EVALUATION AND COMBINATION OF BIOMETRIC AUTHENTICATION SYSTEMS
159
EVALUATION AND COMBINATION OF BIOMETRIC AUTHENTICATION SYSTEMS By DAVID C. HITCHCOCK A THESIS PRESENTED TO THE GRADUATE SCHOOL OF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF MASTER OF SCIENCE UNIVERSITY OF FLORIDA 2003
Transcript of EVALUATION AND COMBINATION OF BIOMETRIC AUTHENTICATION SYSTEMS
EVALUATION AND COMBINATION OF BIOMETRIC AUTHENTICATIONSYSTEMS
By
DAVID C. HITCHCOCK
A THESIS PRESENTED TO THE GRADUATE SCHOOLOF THE UNIVERSITY OF FLORIDA IN PARTIAL FULFILLMENT
OF THE REQUIREMENTS FOR THE DEGREE OFMASTER OF SCIENCE
UNIVERSITY OF FLORIDA
2003
Copyright 2003
by
David C. Hitchcock
I dedicate this work to my wife.
ACKNOWLEDGMENTS
Thanks are owed to the following persons, groups, and companies:
• Dr. Richard Newman for his help, encouragement, and stimulating discus-
sions during the research and writing of this thesis.
• The Retinators IPPD team, Charles Ammon, Marisa Arvesu, Peter Drwiega,
John Hildebrant, Sean McDonald, David Nelson, and Jeannette Vizuete, for
their work on this research.
• Raytheon Corporation for their support for this research.
iv
TABLE OF CONTENTSpage
ACKNOWLEDGMENTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iv
LIST OF TABLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
LIST OF FIGURES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
KEY TO ABBREVIATIONS . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
ABSTRACT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
CHAPTER
1 INTRODUCTION TO BIOMETRIC AUTHENTICATION SYSTEMS . 1
2 BACKGROUND ON BIOMETRIC AUTHENTICATION SYSTEMS . . 11
2.1 Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112.1.1 “What You Know” . . . . . . . . . . . . . . . . . . . . . . 112.1.2 “What You Have” . . . . . . . . . . . . . . . . . . . . . . . 132.1.3 “What You Are” . . . . . . . . . . . . . . . . . . . . . . . . 14
2.2 Evaluation of Biometric Authentication Systems . . . . . . . . . . 172.2.1 False Acceptance Rate and False Rejection Rate . . . . . . 172.2.2 Failure to Enroll Rate . . . . . . . . . . . . . . . . . . . . . 182.2.3 Equal Error Rate . . . . . . . . . . . . . . . . . . . . . . . 192.2.4 Ability-to-Verify Rate . . . . . . . . . . . . . . . . . . . . . 202.2.5 Receiver Operating Characteristic and Detection Error
Trade-off Curves . . . . . . . . . . . . . . . . . . . . . . 212.2.6 Cost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212.2.7 Number of Authentication Attempts Allowed . . . . . . . . 21
2.3 Decision Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232.4 Types of Biometric Authentication Systems . . . . . . . . . . . . 26
2.4.1 Fingerprint . . . . . . . . . . . . . . . . . . . . . . . . . . . 272.4.2 Iris Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 472.4.3 Retina Scan . . . . . . . . . . . . . . . . . . . . . . . . . . 512.4.4 Dynamic Signature Scan . . . . . . . . . . . . . . . . . . . 532.4.5 Voice Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . 562.4.6 Face Scan by Visible Light . . . . . . . . . . . . . . . . . . 592.4.7 Infrared Face Scan . . . . . . . . . . . . . . . . . . . . . . . 622.4.8 Hand Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
2.5 Architecture of Biometric Authentication Systems . . . . . . . . . 66
v
2.6 Biometric Standards . . . . . . . . . . . . . . . . . . . . . . . . . 682.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
3 PREVIOUS WORK IN COMBINING BIOMETRIC AUTHENTICATIONSYSTEMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
3.1 Optimal Bayes Decision Rule . . . . . . . . . . . . . . . . . . . . . 733.1.1 Product Rule . . . . . . . . . . . . . . . . . . . . . . . . . . 753.1.2 Sum Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 763.1.3 Max Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783.1.4 Min Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783.1.5 Median Rule . . . . . . . . . . . . . . . . . . . . . . . . . . 793.1.6 Majority Vote Rule . . . . . . . . . . . . . . . . . . . . . . 793.1.7 Experimental Test of Rules for Combining Classifiers . . . 80
3.2 Nonparametric Methods and Likelihood Ratio . . . . . . . . . . . 813.3 Majority Voting . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833.4 Weighted Sum Rule . . . . . . . . . . . . . . . . . . . . . . . . . . 833.5 Cascading Method of Combining Classifiers . . . . . . . . . . . . . 853.6 Hierarchical Methods of Combining Classifiers . . . . . . . . . . . 853.7 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
4 EXPERIMENTAL GOALS AND METHODS . . . . . . . . . . . . . . . 88
4.1 Meaning and Measurement of False Acceptance Rate . . . . . . . 884.2 Testing Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . 914.3 Curve Fitting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 924.4 Theory of Combining Multiple Biometric Systems . . . . . . . . . 94
4.4.1 Majority Voting . . . . . . . . . . . . . . . . . . . . . . . . 954.4.2 Sum Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
4.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
5 RESULTS AND DISCUSSION . . . . . . . . . . . . . . . . . . . . . . . 100
5.1 Softpro Dynamic Signature Verification . . . . . . . . . . . . . . . 1005.2 Biolink Biomouse . . . . . . . . . . . . . . . . . . . . . . . . . . . 1145.3 Panasonic Authenticam . . . . . . . . . . . . . . . . . . . . . . . . 1165.4 Voice Scan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1175.5 Multiple System Results . . . . . . . . . . . . . . . . . . . . . . . 1185.6 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121
6 CONCLUSIONS AND FUTURE WORK . . . . . . . . . . . . . . . . . . 124
REFERENCES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
vi
APPENDICES
A TEST SUBJECTS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
B DYNAMIC SIGNATURE VERIFICATION DATA . . . . . . . . . . . . 135
C RESULTS OF AUTHENTICATION ATTEMPTS ON MULTIPLEDEVICES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
BIOGRAPHICAL SKETCH . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
vii
LIST OF TABLESTable page
4–1 Equations fitted to genuine and impostor signature data . . . . . . . . 93
5–1 Equal error rates for dynamic signature verification . . . . . . . . . . . 105
5–2 Equations fitted to genuine and impostor signature data for one at-tempt, sum rule, in Figure 5–7 above . . . . . . . . . . . . . . . . . 107
5–3 Equations fitted to genuine and impostor signature data for one at-tempt, min rule, in Figure 5–8 above . . . . . . . . . . . . . . . . . 107
5–4 Number and percent of sum scores in various ranges . . . . . . . . . . 113
5–5 Error rates for different decision rules . . . . . . . . . . . . . . . . . . 113
5–6 False rejection rates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5–7 False acceptance rates . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
5–8 Comparison of single biometric authentication systems with a cascad-ing multiple biometric system. The highest false acceptance rate foreach device is used. . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
A–1 Test subjects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134
B–1 Signature genuine scores . . . . . . . . . . . . . . . . . . . . . . . . . . 136
B–2 Signature impostor scores, tracing . . . . . . . . . . . . . . . . . . . . 139
B–3 Signature impostor scores, impostor looks at victim’s signature andcopies it. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140
B–4 Signature impostor scores, impostor knows name of victim but hasnot seen signature. . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
B–5 Signature impostor scores, impostor knows only the username of thevictim. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
C–1 Authentication attempts in which the user attempted on fingerprint,signature, and iris systems. A 1 in the success column indicatessuccess within three attempts, and a 0 indicates failure. . . . . . . . 144
viii
LIST OF FIGURESFigure page
2–1 In enrollment, a user’s biometric data are captured, information isextracted and stored in an enrollment template, and the templateis stored in a database. . . . . . . . . . . . . . . . . . . . . . . . . . 15
2–2 In authentication, a user’s biometric data are captured, informationis extracted and stored in an enrollment template, which is com-pared to the enrollment template from the database. . . . . . . . . 15
5–1 Softpro signature match scores for genuine users and impostors, oneattempt, sum rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
5–2 Softpro signature match scores for genuine users and impostors, oneattempt, min rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
5–3 Softpro signature match scores for genuine users and impostors, twoattempts, sum rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
5–4 Softpro signature match scores for genuine users and impostors, twoattempts, min rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
5–5 Softpro signature match scores for genuine users and impostors, threeattempts, sum rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
5–6 Softpro signature match scores for genuine users and impostors, threeattempts, min rule. . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
5–7 Softpro signature match scores for genuine users and impostors, oneattempt, sum rule, with fitted curves. . . . . . . . . . . . . . . . . . 106
5–8 Softpro signature match scores for genuine users and impostors, oneattempt, min rule, with fitted curves. . . . . . . . . . . . . . . . . . 107
5–9 Softpro signature match scores for genuine users, one attempt, sumrule, with derivative of curve fitted to data points. . . . . . . . . . . 108
5–10 Softpro signature match scores for impostors tracing a genuine user’ssignature, one attempt, sum rule, with derivative of curve fitted todata points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
ix
5–11 Softpro signature match scores for impostors who know a genuineuser’s name, but do not have access to the user’s signature, one at-tempt, sum rule, with derivative of curve fitted to data points. . . . 109
5–12 Softpro signature match scores for impostors who look at a genuineuser’s signature while they copy it, one attempt, sum rule, withderivative of curve fitted to data points. . . . . . . . . . . . . . . . 109
5–13 Softpro signature match scores for impostors who know the usernameof a genuine user, but not their full name, and do not have accessto their signature, one attempt, sum rule, with derivative of curvefitted to data points. . . . . . . . . . . . . . . . . . . . . . . . . . . 110
5–14 Softpro signature match scores for genuine users, one attempt, minrule, with derivative of curve fitted to data points. . . . . . . . . . . 110
5–15 Softpro signature match scores for impostors tracing a genuine user’ssignature, one attempt, min rule, with derivative of curve fitted todata points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
5–16 Softpro signature match scores for impostors who know a genuineuser’s name, but do not have access to the user’s signature, one at-tempt, min rule, with derivative of curve fitted to data points. . . . 111
5–17 Softpro signature match scores for impostors who look at a genuineuser’s signature while they copy it, one attempt, min rule, withderivative of curve fitted to data points. . . . . . . . . . . . . . . . 112
5–18 Softpro signature match scores for impostors who know the usernameof a genuine user, but not their full name, and do not have accessto their signature, one attempt, min rule, with derivative of curvefitted to data points. . . . . . . . . . . . . . . . . . . . . . . . . . . 112
x
KEY TO ABBREVIATIONS
ATV: ability to verify rate
BAPI: biometric application program interface
BioAPI: biometric application program interface
BSP: biometric service provider
CCD: charge coupled device
CDSA: common data security architecture
DET: detector error trade-off
EER: equal error rate
FAR: false acceptance rate
FRR: false rejection rate
FTE: failure to enroll rate
HAAPI: human authentication application program interface
HRS: human recognition service
MDF: most discriminating features
MEF: most expressive features
PDF: probability density function
ROC: receiver operating characteristic
xi
Abstract of Thesis Presented to the Graduate Schoolof the University of Florida in Partial Fulfillment of the
Requirements for the Degree of Master of Science
EVALUATION AND COMBINATION OF BIOMETRIC AUTHENTICATIONSYSTEMS
By
David C. Hitchcock
December 2003
Chair: Richard E. NewmanMajor Department: Computer and Information Science and Engineering
While passwords may be stolen, guessed, or forgotten and tokens may be lost
or stolen, biometric authentication systems attempt to link authentication directly
to the user.
We have devised a cascading biometric authentication system which takes
advantage of unique strengths of the component biometric systems to achieve
better performance than either the individual biometric systems alone, or a system
that combines the biometrics in a generic way, such as a majority vote or sum
rule. In this system, the user first attempts to authenticate on an iris scan system.
Users who succeed here are accepted by the combined system because the iris scan
suffered no false acceptances in our testing. Users who fail the iris scan must then
attempt to authenticate on fingerprint scan and dynamic signature verification
systems. If they fail either of these, they are rejected by the combined system. If
they succeed in both, they are accepted. Two of the most important characteristics
of a biometric authentication system are the false rejection rate (FRR), the
fraction of authentication attempts by genuine users that are rejected, and the false
acceptance rate (FAR), the fraction of impostor authentication attempts that are
xii
accepted. This system yields lower (FRR) and/or FRR than any of the individual
systems, and saves time, because more than 80% of genuine users are accepted by
the iris scan, and need not attempt to authenticate on the other devices.
The dynamic signature verification system provided a score, instead of simply
a hard decision, allowing a more detailed study of its behavior. Curves were fitted
to the data from this system. Although the amount of data collected was small,
curves for tracing by impostors showed an unexpected distribution of scores, which
appeared to be bimodal. Based on a knowledge of the distribution of impostor
scores, a decision rule has been tailored to reject a large proportion of impostors at
the expense of rejecting a slightly increased number of genuine users.
Determination of the FAR presents difficulties because it depends strongly
on the method used by the impostor. Also, different systems are vulnerable to
different kinds of attacks, and must be tested in different ways. Comparison of
FARs of different biometric devices subjected to different attacks is discussed.
xiii
CHAPTER 1INTRODUCTION TO BIOMETRIC AUTHENTICATION SYSTEMS
Authentication is fundamental to security of computer systems. There must
be some means of knowing whether a person who attempts to access the system,
or some resources, is authorized to access the system or resources in question.
People may be authenticated on the basis of “what they know,” which in the
case of authentication by an information system could be a password or PIN, by
“what they have,” which could be a smart card or a card with a magnetic strip,
or by “what they are,” by measuring some physical feature, such as a fingerprint
or face image, or behavior, such as a signature. Similar methods are used for
authentication of individuals requesting physical access to locations ranging from
secret command and control facilities to amusement parks, and while the main
focus of this thesis is on authentication for access to computer systems, occasional
reference will be made to authentication in other contexts.
All authentication systems suffer from two kinds of errors, false acceptance of
impostors and false rejection of authorized users. Unless restrictions are in place
on choice of passwords, most users will choose easily guessed passwords such as the
name of a family member or pet, or a common word. Even good passwords may be
cracked by offline password guessing, or stolen by peaking over the user’s shoulder.
If restrictions are placed on choice of passwords to prevent the use of easily guessed
passwords, users may forget their passwords, resulting in lost productivity and in
increased work for administrators. Authentication tokens, such as smart cards, may
also be lost or stolen.
In an attempt to overcome these problems, biometric authentication systems
seek to link authentication directly to the person of the user. Users might be
1
2
authenticated by placing their finger on a scanner, which will record the fingerprint
and send it to the computer. Unique information would be extracted from the
recorded fingerprint and compared to information extracted from the user’s
fingerprint when they were enrolled in the authentication system. Ideally, the
user’s information will always be a close match, so that the user will be accepted,
and an impostors information will always be very different from the enrollment
information, so that the impostor will be rejected. However, in real biometric
authentication systems users may fail to interact properly with the biometric
system. For example, if an iris scan system is in use, the user must place their eye
the proper distance from the iris scanner, and must open their eye enough so that
the eyelid and eyelashes do not interfere too much with image acquisition. Also,
in some cases the user’s biometric feature may be changed. For example, if a user
of a voice scan system gets a cold, their voice may be changed to the degree that
they cannot be authenticated. Cases such as these result in false rejection. The
false rejection rate (FRR) of a biometric authentication system is the fraction of
authorized user authentication attempts that result in rejection. Impostors may
happen to have biometric characteristics very similar to those of the authorized
user, or may obtain a copy of the user’s biometric feature, such as a photograph of
a user’s face, that can be used for spoofing the biometric authentication system.
The fraction of authentication attempts by impostors that succeed is known as the
false acceptance rate (FAR). If the system requires a very close match, FAR will
be low, but FRR will be high, and vice versa. Therefore, testing of a biometric
authentication system must determine both the FAR and FRR of the system, and
the report of only one of these parameters is not very useful.
Frequently, the FAR is determined by having test subject A use their own
fingerprint, iris, etc. to attempt to authenticate as B, and vice versa. It is certainly
important that a biometric authentication system reject such attempts, but we
3
will show that FAR can be much higher when the impostor uses other methods,
such as a silicone copy of a fingerprint. Biometric authentication systems should be
subjected to whatever attacks can be devised in order to get a realistic idea of the
FAR a determined intruder might achieve.
If the threshold for authentication can be varied, the FAR and FRR should
be determined as a function of this threshold. This will allow the administrator of
the system to make a rational choice of a decision rule for accepting or rejecting
authentication attempts. There are two methods for choice of a decision rule. A
Neyman-Pearson decision rule results when a maximum acceptable value is set for
one of the FAR and FRR, and the other type of error is minimized subject to this
constraint. In some cases, high security is needed, and it is much more important
to prevent false acceptance, even at the cost of inconveniencing authorized users. In
this case, a low FAR might be specified, and a threshold high enough to achieve
this FAR would be chosen. In other cases, the loss due to rejecting an authorized
user may be greater than that of accepting an impostor, and a low FRR would be
specified, and a threshold low enough to achieve it would be used.
Alternatively, if a cost can be assigned to each type of error, an optimal Bayes
decision rule will set the threshold to minimize the total loss from false acceptances
and false rejections in the system.
Based on a long history of forensic use and many scientific investigations, there
is good evidence for the uniqueness and permanence of fingerprints [40],[41],[51].
Also, it might seem impossible for a fingerprint to be lost or stolen. However,
due to abrasion of fingerprints or condition of the skin, it may be impossible for a
scanner to detect the fingerprint detail well enough to authenticate the person [18].
Fingerprints can also be copied from objects such as glass handled by a user, and
replicated in gelatin [47], or the image may be captured as it is being transmitted
from the scanner to the computer and replayed by an attacker at a later date [49].
4
A variety of other characteristics are used for biometric authentication with
varying degrees of success. The iris, like the fingerprint, has a great deal of unique
and permanent information that can be used for authentication [8]. However, it
may also be spoofed with a photograph of a user’s iris [49], and may suffer from a
high FRR [35].
The blood vessels of the retina also have unique information, and as far as
is known retina scan systems are invulnerable to authentication attempts by
impostors[19], but medical conditions, such as pregnancy, may cause changes in the
vessels resulting in false rejection [36].
Dynamic signature verification measures both the shape of the signature, and
also dynamic factors such as speed and pressure. Inconsistent signatures may cause
increased error rates [35], Also, we have found that impostors may achieve a high
success rate when tracing an authorized user’s signature.
Voice scan is convenient for use over the telephone, and may make use of
existing hardware in a computer, such as a microphone and sound card, but is
vulnerable to ambient noise and replay attacks.
Face scan can be carried out by visible or infrared light. Face scan with
visible light suffers from a small number of features compared to other biometric
authentication methods, and those features may be changed by disguise or by
weight change [44]. It is also subject to spoofing with a picture of an authorized
user [49]. Infrared face scan uses a thermal image to detect patterns due to
blood flow beneath the surface of the face. The positions of the blood vessels
are permanent, and provide much information for authentication [44]. The main
disadvantage is the high cost of a camera [44].
Hand scan systems measure the dimensions of a user’s hand. They are used to
authenticate season pass holders at Disney amusement parks [30], and achieve an
5
error rate of 0.1% in testing [55]. There does not appear to be any information on
spoofing of hand scan systems.
Biometric devices are frequently connected to a computer via a USB port.
Devices connected by this or some other sort of bus or network that is physically
accessible may be subject to snooping. The data being sent to the computer
by a fingerprint scanner been recorded and used to reconstruct the fingerprint
image [49]. Theft of a fingerprint image is much more serious than theft of a
password. A stolen password can be changed, but a stolen fingerprint, or other
biometric information, cannot be. The data recorded could also be used for a
replay attack. To avoid such attacks, communication between the biometric device
and the computer should be encrypted.
A biometric authentication system consists of hardware to capture biometric
information, and software to compare this information to that stored in the system
when the user enrolled. This system must interact with the authentication software
of the operating system. It often interacts via a middleware. If so, the middleware
can interact with the software component of the biometric authentication system
via a standard API. Several such standards have been developed, and currently
the biometric industry seems to be converging on a single standard, BioAPI.
Adoption of such a standard would make the biometric device together with its
device-specific software interchangeable. It would also allow easy combination of
multiple biometric authentication systems to meet the authentication needs of a
single computer system.
Because biometric authentication systems are in many cases susceptible to
spoofing, and generally have unacceptably high false acceptance or rejection rates,
there have been several attempts to combine multiple biometric authentication
systems. If an intruder is able to obtain or make an artifact, such as a gelatin
copy of a user’s fingerprint or a photograph of a user’s face or iris, they might
6
be able to authenticate on a single biometric system. However, if authentication
requires an acceptable combination of scores on several devices, an impostor with
an artifact for only a single device would probably be defeated. Also, a user whose
fingerprint is damaged by a weekend of bricklaying or rock climbing might fail a
single fingerprint test, but might still be able to authenticate via other devices if
multiple biometrics are in use.
Biometric authentication is a case of pattern matching, in which a pattern
consisting of biometric data from a person must be classified as belonging to
the person whose identity is being claimed, or not belonging to that person. A
biometric authentication system is then a classifier, and when multiple biometric
systems are to be combined, methods from the literature on combining classifiers
can be used.
