Biometric Technologies: Advantages and Disadvantages

Biometric Technologies Advantages and Dis goodsAbstract in that location swallow two projects of this project. for the first timely is to come through an objective abbreviation of in stock(predicate) biometric technologies, to pose their strengths and weaknesses and to investigate a huge range of occupation scenario in where biometric techniques ar better than traditional designation and substantiation method.An most other aim is to coach a product. Now a day most of the online banking and financial organization be trying to interchange their existing online banking in open fount Java or in about other open source platform, so that it could be more(prenominal) than reli subject, unsex and difficult for the hacker to hack such(prenominal)(prenominal)(prenominal) open source management outline. Most of the administrations ar still employ the login ID and password oddballwrite functionality which is non set at all as whateverbody apprise slide password by employ a hidden Keystroke logger or like this sort of parcel and another line is user gather up to remember so more password and user ID for assorted sack up services. From a statistical observation it found that more than 70% masses write down their Username and password, which displace be stolen, lost and can be misuse by others. If the organizations could combine secure feel bring out or any other biostatistics built in functionality accordingly it could be more secure, reliable, easier and hassle free for the user.To complicate ride from such problem I endure tried to develop such a model of secure sack up service integrating with finger put out credit where users no make to remember or insert anymore user name or password. Although there has lots of password replacement reproduce softw ar available in the merchandise but as my k at a timeledge such softw atomic number 18 doesnt work for tout ensemble platform independent (Java ground) secure sack service . I get to utilize platform-independent Java 2 Platform Enterprise magnetic declination (J2EE), Netbean, Jboss server, sql selective information base and open source bio-sdk to develop this model.PrefaceAlthough this web service has integrated notwithstanding with the fingermark functionality due to limitations of hardw are and other resources but in here has critically investigate about the strengths and the security hole of other biometric functionality, so that in futurity such biostatistics functionality can be imply.Another constraint with regard to this report is clip. To stand more strength and security for that transcription, many features could be added like organic evolution of better algorithm to fix the security hole of the fingerprint software. To get laid with the while changes are an inevitable part of the software or web service development but many gravel been entirely avoided in this caseful as they would not move over added any value to the cor pus affair of this project.Problem Areas for that ProjectBiometrics is a young technology, accordingly relative hardware is not that available in the topical anaesthetic market and they are so expensive to profane soulfulnessally.Unfortunately there is no biometry hardware in the CMSs hardware lab. As hearty as there is no biostatistics software or equipment. It was requested to buy virtually hardware for this thesis solve but unfortunately the university was not agree to buy or manage anything which is relate to biometrics.Many companies of this biometrics fields were requested somevirtuosoally to help or give reading regarding their product but they denied for the marketing reason.There was no biometrics related books in the university library. Moreover the library was unable to provide.So without any practiced and theoretical support it was really hard to gain new melodic theme and to make a new product which is related to the biometrics.Some biometrics hardware has been bought percentagelly for this thesis. With the extraordinary help, advice and encourage from the supervisor this work has been d nonpareil. plane instalment One Background literary productions of BiometricsChapter 2Background Literature of BiometricsNow a day biometrics is a closely cognize term in the entropy technology. The origin of the word biometrics comes from Greek language. Bio means life and metrics means measurement. So the biometrics is related to the measurement of a living thing. further in the reading technology it means an automated surgical procedure where a military man is recognized or identified utilize his/her physiological or behavioural characteristics. The specialized physiological characteristics is collected, quantified, mensural, compared with the previous stored characteristic and decided. So it is the process for the denomination not any innovation.2.1 A short history of biometricsIn the convening life a person has been recognised or identified establish on face, body structure, height, colour, hair etc. So in that nose out the history of biometrics identifiers or characteristics is as old as populace history. In the ancient East Asia, plotters employ their fingerprint on their products which is the identification of individual. In the ancient Egypt the people use some characteristics such as complexion, eye colour, hair, height to identify trusted traders. exactly for a gigantic