Biometric Data: Definition, Working, Performance, And Security Considerations

What is Biometric

What is Biometric data? Explain.

Biometric data is the present trending discussed topic in the past and present also. Previous discussion includes many research papers, proposals for strong biometric information (data) on passports. Many countries like Germany have already implemented this technology in Video Stores for authentication, fingerprint sensor integrated in laptops and even banks started using this biometric devices as well. Even though having wide range of trail uses and proposals, in many countries, this biometric data systems are not widely used for authentication purpose. In this report, we have discussed why biometric authentication is not a standard technique till now. We also analyzed that these biometric devices will make system safety and much more secure. Even though these devices cost high, it is also worth spending much more amount of money on these systems. Our results leads to a conclusion that in most of the cases, the trade-offs which need not to be consider user’s biometric data for authentication as compared to other alternative methods like password authentication. 

Security is the most important aspect in the software industry. Many scientists have been proposed different methods like login/password, Personal Identification Number (PIN) etc. But if we look into the present security problems, these methods cannot prevent those problems. In order to overcome the problems, a new security system has been implemented i.e. Biometric data for authentication. Now a days, this technology is used in many places, like banks, market stores, companies, institutions, etc. Even we find finger print sensors in laptops (integrated with it) and also for computers connected as external device. Systems using biometric data introduces a new concept authentication paradigm – i.e. based on something like fingerprint, face ,iris etc. or you can do such as handwriting, voice etc.

It is study of automated method for genuinely recognizing things based on one or more intrinsic behavioral or physical traits. It is also described as study of Biometrics that discover ways to compare and make difference between things (individuals) using personal things (that we do) and physical characteristics (things we are).  The general physical features used are eyes (IRIS and retina), facial features, hand geometry and fingerprints. The common examples for personal traits are handwriting and voice that are used to distinguish between persons. As these characteristics and traits are unique and universal for all individuals, these are commonly used in this system.

Before going into the detailed explanation about biometric authentication, Let us discuss the general view of access control model that is useful to understand how to keep the authenticaiton system secure. If we look at the following diagram, fig 2, it gives an overview about the model.

Biometric authentication

Fig 2. Overview of access control model.

The guard in the middle will give grant for the access to the system.  For the decision, the guard uses the data to identify the authorization information and requesting source to find out if the given source is equal to the identified source. If it is equal, then the user was allowed to get access to the requested resource. If necessary, The decision taken by the guard is given to log in, so that it can be able to backtrack decisions.

In this report, we talk about the authentication process of the systems that is marked with the darker colored parts in the diagram. In this case, The source is biometric information provided by the person along with combination with other identification information. This information is sent to the guard. The guard use algorithms and it will perform a comparison with the stored information. If it matches, the user was allowed to get access. If not, no grant for the access. Biometric identification is the process of presenting the unknown person biometric data to the system. Then the system use the algorithms for processing the data and compares the data with the stored database until one matches. By this, the system will be able to identify the unknown personality (one to many). So there are many process to run, it takes a little time than that of biometric verification. Biometric verification is the process of providing biometric data to the system and it claims whether the particular identity belongs to this data or not (one to one). In most of the authentication processes, biometric verification is used[2]. 

Coming to the working of biometric system, A biometric system consists of a testing and an enrolment phase. The sample biometric data sets are produced and saved in enrollment phase, that are used for comparison in the authentication process.  Each authorized user has to go with this step. In this phase, examples like fingerprints are as in digital information and saved in a database as PIN. If we come to the testing phase, when the person requested for the access of the system, the saved sample in the enrollment phase is used by the guard for decision whether to give grant access to the system or not.  The important process for a biometric system is enrollment phase. This can be explained with an example. Suppose if the given sample data taken from a user for authentication, is not good enough, then there will be a high chance of refusing the access to that person[3].

