Dealing with Security Threats through Biometrics

Biometrics is a field of science that uses computer technology to identify people based on physical or behavioral characteristics, such as fingerprints or voice scans. "Bio" in the name refers to the physiological traits that are measured, while "metrics" refers to the quantitative analysis that provides a positive identification of a unique individual. Biometrics are gaining widespread use in the business world as means to make the workplace more secure and efficient. The technology promises almost foolproof security for facilities and computer networks. It also helps employees increase their productivity by providing instant identification for time cards, payroll processing, computer logins, phone or copy machine usage, and myriad other purposes.

Introduction

As a business owner, we realize that there is a gap in your security policies. For example, we may have been impacted by a computer worm or virus, or worst, our place of business may have been broken into and vital information stolen. We have looked at various security tools and methodologies, and feel that a biometric system is best suited for your place of business. 

The biometrics industry, which produces technologies to identify people by their natural biological features, such as fingerprints, the patterns in the eye's iris, and facial characteristics. They are proving themselves reliable, time efficient, affordable, and easy to use and their popularity is expected to skyrocket as aging baby boomers concerned with memory loss eagerly seek an alternative to remembering passwords, numerical systems, and their car keys

One benefit of biometrics is that it relieves people from the burden of remembering dozens of different passwords to company computer networks, e-mail systems, Web sites, etc. In addition to creating distinct passwords for each system they use or Web site they visit, people are expected to change their passwords frequently. Employees who have trouble remembering their passwords may be more likely to keep a written list in a desk drawer or posted on a bulletin board, thus creating a security risk. But biometrics offers an easy solution to this problem.
Biometrics systems—which once cost tens of thousands of dollars to install—were originally used only by large corporations and the government. But now less expensive systems—costing as little as a few hundred dollars per desktop—are making the technology available to smaller businesses and individual consumers. As a result, analysts believe that the usage of biometrics will grow over the next few years, so that the technology will become prevalent on the Internet as well as in businesses. Several recent developments have helped assure the future of biometrics. For example, digital signature legislation passed in 2000 provided for biometric authentication to be accepted in place of a written signature and considered legally binding on documents. In addition, Microsoft announced that it would support biometric technology in future versions of Windows, making it easier to build Internet and network servers that can accept the biometric identifications. Before long, biometric scanning devices may be bundled into every new PC sold.

Biometrics Technologies

Biometric technologies should be considered and evaluated giving full consideration to the following characteristics: 

• Universality: Every person should have the characteristic. People who are mute or without a fingerprint will need to be accommodated in some way.
• Uniqueness: Generally, no two people have identical characteristics. However, identical twins are hard to distinguish. 
• Permanence: The characteristics should not vary with time. A person’s face, for example, may change with age. 
• Collectibility: The characteristics must be easily collectible and measurable.
• Performance: The method must deliver accurate results under varied environmental circumstances. 
• Acceptability: The general public must accept the sample collection routines. Nonintrusive methods are more acceptable. 
• Circumvention: The technology should be difficult to deceive. 
  

Personal identification or authentication using biometrics applies pattern recognition techniques to measurable physiological or behavioral characteristics. There are two types of biometric systems that enable the link between a person and his/her identity. Identity verification (or authentication) occurs when a user claims who he is and the system accepts (or declines) his claim. Identity identification (sometimes called search) occurs when the system establishes a subject identity (or fails to do it) without any prior claim. Biometric techniques can be divided into physiological and behavioral. A physiological trait tends to be a more stable physical characteristic, such as finger print, hand silhouette, blood vessel pattern in the hand, face or back of the eye. A behavioral characteristic is a reflection of an individual’s psychology. Because of the variability over time of most behavioural characteristics, a biometric system needs to be designed to be more dynamic and accept some degree of variability. On the other hand, behavioural biometrics are associated with less intrusive systems, conducing to better acceptability by the users.

Biometric identification system works in 2 stages: an Enrollment stage (where a sample is acquired, it is linked to personal data and stored) and a Verification stage (where another sample is obtained from the individual to be identified and this is compared against the sample stored).



Biometric-based authentication applications include workstation and network access, single sign-on, application logon, data protection, remote access to resources, transaction security, and Web security. The promises of e-commerce and e-government can be achieved through the utilization of strong personal authentication procedures. Secure electronic banking, investing and other financial transactions, retail sales, law enforcement, and health and social services are already benefiting from these technologies. Biometric technologies are expected to play a key role in personal authentication for large-scale enterprise network authentication environments, Point-of-Sale and for the protection of all types of digital content such as in Digital Rights Management and Health Care applications. Utilized alone or integrated with other technologies such as smart cards, encryption keys and digital signatures, biometrics are anticipated to pervade nearly all aspects of the economy and our daily lives.

Biometric Systems have three major components: 

· A sensor that detects the characteristic being used for identification .
· A computer that reads and stores the information .
· Software that analyzes the characteristic, translates it into a graph or code and performs the actual comparisons .