time biometrics had not been considered as a field of study.At the late 1880, the biometrics gained the lodge in as a field of study. The realisation was Alphonse Bertillon who was an anthropologist and police clerk. He was tried to identify convicted barbarous to others. He counterbalance discovered and menti adeptd that some physical measurement of an adult homophile is ceaseless of time. These gangs of measurements are different to human to human. So these measurements can be apply to recognize an individual from oth er (Scottish Criminal Record Office, 2002a). His theory was know as Bertillonage or anthropometry. That time his theory was appreciated and thought to be well established. The principal(prenominal) measurements which he suggested are given in the demonstrate 2.1. But in the year 1903, it was found that his theory was wrong for the uniform twins. That time an identical twin was found, according to his theory they are single(a) person. So the new theory or new characteristics were looking for the identification.It was verbalize that Sir Edward Henry was the first who interested on finger print for the purpose of identification. He was an Inspector General of Bengal police. In 1986, he ordered to interpret the pris starrs fingerprint as an identification measurement. He tried to introduce the miscellanea strategy of the fingerprint. In the year 1901, Sir Henry was joined as follower Commissi championr of the Scotland Yard. After so a finger print bureau was established. That time the failure of the anthropometry transcription made the finger print strategy well cognize. Finger print system was started to use for the purpose of identification of a person. The system is employ as uniform way still today. automate system to read finger print was first introduced in the archaean 1970s. The first finger-print measurement thingummy was first employ in 1972 which was cognise as Identimeter. This device was utilize at Shearson Hamil named Wall Street Company. The purpose of this device was time keeping and monitoring.Day after day the interest of this biometric system was increased. The decrease of the hardware cost of the computer and improvement of the algorithm increase the look into of the biometrics.2.2 Biometric characteristics2.2.1 General requirements for a characteristic using as a biometric identifierIn the biometric history section, it has been discussed that several characteristics were consider as an identifier of human. But many of them were rejected. fit to the Amberg 2003, if a characteristic can be considered as an identifier for the biometric purpose consequently it should mitigate some requirements such as university (Every human should break that characteristics), uniqueness (That characteristic should be different person to person), permanency (that characteristic should be steadfast) and collect ability (that characteristic should be able to collect and that should in any case be measurable). There are some additive requirement can be applied with a these requirement such as performance (It accuracy should be elevated, it should occupy minimum resources), acceptableness (it should be accept everywhere and it should in addition be acceptable to the future users), fraud resistance (It should have blueer security level and can be resistance to fraudulent), cost effective (it users benefit should be many times higher then its using cost).2.2.2 Classification of the characteristics which can be used as biometric identifiersBiometrics characteristics or identifiers can be categorised into two groups. They are Physiological type manipulateters case and Behavioural type.Physiological type This type of characteristics is related to human body or anatomy. Finger print reading, DNA analysis and face of individual which are frequently used as biometric identifiers of this type. The use of retina and the gladiola lead be prospective future. This type pf characteristic can be split up as genotype and phenotype. A group of people can have the same genotype characteristics. downslope group, DNA analysis these are the two most comm except used genotype characteristics. In contrast to genotype characteristics, phenotype characteristics can be having only single individual, so this type of characteristics is different from person to person. Finger print, retina and iris are this type of characteristic.Behavioural Characteristics This type of the characteristic is related to human beha viour. Signature is the most commonly used characteristics of this type. Human voice analysis and key stoke is another two characteristics which are now also be used. This kind of characteristics is the indirect measurement of the human body. This type of characteristics has been learned or trained therefore these can be different from time to time. But when a human reach in a real age, the change of behaviour is negligible, therefore these type characteristic used as identifiers. In the 2.2 the frequently used biometrics characteristics have been shown.2.2.3 Contrast of the biometrics characteristicsA contrast of biometrics characteristics has been given in the table 2.1. control board 2.1 A contrast of the biometrics characteristics (Jaine et al. 1999)From the table 2.1, it has been said that the physiological characteristics have the better performance then the behavioural characteristics.From the table 