Module 10: Biometric Security

- Biometric id cards are for airport workers now
- biometric firms stonks are up
- heathrow is doing iris scanning to fast track ppl in the airport.

- What is biometric security?
⇒ Authentication mechanism that uses human physiological/behvioural chracteristics to verify the identity of an individual.
→ only really satisfies authentication goal
- Why?
→ divided into 3 types:
⇒ what you know: passwords, PINs, secret key. Can be forgotten/shared/observed/cracked.
⇒ what you have: keys, usb key, ID cards, etc. The usually have tokens. These can be static or dynamic. Static tokens can be lost/stolen/duplicated. Dynamic can be compromised if the item is stolen
⇒ what you are: biometrics. can verify you as you.
• Physiological biometrics: fingerprint, face, iris, palm, retina, shape of ear, DNA
• Behavioural biometrics: handwriting, keystroke, GUI
• Hybrid biometrics: voice, gait
- How?
→ Enrollement: capture and process a user biomnetric data for use by system in subsequent authentication
→ Verification: capture and process user buimetric data in order to render an authentication decision based on a matching process

Examples:
- finger print
- facial re

Characteristics of a good biometric
- singularity
- accuracy
- universality - available across all demographics
- inimitability - must not be cloneable
- permanence - must not change over time
- acceptability
- verifiability

Lets look at a few, and their pros and cons
- Fingerprints:
→ local features call minutiae (crossover, core, bifurcation, etc) differ from person to person
→ minutiae are quantified in terms of type position freq....
→ multiple samples are taken to improve accuracy
→ even identical twins have unique prints
→ PROS:
⇒ relatively mature technology
⇒ multiple samples increase accuracy
⇒ existing database
→ CONS:
⇒ scan quality varies
⇒ 1-3% of public do not have suitable fingerprints
⇒ susceptible to spoofing
⇒ social stigma
- Facial recognition:
→ capture and digitize face to form template
→ metrics involve various facial measurments quantified.
→ multiple pictures imprive accuracy
→ PROS:
⇒ easy infrastrcuture
⇒ public acceptance
⇒ easy to set up/extend database
→ CONS:
⇒ aging, lighting, other
⇒ spoofing
⇒ low accuracy
- voice recognition
→ characterized by tract and accent
→ during enrolment a voice print is created with a fast fourier transform
→ PROS
⇒ popular
⇒ low cost
⇒ capable of remote operation
→ CONS
⇒ poor accuracy
- Retinal Scan
→ based on blood vessel pattern on retina
→ PROS
⇒ high accuracy
→ CONS
⇒ can change due to disease
⇒ intrusive
⇒ operator skill required
- Iris Scan
→ each iris has 266 unique spots.
→ camera captures image of iris
→ camera is 12-14 inches away
→ PROS:
⇒ >99% accurate
⇒ non intrusive
⇒ always same throughout life
→ CONS:
⇒ special cameras needed
⇒ not well tested

Index