There are three broad groups of methods for combining classifiers; parallel,
cascading, and hierarchical [23]. Most combining methods discussed in the liter-
ature on combining classifiers in general, as well as in biometric authentication,
fall into the parallel category. In this category are such methods as voting, sum,
min, and product rules. It also includes schemes in which the scores from indi-
vidual classifiers are weighted before combining. The product, sum, min, and
majority vote rules have all been derived from Bayesian theory by making various
assumptions and simplifications [27]. If the various classifiers are assumed to be
independent, the product rule can be derived. With the product rule, a single low
score can have a large effect on the result.
With the further assumption that the a posteriori probability of a genuine
user or an impostor does not differ greatly from the a priori probability, the sum
rule can be derived. While it might seem undesirable to make such an assumption,
errors in the scores from the classifiers have less effect on the sum than they do on
the product, which could be an important advantage.
7
The median rule would assign the pattern based on the classifier with the
median score. Dividing the sum by the number of classifiers in use, which is a
constant, yields the mean. The median is unaffected by the value of outlier scores,
while the mean is affected, so the median might be expected to be a more robust
classifier than the sum.
The min rule classifies a pattern based on the classifier that gives the pattern
the lowest score. It could thus be sensitive to a single outlier. However, if a single
classifier assigns a low score to an impostor the min rule would be able to reject the
impostor.
If the score from each individual classifier is hardened to give a binary value,
perhaps a 1 for the class the classifier considers most probable and a 0 otherwise, a
majority vote results.
When these and other rules were applied to two sets of experimental results,
the sum rule was best on one data set, the median rule was best on the other, ma-
jority vote was close to these two, and the min and product rules were significantly
lower.
Classification normally depends on determining a probability density function
(PDF) for each classifier’s score for each class. If the classifiers are not indepen-
dent, then joint probability functions are needed. Parametric methods, which
assume the distributions to follow some function, or nonparametric methods, which
make no such assumption, can be used. nonparametric methods require more data
than parametric methods, but if sufficient data are available, they may achieve
better results. Also, the amount of data needed to derive a joint PDF increases as
the number of classifiers, and therefore the number of dimensions in the PDF, in-
creases. Therefore, beyond some point, addition of more classifiers may degrade the
accuracy of classification. With a large data set of fingerprint images, a nonpara-
metric method, the Parzen window density, was found to be superior to parametric
8
methods [43]. Then the best classification was obtained by combining only four
of five algorithms that were tested. A likelihood ratio, the ratio of the PDF for
impostors to that for genuine users, was computed for the four-dimensional space
generated by the scores from these four classifiers. Then scores in regions where
there was a high ratio of impostors to genuine users were rejected, and scores
falling in regions where the ratio was low were accepted. This method was found to
be superior to the sum rule, which was superior to the product rule.
A weighted sum rule has also been used to combine scores from multiple
biometrics. Weighting factors have been determined empirically to achieve the best
classification accuracy on training data [25], and the inverse of the variance of a
classifier’s scores has been used as a weighting factor [12].
In cascading methods, classifiers are used in a sequence. A biometric identifi-
cation system uses face recognition, which requires little computation, to select a
small number of close matches from a database, and then a fingerprint scan system,
which is slower, is used to identify the subject as the best fingerprint match, if that
match meets a threshold. Otherwise, the system reports no match [20].
Hierarchical methods do not seem to have been used in biometrics.
The first goal of our work is to test a variety of biometric authentication
systems, to determine the FRR and the FAR. In order to accomplish this goal,
a group of test subjects authenticated on four different biometric authentication
systems, a thumbprint mouse, a dynamic signature verification system, an iris scan
system, and a voice verification system. The test subjects authenticated four times
over a period of six weeks. However, this will not give adequate information on
the vulnerabilities of these systems. The “Principle of Easiest Penetration” states
that intruders will “use any available means of penetration. This is not necessarily
the most obvious means, nor is it necessarily the one against which the most solid
defense has been installed” [39]. Therefore determination of the FAR that could
9
be achieved by spoofing of biometric devices by a variety of methods was a focus
of our research. Spoofing was successful on the voice verification, thumbprint and
signature systems, but not on the iris scan system. However, the voice verification
system was found to be unreliable, and the acceptance rate for impostors was
similar to the acceptance rate for genuine users.
False acceptance rate was found to depend strongly on the method used by the
impostor. A FAR of 50% was achieved by tracing an authorized user’s signature.
Because only the dynamic signature verification gave a score, as opposed to a
hard decision to accept or reject, more could be done with the results from that
system. False acceptance rate and FRR data for the dynamic signature verification
were plotted, and curves were fitted to the data in order to better characterize the
patterns of scores for genuine users and for impostors using different methods.
Data for tracing in particular has an unexpected shape, with most of the data
points concentrated at high scores, where the genuine user scores are expected.
The very limited data fit a bimodal curve, and based on this bimodal distribution
a reduced FAR can be achieved by rejecting very high scores, where many of the
tracing scores are concentrated, at the expense of an increased FRR.
No single biometric system was found to be satisfactory. The Iris scan
system had a high FRR of 16.1% when the user was allowed three attempts.
The thumbprint system suffered from an FAR of 12.9% when the impostor used a
silicone copy of a user’s thumbprint. The signature scan system’s FAR was 50%
for tracing. Therefore the possibility of lowering error rates by combining scores
was investigated. Theoretical results show that combining scores of several systems
by the sum rule could significantly improve error rates. Theory predicts a lesser
improvement via a majority vote. However, only one of our devices provided a
score, rendering use of the sum rule impossible. Therefore, a cascading method
has been devised in which a user first authenticates on the iris scan. Because there
10
were no false acceptances on this system, users who authenticate successfully on
the iris scan are accepted by the combined system. Those who fail then go on
to attempt authentication on the fingerprint system. If they again fail, they are
rejected by the combined system. If they succeed they attempt to authenticate
on the signature system. If they succeed here, they are accepted. Otherwise they
are rejected. The FAR and FRR of the combined system depend on the number
of thumbprint attempts allowed and the decision rule for the signature system,
but with one thumbprint attempt and not rejecting very high signature scores
that might represent tracing, the FAR is 6.5% and the FRR is 3.2%. Also, the
majority of users, who pass the iris scan, need not spend further time and effort on
authentication.
CHAPTER 2BACKGROUND ON BIOMETRIC AUTHENTICATION SYSTEMS
2.1 Authentication
If a computer system is accessible to more than one person, either physically
or via a network, then some form of authentication is necessary if security is
desired. Those who are authorized to use the system should somehow be recognized
and allowed access, while anyone making a false claim to be an authorized user
should be rejected and not allowed access. Even if the computer is in a physically
secure location, if it is shared by several users, different users will probably have
different privileges for accessing different resources, so the system will need to
authenticate the users to determine what they should be allowed to do. People can
be authenticated by three main methods; “what you know,” “what you have,” and
“what you are” [26].
2.1.1 “What You Know”
People are commonly authenticated by passwords, an example of “what you
know.” However, passwords suffer from several weaknesses. Left to their own
devices, users will tend to choose passwords that are easy for them to remember,
such as common words and names. Such passwords are likely to also be easy
to guess [39]. If passwords can be entered on-line, and there is no restriction on
the number of attempts or rate, the password can often be found by means of a
“dictionary attack,” simply using all words in an on-line dictionary as guesses when
attempting to authenticate.
11
12
If the passwords cannot be guessed, they might be stolen. Passwords can
be stolen by methods as simple as looking over a user’s shoulder. If a security-
conscious administrator requires hard-to-guess passwords and frequent changes,
users who are unable to remember them may write them on post-it notes.
Operating systems such as UNIX and VMS store cryptographically hashed
passwords. If the file containing the hashed passwords can be stolen, the attacker
can hash possible passwords until one of the hashes matches a hash in the password
file.
If a password is large enough, it will be computationally infeasible to try all
possible passwords. In order to prevent off-line password guessing, there should be
about 64 bits of randomness, or 264 possible passwords [26]. If the password is a
random string of any letters, upper or lower case, any digit, or punctuation marks,
for a total of 64 possible characters, an 11-character password would be sufficient.
However, few people would remember such a password. If it is constrained to be
a pronounceable, case-insensitive string of letters, so that it can be more easily
memorized, a 16-character password would be needed. If users are allowed to
choose their own passwords, the randomness is thought to be about 2 bits per
character, and 32 characters would be needed. According to Kaufman et al. [26],
all three possibilities are too long for humans to memorize. However, the author
suspects that a lot of people could remember a 32-character phrase, particularly if
they used it regularly. “When in the course of human events,” the first seven words
from the Declaration of Independence, is already 34 characters. Then, instead of
a “dictionary attack,” a compilation of familiar texts would have to be used as a
source of possible guesses for a “library attack.”
Finally, if users forget passwords, extra work is imposed on administrators to
reset the passwords, and users are denied access to needed computing resources
until the new password is available.
13
Authentication by means of “what you have” or “what you are” must often
be converted to or supplemented by authentication by “what you know.” If a
user authenticates over a network, only bits, not possessions or characteristics of
the user, can be presented to the system. Also, if devices used for other forms
of authentication are not themselves authenticated by means of a cryptographic
challenge, the system may be vulnerable to spoofing or replay attacks.
2.1.2 “What You Have”
The most common authentication token, or physical device used for authenti-
cation, is a key.
Early pc’s often had a lock on the front panel that could be used to block
access to anyone without the key. While keys remain the method of choice for
authenticating users of automobiles and houses, they would not be practical
for networked computers, or for systems with multiple users who have different
privileges.
Two types of authentication tokens currently used are cards with magnetic
strips and smart cards. Both types contain passwords or keys, but they are not
constrained by human forgetfulness, so the secret can be too long to be guessed.
Smart cards have embedded CPUs. Some require the use of a PIN before allowing
their information to be read. This provides more security for the secret than a
magnetic strip. Others will not allow their secret key to be read, but will only use
it to encrypt or decrypt a number in order to authenticate via a cryptographic
challenge and response. Then it is difficult or impossible for the secret to be
stolen [26].
Authentication tokens can be lost or stolen. For this reason they are often
combined with another form of authentication, such as a PIN or password [26].
Because users may occasionally leave their tokens at home, there must be
some mechanism to authenticate forgetful users. As with lost passwords, there
14
will be a loss of access to needed resources until the user can be authenticated
by the alternative means, and there will be some cost for administrator’s work in
authenticating the user.
2.1.3 “What You Are”
Biometric authentication attempts to link authentication directly to the person
of the user, basing its decision to accept or reject an attempt at authentication
on a measurement of a physical or behavioral characteristic of the user. It is an
attempt to avoid the problems of lost or stolen passwords or authentication tokens.
Evaluation of the degree to which it may succeed, and the types of errors that can
occur, is in the following section.
Biometric authentication has a long history. In ancient Egypt, for legal
and business purposes people were identified by characteristics such as scars,
complexion, eye color, and height [21]. Fingerprints were also used in ancient China
on seals and in Babylon on clay tablets [14].
The first reported use of an automated biometric authentication system in the
business world was in 1968, when fingerprints were used on Wall Street to open a
vault containing stock certificates. The system cost $20,000 [38]. As of May, 2003,
a mouse with a fingerprint scanner costs about $90-$140, and an iris scan system
costs $205-$250.
A variety of biometric devices allow a user to authenticate by means of a
fingerprint, an image of their hand, face, iris, or retina, handwriting, or the sound
of their voice. Their common features are described here, and details of the various
types of devices follow.
Before a biometric device can be used for authentication, a user must first
enroll, as shown in Figure 2–1. In the case of a fingerprint system, this would
involve putting a finger on a fingerprint scanner. The scanner would record an
image of the fingerprint, perhaps in a “.bmp” file. The the software component of
15
��
��
BBBB
k '
&
$
%Biometric
Device-
Biometric
Data
Create
Template
?
Enrollment
Template'&
$%Database
Figure 2–1: In enrollment, a user’s biometric data are captured, information isextracted and stored in an enrollment template, and the template is stored in adatabase.
��
��
BBBB
k '
&
$
%Biometric
Device-
Biometric
Data
Create
Template
?
Match
Template
Compare
Templates-
Enrollment
Template
'&
$%Database
Figure 2–2: In authentication, a user’s biometric data are captured, information isextracted and stored in an enrollment template, which is compared to the enroll-ment template from the database.
the biometric system would process this file, extracting unique characteristics and
saving them in an enrollment template. Most biometric authentication systems
require users to repeat this process several times in the course of an enrollment, in
order to get more data on the user’s characteristics [35].
Later, when someone claims to be the user and attempts to authenticate,
they again place their finger on the fingerprint scanner, the image is processed, the
16
unique characteristics are extracted, and a second template, the “match template,”
is produced, as shown in Figure 2–2. This template is compared to the enrollment
template, and a match score is generated [35].
Note that the images of the fingerprint from enrollment and authentication
could not be directly compared, because the position and orientation of the
fingerprint would be different each time. Even the templates would generally not
be identical. This is in contrast to authentication by a password or other secret,
whether stored in the memory of a user or of an authentication token, where a
perfect match is expected. Therefore a decision rule is needed to get from the
match score to a decision to accept or reject an attempt at authentication, as
described below.
At first thought, biometric authentication would seem to be immune to loss
and theft, except in rare cases, such as accidents. However,
A hacker who broke into a poorly designed system might be able tosteal other people’s digital biometric templates and use them to accesssecure networks. This trick, called ”replay,” could take identity theft toa whole new level. ”Your fingerprint is uniquely yours, forever. If it’scompromised, you can’t get a new one,” says Jackie Fenn, a technologyanalyst at the Gartner Group ([18], p.61).
Stealing of templates is not a certain way for a hacker to get access. Normally
the biometric data, such as a fingerprint or iris image, cannot be computed from
the template. If the software expects the biometric data rather than a template, a
hacker might be able to compute biometric data that produces the same template.
However, the contents of the template would depend on the algorithm used,
and if a template for a fingerprint using one algorithm was stolen, it might bear
no resemblance to the template for another fingerprint device with a different
algorithm. Likewise, a fingerprint computed to yield that template might not work
on a system using a different algorithm which might extract different types of data
from the signature.
17
2.2 Evaluation of Biometric Authentication Systems
In this section, several metrics useful in the evaluation of biometric devices are
discussed. Important parameters for a biometric device include False Acceptance
Rate (FAR), False Rejection Rate (FRR), the Failure to Enroll rate (FTE),
Ability to Verify rate, (ATV ), and cost.
2.2.1 False Acceptance Rate and False Rejection Rate
As described above, a biometric authentication system derives a match score
by comparing biometric data from a person attempting to authenticate with
enrollment data for the identity they claim. The closer the match, the higher
the match score will be. If the match score exceeds a threshold, the person
authenticating is accepted. If the threshold is set too high, genuine users will be
rejected. If it is set too low, impostors will be authenticated. Ideally, the lowest
score from a genuine user would be higher than the highest impostor score. Then
the threshold would be set somewhere between the two.
However, in reality, the genuine and impostor scores overlap. Then the system
will generate a greater or lesser number of two types of errors. In order to quantify
these errors, the false rejection rate (FRR) and the false acceptance rate (FAR)
for a biometric device are defined as:
FRR =number of failed attempts at authentication by authorized users
number of attempts at authentication by authorized users(2.1)
FAR =number of successful authentications by impostors
number of attempts at authentication by impostors(2.2)
Both FAR and FRR depend on threshold. A higher threshold will generally
reduce FAR, but at the expense of increased FRR, and vice versa. Methods and
considerations related to choice of a threshold are discussed in Section 2.3 below.
18
Because impostors may be able to authenticate by a variety of means, such
as the use of artifacts like copies of fingerprints and replay attacks [47], [49],
information on such vulnerabilities is needed for proper evaluation of biometric
devices [54]. The “Principle of Easiest Penetration” states that intruders will
“use any available means of penetration. This is not necessarily the most obvious
means, nor is it necessarily the one against which the most solid defense has been
installed” [39]. Therefore, biometric authentication systems should be tested by
any means that can be devised. However, most testing that is reported consists
of person A attempting to authenticate as person B [10], or with a database of
biometric data captured in this way [12], [20], [25], [43], [28], [27].
2.2.2 Failure to Enroll Rate
When a user attempts to enroll on a biometric authentication system, if the
system cannot extract enough unique characteristics to reliably authenticate the
user, the user will not be able to enroll. Then the failure to enroll rate (FTE) is
defined as
FTE =number of users who fail in their attempts at enroll
number of users who attempt to enroll(2.3)
Obviously a user without hands could not be enrolled on a fingerprint scanner.
However, even when a user has the feature in question, the system may not be able
to extract enough unique information in order to reliably authenticate the person.
According to International Biometrics, about 2.5% of office workers do not have
“fingerprints of sufficient quality to allow for authentication” [21].
Several methods have been proposed to reduce FTE. First, improved training
and improved ergonomics of the system can significantly reduce FTE. Nanavati et
al. say that by these means FTE might be reduced from 10% to 1% [35].
19
The FTE can also be decreased by lowering the standards for an acceptable
enrollment, but when users are enrolled in spite of insufficient unique characteris-
tics, the FAR and/or the FRR will be increased [35].
Finally, if users are allowed more attempts to enroll FTE can be decreased,
but users who need many attempts to enroll will probably also have difficulty
authenticating, so at some point it is probably best to give up and use another
method of authenticating [35].
A high failure to enroll rate will tend to negate any advantages of the biomet-
ric authentication system, because an alternative means of authentication must be
provided for users who cannot be enrolled. If the alternative system is less secure,
then intruders should be expected to attempt to penetrate this alternative authen-
tication scheme rather than the biometric authentication system. If the cost of
the alternative authentication method is higher, a high FTE will increase the cost
of authentication. If the alternative system is not less secure or more expensive,
then the biometric system is probably not needed anyway. A second authentication
system is certain to increase the administrator time needed for authentication,
because they will have to maintain two systems rather than one.
2.2.3 Equal Error Rate
At a sufficiently low threshold, few or no users will be rejected, so the FRR
will be low. Most or all impostors will be accepted, so the FAR will be high.
Then as the threshold is increased more genuine users will be rejected and less
impostors will be accepted. At some point FRR and FAR will be equal. The
value of the FAR and FRR at this point is the equal error rate (EER). The equal
error rate may be useful as a single value to allow comparison between different
biometric authentication systems. However, it can be misleading because systems
will seldom be operated at the EER. In some cases it will be more important to
keep impostors out, even at the expense of rejecting authorized users, and in other
20
cases it will be more important to avoid rejecting authorized users. [35] The EER
tells us nothing about what the FAR and FRR will be at any other threshold.
Also, if the standards for enrollment are made high, the EER will be low, but
at the expense of a high FTE. If the EER is reported but the FTE is not, it is
impossible to know how good the system really is.
2.2.4 Ability-to-Verify Rate
In order for the biometric authentication system to work properly for a given
user, the user must be able to enroll, and then to authenticate. The Ability-to-
Verify Rate (ATV ) then gives the proportion of users for whom the system works
properly,
ATV = (1− FTE)(1− FRR) (2.4)
Along with the FAR, the ATV provides important information on three key issues
for biometric authentication systems [35]:
1. Cost: If some users cannot be authenticated by the biometric system,
some alternative authentication process will be needed. It could be an
alternate biometric authentication system, or a system based on a password
or authentication token, or even an administrator who would come and verify
the individuals who cannot be authenticated on the biometric system. In any
case, it will increase costs.
2. Security: If the ATV is low, many users are not being verified by the biomet-
ric authentication system. Unless the alternative means of authentication is
at least as secure as the biometric system, the security of the system will be
degraded.
3. Convenience: A low ATV indicates that the biometric system is difficult to
use, because many users cannot enroll or authenticate successfully.
21
Of course the ATV could be made high by lowering the standard for enroll-
ment and the threshold for authentication, but this would result in a high FAR.
Likewise, the FAR could be made very low by making the standard for enrollment
and the threshold for authentication high, but then the ATV would be low. For
this reason, both of these metrics should be reported together, and not just one or
the other.
2.2.5 Receiver Operating Characteristic and Detection Error Trade-offCurves
Receiver operating characteristic (ROC) curves display the genuine acceptance
rate on the y axis vs. the FAR on the x axis. They are “an accepted method
for summarizing the performance of imperfect diagnostic, detection, and pattern
matching systems” [32]. However, for biometric systems, detection error trade-off
(DET) curves, which plot FRR on the y axis vs. FAR on the x axis, are preferred
because they treat both types of error in the same way [32]. If desired, the error
rates can be plotted on logarithmic scales to cover a wider range of errors. These
curves allow a relatively complete view of the characteristics of a biometric system.
From such a curve, one can find the EER, the FAR corresponding to any desired
FRR, or the FRR corresponding to any desired FAR.
2.2.6 Cost
The cost of a biometric system would include the purchase price of the device,
as well as administrative cost of setting up and maintaining the device, and the
cost of the time spent by users in authenticating. It might also include the cost of
an alternative system for users who cannot be enrolled, and the cost of dealing with
users who are falsely rejected by the system.
