2. Authentication – the process of verifying that a
user requesting a network resource is who he,
she, or it claims to be, and vice versa.
Conventional authentication methods
› „something that you have“ – key, magnetic card or
smartcard
› „something that you know“ – PIN or password
Biometric authentication uses personal features
› „something that you are“
3. Contents
Application domains for biometric products
Biometric products
Fingerprint recognition
Face recognition
Iris recognition
Retinal recognition
Hand geometry measurement
Dynamic signature verification
How good are biometric products today?
Conclusions
4. Access control
› to devices
cellular phones
logging into a computer, laptop, or PDA
cars
guns
› to local services
debitting money from a cash dispenser
logging in to computer
accessing data on smartcard
› to remote services
e-commerce
e-business
5. Physical access control
› to high security areas
› to public buildings or areas
Time & attendance control
Identification
› forensic person investigation
› social services applications, e.g. immigration or
prevention of welfare fraud
› personal documents, e.g. electronic drivers
license or ID card
6. Sensors
› optical sensors
› ultrasound sensors
› chip-based sensors
› thermal sensors
Integrated products
› for identification – AFIS systems
› for verification
7. Electro-optical sensor
[DELSY® CMOS sensor modul]
Optical fingerprint sensor
[Fingerprint Identification Unit
FIU-001/500 by Sony]
Capacitive sensor
[FingerTIP™ by Infineon]
8. Thermal sensor
[FingerChip™ by ATMEL
(was: Thomson CSF)]
E-Field Sensor
[FingerLoc™ by Authentec]
9. [BioMouse™ Plus by American Biometric Company]
Physical Access Control System
[BioGate Tower by Bergdata] [ID Mouse by Siemens]
10. Keyboard [G 81-12000
by Cherry]
System including
[TravelMate 740 by Compaq und Acer] fingerprint sensor,
smartcard reader and
display by DELSY
11. Face recognition system
[TrueFace Engine by Miros]
Face recognition system
[O n e -t o -O n e ™ b y B io m e t r ic Ac c e s s C o r p o r a t io n ]
12. S y s t e m f o r p a s s iv e ir is r e c o g n it io n b y S e n s a r
S y s t e m f o r a c t iv e ir is
r e c o g n it io n b y Ir is S c a n
16. Digitising tablet by Digitising tablet [Hesy Signature Pad
Wacom Technologies by BS Biometric Systems GmbH]
17. Combination of biometric technologies
› Fingerprint and face recognition
› Face recognition and lip movement
› Fingerprint recognition and dynamic signature
verification
increase the level of security achieved by
the system
enlarge the user base
18. depends on the application
reliability
security
performance
cost
user acceptance
life detection
users that are unsuitable
size of sensor
19. How can we find out, how good a biometric
product is?
› Empirical tests of the product
In the past year, there were two
independent test series of biometric products
› in Japan
› in Germany
20. 1. Regular biometric sensor
using artificially generated
biometric data
3. Replay attack of
eavesdropped biometric
data
5. Manipulation of stored
biometric reference data
21. Tsutomu Matsumoto, a Japanese
cryptographer working at Yokohama
National University
11 state-of-the-art fingerprint sensors
2 different processes to make gummy fingers
› from live finger
› from latent fingerprint
Gummy fingers fooled fingerprint sensors 80%
of the time
22. Computer magazine c’t
11 biometric sensors
› 9 fingerprint sensors,
› 1 face recognition system, and
› 1 iris scanner
Fingerprint sensors –
› reactivate latent fingerprints (optical and capacitive
sensors)
› apply latex finger (thermal sensor)
Face recognition system –
› down- (up-) load biometric reference data from (to) hard
disk
› no or only weak life detection
23. Iris recognition –
› picture of iris of enrolled person with cut-out
pupil, where a real pupil is displayed
All tested biometric systems could be fooled,
but the effort differed considerably
24. Biometric technology has great potential
There are many biometric products around,
regarding the different biometric technologies
Shortcomings of biometric systems due to
› manufacturers ignorance of security concerns
› lack of quality control
› standardisation problems
Biometric technology is very promising
Manufacturers have to take security concerns
serious
Notas del editor
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 PDA = Personal Digital Assistant
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 For example, a system for physical access control has been used at the Olympic Games in Atlanta. fingerprint recognition has been used in forensic applications since early 20 th century. ID cards based on fingerprint recognition are used in Brunei.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 AFIS = Automated Fingerprint Identification System
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 The sensors by DELSY and Infineon are chip-based. A picture of an ultrasound fingerprint sensor [by UltraScan] was not available.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 The sensor by Authentec is chip-based.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 BioMouse ™ Plus: integrated smartcard reader and fingerprint sensor ID Mouse: mouse with fingerprint sensor