Working of Biometric system

In this section, we will look at the performance and security considerations. We know that as the technology gets improved, the old systems gets replaced by the new systems.[3] It is difficult to measure the performance of a biometric authentication. The main factor that tells about the system is accuracy that indicate whether the performance is good or bad.  There are also other factors that need to be considered like speed, cost, storage and ease of use are also considered as well.[5]

Sometimes, biometric devices are not perfect and produces errors. If we look at an example, sometimes there are chances of authorized person is rejected by the system and also will get access for a non- authorized person. The probability of the rates of these errors are named as False acceptance and False rejection. In short they are called as FA and FR.  For most of the systems, it is possible to tradeoff these types of errors against each other. This is done by increasing the threshold that is used for decision to make a match for these two biometric data. The FA and FR are dependent on each other.  For a perfect system, there will be no errors and these rates (FA and FR) are almost zero.  For a very secure system, the probability of FA rate is increased to almost zero that results in a high FR rate. 

The time needed for the authentication process depends on the accuracy and thereby with the security of the system. If the system needs high security, i.e. high rate of FA, then the system could use more characteristic points that need to be compared for an authentication process.  So for a more security system, the authentication time will be more as compared with the one with lower security. Therefore authentication systems having a FR and FA rates that affects the time of the authentication process.

1. Amount of support for the running system.
2. Distinctiveness and uniqueness of the biometric trait or characteristic.
3. Intrusiveness of the system
4. Variation of the biometric trait or characteristic
5. Cooperation of the customer
6. Vulnerability to fraud the system

Now let’s discuss the results of several optical, thermal and capacitive fingerprint scanners, one face recognition and iris scanner system. There are 3 scenarios about how to fool the biometric system.[4]

1. For regular sensing technology, the artificial created data can be used to trick the system.
2. The 2^nd scenario is about the artificially created data which is time gained by sniffer programs.
3. The 3^rd scenario is if about the directly attack of the database. 

All fingerprint scanners are able to trick by using artificial gained data. The following methods are used in tricking the fingerprint recognition system:

1. Reactivate the finger fat traces left on the sensor’s surface by breathing on it.
2. The latent fingerprint is dusted with normal graphite powder, and Adhesive film is slightly pressed on the sensor’s surface to gain access to the system.[3]
3. Placing a bag filled with warm water on the fingerprint sensor so as Reactivate latent fingerprints.
4. Artificial silicon fingerprints can be produced which can be used for the optical and thermal scanners to access the system successfully. 

• The useful advantage of the biometric data is, it can’t get lost, duplicated, stolen, forgotten like keys. And also they can’t be shared, observed, forgotten, guessed or forgotten like PIN’s, secret codes.
• People need not to change the authentication data for every 3 months.
• This type of authentication systems can increase the security much more as compared to the other systems. The system hardware can’t be cheated, If the accuracy of the system is very high. 

• Acceptability is one of the advantage of the these authentication systems.
• people are afraid about the light used in the IRIS scanner as it can be harmful for the eyes.
• These biometric authentication technologies are of high cost.
• Another disadvantage of biometric systems is varying reliability. 

Conclusion :

If we look at the above results and discussion, it seems to exist more advantages as compared to the disadvantages for biometric authentication systems. The biometric authentication is an interesting and presently the trending topic that has a lot of research going on and to be done on this area.  It is also advised to use biometric authentication with other different authentication technologies. This use of multi factor authentication is more secure and research has to be made to improve the techniques and increase the applications of this technology.

References:

1. Birgit Kaschte(2005), Biometric authentication systems today and in the future, University of Auckland.
2. Renu Bhatia(2013), Biometrics and Face Recognition Techniques, IJARCSSE, Volume 3, Issue 5, May.
3. Vaclav Matyas, Zdenek Riha, Biometric Authentication —Security And Usability.
4. J. Phillips, A. Martin, C.L. Wilson, and M. Przybocki. An introduction to evaluating biometric systems. Computer, 33:56–632, February 2000.

Anil K. Jain, Lin Hong, Sharath Pankanti, and Ruud Bolle, An identity- authentication system using ï¬Ângerprints. In Proceedings of the IEEE, volume 85 of 9, September 2007.