2.2.7 Number of Authentication Attempts Allowed
An important policy decision in the design and administration of a biometric
authentication system is the number of attempts allowed. If multiple attempts are
22
allowed, the FRR will be decreased and the FAR will be increased. In the simplest
case, if the probability of success for all attempts is independent, the FAR and
FRR for a system that allows n attempts are
FARn = 1− (1− FAR1)n (2.5)
FRRn = (FRR1)n (2.6)
where FAR1 and FRR1 are the values when only one attempt is allowed. However,
probability of success for multiple attempts is not likely to be independent. If 1%
of imposters can authenticate on a particular fingerprint system as user A, there
may be some with fingerprints very close to A’s, who can authenticate every time.
Others may be able to authenticate occasionally. Others, with fingerprints very
different from A, may never be able to authenticate as A. Likewise, if a user is
falsely rejected by a voice system due to a cold, the user would continue to have a
very low probability of success until they recover. Multiple attempts would be little
help.
Imposing a limit on the number of authentication attempts creates the
possibility of another kind of attack [26]. If access to the account is blocked after
some number of unsuccessful attempts, attacker can simply make the required
number of attempts to authenticate, blocking the account. An attacker could even
block the administrator’s account, creating a severe problem.
An alternative approaches to preventing repeated attempts by an attacker
might be to impose a delay between attempts. The delay might be a few minutes,
and begin after some small number of attempts. In addition, the administrator
could be alerted when there are repeated failed authentication attempts, and could
investigate to catch the impostor.
23
2.3 Decision Rules
Because FAR and FRR for a given device depend on threshold, selection of
the threshold is a critical policy decision. A decision rule must be chosen based
on the requirements of the system. An attempt at authentication on a biometric
authentication system produces a score x. In general, x is a vector, the components
of which are scores returned by one or more biometric devices, each of which
may return multiple scores, either from processing the same data by different
algorithms [43], or by processing different measurements, as in the case of the
Softpro Dynamic Signature Verification system, which returns both dynamic and
static scores, as described below. The decision rule must map the score to one of
two classes, ω1 for accept and ω2 for reject. Two methods of choosing a decision
rule might be appropriate depending on the requirements of the system.
If a maximum acceptable rate for one type of error is specified, and errors of
the other type should be minimized subject to this constraint, we are using the
Neyman-Pearson method of selecting a decision rule [31]. In the case of a single
biometric device, assuming that the distribution of impostor scores decreases
monotonically and the distribution of genuine user scores monotonically decreases
as score increases, this rule is almost trivial. For example, if a limit of 0.001 is
placed on the FAR, then the threshold is set to produce a FAR of the required
level, 0.001. A lower threshold would not achieve the required FAR, and while a
higher threshold would further decrease the FAR, it would also increase the FRR.
If either or both of the distributions of scores for impostors and genuine
users are not monotonic, then simply accepting everything above a threshold and
rejecting everything below may not be optimal. Instead, we need to define the
likelihood ratio, as in [43]
R = P (x | ω2)/P (x | ω1) (2.7)
24
where P (x | ω2) and P (x | ω1) are the conditional probabilities of the score x given
that the person authenticating in an impostor, belonging to class ω2, or a genuine
user, belonging to class ω1, respectively. Regions of high R have a high proportion
of impostors, and regions of low R have a high proportion of genuine users. If we
again consider the example of a maximum FAR of 0.001, then we would select the
regions to accept beginning with the lowest R, and continue adding progressively
higher R regions to the “accept” area until the proportion of impostors being
accepted reaches the maximum acceptable FAR of 0.001. If a maximum FRR is
specified, regions with highest R are rejected until the proportion of genuine users
rejected reaches the maximum allowed value.
The optimal Bayes decision rule can be used when both types of errors can be
assigned a loss. This rule minimizes the risk, or expected value of loss, by assigning
a pattern x the the class ωi which minimizes the conditional risk,
r(ωi|x) =2∑
j=1
L(ωi, ωj) · P (ωj|x) (2.8)
where L(ωi, ωj) is the loss when a pattern belonging to ωj is assigned to ωi. Thus,
L(ω2, ω1) is the loss incurred when an authorized user is rejected, and L(ω1, ω2)
is the loss incurred when an impost is accepted. The loss incurred in assigning a
pattern to the correct class is normally given a value of 0. P (ωj|x) is the posterior
probability, or the probability that the pattern belongs to ωj given the values of the
measurements that make up the vector x [27].
The values of the losses for assigning to the wrong class will depend on the
application of the biometric device. In a test of a system of three biometric devices
used to authenticate people entering the Fraunhofer-Institute for Integrated
Circuits, a false rejection was assigned twice the cost of a false acceptance [10].
On the other hand, if we are designing a biometric authentication system to
protect the gold in Fort Knox, the loss due to a false acceptance would be much
25
greater than that due to a false rejection. P (impostor|x) and P (genuine|x) are the
posterior probabilities that the person attempting to authenticate is an impostor or
a genuine user, given they achieved a score x, respectively.
The posterior probabilities P (ω1|x) and P (ω2|x) are not likely to be known for
a biometric authentication system. According to Baye’s formula, they are
P (ωk | x) =p(x | ωk)P (ωk)
P (x)(2.9)
where p(x | ωk) is the conditional probability density function for measurements
of x on class ωk and p(x) is the unconditional probability function of x [27]. Now
p(x | ω1), the probability that a genuine user will get a score x, can be determined
by allowing genuine users to authenticate and determining the probability distri-
bution of their scores. The probability of an impostor getting a score x, p(x | ω2),
will depend on the method used by the impostor, because some methods will allow
the impostor to present data that matches the genuine user’s data more closely. As
with FAR′s, values of p(x | ω2) should be determined for each possible method
that impostors may use. We are still left with terms that might or might not be
measurable; P (ω2), the probability that a person who attempts to authenticate is
an impostor, and P (ω1), the probability that a person who attempts to authenti-
cate is a genuine user. If it is desired to apply biometric authentication in a system
currently using some other method of authentication, such as passwords, these
probabilities might be estimated by logging all attempts at authentication, and
assuming that the successful attempts are genuine users, and unsuccessful attempts
are impostors. However, error will result if some impostors are successful under the
current system, and if genuine users forget their passwords or make typing errors.
A more sophisticated approach to the log might reduce the number of errors in the
estimates. Genuine users might be expected to succeed on their second try, or to
ask the administrator to reset their password soon after they fail several times. A
26
large number of unsuccessful attempts in rapid succession would indicate on-line
password guessing.
Substituting equations (2.9) into equation (2.8) we can arrive at a decision
rule,
Accept if
L(ω1, ω2) · p(x|ω2) · P (ω2) < L(ω2, ω1) · p(x|ω1) · P (ω1) (2.10)
otherwise reject
and rearranging and substituting R from equation (2.7),
Accept if
R <L(ω2, ω1) · P (ω1)
L(ω1, ω2) · P (ω2)(2.11)
otherwise reject
From this equation, it is clear that our choice to accept or reject a particular
attempt at authentication will depend on the probability that a person attempting
to authenticate is a genuine user, or is an impostor, independent of the score
achieved. In neighborhoods where the probability that a person trying to enter
a house is a burglar is large, people are much more likely to put bars on their
windows. Equation (2.11) suggests that we should take a similar attitude with
a biometric authentication system. If all else is constant, a system with frequent
impostor attempts will have to require a lower likelihood ratio for authentication
than would a similar system with few impostor attempts.
2.4 Types of Biometric Authentication Systems
In order for a characteristic to be useful for biometric identification, it should
be unique to each individual and constant throughout the individual’s lifetime. If it
27
is not unique, there will be some error, but the characteristic may still be useful if
the error is small enough or if the characteristic is used in combination with other
characteristics. If it is not constant, error will again result. Gradual changes in the
characteristic might require periodic re-enrollment. The characteristic should also
be measurable by some technique that is inexpensive in terms of equipment and
software cost, administrator time, and user time, and not objectionable to the user.
In this section the degree to which fingerprint, iris, voice, face, hand, and
signature scans meet these criteria will be discussed. A recent legal challenge to
fingerprint evidence in courts will also be reviewed.
2.4.1 Fingerprint
Fingerprints have a long history of scientific investigation and forensic use.
Biometric systems using this feature seem to be both the most numerous and most
highly developed.
Fingerprints have three levels of detail, all of which are useful for identification
or authentication. Level one is the overall pattern, includes whorl patterns, loop
patterns, and arch patterns. It is not sufficient to indicate a match, but can
indicate a non-match. Level two includes ridge endings, bifurcations, dots, and
combinations of these features. Level three includes details of ridges, such as pores,
breaks, width, shape, and scars [22]. The permanence and individuality of these
features have made fingerprints a useful means of identification in many contexts,
including biometrics.
Formation, Permanence, and Uniqueness of Fingerprints
The mechanism of formation of fingerprints is of interest because it provides
reason for the permanence and uniqueness of the fingerprint pattern. In a case in
which the admissibility of fingerprint evidence was challenged, William Babler, an
anatomy professor, embryologist, and former president of the American Dermato-
28
glyphics Association, 1 testified on the mechanism of formation of friction ridges,
the ridges that make up fingerprints and palmprints, and also exist on toes and
the soles of feet [42]. This testimony was used by the judge in United States v.
Plaza in deciding on the admissibility of fingerprints in that case. Babler states
that “Primary friction ridges, which develop ‘deep to the surface of the skin’ ”
begin to form in the ninth or tenth week of a fetus. “At about fourteen weeks,
sweat glands or sweat ducts begin to form, ‘start[ing] out as proliferations from the
primary ridge. They grow down into the dermis and they ultimately mature into a
duct and into a gland.’ ” Some time from the fifteenth to the seventeenth week the
primary ridges have all formed, and the secondary ridges begin to appear on the
skin surface at about the seventeenth week. Babler stated that
this interface between the epidermis and the dermis really provides atemplate of the configuration of the friction ridges on the surface. Andthis template tends to be permanent. It does not change. Unless it getsinjured, and it would take a deep injury. It would take an injury that
1 This association consists of physical anthropologists, geneticists, and biolo-gists who study the patterns of friction ridges on the hands and feet of humansand other primates “looking at the relationships of these configurations for de-termining predictability for, say, a medical condition or a variety of other relatedsituations” [42]. It is interesting to note that Francis Galton expected to find sim-ilarities in fingerprints within various ethnic and racial groups, and distinctionsbetween the groups, but concluded “As a first and only an approximately correctdescription, the English, Welsh, Jews, Negroes, and Basques, may all be spoken ofas identical in the character of their finger prints; the same familiar patterns ap-pearing in all of them with much the same degrees of frequency, the differences be-tween groups of different races being not larger than those that occasionally occurbetween groups of the same race. The Jews have, however, a decidedly larger pro-portion of Whorled patterns than other races, and I should have been tempted tomake an assertion about a peculiarity in the Negroes, had not one of their groupsdiffered greatly from the rest.” He later states that “[t]he only differences so farobserved are statistical, and cannot be determined except through patience andcaution, and by discussing large groups” [17]. Whatever similarities there may bein fingerprint patterns within groups are only statistical similarities, and should notinterfere with the use of fingerprints for identification.
29
would pierce through that interface such as a deep knife wound, or adeep burn to actually distort the template at the epidermal, dermalinterface ([42], pp. 1-2).
The uniqueness of fingerprints is also rooted in their fetal development. Babler
stated that factors that could affect the arrangement of ridges include “genetics,
environmental factors, chemicals, disease, and perhaps the shape of” the end of the
finger. Babler stated:
[T]here are many different factors, many, many different factors thatinfluenced the development of the friction ridge and ultimately thedevelopment of its secondary characteristics, the minutiae, the actualshape of the ridge itself. All these are so numerous and so individualthat they–that I cannot conclude anything but that each and everyfriction ridge and their arrangements are individual and specific ([42], p.2).
Babler provides reasons based in fetal development for the permanence and
uniqueness of fingerprints. Observations and experiments confirming that perma-
nence and uniqueness were carried out by Henry Faulds, a 19th century Scottish
medical missionary in Japan. Faulds first became interested in fingerprints when
he noticed patterns of parallel lines in ancient pottery fragments. When preparing
to lecture medical students on use of the sense of touch, he had become aware of
the pattern of ridges on his own fingertips. Faulds suddenly realized that he was
seeing impressions from the ridges of ancient potters on the fragments. When he
examined modern pottery in the market, he found a multitude of fingerprints.
While looking at China tea sets, Faulds noted that “one peculiar pattern of lin-
eations would reappear with great persistency, as if the same artist had left her
sign-mark on her work.” and that pottery could be matched to the potter by the
ridge marks [2].
An interest in anthropology led Faulds to begin taking fingerprints of friends,
relatives, and any other people available. He first sketched the ridges, later took
prints in wax,and finally began inking all ten fingertips and taking prints on paper.
30
He wanted to see if prints differed according to the groups the people came from.
However, he was only able to collect European and Japanese fingerprints. He
wrote to scientists in other parts of the world, but none were interested in his
ideas. Then the medical alcohol began to disappear from a locked cabinet in his
hospital. Faulds found a laboratory beaker that had been used as a drinking glass,
and comparing the fingerprints on it to his cards, found a match to a medical
student [2]. Later, a member of the staff was accused of attempting to burgle the
hospital. Faulds showed the police that the suspect’s fingerprints did not match
those left by the burglar, proving the suspect was innocent. At this point Faulds
realized that fingerprints could solve many legal problems related to identification.
He hesitated to publish the idea because of a “most depressing sense of moral
responsibility and danger. What if someone were wrongly identified and made
to suffer innocently through a defective method? It seemed to me that a great
deal had to be done before publicly proposing the adoption of such a scheme.” He
realized the necessity of proving that fingerprints were unique and permanent [2].
Faulds and his medical students used a razor to shave off their finger ridges
until not fingerprint pattern remained. Their fingerprint ridges grew back in
identical patterns. They repeated the experiment with pumice, sandpaper, emery
dust, acids, and bases, and in all cases the fingerprints grew back with the exact
same patterns as before the treatments [2].
He also studied children between the ages of 5 and 10, and found that their
fingerprints did not change as they grew. When a scarlet fever epidemic caused
severe peeling of skin, Faulds found that there was again no change in the finger-
prints [2].
In the course of his studies, he had collected thousands of fingerprints, leading
to the conclusion that fingerprints were unique. Faulds was finally satisfied that his
discovery was worthy of publication [2].
31
Francis Galton found further scientific evidence for the permanence of finger-
prints. Galton made a careful study of fingerprints taken over a period of 28 years,
and found them unchanged except in ways that could be accounted for by wear;
The question arises whether these finger–marks remain unalteredthroughout the life of the same person. In reply to this, I am able tosubmit a most interesting piece of evidence, which thus far is unique,through the kindness of Sir Wm. Herschel. It consists of the imprintsof the two first fingers of his own hand, made in 1860 and in 1888respectively; that is at periods separated by an interval of twenty-eightyears. I have also two intermediate imprints, made by him in 1874 andin 1883 respectively. The imprints of 1860 and 1888 have now beenphotographed on an enlarged scale, direct upon the engraver’s block,whence Figs. 9 and 11 are cut; these woodcuts may therefore be reliedon as very correct representations ([16], p. 201).
Galton goes on to describe the details of the prints, and to give instruction on
how to compare fingerprints, then concludes,
A careful comparison of Figs. 9 and 11 is a most instructive studyof the effects of age. There is an obvious amount of wearing andof coarseness in the latter, but the main features in both are thesame ([16], p. 202).
He also cites several other scholarly publications on the topic of fingerprints,
and refers to widespread experimentation, and in describing the difficulty of
producing good impressions of fingerprints for study, comments that “All this is
rather dirty work, but people do not seem to object to it; rivalry and the hope of
making continually better impressions carries them on” [16].
Galton published an example of fingerprints that did not change. It is clear
that a number of people were experimenting in the area. If people studying
fingerprints out of “rivalry” had found an example of a fingerprint changing, they
would certainly have published it.
Level 1 detail of fingerprints tends to be the same for family members, and
especially for identical twins. However, the formation of level 2 and 3 detail is
32
more controlled by embryonic environment, so these features are unique in every
fingerprint, even between identical twins [41].
Cloned monkeys also have unique fingerprints and palm prints, although all
monkeys have the same level 1 pattern [41].
More recently, Donald Zeisig of Lockheed Martin Information Systems, the
developers of the FBI’s computerized fingerprint system, performed a test known as
the “50k x 50k study,” comparing 50,000 fingerprints to each other. Unfortunately,
Zeisig’s work has not been published [29], but some information on the testing
procedure and results is available from his expert testimony at a hearing relating
to the admissibility of fingerprint evidence in court [51]. Zeisig first describes
the matching process. Two matching algorithms, one developed internally, and a
second from Sagem/Morpho of France, independently compared each print to each
other in the set. The two scores were then fused to determine whether there was
a match. The fusion algorithm makes use of extreme value statistics, which take a
lot of information, and look for some unusual occurrence, which in this application
is a match. For the 50k x 50k study, the first 50,000 left slope loops from white
males were extracted from the database of fingerprint images. Images were limited
to left slope loop patterns and white males in order to increase the likelihood of
finding matching prints. Zeisig also “noted that if the system was able to extract
Level 3 Detail that he expected the calculated probability to be even lower than
determined in the tests” [51].
When full one inch fingerprints were compared, it was concluded that the
probability of finding two identical fingerprints, either on different fingers of the
same person or on different people, was one in 1097, and when the prints are
cropped, and only the middle 21.7 percent of the prints are compared, the chance
of different prints matching is one in 1027. The smaller areas were compared
because latent prints from crime scenes are often smaller than one inch. Each
33
print was compared with all 50,000 prints, including itself. Probabilities were
determined by taking the top 500 scores from each set of 50,000 and normalizing
them to the give the best score in each set, which came from a comparison of a
fingerprint image to itself, a score of 1. Then, the means and standard deviations
were determined either with or without the the comparison of the image to itself.
Results were reported for the case where the high score from the comparison of the
image with itself is included because inclusion of this score was found to broaden
the curve and produce a higher probability of a false match [51].
The experiment found several matches of prints with different FBI numbers
which turned out to be two rolled prints of the same finger. Unfortunately, it is
difficult to determine the meaning of some parts of the testimony, because it refers
to some items the participants were given, which are not included in records of
the trial. In the experiment on the reduced area, simulated latent prints, another
pair of prints with different FBI numbers was found. To gain more information
on whether or not they were a false match, Zeisig compared all combinations of
prints on the two cards, and found “an extremely high score for all 10 fingers
going in both directions” (the comparison process is not commutative. If print A
is compared to print B, and then B is compared to A, the scores will not be the
same.) One might wonder why the other nine pairs of fingers were not matched in
the original experiment. However, if the other nine fingerprints of the individual in
question were not left slope loops, they would not have been included in the data
set of 50,000 prints. The FBI examined the actual 10-print cards, and confirmed
that they were from the same person [51]. It might be considered circular reasoning
to conclude that the two sets of prints are from the same person on the basis
of close similarity of all ten prints in a study used to test the hypothesis that
all fingerprints are unique. However, given other evidence for the uniqueness
of fingerprints, it seems more reasonable to suppose that the same person was
34
fingerprinted twice than that two different persons had all ten fingerprints identical.
Recall that even identical twins have different fingerprints [41].
In another case, a match was found between two adjacent fingerprints on
the same 10-print card. Zeisig used a program to plot the minutia that had been
extracted from the two fingerprints in question, and based on an area of one
print that seemed to include minutia from a part of the other, concluded that the
two prints must overlap on the 10-print card. Examination of the 10-print card
confirmed his conclusion.
The defense attorney questioned Zeisig about a normalized score for two prints
of the same finger which was lower than normalized scores of different fingers in
other tests. However, its normalized score was second highest among all 50,000
scores for prints compared to its mate [51]. The highest score would have been
for the first print of the pair compared to itself. If the raw score in this case was
unusually high, which could be due to a large number of minutia in the print, then
the other normalization factor would also be high, so other scores in this set of
50,000 would be lower than in other sets. We might expect the other print of the
finger to also have a high number of minutia, and to achieve a high score, but it
may have been a low quality print. When the same two prints were compared in
the other direction, they matched better. However, it was not determined that they
were two prints of the same finger until the second half of the experiment, when the
central 21.7 percent of each print was compared [51].
Williams criticizes this test on several points in a paper critical of the current
state of biometrics [54].
1. The court record is incomplete: are there 5,000 white males, eachwith “10-print cards” or 50,000 different males, each with one “full-size, 1-inch” rolled print, or somewhere in between?–Were differentfingers involved, etc.? Did each print have a corresponding artificialpartial print...? ([54], p. 100)
35
It is clear that at least some individuals had more than one left slope loop
fingerprint, and therefore that more than one of their prints was included.
Specifically, for one individual two adjacent fingerprints were found to match
because the prints overlapped on the 10-print card and therefore contained
the same minutia. An individual does not normally have the same class of
fingerprint on all ten fingers, and it would be quite remarkable if the first
50,000 left slope loops from white males in the FBI database were from 5,000
individuals with 10 left slope loop prints each. While not clearly stated, from
the extra experiment described above, in which Zeisig compared all ten prints
from two 10-print cards of two prints that had a high score, we may infer that
the other nine prints were not in the data set, otherwise they would already
have been compared and found to match in the test. Presumably, they were
not left slope loops. Thus we can see that some individuals had multiple
prints in the data set, but the data set did not consist of 10 prints each from
5,000 individuals.