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 Cherry keyboard: with integrated smartcard reader and fingerprint sensor
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 Sensors are standard off-the-shelf cameras. Therefore, the price of a face recognition system is determined solely by the software. This makes face recognition quite cost effective. TrueFace Engine: feedback for focussing the face on PC monitor One-to-One ™: feedback for focussing the face using mirrored camera
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 IrisScan: In an active system, the user has to focus the iris into the corresponding frame (displayed on the computer monitor) him/herself. Sensar: In a passive system, the sensor focusses the biometric feature itself.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 To our knowledge, there is only one manufacturer of retinal recognition systems.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 Hand geometry reading has been used at the Olympic Games in Atlanta to monitor access to the Olympic village.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 The pen measures pressure and tilt.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 The sensors are incorporated into the tablet.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 „ increase the level of security achieved by the system“ by using two or more biometric methods in conjunction. „ enlarge the user base“ by giving the user an alternative.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 Reliability: Some sensors are more vulnerable than others. Security: The error rates of different biometric technologies vary a lot. For example, iris recognition systems have an error rate in the order of 1 in 1 million users, fingerprint recognition systems have an error rate in the order of 1 in 1000 to 1 in 10000 and speaker recognition systems or dynamic signature verification systems have an error rate in the order of 1 in 100. Cost: Some biometric methods do not require specific sensor technology, for example speaker recognition, face recognition and keystroke dynamics, whereas other require sophisticated sensor technology. Hence, the costs vary a lot. User acceptance: For example, retinal recognition systems have a very low user acceptance, whereas others, like dynamic signature verification, face recognition, and speaker recognition are widely accepted. Life detection: Life detection is a very important feature of any biometric system. There are biometric technologies where life detection is not satisfactory (e.g. speaker recognition). Users that are unsuitable: For every biometric technology, there is a small ratio of users for whom the biometric method does not work, e.g. fingerprint recognition cannot be used when a person has lost both arms. Size of sensor: Fingerprint sensors are very small and can be incorporated even into small devices. Hand geometry readers, on the other, would not be suitable for e.g. mobile applications.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 [ http://www.itu.int/itudoc/itu-t/workshop/security/present/s5p4.pdf ] [Mat02] Matsumoto, H. Matsumoto, K. Yamada, S. Hoshino, "Impact of Artificial Gummy Fingers on Fingerprint Systems," Proceedings of SPIE Vol. #4677, Optical Security and Counterfeit Deterrence Techniques IV, 2002.
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 Face recognition system (biometric data unprotected on hard disk) – Biometric reference data downloaded onto laptop and displayed on screen. The face recognition system accepts the displayed picture. Attacker creates new biometric reference data and loads it into the face recognition database. The face recognition system accepts the attacker as legitimate user. Fingerprint recognition – Breathe onto sensor or apply water-filled plastic bag or apply graphite powder and a piece of tape to reactivate latent fingerprints (for capacitive sensors) Use graphite powder technique plus bright light to reactivate latent fingerprints (for optical fingerprint sensors) Use latex finger (for thermal sensors)
page „ State of the Art in Biometrics“ S. Schwiderski-Grosche 14/10/2002 Links and documents: Scheuermann, D., Schwiderski-Grosche, S. und Struif, B., Usability of Biometrics in Relation to Electronic Signatures , EU Studie 502533/8, http://www.sit.fraunhofer.de/cgi-bin/sit-frame/sica?link=/SICA/projects/bio_sig.html. Jain, A., Bolle, R. und Pankanti, S., Biometrics: Personal Identification in Networked Society , Kluwer Academic Publishers, 1999. International Biometric Group: http:// www.biometricgroup.com The Biometric Consortium: http://www.biometrics.org/ Association for Biometrics: http://www.afb.org.uk/ BioAPI Consortium: http://www.bioapi.org/ International Biometric Industry Association: http://www.ibia.org/