2.1, it has also been seen that some biometrics trait can be regarded more universal, unique and permanent then the other. Such as Iris, DNA, body odour and finger print. But the Iris, DNA and body odour are promising, they need future research and Experiment. Their cost is high, so they are not cost effective. So, now in present the finger print is one of the most accepted biometric traits.2.3 march IdentityNow a day society has been changed significantly. In the past, everyone of a community knew everyone. But now a day, globalization has been changed the situation. masss are now interconnected electronically. They are mobile all around the world. So establishing individualism is one of the most important task.2.3.1 Resolving individuation operator of an individualThere are two fundamental problems occurs for this purpose. They are authentication and identification.Authentication problem This problem is also known as substantiation. This problem arises to confirm or denied anyones subscribeed individualism. When any person allegeed an identical ness then this transaction process indispensable a comparison. The comparison occurs between submitted biometric samples and the stored samples for the claimed identity. This process is called a one to one comparison. For an example an automated teller machine (automatic teller instrument) can be considered. For cash dispenser machine the authentication problem has been solved in a two items process. First stage is to occupy a valid ATM card. The second stage is to know the PIN (Personal Identification Number). If anyone know the other persons PIN and possess his/her correspondence ATM card then that person can claimed the identity of the original ATM card owner identity. This kind of fraud activities have been increasing day after day. According to Jain Et Al, 1999, In 1996 ATM associated swindle activities valued in USA 3 billion US dollar. In the other hand biometrics system promotes a system which can overcome this authentication problem.Recognition problem This is also known as identification problem. This problem occurs when a person has been identified from a set guide of database. In this problem the persons data has been compared against the data from the database. It is one to many system. An example would help to clear the concept. To identify a criminal a law en cram officials some time lifted finger print or other data from the crime scene. After then they compare the data with the stored data of known criminal. By this way they world power be able to identify the criminal.According to the UK Biometrics Working separate (2002), all the biometric matters does not included in the title of hitch and identification. and so cardinal more pair of terms has been introduced. These trine pairs are (1) haughty claim of identity and negative claim of identity, (2) Explicit claim of identity and implicit claim of identity, and (3) Genuine claim of identity and imposter claim of identity.Positive claim of identity is also known as commanding identification. In this process the claimed persons identity should have to be enrolled before and known to the system. An example would help to realize the process. An online email account customer enters his or her login name and password into the system, the system compared the combination of these two against a set of data where customer data has been stored before. If the combination of the login name and password has been matched then the user has been verified. The process needs only the login and pass word aught else. So the email provider does not know who is actually using the account.Negative claim of identity has been known as negative identification. In this process the claimed persons identity has not been stored before. So the claimed person can enters only one time, after entering his/her identity has been stored in the system and he or she cannot enters again. Such kind of example is American Social Security. According to the Jain Et Al, 1999, around a billon of U S dollar has been taken out-of-door annually by using manifold identities from the social security benefit in USA.In the case of Explicit ingest of Identity, a person unambiguously declares his identity to the system. The claim may be negative claim or positive claim. His/ her submitted identity has been compared with the stored data in one to one comparison. (One to one comparison has been described in the authentication section). Using ATM card is an example of the positive explicit claim of identity. To realize the negative explicit claim of identity, consider an air port where the face recognition system has been established. If a passenger is similar to a known terrorist person then the system would raise the alarm. Then the passenger needs to claim the explicit negative claim of identity. So the passengers other identity such as finger print, iris etch has been compared against that known terrorist in one to one basis comparison.Implicit claim of identity can be positive o r negative claim. In this process a persons identity has been compared in one to many comparison basis against all stored identities.When anyone claims an square claim to be himself or herself then it is called the genuine claim of identity (UK Biometric Working Group, 2002). In this case his / her identity has been truly matched with the stored identity.Imposter