2. There is no hint of peer review, nor control for organizational-conflict-of-interest (OCOI) in the Lockheed-Martin/AFIS-relatedfindings ([54], p. 100).
This is a valid criticism. It appears that the test was done after the system
was already in operation. Had it been done as a condition for acceptance
of the system, there would have been some check on conflict of interest, but
at the stage of the trial, good results would be desired by both the FBI and
Lockheed-Martin. Publication of this work would seem to be an opportunity
to lay to rest doubts about the uniqueness of fingerprints in general, and the
capabilities of the system in particular. A worthwhile paper could surely be
prepared without revealing proprietary information on the system.
3. There is no justification given for excluding all but white males,yet drawing inferences for all humanity, for all time ([54], p. 100).
36
However, Zeisig testified:
The reason we selected the left slope loops, and I can’t say thisfrom personal knowledge, but the white males, I’ll have to relyon the testimony of other experts in that area, was to increasethe likelihood that we were going to find a match, matching setof minutia if it was there. In other words, that would be a bias infavor of the defense case ([51], p. 51).
Zeisig, and apparently others involved in planning the test, know that they
are looking for a rare event, so they make a choice that will increase their
chances of finding it. If this were the only study that had ever been done
on fingerprints, it would indeed be worrisome that only white males were
included. However, recall that anthropological studies of fingerprints go back
to the beginning of fingerprint science, and only statistical differences between
groups have been found [15], [17].
4. There is no justification reported for treating perfect artificialpartial fingerprints as equivalent to latent fingerprints (LFP),which are normally degraded images of crime-scene fingerprintimages ([54], p. 100).
This point is important for the forensic use of fingerprints, but has no
bearing on the question of uniqueness. It does not relate directly to biometric
authentication, however the importance of a good quality image is discussed
below.
5. There is no justification given of the automated techniques em-ployed, including such issues as provenance, technology, testing,validation, maintenance, and quality assurance–they are all treatedas equivalent to human examiners ([54], p. 100).
There is some truth here. However, the ability of the matching programs
to detect unsuspected duplicate prints, and to detect details of one print
overlapping another, provide some level of proof that they function properly.
In the testimony, Zeisig describes the system in generalities, but states that
37
details of the algorithms are proprietary [51]. It is probably not reasonable to
expect very much information in some of these areas.
6. These extraordinary numbers demand detailed scientific reconsid-eration. Even the difference, 70 orders of magnitude, strains thecredulity without extensive review by the scientific community atlarge ([54], p. 100).
While the numbers are indeed extraordinary, given the probabilities deter-
mined in the experiment, the difference is about what should be expected.
Two full print have a probability of 10−97 of matching [51], and if all el-
ements of area of the prints were independent, we would expect that the
probability of the middle 21.7% matching would be (10−97)21.7/100, or 10−21.0,
more than the observed 10−27. If areas of the print were independent, the
difference would be 76 orders of magnitude. This indicates that the elements
of area of a single print are not independent, which is not surprising since
fingerprints have patterns. One part should have some degree of relationship
to the others.
Discussion of the Validity of Fingerprints for Forensic Identification
This section will discuss several legal challenges to the admissibility of finger-
prints in trials, and whether these challenges would also apply to the usefulness of
biometric authentication. These challenges are based on two important cases and
one rule adopted by Congress related to admissibility of scientific evidence in court.
First, the “Frye Test” comes from Frye v. United States, from the District of
Columbia circuit court in 1923. The opinion ruling that results from an early type
of lie detector could not be admitted states [1]:
While courts will go a long way in admitting expert testimony deducedfrom a well-recognized scientific principle or discovery, the thing from
38
which the deduction is made must be sufficiently established to havegained general acceptance in the particular field to which it belongs2
The Frye test has been criticized on several grounds [1]. It is said to be overly
conservative, because it requires waiting until scientific ideas become accepted in
the legal community before they can be of use in court. Second, there is no clear
standard for when or if an idea is accepted in the scientific community. It may be
difficult to know which field to consult on a particular idea to determine if it is
accepted.
In 1975, Congress adopted Federal Rule of Evidence 702:
If scientific, technical, or other specialized knowledge will assist thetrier of fact to understand the evidence or to determine a fact inissue, a witness qualified as an expert by knowledge, skill, experience,training, or education, may testify thereto in the form of an opinion orotherwise ([40], p. 6).
Although this rule does not mention the Frye condition of “general accep-
tance,” it was still applied by many courts until the supreme court clarified that it
had been superseded by rule 702 in the second important case, Daubert v. Merrell
Dow Pharmaceuticals, Inc. in June 1993 [40]. Justice Blackmun explained the
meaning of scientific knowledge:
The adjective “scientific” implies a grounding in the methods andprocedures of science. Similarly, the word “knowledge” connotes morethan subjective belief or unsupported speculation. The term appliesto any body of known facts or to any body of ideas inferred fromsuch facts or accepted as truths on good grounds. Of course, it wouldbe unreasonable to conclude that the subject of scientific testimonymust be “known” to a certainty; arguably, there are no certainties inscience. But, in order to qualify as “scientific knowledge,” an inferenceor assertion must be derived by the scientific method ([40], p.6).
Justice Blackmun also gave four standards for admissibility [1], [54].
1. Whether or not a scientific theory or technique can be and has been tested.
2 293 F. 1014 (D.C. Cir. 1923), quoted in [1].
39
2. Whether the theory or technique has been subject to peer review and
publication.
3. Whether the technique has a “known or potential rate of error” and stan-
dards controlling the technique’s operation exist and have been maintained.
4. The Frye test, whether the technique has general acceptance in the scientific
community.
After Daubert, all courts that considered challenges to fingerprint testimony
came to the conclusion that it should be admitted until United States v. Plaza in
2002, where Judge Pollak decided that fingerprint examiners and the process of
comparing latent prints from crime scenes to prints taken under controlled condi-
tions met only the fourth of the Daubert factors, “general acceptance within the
American fingerprint examiner community” [40]. It was found to lack requirements
of testing, peer review, and standards, and “the rate of error is in limbo.” There-
fore, the parties would be allowed to introduce fingerprints, explain how they were
obtained, and point out similarities and differences. But they would not be able to
present expert testimony on whether or not prints matched.
However, Judge Pollak took judicial notice of the permanence and uniqueness
of fingerprints. He stated that
A judicially noticed fact must be one not subject to reasonable dis-pute in that it is either (1) generally known within the territorialjurisdiction of the trial court or (2) capable of accurate and readydetermination by resort to sources whose accuracy cannot be reasonablyquestioned” ([40], p. 5).
Ziesig’s testimony on the 50k x 50k study described above provided grounds
for judicial notice of uniqueness, and Babler’s testimony on the prenatal develop-
ment of fingerprints, also described above, provided grounds for judicial notice of
permanence. Thus the important points for biometric authentication, the perma-
nence and uniqueness of fingerprints, were not questioned by the court. Methods
of acquiring and matching latent prints are irrelevant to biometric authentication.
40
However, it will be necessary to consider whether fingerprint scanning devices
record sufficient detail for reliable authentication.
Pollak reconsidered his decision not to allow expert testimony on matching
of fingerprints because the first decision was based only on the transcripts of
testimony given in a similar case, and the judge had not heard any live witnesses.
Following testimony by American and British experts, Pollak decided that forensic
use of fingerprints met the standards of Daubert [41].
Hardware
Three types of fingerprint scanners are in use to capture images of fingers. The
resolution of the captured images is from 250-625 dots per inch, with 500 dots per
inch commonly used [37]. Higher resolution allows the capture of finer details, and
a system that authenticates based on pores, which are smaller than ridges, has a
resolution of 800 dots per inch [46].
The area of the fingerprint captured ranges from 0.5 to 1.25 inch square, with
a 1 inch being a common size [37]. Larger area will insure the inclusion of more de-
tails in the captured print. However, an area of 5 mm2, which would contain more
than 20 pores, is said to be sufficient for authentication with pores, and 10 mm2
would contain about 12 minutia, and would be sufficient for authentication [46].
However, if a scanner only captured 5 mm2 fingerprint images, the same 5 mm2
would have to be captured in enrollment and matching. This would probably result
in a very high FRR.
Each pixel is usually encoded with 8 bits, giving an intensity range of 0-
255 [37]. Design of a fingerprint capture device is a compromise between size,
resolution, and cost. The goal must be to capture a maximum of detail with a
minimum of size and cost.
Optical fingerprint scanners produce an image by illuminating a finger placed
on glass surface with laser light. Light is reflected by ridges, but not by valleys
41
of the finger. The reflected light is captured by a Charge Coupled Device (CCD)
array. Optical scanners may be advantageous if a large image area is desired,
because larger area sensors are cheaper than same size solid state sensor [37].
Solid state fingerprint scanners usually produce an image via a capacitance
measurement. The scanner consists of an array of conductive plates covered
by dielectric layer. The finger is placed on the dielectric layer, and forms the
other plate of the capacitors. The capacitance, and therefore the voltage, on the
plates depends on distance, so it is different for ridges and valleys. Pressure-
sensitive sensors, made of piezoelectric material, have also been proposed [37]. Solid
state could be equipped with automatic gain control to get high contrast image,
automatically compensating for factors such as variations in dryness and pressure
of the finger [37].
Ultrasonic scanners use sound waves reflected from finger to form an image.
They are said to be less affected by dirt and skin oil on the finger [37].
Internal Algorithms for Matching
A wide variety of algorithms have been used for matching of fingerprints.
Fingerprint matching algorithms most commonly work with minutia, but some
work with pores, and others perform global pattern matching, or pattern matching,
comparing the flow of ridges at all points in the prints [37].
After a general description of processing in a typical minutia-based fingerprint
authentication system following O’Gorman [37], several specific algorithms are
briefly discussed.
Fingerprint images tend to be noisy because fingers may be ”dirty, cut,
scarred, creased, dry, wet, worn, etc.” Therefore, in most cases, image enhancement
is necessary before features can be extracted. The first step is usually a locally
adaptive matched filter, which takes advantage of fact that fingerprints are made
up of parallel ridges. It enhances ridges oriented in the direction of the ridges in
42
the locality, and decreases anything with a different orientation from the local ridge
direction. The next step is to convert the gray-scale image to a binary image. This
is done by locally adaptive thresholding. A threshold is chosen locally to get binary
image of ridges, features. Next, ridges are thinned, reducing the width of ridges to
a single pixel. This aids in finding minutia. All of these steps require significant
amounts of computation. Therefore, instead of thresholding and thinning, some
systems trace the ridges and find minutia in the gray-scale image.
Next the features, which in this case are endings and bifurcations of ridges,
must be extracted. If the ridges have been thinned, an ending is the end of a thin
line, and a bifurcation is the junction of three lines. Branches with short spurs
are likely to be artifacts of the thinning process, so they are eliminated. Other
minutia that are likely to be artifacts of image processing are also eliminated. The
resulting template has list of minutia, with type, location, orientation. Although
the type of minutia is usually included in the template, it is often not used in
matching because errors in determining type of minutia are common [37]. A change
in pressure can convert one type of minutia to the other [24]. Usually 10 to 100
minutia are found in a fingerprint.
Once the features have been extracted and a template has been produced,
it must be compared to the enrollment template. One method of comparing
templates is to compare all neighborhoods in one print to all neighborhoods in
the other, where a neighborhood is a small area of a print containing about 3
minutia. The match score is based on the number of neighborhoods that match.
Neighborhoods in two prints of the same finger are expected to be similar, not
identical, because of noisy images and elasticity of the skin, which can change
distances and angles between minutia. The match score is compared to threshold
to determine whether to accept or reject.
43
Alternatively, some algorithms find a core, which is the center of the finger-
print pattern, and a delta, where three different patterns come together, to orient
the print, and then only compare corresponding neighborhoods. However, not all
prints have a core and a delta [37].
A pore-based algorithm is very similar to the minutia-based algorithm de-
scribed above. The image is processed in a similar way, and then pore locations
and sizes are extracted from the image. A nearby minutia is used as a reference
point for matching the pores of one image to those of another because distances
can change due to plasticity of fingers. This change can cause important errors
over longer distances, but is not significant for nearby features. A match score is
determined from the proportion of the pores in the two images that match a pore
in the other image [46].
In global pattern matching the template image and the authentication image
are compared to see if their ridges match. Prints may be aligned by translation
and rotation first, if core and delta point are found. In order to determine how well
the images match, corresponding pixels are multiplied, and the results summed.
If the two images match, the sum will be higher than if they do not. Minutia
matching is generally considered to be more accurate. Pattern matching may be
faster, especially on vector processors, or if hardware for fast Fourier transforms is
available [37].
It is possible to combine several algorithms in a biometric authentication
system. Prabhakar and Jain [43] used four minutia-based algorithms and one based
on texture to process fingerprint images, and combined the results to classify the
fingerprint as a match or non-match. The first algorithm was Hough transform-
based matching. The prints were subjected to translation and rotation, then the
number of matched pairs of minutia were counted. A set of allowed translations are
carried out, and the score is computed based on the number of matched pairs in
44
each transformation. The highest score from all the translations is taken to be the
correct score.
In the second algorithm string distance-based matching, an anchor point is
selected in each pattern. The minutia are converted to polar coordinates with
respect to the anchor point, and concatenated into a string ordered by their radial
angle. Then the two strings are compared and their edit distance is computed.
The edit distance is converted to a match score. The anchor points are found by
determining the rotation and translation that gives the most matched pairs of
minutia within a bounded box. The minutia of one matching pair are used as the
anchor points.
The final minutia-based method was a dynamic programming-based matching
algorithm. In this algorithm, rotation and translation are found as in the string
distance-based algorithm above, the minutia are aligned by this rotation and
translation, and dynamic programming is used to find the maximum number of
matching minutia pairs. “The intuitive interpretation of this step is to warp one
set of minutia to align with the other so that the number of matched minutia is
maximized.” The match score is computed from the number of matched pairs, with
a penalty for unmatched pairs within the overlapping regions of the prints.
The fourth algorithm uses the texture of the ridges to classify the images.
First, the center is located by finding the point of maximum curvature of the ridges
in the print. If no center can be found, the image is rejected by this algorithm.
Next, a circular region, centered at the center point found in the first step, is
divided sectors by radial lines and concentric circles. The grey values in each sector
are normalized. Next, the circular region is filtered in eight directions with Gabor
filters, which produce a grey value in each sector depending on the direction of
the ridges in that sector. A feature vector, known as the “FingerCode,” lists the
average grey value of each sector with each filter. The Euclidean distance between
45
the enrollment template vector and the match template vector is computed. The
inverse of this distance is the match score.
The best of the individual algorithms, the dynamic and the filter algorithms,
had EER’s of 3.5%. When these two algorithms were combined with the string
algoritm, an EER of 1.4% was achieved. Performance with all four algorithms was
not quite as good. This is not unusual in classification problems when the amount
of data is finite [43].
Strengths and Weaknesses of Fingerprint Scan
Advantages of fingerprint scan for authentication include the uniqueness and
constancy of the fingerprint pattern for an individual, and the relative ease of use
of fingerprint scanners. It is also mature and commonly used [35].
Disadvantages include the inability to obtain a good fingerprint image of
some individuals. People whose work abrades or chemically attacks their skin, and
elderly people, may not be able to authenticate on such a system.
But the technology has glitches. Digital fingerprint readers can drawa blank on some people, such as hairdressers who work with harshchemicals, and the elderly, whose prints may be worn. Recent tests bythe independent research and consulting firm International BiometricGroup showed that some systems are unable to collect a finger scanfrom up to 12 percent of users ([18], pp 60-61).
A second problem is that fingerprint authentication systems can often be
spoofed with copies of a genuine user’s fingerprints. Thalheim et al. [49] were able
to authenticate on any of several solid state capacitive fingerprint scanners by
breathing on the latent print left by an authorized user. They then repeated au-
thentication by holding a thin-walled plastic bag of water on the sensor. Next, they
dusted a latent print on the sensor with graphite powder, pressed an adhesive film
on the surface, and applied a slight pressure. This allowed them to authenticate.
The mouse with one of these fingerprint sensors was supposed to have software that
46
would determine whether a fingerprint image had the same position and angle as
the last fingerprint, and if so reject it as a possible reactivated latent print.
Thalheim et al. [49] next used a fingerprinting kit to dust prints on surfaces
other than the fingerprint scanner, then lifted them with adhesive tape and pressed
them onto the scanner. They were again able to authenticate.
With an optical fingerprint scanner, latent prints could not be reactivated,
so Thalheim et al. made a wax impression of an authorized user’s fingerprint,
and filled it with silicone. With this “artificial finger” they were able to authenti-
cate [49]. They were also able to authenticate with a latent fingerprint dusted with
graphite powder and lifted on adhesive film, but on the optical scanner they had to
illuminate it from behind with a halogen lamp [49].
Thalheim et al. [49] were also able to spoof a thermal fingerprint sensor with
the silicone finger, but not by reactivating latent prints or by picking up dusted
latent prints from other surface on adhesive film.
Matsumoto successfully spoofed 11 different fingerprint scanners, including
both optical and capacitive types, using gelatin copies of fingerprints [47]. Molds
for the gelatin were made both with a plastic material and by a photographic
process. In the photographic process, latent prints on glass were enhanced with
cyanoacrylate adhesive and photographed with a digital camera. The contrast of
the photos was enhanced with Photoshop and the fingerprints were printed on
transparent sheets. Then the sheets were used as negatives for photo-sensitive
printed circuit boards. When the printed circuit boards were etched, a three-
dimensional fingerprint was produced. Then gelatin was molded on the etched
printed circuit board. With both types of fingerprint, a FAR of 80% was achieved.
If an impostor covers their finger with a thin layer of gelatin containing the finger-
print copy, they would appear to be using their own fingerprint to authenticate,
and could authenticate even under supervision.
47
To prevent spoofing, some sensors detect skin temperature, capacitance, or
resistance [37]. Some of the sensors spoofed by Matsumoto incorporated such
liveness tests. To defeat sensors that measure skin resistance, the gelatin should be
moistened. Finding the correct amount of moistening required practice [47].
2.4.2 Iris Scan
Iris scan is seen as a highly reliable biometric, and is currently in use for
automatic teller machines, portal control, and computer login. It is used in nuclear
power stations, prisons, and other government applications.
Permanence and Uniqueness of Iris Features
Wildes describes the iris as [53] “a thin diaphragm stretching across the
anterior portion of the eye and supported by the lens...”
The iris consists of several layers. From posterior, on the inside of the eyeball,
to anterior, near the front surface of the eye, the layers are:
1. Heavily pigmented epithelial cells that make the iris opaque.
2. Muscles that control the pupil.
3. The stromal layer, a layer of connective tissue, which contains a radial
pattern of corkscrew-like blood vessels.
4. Finally, the anterior border layer, in addition to connective tissue, is packed
with chromatophores, pigment cells. It is divided into two concentric regions.
The inner region is called the pupillary zone, and the outer region is the
cilliary zone. The cilliary zone has interlacing ridges due to support from the
stromal layer, and contractile lines that vary as the pupil opens or closes.
There are also striations due to the radial blood vessels, and various types
of small irregularities in the iris. Eye color is also due to this layer. If it has
little pigment, light passes though it, is reflected by the posterior surface of
the iris, and scattered by the stroma, producing blue color. If there is more
pigment, light is absorbed here, producing a dark eye color.
48
The high information content of iris patterns can be seen from the large
variability of a 256-byte IrisCode, which encodes the iris pattern of an individual,
between different people [8]. The probability that any particular bit of an IrisCode
from an unspecified population is set is close to 0.5. In a British Telecom exper-
iment, where each image was encoded with 2048 bits, there were 266 degrees of
freedom, because there is much correlation, especially radially, in an iris pattern.
Between any pair of iris patterns in the study, there would be a 1 in 1016 chance
that they differ in only 25% of their bits or less. A statistical comparison of the
patterns of right and left eye pairs of 324 people showed 259 degrees of freedom,
not much less than the 266 degrees of freedom for eyes from different people [8].
An individual’s right and left eyes are genetically identical, so this is taken as proof
that there is much variation in iris structure due to random, non-genetic factors,
and therefore the even the eyes of identical twins would not be very similar.
The decidability index is a measure of the distinctness of the distributions
of scores for genuine users and impostors, with means µ1 and µ2, and standard
deviations σ1 and σ2, is
d′ =|µ1 − µ2|√
(σ21+σ2
2)
2
(2.12)
For iris scan, d′ = 11.36. Based on these measurements, the EER for iris is 1 in 1.2
million [8].
While the color of the iris may change during the first year of life, ”the
available clinical evidence indicates that the... pattern itself is stable throughout
the lifespan” [8]. The blood vessels are developed at birth, the muscles mature
at about two years, and the average pupil size continues to increase slightly until
adolescence [53]. With advanced age there is slight reduction of the average pupil
opening, and slight depigmentation [53].
49
In photographs kept by an ophthalmologist over the course of 25 years, there
were no noticeable changes in iris patterns, but there were some changes in color.
The investigators were not able to determine whether the color differences were
real, or were artifacts of the photographic process and the aging of the color dyes in
the prints [8]. However, at least when infrared illumination is used, the iris pattern
is not expected to be affected.
