acquire adequate amount of data, the signature should be small enough to fit on tablet and big enough to be able to deal with.
The quality of the writing tablet decides the robustness of signature recognition enrollment template.
The candidate must perform the verification processes in the same type of environment and conditions as they were at the time of enrollment. If there is a change, then the enrollment template and live sample template may differ from each other.
Signature recognition process has a high resistance to imposters as it is very difficult to imitate the behavior patterns associated with the signature.
It works very well in high amount business transactions. For example, Signature recognition could be used to positively verify the business representatives involved in the transaction before any classified documents are opened and signed.
We all use our signature in some sort of commerce, and thus there are virtually no privacy rights issues involved.
Even if the system is hacked and the template is stolen, it is easy to restore the template.
The live sample template is prone to change with respect to the changes in behavior while signing. For example, signing with a hand held in plaster.
User need to get accustomed of using signing tablet. Error rate is high till it happens.
The Chase Manhattan Bank, Chicago is known as the first bank to adopt Signature Recognition technology.
During the World War II, a technique known as Fist of the Sender was used by military intelligence to determine if the Morse code was sent by enemy or ally based on the rhythm of typing. These days, keystroke dynamics the easiest biometric solution to implement in terms of hardware.
This biometric analyzes candidate’s typing pattern, the rhythm, and the speed of typing on a keyboard. The dwell time and flight time measurements are used in keystroke recognition.
Dwell time − It is the duration of time for which a key is pressed.
Flight time − It is the time elapsed between releasing a key and pressing the following key.
The candidates differ in the way they type on the keyboard as the time they take to find the right key, the flight time, and the dwelling time. Their speed and rhythm of typing also varies according to their level of comfort with the keyboard. Keystroke recognition system monitors the keyboard inputs thousands of times per second in a single attempt to identify users based on their habits of typing.
There are two types of keystroke recognition −
Static − It is one time recognition at the start of interaction.
Continuous − It is throughout the course of interaction.
Keystroke Recognition is used for identification/verification. It is used with user ID/password as a form of multifactor authentication.
It is used for surveillance. Some software solutions track keystroke behavior for each user account without end-user’s knowledge. This tracking is used to analyze if the account was being shared or used by anyone else than the genuine account owner. It is used to verify if some software license is being shared.
The candidate’s typing rhythm can change between a number of days or within a day itself because of tiredness, sickness, influence of medicines or alcohol, change of keyboard, etc.
There are no known features dedicated solely to carry out discriminating information.
Voice recognition biometric modality is a combination of both physiological and behavioral modalities. Voice recognition is nothing but sound recognition. It relies on features influenced by −
Physiological Component − Physical shape, size, and health of a person’s vocal cord, and lips, teeth, tongue, and mouth cavity.
Behavioral Component − Emotional status of the person while speaking, accents, tone, pitch, pace of talking, mumbling, etc.
Voice Recognition is also called Speaker Recognition. At the time of enrollment, the user needs to speak a word or phrase into a microphone. This is necessary to acquire speech sample of a candidate.
The electrical signal from the microphone is converted into digital signal by an Analog to Digital (ADC) converter. It is recorded into the computer memory as a digitized sample. The computer then compares and attempts to match the input voice of candidate with the stored digitized voice sample and identifies the candidate.
There are two variants of voice recognition − speaker dependent and speaker independent.
Speaker dependent voice recognition relies on the knowledge of candidate's particular voice characteristics. This system learns those characteristics through voice training (or enrollment).
The system needs to be trained on the users to accustom it to a particular accent and tone before employing to recognize what was said.
It is a good option if there is only one user going to use the system.
Speaker independent systems are able to recognize the speech from different users by restricting the contexts of the speech such as words and phrases. These systems are used for automated telephone interfaces.
They do not require training the system on each individual user.
They are a good choice to be used by different individuals where it is not required to recognize each candidate’s speech characteristics.
Speaker recognition and Speech recognition are mistakenly taken as same; but they are different technologies. Let us see, how −
|Speaker Recognition (Voice Recognition)||Speech Recognition|
|The objective of voice recognition is to recognize WHO is speaking.||The speech recognition aims at understanding and comprehending WHAT was spoken.|
|It is used to identify a person by analyzing its tone, voice pitch, and accent.||It is used in hand-free computing, map, or menu navigation.|
The inability to control the factors affecting the input system can significantly decrease performance.
Some speaker verification systems are also susceptible to spoofing attacks through recorded voice.
Working with Interactive Voice Response (IRV)-based banking and health systems.