Claim of Identity is the process where anyone claims to be someone else is deceit or glowering (UK Biometric Working Group, 2002). In this case submitted identity does not match with the stored identity.2.3.2 check TechniqueAccording to the Mitnick, 2002, the Verification technique can be divided into three types. They are (1) Knowledge based verification technique, (2) Token based verification technique and (3) Biometric based verification technique.Knowledge based verification systemIn this process some information has been used, that information is individual(a) (combination of pass word/PIN/Memorable words etc), un remarkably the person of the original identity has been supposed to be acquainted with privy information. People may travel from distance to distance, so that their memorable secret information leave behind be with them. So it can be said that it will be suitable to use from a distance or external place.But this type of authentication has some somber draw rear ends. By using trojan horses and Spywares a hacker can know the others secret information. Trojan horses and Spy wares are able to send the key stoke as email. So this cognition based verification is not a secure system. Most of the times people use their known name as secret information for the knowledge based verification system. So, it might be possible for the others to guess. Sometimes people do not change their secret information in the knowledge based verification system for a long time. Their secret information is not secure. Sometimes they keep their sign secret information, so that it might be easy to hack. Man y types of hacking methods have been developed such as dictionary attack, Hybrid methods, brute force attack etc.In comparison to other technologies, this is cheap and has a large level of security stage.Token based verification systemIn this system the claimed identity person should have something which should be used with the secret information. ATM card is an example of the token based verification system. It can be said that it is more secure then the knowledge based verification process because if the token has been lost or stolen then its user can notify.Biometric verification systemIn this system users biometric distinguishing characteristics such as finger print, face, signature, etc have been used which represents the users appearance. These characteristics are moved with the users they are more secure compare to the other two systems. It is quite impracticable to use by the unauthorized person. But this system is relatively costly. very no system is fully secure. All of t he three systems have some serious drawbacks. Secret information can be hacked, unaccredited person can stole the token and use that and it is also possible to reproduction biometric information and later replay those (Woodward Et Al. 2003). In order to counter these drawbacks, multiple verification systems can be used. ATM card is an example of the combination of knowledge based verification system and token based verification system. If in the future, the iris electronic image scanner is available then it will be more secure if iris scanner has been used with the ATM card.2.4 The components of a general biometric system and their functionA general biometric system can be divided into five subsystems. They are (1) information encyclopedism system, (2) Data transmission system, (3) Signal processing system, (4) Data storage system and (5) finding do system. In the 2.2 a general biometric system has been shown.Data acquisition system It has been assumed that every biometric sy stem has two characteristics. They are uniqueness and repeatability. Uniqueness represents that every persons biometric trait is different. It will not be same for the two persons. The repeatability represents that the biometric trait will be same over time. In this acquisition system the sensors measure the users biometric characteristics. These characteristics are said as samples which have definite attributes. The type of presentation and the reader note can collide with the sample qualities.Data Transmission system Most of the cases the data army and processing is not at the same location. So there is a one subsystem which function is to transfer the data. In the data transmission system, condensation and expansion has been functioned depend on the size of the sample. The standard protocol has been used for compression and expansion. When the facial go steady has been sent JPEG format has been used. WSQ format has been used for transferring the data of fingerprint and CELP format has been used for the voice.Data processing system there are three parts of signal processing system. They are (1) feature extraction section (2) quality control section, and (3) material body twin(a) section. At the extraction section the appropriate biometric data has been split from the land information of the sample. This process is called segmentation. For an example, in a face detection system facial image has been separated from the wall or other back ground. After the extraction the quality has been checked. If the quality of the data is very inadequate then another sample has been asked. After this section, the praxis interconnected process has been started. After then the decision making section. feature articled data from the pattern matching section has been