The iris is protected by being inside the eye, behind the cornea. The only
common environmental factor that affects it is light, which causes dilation and
contraction of the pupil. Thus iris matching algorithms must somehow deal with
this variation. It might even be turned to advantage. Pupillary motion occurs
even when illumination does not change, and could be used as a ”liveness test” [8].
However, “intensive exposure to certain environmental contaminants (e.g., metals)
can alter the appearance of the iris” [53].
Although the iris of a dark-eyed person may appear in visible light to have
little detail,with infrared illumination, even dark-eyed individuals have a great deal
of detail in their iris [8].
Hardware
Formerly, iris scan systems used a visible light source to illuminate the iris,
and a visible light camera to obtain an image. One type of system used a point
light source, resulting in a simple design, but reflections would degrade the quality
of the image. A more complex design used a diffuse circular light source around
the camera, and polarizers to eliminate the reflection. At the expense of the more
complex illumination, a higher quality image could be obtained [53].
A current design uses an infrared point light source to illuminate the eye, and
a digital camera to capture an image [8]. Because placement of the iris relative to
the camera is critical, all systems provide some type of feedback, light, or reticle
that the user should bring into view in order to be authenticated.
50
Internal Algorithms for Matching
In iris matching, it is first necessary to locate precisely the boundaries of the
iris with integro-differential operators. The algorithm determines if the eyelids
overlap the iris, if so excludes them. Next, “a doubly-dimensionless coordinate
system is defined which maps the tissue in a manner that is invariant to changes
in pupillary constriction and overall iris image size, and” therefore not dependent
on camera distance. “The coordinate system compensates automatically for the
stretching of the iris tissue as the pupil dilates.” The iris pattern is then “encoded
into a 256-byte ‘IrisCode’ by demodulating it with 2D Gabor wavelets, which
represent the texture by phasors in the complex plane.” Then, if the bits in the
two patterns are not statistically independent, there is a match [8].
The iris code is not independent of rotation, so in case the camera or user’s
head is at a different angle than in enrollment, the matching must be repeated over
a range of angles. The best match is used [8].
When a user attempts to authenticate, “typically about 10% of the bits in an
IrisCode disagree when the enrolled and presenting patterns are compared, due to
factors such as inadequate imaging resolution, poor focus, motion blur, occlusion by
eyelashes, artifacts from contact lenses, corneal reflections, scattering from dust or
scratches on eyeglasses, CCD camera noise, etc” [8].
Advantages and Disadvantages
An advantage of iris scan is that the iris features do not change of the course
of a person’s life [35].
However, ”training and attentiveness” are needed for good image acquisition,
and perhaps for this reason the systems have a ”propensity for false rejection” [35].
Spoofing of an iris scan system is relatively difficult, but still possible. Thal-
heim et al. [49] were not able to authenticate with an iris image on a notebook
computer display or printed on paper. They noticed that the iris images displayed
51
on the computer screen during normal authentication, the pupil showed a bright
spot. They therefore cut out the pupil in the paper image of the eye, and put it
over the impostor’s eye. The system then granted access. They were also able
to enroll with an eye image. Then the person whose eye photograph had been
enrolled was able to authenticate. In favor of the iris scan system, Thalheim et al.
state “that under real life conditions it would not be easy to obtain iris images of
authorized persons.”
2.4.3 Retina Scan
Retina scan is used to protect assets such as nuclear weapons and research
and communications and control facilities. According to Hill, developer of retina
scan, “the installed base is a testament to the confidence in its accuracy and
invulnerability. Its small user base and lack of penetration into high-volume price-
sensitive applications is indicative of its historically high price and its unfriendly
perception” [19].
Retinal Technologies states that “No systems are currently available on the
market,” but they have an improved system that fits in the palm of the hand and is
convenient to use in the prototype stage [45].
Formation, Permanence, and Uniqueness of Retina Features
The uniqueness of retinal vein patterns was first noticed in 1935 by two
ophthalmologists, Simon and Goldstein, who then published a paper on the
identification of people based on blood vessel patterns in retinal photographs [19].
A study of identical twins showed that retinal vessel patterns showed the least
similarity of any characteristic compared [19].
The retina is located on the back interior surface of the eyeball, so it is not
exposed to environmental effects. Identification is often by infrared illumination.
The retina is transparent to infrared, so in this case identification is actually done
by the veins of the choroid, just behind the retina [19].
52
Hardware
The first working prototype of an automatic retina scan system was built in
1981. Production began in 1985. The systems developed by Hill used a special
type of camera that did a circular scan of the retina. Early models used visible
light, but more recent systems used infrared illumination. The eye had to be placed
about 3/4 of an inch from the scanner [19].
The Retinal Technologies prototype “uses a patented aspheric lens array that
is capable of capturing a retinal image at distances as great as a meter from the
user’s eye. Drawn from ophthalmic imaging science, this technology is completely
safe and unobtrusive. Glasses, contact lenses and existing medical conditions,
such as cataracts, do not interfere with the scanning of the retina using this
technology” [45].
Internal Algorithms for Matching
The camera first does a circular scan of the retina, “and produces a circular
image consisting of 256 12 bit samples.” Two different methods of processing were
used by Hill at different times. The earlier method converted this image into a 40
byte reference signature in the frequency domain for each eye. The the signature is
a normalized contrast waveform over the whole circle. Later, an additional 32 bytes
per eye of time-domain information was added to speed up matching. Another
system stores a 48-byte template consisting of 96 equally-spaced 4-bit contrast
measurements in the time domain. Although it uses more storage, less computation
is required, as the frequency domain versions require a fast Fourier transform to be
performed [19].
In case the head is at a different angle relative to camera in authentication
from the angle in enrollment, the acquired waveform is shifted a small angle
relative to the enrollment waveform and compared several times to find the best
53
match. Two templates are normalized to same RMS value, and then a “Fourier-
based correlation” is used to generate a match score [19].
Advantages and Disadvantages
Retina scan seems to be an extremely high security technology. In testing by
Sandia National Lab there were no false acceptances, and a 1% FAR with three
trys. The distribution of impostor scores has a Gaussian distribution, and from the
tail of the distribution a FAR of about 1 in 106 is predicted [19].
Spoofing such a system would be difficult. Alignment would be difficult with a
“fake eye.” If further protection against spoofing was needed, Hill suggests that the
System could display a random number in the alignment optics during scanning.
Then the user would be required to enter it in order to authenticate [19].
For successful authentication, the user should not fear the retina scan system,
and should be motivated, before enrollment. Users who perceive a benefit do better
than those who simply avoid a negative effect, such as not being able to work
somewhere [19].
Retinal scan also has important disadvantages. Some users fear eye damage.
The systems do not work well out of doors, or in areas with high light level,
because bright light causes the pupil, to contract,lowering the signal in the retina
scan [19].
Also, medical changes, in particular pregnancy, may cause changes in the veins
of the retina, causing false rejection [36].
2.4.4 Dynamic Signature Scan
Dynamic signature verification is a behavioral biometric.
It is seen as having a unique capability to verify not only identity but also
intent 3
3 Personal communication, Ulrich Pantow, October, 2002.
54
Formation, Permanence, and Uniqueness of Signature
Signature biometric systems use dynamic information, such as the speed
and pressure of the pen during signing. The advantage of using this dynamic
signature information is that it is less easily available to a forger than the static
characteristics of the signature. The disadvantage is that it is less consistent than
the static information [34].
An individual usually has significant variation in the way they sign. There are
also consistencies in the way a person signs their own name, and the way a forger
signs. “In general, our speed along high-curvature curve segments is low relative to
our speeds along low-curvature curve segments, our average overall speed varying
greatly from one instance of a pattern to another irrespective of whether we are
producing our own pattern or forging someone else’s” [34]. Both the inconsistencies
within an individual’s signature, and the consistencies between the genuine user
and the forger are undesirable for a biometric characteristic.
Hardware
Hardware for signature scan is a digitizing tablet. Some signature verification
systems can make use of pressure data if it is available from the tablet.
Internal Algorithms for Matching
Among the features of a signature that can be measured and compared are
the total time the pen is in contact with the paper, the average or RMS pen
speed, acceleration, or pressure, pressure vs. time, and the x and y components of
position, velocity, acceleration, force vs. time. Time-based features are generally
thought to do better in tests. Nalwa thinks that the reason time-based systems
do better in tests is because forgers are unaware that dynamic features are being
measured, and simply attempt to reproduce the shape of the signature [34]. If this
is indeed the case, it is security by obscurity. The advantage of the time-based
55
characteristics will only last until forgers learn that they are being measured.
Nalwa’s system makes use of both dynamic and static characteristics.
When people sign their names, they vary the ratio of height to width, so this
ratio must be normalize before signatures can be compared. Nalwa normalizes ratio
of sum of vertical displacements to horizontal displacements [34].
Signature curve must be parameterized, which is a one-to one mapping from a
parameter onto the curve. Time is usually used as the parameter, but Nalwa uses
the normalized arc length, the fraction of the total length the pen travels in writing
the signature. Features measured vs. this parameter are x and y coordinates of the
center of mass, torque, which is the cross product of the position of the pen and the
tangent to the curve, and moments of inertia which are averages of x2, y2, and xy
over the window [34].
Features are averaged over a window. The window should be large enough
to average out noise, but not so large that it averages out real differences between
impostor and genuine signatures. The window size should be less than the width of
a single character [34].
In enrollment, the consistency of each feature is measured as the inverse of
the standard deviation over several signatures. Performance improves as number
of signatures is increased up to six signatures. A mean and standard deviation are
computed for each feature [34].
Then, for matching, the features of a signature are compared to the features
measured at enrollment. The signature is allowed to warp along its length to
minimize error, because this is a typical variation between different signatures of
the same person. To determine a score, the errors are weighted, so that errors in
features that were more consistent during enrollment are given more weight than
those that have large standard deviation during enrollment [34].
56
Equal error rate for this method is about 3.6%, and the chosen operating con-
dition is a 1% FAR and 7% FRR. The method or methods used by the impostors is
not specified [34].
Advantages and Disadvantages of Dynamic Signature Verification
Advantages attributed to dynamic signature verification are resistance to
impostors, the ability of users to change their signature if it is “stolen” by an
impostor, and the perception by users that it is not invasive [35].
However, inconsistent signatures are said to lead to increased error rates [35].
2.4.5 Voice Scan
Voice scan is a biometric technology with a variety of application [6]. It can
be used locally or over a telephone network. It can be text dependent, using
a particular phrase, either fixed at enrollment or specified by system, or text
independent, authenticating the user on the basis of any phrase they speak.
Applications include access control, telephone banking, and telephone credit cards.
Formation, Permanence, and Uniqueness of Voice Features
Both physiological factors, the shape of the vocal cords, throat, mouth, etc,
and learned factors affect speech. The shape of the vocal tract will produce the
unique characteristics of a person’s speech [6].
For a number of reasons speech is subject to change. Some of the reasons are
more directly connected with the speaker, and others might be considered artifacts
of the environment or the authentication process.
Changes in the speaker that can affect the verification process include changes
in speaker’s emotional state, sickness, and aging. Other factors that will change
the speech heard by the system include ambient noise and echoes of the speaker’s
voice, errors by the speaker in repeating a required phrase, changes in microphone
placement, inconsistent or bad acoustics in the room, and use of a different
microphone than was used in enrollment.
57
Hardware
The hardware for voice scan depends on the application. If it is used locally,
assuming the computer has multimedia capability, the hardware is a microphone
and the sound card or chip in the computer. If it is used over a telephone system,
hardware for digitizing the audio signal would be needed.
Internal Algorithms for Matching
There are five steps in voice scan authentication [6]:
1. Data acquisition: A microphone converts a sound wave into an analog
signal, which is usually filtered to limit bandwidth to half the sampling
rate. The signal must then be digitized. The resolution is usually 12 to 16
bits resolution, with a sampling rate of 8,000 to 20,000 samples per second.
When speaker verification is done locally, the analog signal can be of high
quality, if a good microphone is used. When verification is done over a
telephone network, distortion of the analog signal may make verification more
difficult [6].
2. Feature Extraction: Each interval of speech, typically 10 to 30 ms, is rep-
resented by a vector in a multidimensional feature space. Features with a
great deal of variability between speakers, but little variability for different
instances of speech from the same speaker, should be selected [6].
3. Pattern matching: The sequence of feature vectors is compared to that of
the enrollment template, and a match score is generated that represents the
similarity of the feature vectors to the template. There may be one match
score for each sequence vector, or a single one for the whole pattern. Two
types of models are used in pattern matching, template models and stochastic
models [6].
With template models, the pattern matching is deterministic [6]. The speech
sample captured in authentication is assumed to be an imperfect copy of
58
the template. The sequences of feature vectors is aligned with those in the
template to minimize some distance d between them. Dynamic time warping
is used to compensate for differences in the rate of speech. It attempts to
match up the feature vector sequences in a way that minimizes the sum of
the distances between matching feature vectors, which is the match score for
the speech sample. The i th feature vector of the speech sample might match
up with a vector greater than i of the enrollment template if the speaker
spoke faster, or less than i if the speaker spoke slower than in producing the
template. A score can them be calculated as exp−ad where a is a positive
constant [6] yielding a score that decreases as distance increases.
Vector quantization is another template-based method of deriving a match
score [6]. Vector quantization uses a codebook of words collected from each
user during enrollment. The match score is the sum of the distances of the
feature vectors from the closest codewords in the codebook. The code book is
formed in such a way that temporal information is averaged out, so there is
no need to do time warping.
The nearest neighbor method combines vector quantification and dynamic
time warping [6].
A stochastic model attempts to determine the likelihood of observing a par-
ticular pattern given the enrollment information for the claimed identity [6].
A hidden Markov model is a stochastic method of pattern matching. The
conditional pdf for the claimed identity, and then the probability that the
phrase was spoken by that person can be determined. This probability is the
match score for the speech segment.
4. Making a decision to accept or reject, based on the score from pattern
matching.
59
In a test involving 9300 trials, in which impostors spoke in their normal voice,
with dynamic time warping there were 19 false acceptances, and the FRR was
about 5%. Using the nearest neighbor method, an EER of 0.5% was achieved.
These two methods made errors mostly on different people. Therefore, improved
performance might be achieved by using multiple pattern matching algorithms to
process an authentication attempt. Combining the scores could produce improved
results. A recent high-performance speaker detection system combines eight
systems [6].
Advantages and Disadvantages of Voice Scan
Voice scan works with leveraging telephony infrastructure. ”It effectively layers
with other processes such as speech recognition and verbal passwords” [35]. It also
lacks negative perceptions.
Weaknesses of voice scan include susceptibility to replay attacks, problems due
to low-fidelity equipment and ambient noise, and large template size. Enrollment
can be difficult and for authentication the user has to speak in the same way as
during enrollment
2.4.6 Face Scan by Visible Light
Face scanning may be carried out with visible or with infrared light. The
two techniques have very little in common, so this section will deal with face
recognition using visible light, and infrared will be reviewed in the next section.
Face scan systems have a number of practical applications, but also some
instances of successful use. Casinos use them to look for known card counters.
The system alerts employees, who check to see if the person really is the suspected
card counter. A high rate of false positives is acceptable, because the false pos-
itives are dealt with by employees, and do not inconvenience non-card-counting
customers [35].
60
In other applications it has not been found useful. In Tampa, a video camera
system that could be focused on an individual, who could then be identified by a
facial recognition system, was installed on a street in Ybor City [48]. Police logs
obtained by the ACLU for four days of operation showed that there were 14 false
positives, but no identifications of suspects were found over the entire period of
use, from June 29, 2001 to August 11, 2001. A newspaper reporter observed the
operators acquire images of 457 people on a Friday evening, when an average of
125,000 people visit the area. The police turned off the system after a little over a
month of use, apparently because they did not find it useful.
A test of a similar system at the Palm Beach International Airport had a false
positive rate of 1%, and a false negative rate of more than 50% on a “mock terror-
ist database” [54]. In such an application, an even higher false positive rate might
not be harmful. Security personnel search a number of passengers, apparently
chosen at random, unless little old ladies are likely suspects for hijackers. They
could search the positives instead of random people. But if the false negative rate
is so high, the might not be useful.
Formation, Permanence, and Uniqueness of Face Features
Compared to some other biometric characteristics, such as the fingerprint and
iris, the face has a small number of features on which to base identification. These
features may be subject to change due to plastic surgery or disguise, or even gain
or loss of weight [44].
Internal Algorithms for Matching
There is a variety of approaches to face recognition. Older types of face
recognition programs are written to make predefined measurements on faces, such
as ”distances and angles between eye corners, ends of the mouth, nostrils, and top
of the chin” [52]. More recent programs also measure the intensity of light reflected
from areas such as hair and cheeks. Problems with this type of approach include
61
the difficulty of detecting features automatically, and the small number of features
available for this type of technique to work with.
A newer approach to face recognition is to use neural networks and similar
methods which do not rely on the programmer to define what features should
be measured [52]. However, the network may become large, resulting in slow
computation, if the number of faces is large.
Finally, approaches known as ”appearance-based” represent the face with a
high-dimensional vector, where every pixel in the face image is a component of the
vector [52]. Linear discriminant analysis is used for recognition of faces represented
in this way. Many commercial face recognition systems use this type of algorithm.
In appearance-based algorithms, a covariation matrix is computed from the
face training images. Then principal component analysis is used to find basis
vectors of a subspace that contain the face images centered by subtracting the
mean value of each component from the individual face’s value. The k vectors
with the largest eigenvalues are the most useful for image reconstruction. They
are known as the Most Expressive Features (MEF ). Alternatively, a subspace
that has the most scatter between different individual’s faces, without increasing
scatter between a various images of a single individual’s face, can be found by
linear discriminant analysis. This subspace is known as the Most Discriminating
Features (MDF ). matching algorithms using MDFs have better recognition rates
than MEFs. However, they may require more data to compute [52].
Strengths and Weaknesses
Face recognition systems are convenient, requiring no contact from users,
and can even locate the face as the user approaches the computer [49]. However,
they suffer from high error rates and are susceptible to spoofing by relatively easy
means.
62
In one test of facial recognition systems, test subjects were enrolled, then
tested again six weeks later. Under ideal, controlled conditions, some systems had
FRR’s of almost one third [18].
Spoofing of facial recognition systems has been carried out with a picture
of an authorized user displayed on the screen of a laptop computer. When the
laptop screen was presented to the camera, the system accepted the picture as an
authorized user [49].
Thalheim et al. also managed to authenticate on a Cognitec facial recognition
system with “Live-Check,” a feature that looks for movement of the face in order
to foil attempts at spoofing with a still picture. While the system did reject still
images, when they displayed a video clip in which a user’s face turned slightly from
side to side, they were granted access to the system [49].
2.4.7 Infrared Face Scan
Infrared face scan is fundamentally different from face scan using visible light,
because the details used for recognition are not visible face features, but a thermal
profile depending on blood flow in arteries and veins within a few centimeters of
the skin. There is much more detail on which to base recognition, and it is likely
to be harder to spoof than visible face recognition. While the infrared camera
required is more expensive, like visible face scan it requires no contact with the
subject. It is easy to use, requiring little or no training. It could also be used
without cooperation, perhaps in performing identification in public areas such as
airports [44].
Formation, Permanence, and Uniqueness of Infrared-detectable FaceFeatures
For infrared face scan, a camera picks up IR emitted by the face, in either the
mid(3-5 micron) or long (8-12 micron) IR band. Because the infrared forming these
images is generally thermal radiation, the images are known as thermograms. The
63
images consist of thermal contours due to blood vessels up to 4 cm below surface.
Position of blood vessels would only be changed by growth, injury, or surgery.
Prokoski and Riedel [44] present facial images of identical twins. Even
though their visible light face images are indistinguishable, they have different
thermograms. Such thermograms are claimed to have more information than
fingerprints [44].
Many medical factors can affect human thermograms. They are affected
by “ingestion of substances which are vasodilators or vasoconstrictors, by sinus
problems, inflammation,arterial blockages, incipient stroke, soft tissue injuries, and
other physiological conditions” [44]. Thermograms are also affected by changes
in ambient temperature. Illumination only has an effect if it is intense enough to
change face temperature. However, anatomical data due to the unique pattern of
blood vessels in each person, and not subject to these factors, can be extracted
from the image [44].
These blood vessel patterns are generally permanent. Plastic surgery to
reroute blood vessels
would necessarily cause incisions detectable in infrared, and would riskdamaging facial nerves. It is, therefore, considered possible that a per-son could surgically distort his facial thermogram to avoid recognition,but the thermogram would contain evidence that he had done so ([44],p. 194).
Other changes, such as weight loss and gain, cause rubber sheeting distortions
only, which are dealt with in the matching algorithm [44].
In infrared face scan, Minutia points are specific junctions of facial blood
vessels. There are 175 of these minutia. These minutia would be a rich source of
information for face recognition. With a very sensitive camera, they can be located
in the image. With a less sensitive camera, their locations must be determined
from thermal contours [44].
64
Hardware
Infrared face scan requires an infrared camera. Infrared cameras cost more
than visible light cameras, so such systems are more expensive than visible light
face scan. According to Prokoski and Riedel, “When the cost of providing con-
trolled lighting for a visible ID system is included, the current cost discrepancy is
about $10,000 per system. That figure has been decreasing by about 30% per year
for the past 10 years, which reduction is expected to continue” [44].