All the biometric systems we discussed till now were unimodal, which take single source of information for authentication. As the name depicts, multimodal biometric systems work on accepting information from two or more biometric inputs.
A multimodal biometric system increases the scope and variety of input information the system takes from the users for authentication.
The unimodal systems have to deal with various challenges such as lack of secrecy, non-universality of samples, extent of user’s comfort and freedom while dealing with the system, spoofing attacks on stored data, etc.
Some of these challenges can be addressed by employing a multimodal biometric system.
There are several more reasons for its requirement, such as −
Availability of multiple traits makes the multimodal system more reliable.
A multimodal biometric system increases security and secrecy of user data.
A multimodal biometric system conducts fusion strategies to combine decisions from each subsystem and then comes up with a conclusion. This makes a multimodal system more accurate.
If any of the identifiers fail to work for known or unknown reasons, the system still can provide security by employing the other identifier.
Multimodal systems can provide knowledge about “liveliness” of the sample being entered by applying liveliness detection techniques. This makes them capable to detect and handle spoofing.
Multimodal biometric system has all the conventional modules a unimodal system has −
In addition, it has a fusion technique to integrate the information from two different authentication systems. The fusion can be done at any of the following levels −
The multimodal biometric systems that integrate or fuse the information at initial stage are considered to be more effective than the systems those integrate the information at the later stages. The obvious reason to this is, the early stage contains more accurate information than the matching scores of the comparison modules.
Within a multimodal biometric system, there can be variety in number of traits and components. They can be as follows −
Single biometric trait, multiple classifiers (say, minutiae-based matcher and texture-based matcher).
Single biometric trait, multiple units (say, multiple fingers).
Multiple biometric traits of an individual (say, iris, fingerprint, etc.)
These traits are then operated upon to confirm user’s identity.
You need to consider a number of factors while designing a multimodal biometric system −
To be able to select a proper biometric system, you need to compare them on various aspects. You need to assess the suitability of the systems to your requirements in terms of convenience, system specifications and performance, and your budget.
You can select best suitable biometric system by studying various criteria for their effectiveness.
There are seven basic criteria for measuring effectiveness of a biometric system −
Uniqueness − It determines how uniquely a biometric system can recognize a user from a group of users. It is a primary criterion.
Universality − It indicates requirement for unique characteristics of each person in the world, which cannot be reproduced. It is a secondary criterion.
Permanence − It indicates that a personal trait recorded needs to be constant in the database for a certain time period.
Collectability − It is the ease at which a person’s trait can be acquired, measured, or processed further.
Performance − It is the efficiency of system in terms of accuracy, speed, fault handling, and robustness.
Acceptability − It is the user-friendliness, or how good the users accept the technology such that they are cooperative to let their biometric trait captured and assessed.
Circumvention − It is the ease with which a trait is possibly imitated using an artifact or substitute.
Let us compare all the biometric system in the following terms −
You can select an appropriate biometric system depending upon the criteria you need to deal with as shown in the table.
Biometric system manufacturers claim high system performance which is practically difficult to achieve in actual operating environments. The possible reasons are, tests conducted in controlled environment setups, limitations on hardware, etc.
For example, a voice recognition system can work efficiently only in quiet environment, a facial recognition system can work fine if lighting conditions are controlled, and candidates can be trained to clean and place their fingers properly on the fingerprint scanners.
However, in practice, such ideal conditions may not be available in the target operating environment.
The performance measurements of a biometric system are closely tied to False Reject Rate (FRR) and False Accept Rate (FAR).
FRR is also known as Type-I error or False Non Match Rate (FNMR) which states the likelihood of a legitimate user being rejected by the system.
FAR is referred to as Type-II error or False Match Rate (FMR) which states the likelihood of a false identity claim being accepted by the system.
An ideal biometric system is expected to produce zero value for both FAR and FRR. Means it should accept all genuine users and reject all fake identity claims, which is practically not achievable.
FAR and FRR are inversely proportional to each other. If FAR is improved, then the FRR declines. A biometric system providing high FRR ensures high security. If the FRR is too high, then the system requires to enter the live sample a number of times, which makes it less efficient.
The performance of current biometrics technologies is far from the ideal. Hence the system developers need to keep a good balance between these two factors depending on the security requirements.
Pattern recognition deals with identifying a pattern and confirming it again. In general, a pattern can be a fingerprint image, a handwritten cursive word, a human face, a speech signal, a bar code, or a web page on the Internet.
The individual patterns are often grouped into various categories based on their properties. When the patterns of same properties are grouped together, the resultant group is also a pattern, which is often called a pattern class.