stored to the storage section depends on the function of the boilers suit biometric section.Data storage section From the pattern matching section, some have of data has been stored as data storage sec tion as template. The main purpose is to compare with the incoming feature. If the overall system is based on one to one matching then the data storage section can be decentralized but if the overall system has been functioned for the one to many matching then the central data base has been needed. ratiocination making system Quality score and the matching score have been sent to the decision making section from the processing section. The decision making system decide the sample has been accepted or denied. The policy is proper(postnominal) depends on the system security expectation. If the takings of false non match ensuant has been increased then the number of false match will be decreased.2.5 Performance of a biometric systemThe main focus of a biometric system is to ensure the security where only the authorised used can be accepted and non authorised users are denied. The system processing speed is usually given to less priority. The main considerable factors of a biometric system are mainly described by some terms such as visitation to En-roll sum up (FTE), Failure to rent arrange (FTA), treacherously acceptance rate ( far-off), incorrect Rejection rate (FRR), inconclusive suffer value (FMR), treasonably Non flout ordinate (FNMR) etc. dishonest Match Rate (FMR) This represents the serious type of fault of a biometric system. This occurs when an authorised users biometric information match to an unauthorised persons identity. In this case the signal processing system produces a high matching score of a non corresponding template. traitorously Non Match Rate (FNMR) In this case the authorised persons biometric features are unable to produce generous high matching score to qualify. This is the opposite of FMR. One of the main reasons of FNMR is part less quality of the biometric features.Comparison of FMR and FNMR for the different biometric system The main aim of a biometric security system is to reduce the rate of False Match Rate (FMR). On the other hand if the False Non Match Rate can be reduced then the system will be more fast and reliable. But all the time there is a relationship between FMR and FNMR. In the 2.4, relationships have been shown for different biometric system. Higher False Match Rate (FMR) is not acceptable, but for the low FMR the False Non Match Rate (FNMR) is considerably higher in every system.Failure to En-roll Rate (FTE) Sometimes the biometric system cannot make a valid template for some users. Although biometric characteristics are universal but some case there are differences. For an example for a very low number of peoples finger print cannot be enrolled in the system such person who use their hold aggressively such as construction workers or carpenter. So Failure to En-roll rate is the ratio of the number of the people whose biometric features cannot be enrolled to system to the number of the total person who use the system. In the 2.5 a practical discharge result has been shown where Failure to En-roll (FTE) has been measured for the different system (Mansfield Et Al.2001).Failure to determine Rate (FTA) Sometimes the system cannot acquire data of the desired quality due to the readers/sensors, instrumental problem, environmental problem, noise level of data, background data etc. Simply Failure to Acquire Rate (FAR) represents those biometric sample which cannot get high quality score to go the decision making section.False toleration Rate (FAR) and False Rejection Rate (FRR) these two terms are related to the False Match Rate and False Non Match Rate. False Acceptance Rate (FAR) and False Rejection Rate (FRR) are related to the entire biometric system. On the other hand the False Match Rate and the False Non Match rate are related to the single matching process. So in the case of FAR and FRR, Failure to Acquire Rate of the system should be included. According to Mansfield Et Al.2001, relationships can concluded as followFAR () = (1-FTA) FMR ()FRR () = (1-FT A) FNMR () + FTAHere, FAR- False Acceptance Rate- Decision thresholdFTA- Failure to Acquire RateFMR- False Match RateFRR- False Rejection RateFNMR- False Non Matching RateEach point of the receiver operating characteristics (ROC) curves is corresponded to a definite threshold decision making score which has a incident False Rejection Rate and False Acceptance Rate. For the Forensic purpose, False Rejection Rate should be lowest and for the high security access purpose, False Acceptance Rate should be lowest.Section Two Biometric Technology2.1 Physiological BiometricIn this section has mentioned about the pattern of fingerprint, hand geometry, pattern of iris, facial, retinal and vascular characteristics as a possible biometric identifier.2.1.1 Fingerprint PatternFingerprint is the oldest, democratic and definitely the most widely publicly acceptable mature biometric identifiers. It utterly meets the necessary criteria for of a biometric identifier like universality, distinctively, persistent and collectability.They are impressions of the friction ridges on the surface of the hand. In the most application and in this thesis as well, the primary concern is focused on the ridges located above the end joints of