Internal Algorithms for Matching
After an image is acquired, it must be processed to find the face in image and
to determine if the image quality is adequate for identification or authentication. It
must them be normalized for orientation and amplitude. Finally, background and
noise must be removed [44].
Authentication can be done by methods similar to those used with visible light
images of faces. The upper face has the best information for recognition. The lower
face ”presents more clues to gender and expression.” Glass and plastic lenses do not
transmit the wavelengths used, so eyeglasses obscure the eye area [44].
Tests were carried out with no adaptive algorithms, no training, carried out
on a wide variety of people, with and without glasses, of different heights and skin
tones, over several weeks, The best results achieved so far were an EER of 1% [44].
Matching using minutia is under development. Infrared cameras now in the
prototype stage can directly image the minutia. With production cameras, minutia
must be calculated from the thermogram. Then minutia matching algorithms
similar to those used for fingerprint matching can be used. These algorithms are
fast, and could allow searching of large databases for a match [44].
Using minutia for matching, a profile or partial image of a face in a crowd
would be analogous to a partial fingerprint, and would still contain some minutia,
so that it might still be possible to match it to a pattern in a database [44].
65
Advantages and Disadvantages of Infrared Face Scan
Infrared face scan works in any level of light, even in darkness. It is easy to
use, and does not require contact with the apparatus [44].
While it would be possible to block the IR image, perhaps with a ski mask,
the image could not be easily altered without the attempt being visible in the
thermogram. For example, fake facial hair has a different effect on the thermogram
than does real facial hair [44].
The main disadvantage at this point is the high cost of the infrared camera
required.
2.4.8 Hand Scan
Hand scan systems are in use for verification of holders of non-transferable
passes at Disney theme parks in Orlando [30]. The 102 systems in use at eight
theme parks have processed 12 million transactions. Users are age 10 or older,
and not all speak English, so the system must be simple and intuitive to use.
Enrollment and verification must both proceed quickly. Disney is more concerned
with throughput than accuracy, and considers false acceptance less harmful than
false rejection. Only a single measurement is taken for enrollment. When they
were installed in 1995, they required 31 seconds per person. By 1997, the time
was reduced to 11 seconds per person, as compared to 5.5 seconds per person
for non-biometric turnstiles. They only scan two fingers, as opposed to the full
hand [30]. This may be because until recently they were concerned about the size
of templates, due to integration problems.
Apparently not all users are as happy with hand scan as Disney World.
And at New York-Presbyterian Hospital, where long queues sometimesform at hand-scan readers, frustrated employees smashed machines twoweeks in a row last month. Yet Joe Salerno of New York-Presbyteriansays every building has a hand reader. He speculates that employeesmay be upset about the rigorous timekeeping ([18], p. 62).
66
It would be interesting to know the average time required for experienced users
who are in a hurry to get through so that they and their colleagues are not docked.
A time clock takes about one second per person, and unless the hand scanner is
considerably faster than the 11 seconds reported by Disney, this could be a problem
with the biometric system.
Formation, Permanence, and Uniqueness of Hand Features
The features used in hand scan are the dimensions of the hand and fingers.
These dimensions may change due to growth. Systems often average the
new measurements taken in authentication with the existing measurements in the
template to allow for slow changes in dimensions due to growth and aging [55].
Hardware
A typical hand geometry system uses a CCD camera and infrared illumination
to take two orthogonal images of the hand [55]. One image is from the top, and the
other is from the side. In each case, only the outline of the hand, and not details
such as fingerprints or scars, is recorded. The hand and fingers are held in position,
with the fingers spread, by a number of pegs.
Internal Algorithms for Matching
One type of hand scan system extracts 96 measurements from the images
of a user’s hand. The matching algorithm may simply sum the absolute values
of the differences in these 96 measurements between the enrollment and match
templates [55].
Advantages and Disadvantages of Hand Scan
Hand scan systems are easy to use with little training [30]. Testing by Sandia
National Lab confirmed an EER of 0.1% when two tries were allowed [55].
2.5 Architecture of Biometric Authentication Systems
A variety of architectures are possible for biometric authentication systems. A
system could be self-contained. A laptop computer with built-in fingerprint scanner
67
is an example of such an architecture [33]. However, in most cases, a biometric
system comprises two or more devices connected by some sort of network. Most
biometric devices connect to a computer via a USB port. It may also be desirable
to store user’s enrollment templates, and possibly even to carry out processing and
matching on a server, when a user is authenticating on a client. A user database
might be on a server, and the server might offer a more secure environment
and greater computing power for the processing and matching process [3]. Such
a biometric authentication system must have a “ ‘trusted path’ between all
factors used in a particular ID/Authentication and the ‘trusted computing base’
performing the validation of the inputs” [54]. Otherwise it will be subject to
attacks such as the stealing of templates discussed on page 16 above.
Interception of the biometric data being sent from the biometric device is
another real threat. Thalheim et al. intercepted USB packets from a fingerprint
mouse, and from the intercepted packets (which would contain an image of the
fingerprint, rather than a template) they were able to reconstruct fingerprints.
They then used a “micro controller with USB support and some storage capacity”
which they programmed to “respond with answers identical to those of the actual
scanner and then at the right moment play back the stored biometric data” in
order to log in. In order to prevent such an attack, they suggest the use of a
challenge-response protocol where “the biometric scanner and the application
mutually authenticate one another and thereafter communicate with one another
exclusively in an encrypted fashion” [49].
If the biometric device is to authenticate itself, it must have some computing
power and memory. This creates the option of carrying out some or all of the
processing and matching on the biometric device, and even storing the database of
users and templates there.
68
Chen et al. propose the use of a smart card with a trusted display to protect
users from malicious biometric systems which might steal a user’s biometric
data [7]. The smart card would authenticate the platform and the biometric
device, and give the user a signal through a built-in display to indicate that they
have authenticated successfully. If they do not authenticate, they may have been
tampered with, and the user will know not to present their biometric data to the
device.
2.6 Biometric Standards
Biometric standards are useful because they make integration of biometric au-
thentication systems with operating systems or other software easier. In particular,
combining multiple biometric authentication systems would be much easier if they
all followed the same standard. Three standards have been published and used to
varying degrees. In general, these standards specify an interface for the interaction
of a software module specific to a particular piece of biometric hardware, known
as a biometric service provider (BSP) with some other system that would make
use of biometric authentication, such as an authentication middleware. Then soft-
ware systems can deal with a variety of biometric authentication subsystems in a
generic way. This would allow easy substitution of, say, an iris scan for a facial scan
system, or an improved fingerprint scanner for a less capable one. They typically
offer a number of optional features, such as the ability to return a match score as
opposed to simply returning a “pass” or “fail” result. Since the score is related to
the degree of confidence the system has in its conclusion, this kind of information is
very useful for reaching a decision based on multiple biometric devices.
The first biometric standard is Human Authentication - Application Program
Interface (HAAPI). Version 1.0 was issued in August of 1997, and the final version,
2.0, was issued in April 1998 [9],
69
The BioAPI consortium, which eventually released the Biometric API
(BioAPI) standard, formed in April of 1998 to provide a multilevel API, where
HAAPI provides only a high-level API. Perceived competition with HAAPI caused
confusion in the biometric industry, with companies unsure which standard they
should follow. Then in February 1999 the HA-API Working Group and the BioAPI
Consortium merged [50]. BioAPI version 1.0 was released in March, 2000, and
version 2.0 was released in March of 2001 [4].
The BAPI standard was developed by I/O Software, and then purchased by
Microsoft. It remained proprietary, in contrast to HAAPI and BioAPI, which
are open standards. In December 1998, the BAPI group joined with the BioAPI
consortium [3].
The Common Data Security Architecture (CDSA), a joint effort of Intel and
The Open Group, is an open standard for an architecture incorporating many
security-related functions. When its developers became interested in including bio-
metrics, they initially set out to incorporate HAAPI [50], but it is now consistent
with BioAPI, having the same functions available, but with different nomenclature.
An open source reference implementation of BioAPI 2.0, consisting of middle-
ware and a password BSP, which interacts with the middleware as would a BSP
for a biometric device, and is provided as an example and for testing, is available
from the BioAPI Consortium’s website. The website also has links to companies
that supply BioAPI-compliant middleware and fingerprint, signature, face, hand
geometry, iris, voice, and lip movement BSPs [3].
2.7 Summary
While biometric authentication attempts to solve the problems of forgotten or
stolen passwords, and lost or stolen authentication tokens, biometric information
may also be subject to loss or theft. A significant proportion of people have
damaged or worn fingerprints, so that a fingerprint scanner may not be able to
70
acquire good enough information to authenticate them. Also, impostors may
be able to lift fingerprints from drinking glasses or other surfaces and produce
copies of the fingerprint in gelatin or silicone. The impostor may then be able to
authenticate with this artifact.
Additionally, biometric data might be stolen as it is transmitted from the
biometric device to the computer, or when it is stored in the computer. This
information might be used for replay attacks. It is particularly important to
prevent such attacks with a biometric authentication system. If a password
is stolen, it can be changed, but a person’s biometric characteristics cannot.
Therefore, communication between the biometric device and the computer should
be encrypted, and a nonce or timestamp should be used to prevent replay.
Other types of biometric authentication systems are known to be susceptible to
one or both of these types of problems, leading to high FRR and/or FAR. Devices
for which such vulnerabilities have not been reported may not have been tested
adequately, by a variety of means, to detect their vulnerabilities.
Fingerprint, iris, retina, and the face when imaged with thermal infrared
wavelengths have a great deal of unique information that is normally constant over
the life of a person. However, fingerprints may be rendered difficult to scan by
abrasion or exposure to chemicals. Retinal veins may change due to factors such
as pregnancy. As was mentioned above for fingerprints, iris scan is also vulnerable
to attack with an artifact. An impostor can use a photograph of a user’s iris to
authenticate. Such attacks for retinal scan or infrared face scan are not known.
Retinal scan and iris scan may suffer from high FAR. The main disadvantage of
infrared face scan seems to be the cost of the camera, which causes the system to
cost about $10,000 more than a visible light face scan system.
Other biometric systems are also known to have weaknesses. Voice scan is
vulnerable to ambient noise and replay attacks. Dynamic signature verification
71
may suffer from high FRR due to inconsistent signatures. Face scan with visible
light is also subject to spoofing with a picture of an authorized user. There does
not appear to be any information on spoofing of hand scan systems. It would be
interesting to attempt to spoof such systems.
The following section discusses how multiple biometric authentication systems
are combined in an attempt to overcome the weaknesses of single biometric
authentication systems, and achieve lower FRR and FAR.
A number of standards have been developed to specify an API for the bio-
metric authentication system to interact with the authentication component of the
operating system or a middleware. Adoption of such a standard would make the
biometric device and the device-specific software that goes with it interchangeable,
so that devices can be exchanged or upgraded with a minimum of effort and dis-
ruption. It would also allow easy combination of multiple biometric authentication
systems. Currently the biometric industry seems to be converging on a single
standard, BioAPI.
Because biometric authentication systems are in many cases susceptible to
spoofing, and generally have unacceptably high false acceptance or rejection rates,
there have been several attempts to combine multiple biometric authentication
systems. If an intruder is able to obtain or make an artifact, such as a gelatin
copy of a user’s fingerprint or a photograph of a user’s face or iris, they might
be able to authenticate on a single biometric system. However, if authentication
requires an acceptable combination of scores on several devices, an impostor with
an artifact for only a single device would probably be defeated. Also, a user whose
fingerprint is damaged by a weekend of bricklaying or rock climbing might fail a
single fingerprint test, but might still be able to authenticate via other devices if
multiple biometrics are in use.
CHAPTER 3PREVIOUS WORK IN COMBINING BIOMETRIC AUTHENTICATION
SYSTEMS
Biometric authentication can be considered a case of pattern recognition. A
subject makes a claim to be a particular authorized user, and presents biometric
data to one or more biometric devices. The device or devices and the associated
software process the biometric data to produce a score. Normally a high score
indicates a high probability that the subject is in fact the authorized user. A low
score indicates a low probability that the subject is the user, and a high probability
that they are an impostor. Because biometric authentication systems may suffer
from unacceptably high FAR, particularly when an adversary uses a physical or
logical copy of a user’s biometric information, such as a gelatin fingerprint or replay
of a valid authentication, and also unacceptably high FRR, several researchers have
combined multiple biometric systems into an authentication system with lower
error rates.
Methods of combining multiple classifiers fall into three groups, parallel,
cascading, and hierarchical [23]. Most reported combining methods fall into the
parallel category. In this category are such methods as voting, sum, and product
rules. It also includes schemes in which the scores from individual classifiers
are weighted before combining. All but one of the methods described below for
combination of multiple biometrics are parallel methods. In cascading methods,
“classifiers are invoked in a linear sequence” [23]. Usually less computationally
intensive classifiers are invoked first, and reduce the number of classes to be
considered by subsequent classifiers that require more computation [23]. Use of a
cascade combining method in a biometric identification system is described below.
72
73
Hierarchical methods combine classifiers into a tree. Each tree node may be a
complex classifier making use of a large number of features. Neural networks may
lead to hierarchical classifying methods [23].
Particularly for parallel combination schemes, if we have N devices, it is
convenient to form a vector from the N single device scores, x = (x1, x2, . . . , xN)
It is also possible to process the data from a single biometric device with sev-
eral algorithms, generating several scores, as described above [43]. If a device made
multiple scores available to the user, each score could be treated as a classifier,
and dimensionality of the vector x would be the number of classifiers, rather than
the number of devices. Alternatively, each algorithm could be treated as a logical
device, and the number N of logical devices would be greater than the number of
physical devices. Some commercial biometric devices use multiple classifiers inter-
nally, and provide a single score to the user, which is the result of combining these
classifiers. This is done in the Automated Fingerprint Identification System used
by the FBI [51], and also in the Softpro dynamic signature verification system. 1
Then a decision rule is needed to map the N -dimensional vector to one of
two classes, ω1 and ω2 for accept and reject. The goal of the decision rule is to
simultaneously minimize two types of errors, false rejection of authorized users and
false acceptance of impostors, as described above.
3.1 Optimal Bayes Decision Rule
The optimal Bayes decision rule, equation (2.10),
Accept if
1 Personal communication, Ulrich Pantow, October, 2002.
74
L(ω1, ω2) · p(x|ω2) · P (ω2) < L(ω2, ω1) · p(x|ω1) · P (ω1) (3.1)
otherwise reject
where L(ωi, ωj) is the loss when a pattern belonging to ωj is assigned to
ωi. Thus, L(ω1, ω2) is the loss incurred when an authorized user is rejected,
and L(ω2, ω1) is the loss incurred when an impostor is accepted. P (ωj|x) is the
posterior probability, or the probability that the pattern belongs to ωj given the
values of the measurements that make up the vector x [27]. and P (ω2) and P (ω1)
are the a priori probabilities that the person attempting to authenticate is an
impostor or a genuine user, respectively.
If the loss incurred in a false rejection is assumed to be equal to the loss
incurred in a false acceptance, and the a priori probabilities of impostors and
genuine users are assumed to be equal, the optimal Bayes decision rule can be
simplified to
Assign Z to class ωi if
P (ωi|x) > P (ωj|x) (3.2)
or “assign Z to the class with the maximum a posteriori probability,” where
Z is the pattern to be classified This rule is therefore known as the “maximum a
posteriori” rule [27].
Kittler et al. [27] develop several rules for classification from Bayesian theory.
They derive the product rule, sum rule, max rule, min rule, median rule, and ma-
jority vote rule by making different assumptions and simplifications. Kittler et al.
develop these equations for any number of classes, but for biometric authentication,
a pattern Z is a person attempting to authenticate, and must be assigned to one
75
of two classes, ω1 and ω2 for accept and reject. This allows simplification of some
equations.
The pattern is represented by the measurement vector x = (x1, x2, . . . , xN)
made up of the scores from N biometric devices. Then, according to Bayesian
theory, if the a priori probability of a class ωk is P (ωk), for a set of measurement
vectors, a pattern should be assigned to the rule
assign Z → ωj if
P (ωj | x1, ..., xN) = maxk
P (ωk | x1, ..., xN) (3.3)
From the Bayes theorem, the a posteriori probability can be rewritten as
P (ωk | x1, ..., xN) =p(x1, ..., xN | ωk)P (ωk)
P (x1, ..., xN)(3.4)
where p(x1, ..., xN | ωk) is the conditional joint probability density function for
measurements on class ωk and p(x1, ..., xN) is the unconditional measurement joint
probability function. The unconditional joint pdf is just the sum of the joint pdf’s
of the classes, times their probabilities,
p(x1, . . . , xN) =2∑
j=1
p(x1, ..., xN | ωj)P (ωj) (3.5)
3.1.1 Product Rule
Because a large amount of data might be needed to determine the mea-
surement joint probability functions accurately, it might be desirable to assume
independence of the scores of the devices. If the devices are measuring different fea-
tures of the subject, the scores might be expected to be independent. For example,
76
a cold would be expected to affect a voice verification score but not a fingerprint
score. Then the conditional joint pdf becomes
p(x1, ..., xN | ωk) =N∏
(i=1)
p(xi | ωk) (3.6)
The assumption of independence of the scores from the individual classifiers leads
to the product rule. Substituting equations (3.5) and (3.6) into (3.4),
P (ωk | x1, ..., xN) =P (ωk)
∏( i = 1)Np(xi | ωk)∑2
j=1 P (ωj)∏
( i = 1)Np(xi | ωj)(3.7)
The denominator of the right side of equation (3.7) is the same for both
classes, so it can be neglected when (3.7) is substituted into decision rule (3.3):
assign Z → ωj if
P (ωj)N∏
i=1
p(xi | ωj) =2
maxk=1
P (ωk)N∏
i=1
p(xi | ωk) (3.8)
and in terms of the a posteriori probabilities from the devices,
assign Z → ωj if
P−(N−1)(ωj)N∏
i=1
P (ωj | xi) =2
maxk=1
P−(N−1)(ωk)N∏
i=1
P (ωk | xi) (3.9)
Note that if a single classifier gives a very low score and all others give a high
score, the product rule will give a low score. This is a weakness of this rule.
3.1.2 Sum Rule
If it can be further assumed that the a posteriori probabilities from the
classifiers do not differ greatly from the a priori probabilities, the sum rule can be
77
derived. Thus it will apply when the classifiers are not very sure how to classify
something.
Then the a posteriori probabilities will be
P (ωk | xi) = P (ωk)(1 + δki) (3.10)
where δki � 1. Substituting the a posteriori probability in equation (3.10) into
the right side of equation (3.9),
P−(N−1)(ωk)N∏
i=1
P (ωk | xi) = P (ωk)N∏
i=1
(1 + δki) (3.11)
and expanding the product and neglecting terms that are second or higher
order in δki,
P−(N−1)(ωk)N∏
i=1
P (ωk | xi) = P (ωk) + P (ωk)N∑
i=1
δki (3.12)
Then substituting (3.12) into (3.9), and using (3.10) to eliminate δki, the sum
decision rule is
assign Z → ωj if
(1−N)P (ωj) +N∑
i=1
P (ωj | xi) =2
maxk=1
[(1−N)P (ωk) +N∑
i=1
P (ωk | xi)] (3.13)
With the assumption of equal a priori probabilities, this becomes
assign Z → ωj if
N∑i=1
P (ωj | xi) =2
maxk=1
N∑i=1
P (ωk | xi) (3.14)
78
3.1.3 Max Rule
If the sum of the N a posteriori probabilities in equation (3.13) is replaced by
N times the greatest probability, the Max rule results:
assign Z → ωj if
(1−N)P (ωj)+NN
maxk=1
P (ωj | xi) =2
maxk=1
[(1−N)P (ωk)+Nmax Nk=1P (ωk | xi)] (3.15)
which, with the assumption of equal a priori probabilities, becomes
assign Z → ωj if
Nmaxk=1
P (ωj | xi) =2
maxk=1
max Nk=1P (ωk | xi) (3.16)
Use of this rule in biometric authentication would assist an impostor who is
able to get one high score either by use of an artifact, or simply by chance.
3.1.4 Min Rule
The product of the posterior probabilities in equation (3.13) will always be less
than or equal to the minimum of the probabilities,
N∏i=1
P (ωk | xi) ≤N
mini=1
P (ωk | xi) (3.17)
When (3.17) is substituted into (3.9)and bounding the probabilities from
above, we get
assign Z → ωj if
P−(N−1)(ωj)N
mini=1
P (ωj | xi) =2
maxk=1
P−(N−1)(ωk)N
mini=1
P (ωk | xi) (3.18)
79
and with the assumption of equal prior probabilities,
assign Z → ωj if
N
mini=1
P (ωj | xi) =2
maxk=1
N
mini=1
P (ωk | xi) (3.19)
3.1.5 Median Rule
If equal prior probabilities are assumed, then the sum rule in equation (3.13)
can be thought of as an average a posteriori probability for each class from all the
classifier outputs,
assign Z → ωj if
1
N
N∑i=1
P (ωj | xi) =2
maxk=1
1
N
N∑i=1
P (ωk | xi) (3.20)
so the pattern is assigned to the class for which the average a posteriori
probability is a maximum. If one of the a posteriori probabilities is an outlier,
it will influence the average, and could cause a wrong decision. The median is
less easily influenced by outliers, so it can be considered as a rule for combining
classifiers:
assign Z → ωj if
Nmed
i = 1P (ωj | xi) =
2maxk=1
Nmed
i = 1P (ωk | xi) (3.21)
3.1.6 Majority Vote Rule
If the a posteriori probabilities are hardened to produce a binary valued
function,
80
∆ki =
1 if P (ωk | xi) = max2k=1 P (ωj | xi)
0 otherwise
then 3.13 becomes
assign Z → ωj if
N∑i=1
∆ji =2
maxk=1
N∑i=1
∆ki (3.22)
so that the class with the largest number of votes is selected.
