adam's notes

Biometrics

Biometrics are relatively unique physical attributes of an individual.

Biometrics can be used in two ways:

  • Use to verify the identity claim someone put forth
  • Reverse the process and use as a method of identification

Steps of a biometric system:

  1. Enrollment involves recording the user’s chosen biometric characteristic
  2. Processing the characteristic
    • may involve noting certain elements, known as minutiae
    • Use minutiae to match the characteristics to the user

7 Characteristics of Biometric Factors

Biometric factors are defined by seven characteristics:

  • universality
  • uniqueness
  • permanence
  • collectability
  • performance
  • acceptability
  • circumvention

Universality means you should be able to find your chosen biometric characteristic in the majority of people you expect to enroll in the system.

  • prepare to compensate for outliers
    • E.g., some people don’t have index finger on right hand

Uniqueness is a measure of how unique a characteristic is among individuals.

  • choose a characteristic with a high degree of uniqueness
    • E.g., DNA, iris patterns
  • These can still be duplicated
    • E.g., identical twins have same DNA, can replicate a fingerprint

Permanence test how well a characteristic resists change over time and with advancing age.

  • E.g., fingerprint

Collectability measures how easy it is to acquire a characteristic.

  • finger print = easy to acquire
  • DNA = difficult to acquire
  • for both enrollment and for each authentication

Performance measures how well a given system functions based on several factors such as speed, accuracy, and error rate.

Acceptability is a measure of how acceptable the characteristic is to the users of the system.

  • slow/difficult/awkward to use = less acceptable

Circumvention describes how easy it is to trick a system by using a falsified biometric identifier.

  • E.g., classic example of a circumvention attack against fingerprint
    • gummy finger” attack is when a fingerprint is lifted from a surface and used to create a mold that the attack can cast a positive image of the fingerprint in gelatin
  • some biometric systems have a secondary feature to defeat such attacks
    • measuring skin temperature, pulse, or pupillary response

Measuring Performance

There are many ways to measure performance of a biometric system:

  • False acceptance rate (FAR)
    • how often you accept a user who should be rejected
  • False rejection rate (FRR)
    • how often we reject a legitimate user
    • aka false negative
  • Equal error rate (EER)
    • should aim for a balance of the above two error types
    • measure by plotting FAR and FRR on a map, EER is the intersection
    • EER is sometimes used as the measure of accuracy of a biometric system

Flaws in Biometric Systems

  • biometrics are finite
    • if compromised, it could be hard to re-enroll in the system
  • privacy issues
    • have little to no control over the identifier

Graph View

Backlinks