fingers. However, in certain forensic applications, the area of importance is broader including the fingers, the palm tree and the writers palm (WOODWARD ET AL. 2003).Since early 1970 Federal Bureau of Investigation (FBI) has initiated extensive research and development efforts on fingerprint identification. Their main aim was to invent an automated fingerprint identification system (AFIS), so that it could be helpful for forensic purposes (RUGGLES 1996).2.1.1.1 Feature and TechnologyThere are two main elements in fingerprint matching technique firstly minutiae matching and secondly pattern matching.In the bellows shows regarding the primary technique that analyzes basic minutia typesMacroscopic overview, universal pattern matching, focus on the integral flow of ridges -these could be categorized into three groups loops, whorls and arches. Every individual fingerprint should be fit into one of these three categories that shown in the bellowsNow a day most of the application depends on the minutiae matching. If a fingerprint scan device aim a typical fingerprint image then there could be identify around 30 to 60 minutia patterns. Federal Bureau of Investigation (FBI) has support that it is not possible for two individuals, even for monozygotic twins also to have more than eight common minutiae. For matching minutiae are demonstrate with type, shape, co-ordinate location (x,y) and direction. In the bellows has shown about the automated minutiae matching process based on these attributesIn the above describes a case in where the input image (in left) is trying to match against a stored template (in right). 39 minutiae were detected in the input, while the template contained 42 different minutiae. The matching algorithm identified 3 6 matching data points.(Source Prabhakar 2001)In the above , inputted image (in left) has detected 64 minutiae while in the template (in right) contain 65 different minutiae. The algorithm identified 25 completely non-matching data points.There need a see or capture device to obtain such images. Since 1970s, lots of researches have been done to develop and improve such devices. As a result optical, capacitive, ultrasonic, thermoelectric, radio frequence and touch less scanners has invented and now a day most of them beget less expensive and available in the market.Optical device / scanner The first method to capture the fingerprint image was the optical scanning technique. Frustrated total internal reflection is the main principle of the operation of such scanner. In that case the finger is placed on the trumpery platen and illuminated by the laser vindicated. The surface of the finger reflects certain amounts of light depending on the depth of the ridges and valleys and then r eflectance is captured by a CCD (charge-coupled device) photographic camera that constitutes of an array of light sensitive diodes called photosites (OGORMAN 1999).The big advantage of such device is they are cheaper among all of the automated biometric devices and also available in the local market. The disadvantage for such device is it could be easily fooled by impostors. The latent fingerprint left on the scanning surface, its a big drawback of such device as anybody can collect the latent fingerprint image from there to spoof.Optical Scanner Digital Persona has used to integrate the fingerprint scanning support for the product of that project are using popular U.are.U fingerprint recognition systems depicted in the below . In October 2003, the US Department of Defence has chosen digital persona scanner to secure network security at desktops in its offices in Washington, D.C. (digital persona 2009).Capacitive Scanner / devices since their first appearance in 1990, such devices have become very popular. A capacitive scanner is a solid-state device, which incorporates a sensing surface composed of an array of about 100.000 semiconducting plates over which lies a dielectric surface. When a user touches the sensor, the human come up acts as the other side of the array of capacitors. The measurement of voltage at a capacitor decreases with the growing distance between the plates. Therefore, the mental ability measured at the ridges of a fingerprint will be higher than the capacitance measured at the valleys. These measurements are then analyzed in a way similar to a sonar scan of the ocean bottom, resulting in a video signal depicting the surface of the fingerprint (OGORMAN 1999).The advantage of capacitive scanners is its very high accuracy rate. Another big advantages that they are much harder to fool than optical scanners since the process requires living tissue. As the users need to touch the atomic number 14 chip itself, solid-state scanners are susce ptible to motionless discharge (ESD). Recent chip designs were specifically developed to withstand high levels of ESD and frequent handling. modern capacitive device manufacturer like Veridicom claims that their chips will survive around 1 million touches (Ryan 2002).Thermoelectric device It is silicon based. It measures the difference of temperature between the ridges touching the surface of the sensor and the valleys distant from them (OGorman 1999).Although caloric scanning is very promising but it is still an uncommon method. A company named Atmel proponents of this technique. It uses finger sweep method to capture fingerprint in a tiny si