3.1.7 Experimental Test of Rules for Combining Classifiers
Then Kittler et al. [27] report the results of experiments testing these rules for
combining classifiers. In one experiment they combine three biometrics, frontal and
profile views of the face and voice verification. Equal error rates of 12.2%, 8.5%,
and 1.4% were obtained for the individual frontal, profile, and voice biometrics.
Equal error rates for the various combination rules are 0.7% for the sum rule, 1.4%
for product, 12.2% for maximum, 1.2% for median, and 4.5% for minimum. The
sum rule has the best performance. For some reason the majority vote rule was
not used. They computed a correlation matrix for the data used to compute the
individual biometric scores, which showed that there was some correlation between
face profile and voice, but not much between frontal face and the other biometrics.
A second experiment involved character recognition. In this case the median rule
was best, with a classification rate of 98.19%, and the sum rule was a close second
at 98.05%. A majority vote is next at 97.96%, followed by the max rule at 93.93%,
the min rule at 86.00%, and the product rule at 84.69%. The min and product
rules were both worse than any of the individual classifiers used for character
recognition.
81
In order to explain the superiority of the sum rule, which requires the assump-
tions of independence and that classes are ambiguous, they show that errors have
less influence on the sum rule than on the product rule.
3.2 Nonparametric Methods and Likelihood Ratio
Prabhakar and Jain [43] use several matching algorithms to classify fingerprint
images from a single fingerprint scanner. The goal is to achieve lower error rates
than any one of the algorithms could achieve alone, without the expense and
inconvenience of using multiple biometric devices. They develop a classifier
combination method that does not assume any particular form for the probability
density functions of the classes, and also does not assume independence of the
scores from the various matching algorithms.
First a class separation statistic is used to choose the subset of available
algorithms that gives the best separation of authorized users and impostors [43]. A
natural assumption would be to assume that the more algorithms used, the better
the result should be. If the pdf’s of the classes are perfectly known, increasing the
number of features, in this case the number of algorithms generating a score for
a fingerprint, will never decrease the accuracy of classification. If the additional
features have some independent data from those already in use, classification
accuracy would be expected to improve. However, in many real cases, where
densities are not known perfectly, and must be estimated from limited experimental
data, there is a “peaking phenomenon” in classification performance as the number
of features is increased. Beyond some point, further increase in the number of
features results in a decrease in classification accuracy [23]. This is known as the
“curse of dimensionality.” The optimum dimensionality depends on the number of
data points available. It is considered good practice to use at least ten data points
for each dimension. However, for some approaches, the data requirement is much
greater.
82
A naive table-lookup technique (partitioning the feature space intocells and associating a class label with each cell) requires the numberof training data points to be an exponential function of the featuredimension. ([23], p. 11)
Prabhakar and Jain use such a technique. Then, although they compared 2572
fingerprint images from 167 subjects against each other, resulting in 7472 genuine
user matches and 3,298,834 impostor matches, the best performance was achieved
with the use of only three of the four algorithms that were studied [43].
Next the Parzen window density estimate of the N -dimensional density
function is used, where N is the number of algorithms in the optimal subset. The
density estimate at a point x, with n data points available, is
p(x) =1
nhN
n∑j=1
{ 1
(2π)N2 |Σ|1/2
exp[− 1
2h2(x− xj)
tΣ−1(x− xj)]} (3.23)
where h is the width of the N -dimensional window over which the density
is averaged, and Σ is the covariance matrix, which is estimated from the n data
points [43]. The larger the value of h, the greater the smoothing of the estimated
density function. If h is too small so that a small number of points fall inside the
window, random variations will influence the distribution. If h is too large, features
of the distribution may be obscured [13].
Finally, a likelihood ratio, equation (2.7)
R = P (x | ω2)/P (x | ω1) (3.24)
is used to assign to class ω2 if R is large, and to class ω1 if R is small. If a limit
is set on FAR, for example, and regions of minimum R are assigned to class ω1,
the class of genuine users, until the FAR limit is reached, then the remaining
regions are all assigned to class ω2, for impostors, or alternatively, a limit for
83
FRR is chosen, regions of maximum R are assigned to class ω2 until the FRR
limit is reached, this method will yield an optimal Neyman-Pearson decision
rule. Experimental results for one of the matching algorithms show that, while
the impostor curve appears to be close to a normal distribution, the error rate is
significantly better when the nonparametric Parzen window density is used. The
likelihood ratio gives lower error rate than the sum rule, which is better than the
product rule [43].
3.3 Majority Voting
Dieckmann et al. [10] tested a system that either verified or identified people
entering a building. The subjects looked at a camera and said their names.
The camera captured a still image of the face, as well as lip movement, while
a microphone captured the voice. These data were processed to obtain three
hard decisions, and if two of the three decisions were positive the person was
authenticated or identified. It was claimed that voice and lip movement, being
dynamic features, are more difficult to fake than static features, such as the face
image. The voting scheme is said to be “very reliable and robust against changing
light conditions (sun movement, clouds, changing electric lights) and against a
noisy environment. If one cue is disturbed the other two still guarantee a safe
classification.” Because false rejection was seen to be more undesirable than false
acceptance, the three classifiers were trained to minimize (2FRR + FAR). In the
verification test, the face image had FRR of 0.005 and FAR of 0.027, lip movement
had FRR of 0.26 and FAR of 0.035, and speech had FRR of 0.009 and FAR of
0.019. The system had a FRR of 0.002, and FAR of 0.003.
3.4 Weighted Sum Rule
Duc et al. [12] used Bayes theory to combine scores from a face image and
speech. They assume independence of the face image and speaker verification
scores. They also assume that the log of the misidentification score follows a
84
normal distribution. The misidentification score is the difference between the true
authentication score, which is one for a genuine user and 0 for an impostor, and the
actual score for the authentication attempt. A weighted sum of the face and speech
scores results, where the scores are weighted by the inverse of their variance. False
acceptance rates for face and speech were 3.6% and 6.7%, while the arithmetic
mean of the two scores achieved a false acceptance rate of 1.2% and the Bayesian
method achieved 0.54%.. The false rejection rates were 7.4% for face, 0.0% for
speech, 2.1% for the arithmetic mean, and 0.0% for the Bayesian method.
Jourlin et al. [25] combine visual information from lip movement with acoustic
information from speech. The combined system was tested on 37 people, who were
recorded speaking the digits from 0 to 9 in French. Each person was recorded five
times at one week intervals. They used the first three recordings for training of
their classification system. The fourth was used for validation. The threshold was
chosen to minimize errors on this set. The fifth, which was more difficult to classify
because of tilting of the speaker’s head, not shaving, poor signal to noise ratio in
the voice recording, or poor focus of the camera, was used for testing. Tests were
carried out by comparing each person’s data from the fifth trial to their own speech
and lip movement patterns obtained from the first three recordings, and also to
a world model, which is a model of the speech of 500 people and lip movement
patterns of 36 people. A score is obtained by normalizing the ratio of the likelihood
that they are the claimed identity to the world likelihood, their similarity to the
world model. A weighted sum is used to combine the acoustic and lip movement
scores, with the best performance found at a weighting of 0.86 for acoustic and
0.14 for lip movement. Impostor tests were carried out in a similar way, comparing
a subject’s fifth recording to the speech and lip movement patterns of other test
subject’s first three trials. From just the acoustic information, the test achieved
FAR of 2.3% and FRR of 2.8%. Using just the lip movement information, the
85
FAR was 3.0% and the FRR was 27.8%. Combining the two, the FAR was 0.5%
and the FRR was 2.8%.
3.5 Cascading Method of Combining Classifiers
Hong and Jain [20] use a cascading method of combining face recognition
with fingerprint to construct an identification system. Because an identification
system may need to make a large number of comparisons, processing time is more
important. Therefore, face recognition is used to select the five best matches, and
then the fingerprint matching is performed only on those selected identities. Face
and fingerprint scores are assumed to be independent. Then the FAR is computed
for each of the five top face matches, based on both the face and fingerprint scores.
The system accepts an identity as correct if the computed FAR is less than the
required standard, and if the FAR is the minimum of the five returned from the
database on the basis of the face match. This system was tested using databases of
face and fingerprint images. Fingerprints were assigned to faces at random, based
on the assumption that fingerprint and face are independent. With a FAR of 1
%, the face FRR is 15.8%, the fingerprint FRR is 3.9%, and the system FRR
is 1.8%. With a FAR of 0.001%, the face FRR is 64.1%, the fingerprint FRR is
14.9%, and the system FRR is 9.8%. Included in the system FRR are the 1.8%
of the individuals who were not among the top five matches of the face recognition
system.
3.6 Hierarchical Methods of Combining Classifiers
Hierarchical methods, also known as decision trees, differ from the cascading
method in that information from all classifiers is assumed to be available at the
start of the classification process. Then decisions can be based on a single variable
or on a combination of variables. If the scores from the individual classifiers are
related, basing the decision on a single score rather than a combination of scores
introduces bias [11]. To avoid this, Draper et al. describe how to derive a decision
86
tree with a linear machine at each node that can reach a decision based on a linear
combination of all the scores with different costs assigned to different kinds of
misclassification errors[11]. Biometric systems that measure different characteristics
should be approximately independent, so the algorithm for building the tree is not
described here, but if a number of classifying algorithms were used on data from a
single biometric device, the results might not be independent, and such a technique
might be advantageous.
3.7 Summary
In summary, of the three general classes of procedures for combining classifiers,
most of the methods used for combining biometric classifiers are parallel methods.
The product, sum, median, min and majority vote rules can all be derived from
Bayesian theory with varying assumptions. The product rule, derived by assuming
that the classifiers are independent, can be strongly affected by a single low score.
Also it is more strongly affected by error in the classifiers than is the sum rule.
This is probably the reason that the sum rule, although it requires the further
assumption that the a posteriori probability of a genuine user or an impostor
does not differ greatly from the a priori probability, was found to have better
performance than the product rule. The median rule had performance comparable
to that of the sum rule, and the majority vote rule was slightly inferior. The min
and product rules were significantly lower. In other tests, a weighted sum rule
gave improved classification performance, with the weighting factors determined
empirically or with the inverse of the variance of a classifier’s scores used as a
weighting factor.
A PDF must be found for each classifier’s score for each class. If the classifiers
are not independent, then a joint PDF is needed. Determination of a joint PDF
requires much data, but gave improved performance when a number of algorithms
were used to classify a set of fingerprint images. However, in another study data
87
from frontal face, face profile, and voice were nearly independent. Thus, when
working with multiple biometric systems that measure different characteristics, it is
probably safe to assume independence, and a joint PDF need not be determined.
Probability density functions can be found by parametric methods, which
assume the distributions to follow some function, or nonparametric methods,
which make no such assumption. With a large data set of fingerprint images, a
nonparametric method, the Parzen window density, was found to be superior to
parametric methods [43]. A likelihood ratio was used to assign regions of the four-
dimensional space generated by the scores from four classifiers. This method was
found to be superior to the sum rule, which was superior to the product rule.
A biometric identification system made use of a cascading system, first invok-
ing a fast face recognition system to select a small number of close matches from
a database, and then a slower fingerprint to either find a match from among the
small set of close matches or to decide that the person is not in the database [20].
CHAPTER 4EXPERIMENTAL GOALS AND METHODS
The literature on biometric authentication systems suggests that unacceptably
high FAR and FRR remain problems. A genuine user may be rejected because of
worn fingerprints or failure to align the eye properly with an iris scan. An impostor
may use a silicone copy of a user’s fingerprint to be accepted. One goal of our
work was to test a variety of biometric authentication systems, and to determine
the FRR and FAR, particularly when the impostor uses some creative means to
spoof the system. Data from these tests would help us understand the individual
vulnerabilities of the various systems. A second goal of our work was to develop
an understanding of how multiple biometric systems could be combined, and how
much the FAR and FRR could be reduced.
4.1 Meaning and Measurement of False Acceptance Rate
Because FRR and FAR are related via the threshold, both must be deter-
mined in order to provide a useful description of a biometric authentication system.
Increasing threshold makes it more difficult to impostors to authenticate, lowering
the FAR, but it also makes authentication more difficult for genuine users, in-
creasing the FRR. Decreasing threshold will decrease FRR at the cost of a higher
FAR. Measurement of FRR is fairly straightforward. An adequate number of
test subjects should be enrolled, and should present their biometric feature to the
system in the proper way several times, perhaps with a delay of weeks or months
between attempts to determine if the biometric characteristic changes enough over
that time to increase the FRR. Many systems are tested in this way, [10] or on a
database of biometric data captured in this way [12], [20], [25], [43], [28], [27]. The
88
89
test subject’s data from different attempts are compared in order to find the FRR,
and the data from different subjects are compared in order to find the FAR.
However, the meaning and determination of the false acceptance rate presents
some difficulty because the FAR for a given biometric device will depend strongly
on the method used by the impostor. Then if the results of all tests, regardless
of method, are lumped together to determine the FAR from equation (2.2), the
result will depend on the relative frequency of tests by different methods. For
example, experimental results presented below will show that the FAR for an
impostor looking at an authorized user’s signature while signing it is much lower
than the FAR when the impostor traces the authorized user’s signature. If our
testing included many attempts in which impostors looked at the user’s signature
but few or none in which impostors traced the user’s signature, the vulnerability of
the device to the second kind of attack would be hidden in a low FAR. A first step
in evaluating a device is then to use any means that can be thought of to try to
fool the device, and determine a separate FAR for each means. However, a single
FAR might be needed for comparison to other types of devices (where an iris scan
would not be vulnerable to a silicone finger but might be attacked with a picture
of a user’s iris) or to determine if the device meets a standard. Ways in which the
FARs might be combined include
1. A weighted average FAR,
FARav =∑
i
wiFARi (4.1)
could be computed using the inverse of the difficulty of various attacks as a
weighting factor,
W 1i =
1
Di
(4.2)
90
W 1 =∑ 1
Di
(4.3)
w1i =
W 1i
W 1(4.4)
where Di is the difficulty of attack i and w1i is the weighting factor. The
probability or frequency of a particular attack might be expected to depend
on its level of difficulty. Factors that could be considered in a resource-based
estimate of Di might include the expertise needed to carry out the attack,
time needed to prepare for the attack vs. time available, the availability, cost,
and quality of materials and equipment needed, and if the user’s biometric
information is needed, the level of difficulty to copy that information. For
example, it is probably relatively easy to get a copy of a user’s signature or
fingerprint. On the other hand, acquisition of a usable iris image requires
close-up photography of the user’s eye, which would be relatively difficult [49].
2. The weighting factor might be the FAR of the attack divided by the dif-
ficulty, because impostors are more likely to attempt an attack that has a
high probability of success even if it is difficult. If use of a good quality iris
image has a high probability of success, more impostors will be expected to
try it in spite of the difficulty. In this case, the weighting factor to be used in
equation (4.1) would be
W 2i =
FARi
Di
(4.5)
W 2 =∑
i
FARi
di
=∑
i
W 2i (4.6)
w2i =
W 2i
W 2(4.7)
91
3. Use the highest FAR.
FARcombined = maxi
FARi (4.8)
This would avoid the problem of determining an appropriate weighting factor
for the various possible attacks. Also, the most determined and dangerous
impostors could be expected to use the method that is most likely to succeed,
even if it was more difficult. Members of the cleaning crew might put their
own fingers on a fingerprint scanner out of curiosity, and if they happened to
get access to the computer, they might check their favorite team’s score on
the internet. However, a spy might go to great lengths to produce a silicone
or gelatin copy of an authorized user’s fingerprint, and then use it to steal
important secrets. Even if the second kind of attack were much less frequent
than the first, it would probably be the one we should be more concerned
about.
A remaining difficulty here is that we may not think of the best means for
attacking a device, but the spy may.
4.2 Testing Procedures
A testing framework was developed to guide the testing. Tests were carried
out on four biometric systems by a group of 24 volunteers. The first week vol-
unteers enrolled and authenticated. They returned three times to authenticate
and, in some cases, to attempt to spoof the biometric devices. These sessions were
one week, five weeks, and six weeks after the initial session. At each session, test
subjects attempted to authenticate on each device they tested until they succeeded,
up to a maximum of three attempts.
A greater number of test subjects was desired. However, the only motivations
for people to authenticate were, for members of the IPPD group, to produce
data for our project, and for those outside the group, curiosity about biometric
92
devices, and a desire to help out friends. With the 24 test subjects, if each had
authenticated four times, as planned, there would have been 96 authentication
attempts. However, there were only 57 authentication attempts, and only three
test subjects authenticated four times. If a biometric authentication system could
be put into production, even on a limited scale, then users would authenticate
regularly, and a much greater amount of data could be collected.
In order to test the concept of combining multiple biometric authentication
systems, cases in which a user attempted to authenticate on the iris scan, signa-
ture, and thumbprint systems at the same time are needed. There were 31 such
occasions. Probably the main reason that the rest of the 57 authentication at-
tempts did not involve all the devices was that the iris software only allowed six
users. For the second week of testing, the hard drive was partitioned and multiple
copies of the operating system and iris software were installed, allowing more users
to be enrolled.
4.3 Curve Fitting
From dynamic signature verification scores, plots of FRR for genuine users
were generated by plotting score vs. k/(n + 1), where n is the total number of
points in the data set, and k is the rank of the point to be plotted. This results
in a plot of the fraction of authentication attempts below a particular score vs.
score. For each type of impostor attempt, such as tracing or attempting to forge
the signature from the user’s name, plots of FAR were generated by plotting score
vs. 1 − (k/(n + 1)), where the terms have the same meaning as for the genuine
user plot. This results in a plot of the fraction of authentication attempts above a
particular score vs. score.
Next, in order to better understand the distribution of scores from genuine
users and from various attacks, curves were fitted to each data set. In some cases,
no single curve was a good fit over the entire range. In those cases, preference
93
Table 4–1: Equations fitted to genuine and impostor signature data
Equation
IncreasingSigmoid y = a− b1+exp x−c
d
Weibull y = a exp [−(
xb
)c]
Sigmoidal y = a + b1+exp x−c
d
DualSigmoidal y = a + b1+exp x−c
d
+ e
1+exp x−fg
Exponential a exp−x−bc
Linear a + bxQuadratic a + bx− cx2
Cubic a + bx− cx2 + dx3
Quartic a + bx− cx2 + dx3 − ex4
was given to curves that were a good fit at high scores, because low scores would
normally be rejected.
Table 4.3 gives the equations that were considered. Lower case letters a
through g are adjustable parameters. Fitting was carried out with gnuplot, trying
all equations that appeared to be possible candidates for a particular data set and
selecting the one that appeared to give the best fit. The quantity of data available
was not judged to be great enough to justify any more detailed treatment. The
increasing sigmoid gave the best fit to the genuine scores. A Weibull function fit
the tail better, but did not give a good fit to the high score region where most of
the data points were.
Impostor data fit various of the other equations. Data for impostors tracing
a user’s signature fit the “Dual Sigmoidal” equation, indicating that the data
points were concentrated in the two regions of large slope. Some other plots fit a
sigmoidal curve, indicating that data points were more concentrated in a single
region. Most plots decreased more gradually, with the data points widely scattered.
Because of the small amount of data, curves were fitted to plots of FAR and
FRR, which are cumulative plots, rather than to a number distribution. The
cumulative plots should smooth out irregularities due to the small number of
points.
94
A few general rules for designing decision rules can be derived from the shapes
of the curves for genuine users and impostors.
1. Regions where the curve for genuine users is flat contain few or no genuine
user scores, and should therefore be rejected.
2. Regions of large slope in the curve for genuine users contain many genuine
user scores, so they should be accepted.
3. Regions where the curve for impostors is flat contain few or no impostors,
and should therefore be accepted.
4. Regions of large slope in the curve for impostors contain many impostor
scores, so they should be rejected.
These rules are only general guidelines, and if the rules based on the genuine
curve and impostor curve conflict, it will be more difficult to decide whether to
accept or reject scores in that region. The likelihood ratio, equation 3.24, might
be used to decide. In fact, the rules given above could also be derived from the
likelihood ratio.
After the plots of FAR and FRR were generated, plots of the derivatives of
the fitted curves were generated, and superimposed on the number density of data
points, to get an idea of the forms of the distributions. These plots indicate that
the tracing results follow a bimodal distribution. It would be interesting to have
more data to clarify whether the results really are bimodal. If they are, FAR can
be reduces by rejecting the regions where the impostor scores are concentrated.