Biometric Performance Standards and Metrics

These performance standards, or metrics, are widely used by the biometric industry in order to gauge the effectiveness of the various biometric technologies. These standards are not particular to any specific biometric technology, they apply to all of the technologies. All biometric systems use human traits that are, to some degree, unique. Which system is best depends on the necessary level of security, the population who will use the system and the system's accuracy. Most manufacturers use measurements like these to describe accuracy. The standards are as follows:

· False Accept Rate (FAR): How many imposters the system accepts 
· False Reject Rate (FRR): How many authorized users the system rejects 
· Failure to Enroll Rate (FTE): How many people's traits are of insufficient quality for the system to use 
· Failure to Acquire Rate (FTA): How many times a user must present the trait before the system correctly accepts or rejects them

The following matrix displays the enrollment and verification times of some leading products:

 

(Table-1)

Accuracy of biometric technologies

· Biometric applications never produce a 100% match due to variations in environmental conditions, differences in biometric sensors, as well as temporary or permanent bodily changes. Hence, the level of correspondence which is considered a “match” must be defined by using a threshold. Biometrics will therefore never be 100% error-free. 
· There are four possible outcomes of a biometric test: (a) accepting a genuine person who has been recognized, (b) rejecting an impostor who fails the test, (c) falsely rejecting a genuine person and (d) falsely accepting an impostor.
· Outcomes (b) and (c) show that if a biometric system rejects someone, it could either be because the person is an impostor or because the system has made an error.
· For this reason secondary or fallback procedures are necessary in order to deal with people who have been rejected by the system. Fallback procedures are equally necessary for people who are unable to provide a biometric sample because of human factors such as age, disability, a lack of the biometric required, etc.

In addition to the potential for invasions of privacy, critics raise several concerns about biometrics, such as: 
· Over reliance: The perception that biometric systems are foolproof might lead people to forget about daily, common-sense security practices and to protect the system's data. 
· Accessibility: Some systems can't be adapted for certain populations, like elderly people or people with disabilities. 
· Interoperability: In emergency situations, agencies using different systems may need to share data, and delays can result if the systems can't communicate with each other. 

Biometrics Technologies Summary



The table(Table-2) shown below lists the various factors relevant when comparing various biometric technologies:

(Table-2)

Characteristic	Fingerprints	Hand Geometry	Iris	Face	Voice
Ease of Use	High	High	Medium	High	High
Error Incidence	Dryness,Dirt,Age	Hand Injury, Age	Poor Lighting	Lighting, Age ,Glasses, Hair	Noise, Cold Weather
Accuracy	High	High	Very High	High	High
User Acceptance	Medium	Medium	Medium	Medium	High
Required Security Level	High	Medium	Very High	Medium	Medium
Long-term Stability	High	Medium	High	Medium	Medium

Biometrics Systems Programming

This section of the article covers the Java implementation framework for Biometrics Systems. Since details of the methods and packages supporting biometrics systems are available at : www.sun.com so here some examples are given to explore the activities.

Biometric Applets 

Code-1

................................................................................................................................................................................. Simple Biometric Matching ------------------------------------------------------------------------------------------------------- package com.jcf.biometrics.bioServer; /****** IMPORTS ******/ import javacard.framework.*; import org.javacardforum.javacard.biometry.*; /** * The <b>ProxyBioTemplate class </b> contains the biometric template * and provides access to matching functions to other applets. */ /* The <b>BioTemplate interface </b> provides to an application * the means for accessing biometric matching functionality. * This interface does not allow enrollment nor alteration of the reference templates. */ public class ProxyBioTemplate implements SharedBioTemplate { // ------------------------------- Data ------------------------------ OwnerBioTemplate fullBio; // Package accessible and not directly shared outside the package. // ------------------------------- Methods ------------------------------ public boolean isValidated() { return fullBio.isValidated(); } public boolean isInitialized() { return fullBio.isInitialized(); } public short getPublicTemplateData(short publicOffset, byte[] dest, short destOffset, short length) { return fullBio.getPublicTemplateData(publicOffset, dest, destOffset, length); } public byte getBioType() { return fullBio.getBioType(); } public short getVersion(byte[] dest, short destOffset) { return fullBio.getVersion(dest, destOffset); } public void reset() { fullBio.reset(); } public byte getTriesRemaining() { return fullBio.getTriesRemaining(); } public short initMatch(byte[] applicantTemplate, short offset, short length) { return fullBio.initMatch(applicantTemplate, offset, length); } public short match(byte candidate[], short offset, short length) { return fullBio.match(candidate, offset, length); } } -----------------------------------------------------------------------------------------------------

Visit www.sun.com or email us for more details and explanations of Client/Server applications.

The Future of Biometrics

Biometrics can do a lot more than just determine whether someone has access to walk through a particular door. Some hospitals use biometric systems to make sure mothers take home the right newborns. Experts have also advised people to scan their vital documents, like birth certificates and social security cards, and store them in biometrically-secured flash memory in the event of a national emergency. Here are some biometric technologies you might see in the future: 

· New methods that use DNA, nail bed structure, teeth, ear shapes, body odor, skin patterns and blood pulses 
· More accurate home-use systems 
· Opt-in club memberships, frequent buyer programs and rapid checkout systems with biometric security 
More prevalent biometric systems in place of passports at border crossings and airports.

References 
· Biometrics Resources: www.findbiometrics.com & www.sun.com
· Jain, R. Bolle, and S. Pankanti, Biometrics: Personal Identification in Networked Society, Kluwer AcademicPublishers.
· S. Russell and P. Norvig., Artificial Intelligence: a modern approach, Prentice Hall.
· R. O. Duda, P. E. Hart, and D. G. Stork, Pattern Classification , John Wiley and Sons.

About the Authors

1. Sunil Kr.Pandey Asst. Professor Department of Computer Science, School of Management Sciences(SMS), Varanasi(UP) India. E-mail:sunilmca5@rediffmail.com

2. R.B.Mishra Reader Department of Computer Engineering  Institute of Technology(IT), Banaras Hindu University(BHU), Varanasi(UP) India.