Pattern recognition is the science for observing, distinguishing the patterns of interest, and making correct decisions about the patterns or pattern classes. Thus, a biometric system applies pattern recognition to identify and classify the individuals, by comparing it with the stored templates.
The pattern recognition technique conducts the following tasks −
Classification − Identifying handwritten characters, CAPTCHAs, distinguishing humans from computers.
Segmentation − Detecting text regions or face regions in images.
Syntactic Pattern Recognition − Determining how a group of math symbols or operators are related, and how they form a meaningful expression.
The following table highlights the role of pattern recognition in biometrics −
|Pattern Recognition Task||Input||Output|
|Character Recognition (Signature Recognition)||Optical signals or Strokes||Name of the character|
|Speaker Recognition||Voice||Identity of the speaker|
|Fingerprint, Facial image, hand geometry image||Image||Identity of the user|
Pattern recognition technique extracts a random pattern of human trait into a compact digital signature, which can serve as a biological identifier. The biometric systems use pattern recognition techniques to classify the users and identify them separately.
The components of pattern recognition are as follows −
The most popular pattern generation algorithms are −
You need to take the unknown individual’s vector and compute its distance from all the patterns in the database. The smallest distance gives the best match.
It is a bit complex but very useful algorithm that involves a lot of mathematical computations.
There are various signals we can get in the real world such as sound, light, radio signals, biomedical signals from human body, etc. All these signals are in the form of a continuous stream of information, called analog signals. Human voice is a kind of signal we get from the real world and use as biometric input.
A signal is a measurable physical quantity containing some information, which can be conveyed, displayed, recorded, or modified.
There are various reasons for processing signals. The biometric systems, require voice processing for various reasons −
The analog signal processing module converts real world information such as sound wave in the form of 0s and 1s to make it understandable and usable by the contemporary digital systems such as biometric systems. The keystrokes, hand geometry, signature, and speech fall into the domains of signal processing and pattern recognition.
There are two types of signals − analog and digital. The analog signals are uninterrupted, continuous stream of information whereas digital signal is a stream of 0s and 1s.
DSP systems are one of the important components of biometric systems, which convert analog signals into a stream of discrete digital values by sampling and digitizing using an Analog-to-Digital Converter (ADC).
DSPs are single-chip digital microcomputers, which process electrical signals generated by electronic sensors from cameras, fingerprint sensors, microphones, etc.
A DSP allows the biometric system to be small and easily portable, to perform efficiently and to be overall less costly.
The DSP architecture is built to support complex mathematical algorithms that involve a significant amount of multiplication and addition. The DSP can execute multiply/add in a single cycle with the help of the multiply/accumulate (MAC) hardware inside its Arithmetic Logic Unit (ALU).
It can also enhance the resolution of the captured image with the use of two-dimensional Fast Fourier Transforms (FFT) and finite IR filters.
Images have a huge share in this era of information. In biometrics, image processing is required for identifying an individual whose biometric image is stored in the database previously. Faces, fingerprints, irises, etc., are image-based biometrics, which require image processing and pattern recognition techniques.
For an image based biometric system to work accurately, it needs to have the sample image of user’s biometric in a very clear and non-adulterated form.
The image of user’s biometric is fed into the biometric system. The system is programmed to manipulate the image using equations, and then store the results of the computation for each pixel.
To selectively enhance certain fine features in the data and to remove certain noise, the digital data is subjected to various image processing operations.
Image processing methods can be grouped into three functional categories −
Image restoration mainly includes −
Image smoothing reduces noise in the image. Smoothing is carried out by replacing each pixel by the average value with the neighboring pixel. The biometric system uses various filtering algorithms and noise reduction techniques such as Median Filtering, Adaptive Filtering, Statistical Histogram, Wavelet Transforms, etc.
Image enhancement techniques improve the visibility of any portion or feature of the image and suppress the information in other parts. It is done only after restoration is completed. It includes brightening, sharpening, adjusting contrast, etc., so that the image is usable for further processing.
Two types of features are extracted from image, namely −
General features − The features such as shape, texture, color, etc., which are used to describe content of the image.
Domain-specific features − They are application dependent features such as face, iris, fingerprint, etc. Gabor filters are used to extract features.
When the features are extracted from the image, you need to choose a suitable classifier. The widely used classifier Nearest Neighbor classifier, which compares the feature vector of the candidate image with the vector of the image stored in the database.
B-Splines are approximations applied to describe curve patterns in fingerprint biometric systems. The coefficients of B-Splines are used as features. In case of iris recognition system, the images of iris are decomposed using Discrete Wavelet Transform (DWT) and the DWT coefficients are then used as features.
The operations of a biometric system depend heavily on the input devices that are subjected to operational limitations. At times, the devices themselves may fail to capture the necessary input samples. They may not capture the sample sufficiently. This makes the system unreliable and vulnerable.
The more vulnerable a biometric system is, the more insecure it is.
There are the two major causes of biometric system vulnerability −
There are two ways in which a biometric system can fail to work −
Intrinsic failures − They are failures such as non-working sensors, failure of feature extraction, matching, or decision making modules, etc.
Failures due to attacks − They are due to loopholes in the biometric system design, availability of any computations to the attackers, insider attacks from unethical system administrators, etc.
The biometric system can be accessible to malicious users if its hardware, software, and user data are not safeguarded.
The security of a biometric system is important as the biometric data is not easy to revoke or replace. There are following prominent risks regarding security of biometric systems −
If the biometric system is vulnerable, the hacker can breach the security of it and collect the user data recorded in the database. It creates more hazards to privacy.
After acquiring the biometric sample, the hacker can present a fake sample to the system. If user data is compromised, it remains compromised forever. The obvious reason is, user has only a limited number of biometrics and they are difficult to replace, unlike passwords or ID cards.
Though biometric data is encrypted and stored, it needs to be decrypted for matching purpose. At the time of matching a hacker may breach the security.
A number of solutions are proposed to address the biometric system security issue. Biometric templates are never stored in the raw form. They are encrypted; sometimes even twice.
In the case of biometrics, there are various resources involved such as humans (subjects or candidates), entities (system components or processes), and biometric data (information). The security requirements of confidentiality, integrity, authenticity, non-repudiation, and availability are essential in biometrics. Let us go through them briefly −
It is the quality or the state of being pure, genuine, or original, rather than being reproduced. Information is authentic when it is in the same state and quality when it was created, stored, or transferred.
There are two authenticities in a biometric system − entity authenticity and data origin authenticity. Entity authenticity confirms that all entities involved in the overall processing are the ones they claim to be. Data origin authenticity ensures genuineness and originality of data. For example, the biometrics data is captured with sensor devices. The captured data that came from a genuine sensor is not spoofed from a previous recording.
It is limiting information access and disclosure to authorized users and preventing access by or disclosure to unauthorized people. In cases of a biometric system, it mainly refers to biometric and related authentication information when it is captured and stored, which needs to be kept secret from unauthorized entities.
The biometric information should only be accessible completely to the person it belongs. During identification and variation, the accessing candidate needs to be restricted with appropriate security measures.
It is the condition of being complete and unaltered that refers to its consistency, accuracy, and correctness. For a biometric system, the integrity should be high. Any malicious manipulations during operation and storage should be kept away or detected earliest by including its notification and correction.
It is identification of involved resources such as entities and components. It is also seen as accountability. For example, it prohibits a sender or a recipient of biometric information from denying having sent or received biometric information.
A resource has the property of availability with respect to a set of entities if all members of the set can access the resource. An aspect called reachability ensures that the humans or system processes either can or cannot be contacted, depending on user interests.
Attackers can make the system unusable for genuine users, thus preventing them from using authenticated applications. These attackers target the availability of the information.
Here are the criteria for generating biometric templates −
Ensuring that the template comes from a human candidate and is captured by a genuine sensor and software.
Securing a biometric template by encryption with irreversibility properties. This makes it difficult for hackers to compute the original biometric information from secure template.
Creating an unlikable (unique) biometric template. A biometric system should not be able to access the template of the same candidate recorded into another biometric system. In case if a hacker manages to retrieve a biometric template from one biometric system, he should not be able to use this template to gain access through another biometric system even though both verifications may be based on the same biometric template of the candidate. Further, an unlinkable biometric system should make it impossible to derive any information based on the relation between two templates.
Creating a cancellable and renewable template. It emphasizes on the ability to cancel or deactivate the compromised template and reproduce another one, in a similar manner that a lost or stolen smartcard can be reproduced.
The ‘renewable’ and ‘unlinkable’ characteristics are achieved through salting techniques. Salting adds randomly generated unique data known as ‘salt’ to the original information to make it distinct from the others.
Designing a biometric system accuracy with respect to both FAR and FRR.
Selecting a suitable encryption algorithm carefully. Some algorithms may amplify even small variations inherent in an individual’s biometric data, which can lead to higher FRR.
Using an important encryption technique such as hashing method, which is effective when a different permutation is applied with each template generation. Different permutations ensure the uniqueness of each template despite using the same input biometric data.
Employing an effective protection scheme to elevate the performance of the system.
A lot of research and development is being done towards the security and privacy of biometric data.