4.4 Theory of Combining Multiple Biometric Systems
Two methods of combining multiple biometric authentication systems that in
practice exhibit good performance will be considered, sum rule and majority vote.
Based on reported experiments [27], the sum rule may be expected to outperform
majority voting. However, the thumbprint and iris systems give only a hard result,
not a score, so they cannot be combined according to the sum rule.
95
4.4.1 Majority Voting
For a system of N biometric devices, if we assume that an individual’s
attempts to authenticate on the various devices are independent, the probability
that an impostor can authenticate on all N devices is
N∏i=1
FARi (4.9)
and the probability that an impostor can authenticate on all but one device j
is
N∑j=1
{(1− FARj)N∏
i=1,i6=j
FARi} (4.10)
and the probability that the impostor will not authenticate successfully on any
device isN∏
i=1
(1− FARi) (4.11)
Then, if we assume the FAR and FRR for different devices are the same,
the probability that an impostor will successfully authenticate on all N devices
is FARN , the probability that the impostor will successfully authenticate on all
but one device is FARN−1(1 − FAR), and the probability that the impostor
will successfully authenticate on exactly k out of N devices is(
Nk
)FARk(1 −
FAR)N−k. These probabilities are terms of a binomial expansion. If the policy of
the biometric system is to require success on k of the N devices, the probability
that an impostor will succeed in authenticating on the system is the sum of the
probabilities for authenticating on k through n devices, or
FARsystem =N∑
i=k
(N
i
)FARi(1− FAR)N−i (4.12)
96
If we assume that FAR � 1, then the term with the lowest power of FAR
dominates. Also, (1− FAR) ≈ 1, so it can be ignored, and we get
FARsystem ≈(
N
k
)FARk (4.13)
By a similar method, the probability that an authorized user will fail to
authenticate on all N devices is FRRN , and the probability that the authorized
user will fail to authenticate on exactly k out of N devices is(
Nk
)FRRk(1 −
FRR)N−k. When the system policy requires success on k of the N devices, the
probability of false rejection by the system is the probability of rejection by at least
N + 1− k devices, so
FRRsystem =N∑
i=N+1−k
(N
i
)FRRi(1− FRR)N−i (4.14)
and assuming FRR � 1,
FRRsystem ≈(
N
N + 1− k
)FRRN+1−k (4.15)
Then for n = N , when k = 1, FARsystem = 2FAR and FRRsystem = FRR2.
If FRR is 0.01, for example, a large decrease in FRRsystem is associated with
a small increase in FARsystem. If we make k = 2, FARsystem = FAR2 and
FRRsystem = 2FRR. With three devices and k = 2, we get FARsystem = 3FAR2
and FRRsystem = 3FRR2. A substantial improvement in both FAR and FRR can
be expected with three devices.
Then if the single system error rate is 10%, the system error rate for two of
three devices is 3%. If the single system error rate is 5%, the system error rate for
two of three devices is 0.75%.
97
4.4.2 Sum Rule
Suppose a group of biometric devices have normally distributed scores for both
genuine users and impostors, with mean scores µg for genuine users, with variance
σ2g , mean scores µf for impostors, with variance σ2
f , and threshold T . For a single
device, the FRR is the probability that a genuine user’s score is less than T , or [5]
FRR = Φ(T − µg
σg
) (4.16)
and the FAR will be
FAR = Φ(µf − T
σf
) (4.17)
where Φ(x) is the cumulative PDF for the normal distribution. Because both
variance and mean are additive for normally distributed variables, [5] if three
biometric devices as described above are combined, the means will be 3µg and 3µf ,
and the variances will be 3σ2g and 3σ2
f . If the threshold is adjusted to 3T, the the
FRR and FAR become
FRRsystem = Φ
(3T − 3µg√
3σg
)(4.18)
FRRsystem = Φ
(√3(T − µg)
σg
)(4.19)
FARsystem = Φ
(3µf − 3T√
3σf
)(4.20)
FRRsystem = Φ
(√3(T − µf )
σf
)(4.21)
There is no simple relationship between the values of the single system FRR and
FAR, and those for a combination of three systems. If the original error rate was
98
10%, corresponding to 1 − Φ(1.3), the error rate becomes 1 − Φ( 1.3√3), or 1.2%, an
improvement over the error rate of 3% if the devices were combined by majority
vote. With an original error rate of 5%, corresponding to 1−Φ(1.65), the error rate
becomes 1 − Φ(1.65√3), or 0.2%, again superior to the 0.75% that would be obtained
by combining the devices by majority vote.
4.5 Summary
Most testing of biometric authentication systems reported in the literature is
carried out either by people presenting their own biometric features to the system
in the proper manner, which is suitable for determination of FRR, but not FAR.
Impostors can achieve much higher scores by somehow copying the biometric
characteristics of the user they are attempting to impersonate. Therefore realistic
testing must include attempting to find means to make and use copies of user’s
biometric features to authenticate. A variety of methods must be tried. Unless
there is some reason for thinking that the method with the highest FAR will be
impossible or very difficult for impostors, the highest FAR would probably be the
best value to use to judge the security of a system.
We have carried out tests on four types of biometric devices, testing them in
the normal way to determine FRR and by a variety of means to determine how
high an FAR we can achieve.
Curves were fitted to the data from tests on the dynamic signature verification
system, which was the only system under test that gave scores. Most curves had
forms similar to what might have been expected. The form of the curves provides
data that can be used for deriving a decision rule. Data for tracing of a user’s
signature by an impostor appear, on the basis of a very small amount of data,
to be bimodal, with data points concentrated in two regions. If it is, improved
performance can be attained by rejecting these regions.
99
Two methods of combining the results of multiple biometric authentication
systems to achieve lower error rates have been analyzed. The sum rule gives a
greater improvement in accuracy than does majority vote. Unfortunately, the
sum rule cannot be used with devices that do not give a score, which includes the
fingerprint and iris systems being tested.
CHAPTER 5RESULTS AND DISCUSSION
Four biometric authentication systems; a dynamic signature verification
system, a thumbprint system, an iris scan system, and a voice scan system, were
tested. The voice scan system’s performance was erratic. Because none of the
individual biometric authentication systems had satisfactory FRR and FAR, a
cascading system of multiple biometric devices with lower error rates was devised
based on the dynamic signature verification system, thumbprint system, and iris
scan system.
5.1 Softpro Dynamic Signature Verification
The user signs their name on a tablet (Wacom Graphire), and a biometric
service provider (BSP), a piece of software, compares both the shape of the
signature and the speed and pressure to an enrollment template. Dynamic and
static match scores, which range from 0 to 100, are displayed on the screen, along
with a “match” or “no match” message. A “match’ message is displayed if both
dynamic and static scores are at least 80. Thus, the software combines the two
measurements according to equation (3.19), the “Min rule”.
The software complies with the BioAPI 1.1 standard, and makes a combined
score available as specified by the API. This score is proportional to the sum of the
static and dynamic scores. The measurements are thus being combined according
to equation , the “Sum rule”. Both static and dynamic score undergo an integer
division by two before being added.
All 24 test subjects enrolled successfully with this device.
Each time they came in for testing, test subjects made up to three attempts to
authenticate.
100
101
Spoofing methods included
i The impostor signs their own name.
ii The impostor knows the victim’s username, but not the victim’s name.
iii The impostor knows the victim’s name, but does not see the victim’s signa-
ture. The impostor will not know, for example, if the victim uses a middle
initial.
iv The impostor sees the victim’s signature.
v The impostor traces the victim’s signature.
An additional spoofing method that was not tried would be for the impostor to
watch the victim sign, and to mimic the movements of the victim, in an attempt to
get similar pressure and velocity, in hope of achieving a high dynamic store.
There was only one attempt of type (i), where the impostor signed her own
name. The impostor and victim were twin sisters, with similar names. Annette
Vizuete attempted to authenticate as Jeannette Vizuete by signing her own name.
In three attempts her best score was .75 by the min rule and .82 by the sum rule.
Probably few impostors could do so well with their own names.
Figures 5–1 to 5–6 show the scores from authentication attempts by both
genuine users and impostors using methods ii to v. The FRR curves are obtained
by plotting the cumulative fraction of genuine user scores vs. threshold. The FAR
curves are obtained by plotting the fraction of impostor scores at or below the
threshold.
Equal error rates (EER), the point at which FAR and FRR are the same,
are used to compare the curves in different plots. They are not necessarily the
most desirable threshold level for actual use. Values in Table 5–1 show that a
single attempt gives the lowest error rates, and three attempts gives higher error
rates than two. There is little difference in EER between the “min rule,” using
the minimum of the dynamic and static scores, which is the criterion used by the
102
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signatureFAR, viewing signatureFAR, knowing nameFAR, knowing username
Figure 5–1: Softpro signature match scores for genuine users and impostors, oneattempt, sum rule.
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signatureFAR, viewing signatureFAR, knowing nameFAR, knowing username
Figure 5–2: Softpro signature match scores for genuine users and impostors, oneattempt, min rule.
103
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signatureFAR, viewing signatureFAR, knowing nameFAR, knowing username
Figure 5–3: Softpro signature match scores for genuine users and impostors, twoattempts, sum rule.
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signatureFAR, viewing signatureFAR, knowing nameFAR, knowing username
Figure 5–4: Softpro signature match scores for genuine users and impostors, twoattempts, min rule.
104
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signature, all pointsFAR, tracing signature, only 3-trial pointsFAR, viewing signatureFAR, knowing name
Figure 5–5: Softpro signature match scores for genuine users and impostors, threeattempts, sum rule.
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signature, all pointsFAR, tracing signature, only 3-trial pointsFAR, viewing signatureFAR, knowing name
Figure 5–6: Softpro signature match scores for genuine users and impostors, threeattempts, min rule.
105
Table 5–1: Equal error rates for dynamic signature verification
Impostor Method Rule for EER, One Two ThreeCombining Attempt Attempts Attempts
Tracing Sum 47% 50% 59%Viewing Signature Sum 8% 15% 21%Knowing Name Sum 12% 36% 35%Knowing Username Sum 9% - -Tracing Min 48% 52% 58%Viewing Signature Min 8% 16% 25%Knowing Name Min 12% 37% 37%Knowing Username Min 11% - -
software to determine whether to display a “match” or “no match” message, and
the “sum rule,” where the sum of the static and dynamic scores is used. The “sum
rule” score is the result provided by the software through the BioAPI interface.
The attack with the highest FAR is tracing. It may not be difficult to get
a signature of an authorized user to trace, so this is a serious weakness. The
other methods all have much lower FAR′s. Surprisingly, knowing the authorized
user’s name, and even knowing the username, give higher FAR′s than viewing the
authorized user’s signatures.
In order to learn more about the distributions of scores for genuine users and
for impostors using various methods, curves were fitted to the points of figures 5–1
to 5–6. Figures 5–1 to 5–2 are redrawn with the fitted curves in figures 5–7 to 5–8.
Perhaps the most interesting feature of these figures is that the curve for tracing
has two flat sections, which in a cumulative distribution indicates few or no data
points. There are also two sections with a large slope, indicating many data points.
This type of cumulative distribution corresponds to a bimodal distribution
of data points. Figure 5–10 is a plot of number of data points vs. score, with the
derivative of the curve fitted to the cumulative distribution, figure 5–7. The curve
is bimodal, if not trimodal, and is a good fit to the data points. Note the single
match score of three, which is discussed in more detail below. With this type
106
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signatureFAR, viewing signatureFAR, knowing nameFAR, knowing username
Figure 5–7: Softpro signature match scores for genuine users and impostors, oneattempt, sum rule, with fitted curves.
of distribution for impostor scores, it might be possible to improve performance
by rejecting the steep regions of the cumulative distribution, or the peaks in its
derivative, 5–7.
Examination of the sum rule scores for one attempt in table B–2 shows that of
ten attempts at tracing, five resulted in scores of 96 or higher, accounting for the
steeper of the two regions with large slope, an additional four were from 66 to 79,
accounting for the other region of large slope, and the single remaining point had a
score of 3. Numbers and percentages of scores in various ranges for genuine users
and four techniques used by impostors are given in table 5–4
If users with sum rule scores from 85 to 95 are accepted, there are no false
acceptances due to tracing, but the FRR rises to 19.3% due to rejection of those
authorized users with very high scores. However, impostors can still achieve a
13.3% FAR by knowing the name of the victim, so it is not very useful to eliminate
so many high scores. If the range is widened to 85 to 96, the FAR for tracing
107
Table 5–2: Equations fitted to genuine and impostor signature data for one at-tempt, sum rule, in Figure 5–7 above
ImpostorMethod EquationGenuine 1− 0.95
1+exp x−.930.0152
Tracing .023 + 0.4361+exp x−.982
.00790
+ 0.4321+exp x−.750
0.0406
V iewing .862 exp 0.304−x0.156
Knowing .940 + .459x− 8.84x2 + 14.8x3 − 7.37x4
Username 0.827 exp 0.203−x0.277
0
0.2
0.4
0.6
0.8
1
0 0.2 0.4 0.6 0.8 1
FR
R a
nd F
AR
Threshold
False Rejection RateFAR, tracing signatureFAR, viewing signatureFAR, knowing nameFAR, knowing username
Figure 5–8: Softpro signature match scores for genuine users and impostors, oneattempt, min rule, with fitted curves.
Table 5–3: Equations fitted to genuine and impostor signature data for one at-tempt, min rule, in Figure 5–8 above
ImpostorMethod EquationFRR 0.991− 0.924
1+exp x−.8740.0271
Tracing 0.101 + 0.2901+exp x−.971
0.00750
+ 0.5211+exp x−0.628
0.102
V iewing 0.152 exp−x−0.3920.422
Knowing 0.228 exp−x−0.4220.560
Username 0.346− 0.997x + 2.28x2 − 1.90x3
108
0
2
4
6
8
10
12
14
16
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–9: Softpro signature match scores for genuine users, one attempt, sumrule, with derivative of curve fitted to data points.
0
2
4
6
8
10
12
14
16
18
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–10: Softpro signature match scores for impostors tracing a genuine user’ssignature, one attempt, sum rule, with derivative of curve fitted to data points.
109
-0.6
-0.4
-0.2
0
0.2
0.4
0.6
0.8
1
1.2
1.4
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–11: Softpro signature match scores for impostors who know a genuineuser’s name, but do not have access to the user’s signature, one attempt, sum rule,with derivative of curve fitted to data points.
0
1
2
3
4
5
6
7
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–12: Softpro signature match scores for impostors who look at a genuineuser’s signature while they copy it, one attempt, sum rule, with derivative of curvefitted to data points.
110
0
0.5
1
1.5
2
2.5
3
3.5
4
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–13: Softpro signature match scores for impostors who know the user-name of a genuine user, but not their full name, and do not have access to theirsignature, one attempt, sum rule, with derivative of curve fitted to data points.
0
1
2
3
4
5
6
7
8
9
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–14: Softpro signature match scores for genuine users, one attempt, minrule, with derivative of curve fitted to data points.
111
0
1
2
3
4
5
6
7
8
9
10
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–15: Softpro signature match scores for impostors tracing a genuine user’ssignature, one attempt, min rule, with derivative of curve fitted to data points.
0
1
2
3
4
5
6
7
8
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–16: Softpro signature match scores for impostors who know a genuineuser’s name, but do not have access to the user’s signature, one attempt, min rule,with derivative of curve fitted to data points.
112
0
1
2
3
4
5
6
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–17: Softpro signature match scores for impostors who look at a genuineuser’s signature while they copy it, one attempt, min rule, with derivative of curvefitted to data points.
0
1
2
3
4
5
6
7
8
9
0 0.2 0.4 0.6 0.8 1
Num
ber
Match Score
eqn
Figure 5–18: Softpro signature match scores for impostors who know the user-name of a genuine user, but not their full name, and do not have access to theirsignature, one attempt, min rule, with derivative of curve fitted to data points.
113
Table 5–4: Number and percent of sum scores in various ranges
Type Score range, sum rule0− 84 85− 95 96 97− 100
Genuine 4 7.0 46 80.7 3 5.3 4 7.0%Tracing 5 50.0% 0 0% 1 10.0% 4 40.0%Viewing Signature 9 100% 0 0% 0 0% 0 0%Knowing Name 13 86.7% 2 13.3% 0 0% 0 0%Knowing Username 12 92.3% 1 7.7% 0 0% 0 0%
Table 5–5: Error rates for different decision rules
Error Type Accept ≥ 85 Accept 85-95 Accept 85-96FRR 7.0% 19.3% 14.0%FAR, Tracing 50% 0% 10%FAR, Viewing Signature 0% 0% 0%FAR, Knowing Name 13.3% 13.3% 13.3%FAR, Knowing Username 7.7% 7.7% 7.7%
becomes 10%, still less than for knowing the user’s name, which remains 13.3%.
However, the FRR is reduced to 14.0%.
With a larger amount of data, it would be possible to use a more sophisticated
strategy for deriving a decision rule. If the distributions of impostor and user scores
could be approximated by the Parzen window method, a method similar to that
used by Prabhakar and Jain [43] for combining scores from fingerprint algorithms
could be used. However, when there is no data point in a window, the density
estimate will be zero. With our limited data, there might be regions in which both
densities are zero.
The manner in which a user signs their name may be an important factor in
dynamic signature verification. The victim in the tracing attempt that resulted
in a sum score of 3, person e in table A–1, had an ornate signature, reminiscent
of copperplate. When the author attempted to trace his signature, he attempted
to keep the pen moving at a reasonable rate in order to have some hope of a
reasonable dynamic score, and was unable to follow the signature with any degree
of success. Attempts at forging his signature by other means also resulted in
114
low scores. Attempting to forge his signature without having seen it, and only
knowing his username, resulted in a dynamic score of 27 and a static score of 0,
for a sum score of 13. When the impostor knew the victim’s name, but had not
seen his signature, the sum score on one try was 16. Three attempts were made by
viewing the signature while copying it. The first sum score was 50, and the other
attempts did not improve on it. Person e authenticated three times, achieving
sum scores ranging from 93 to 96 on his first try each time. Thus he suffered no
false rejections, and all impostors attempts, totaling six attempts by four methods,
failed.
If dynamic signature verification is used, choice of username might become a
security issue. The high score when the impostor knew only the victim’s username
was 88, for a user whose username consisted of his first initial concatenated with
his last name, with a common first name, Michael. If impostors can easily learn
usernames, but cannot easily learn the full names of users, users should select
usernames that do not reveal their last name. However, if impostors can easily
learn the names of users, choice of a username is not important, because higher
scores can be achieved from knowledge of the user’s full name.
5.2 Biolink Biomouse
A mouse with a built-in thumbprint scanner in the position a (right-handed)
user’s thumb would naturally contact the mouse. It uses an optical scanner, and
is said to incorporate an unspecified “liveness test” to defeat attacks by means of
artifacts. Liveness tests can include tests for temperature or for a pulse. When
it captures an image of a thumbprint, the image is displayed on the monitor.
The mouse works with proprietary authentication software, and either grants or
denies access to the system. For enrollment, the system acquires four images of
the thumbprint, requiring the user to place their thumb on the scanner and remove
it four times. All users enrolled successfully. False rejection rates are given in
115
Table 5–6: False rejection rates
Device ThreeAttempts OneAttemptThumbprint 0 10.7%Iris 16.1% 28.1%Voice 25.5% 46.8%
Table 5–7: False acceptance rates
Device Method Successes/Attempts FARIris Imposter’s iris 0/4 0
Photo of user’s iris 0/9 0Thumbprint Imposter’s finger 0/1 0
Reactivate latent fingerprint 0/2 0Capture fingerprint on tape 0/2 0Silicone finger 4/31 12.9%
Voice Imposter’s phrase 3/5 60%Victim’s phrase 4/4 100%
Table 5–6. The false rejection rate on user’s first attempt to authenticate was
10.7%, but when users were allowed three attempts, there were no false rejections.
One user had a blister on his thumb when he enrolled, but was still able to enroll
successfully, and to authenticate on his first try in subsequent weeks. Another user
had a blister on the second authentication week, but was able to authenticate on
his first try.
Results of spoofing attempts are given in Table 5–7. The Biolink mouse
functions as an identification device, and users do not enter a username, so an
authorized user cannot attempt to authenticate as another authorized user. A
person who is not enrolled is in fact attempting to impersonate all enrolled users.
There was one such attempt when there were 21 enrolled users. The impostor was
rejected.
An attempt was made to reactivate latent prints left on the scanner by
authorized users. When an impostor blew on a latent print, it became visible,
but the scanner did not respond to it. Then, in another attempt to reactivate the
latent fingerprint, a bag of warm water was placed against the scanner. Again, the
116
scanner did not capture an image of the latent fingerprint, so the FAR for this
method was 0.
Next, two valid users pressed their thumbs against pieces of scotch tape.
Thumbprints were visible on the tapes, but when the tapes were pressed against
the scanner, it did not capture an image, so it was not possible to authenticate by
this method.
Finally, an authorized user pressed his thumb into soft wax, producing a
three-dimensional fingerprint. This fingerprint was filled with silicone rubber.
After it cured, it was removed from the wax. When this silicone finger was pressed
against the fingerprint scanner, it did capture an image. Authentication with the
silicone finger succeeded four out of 31 times, for a FAR of 12.9%. The failures
were attributed to the scanner not capturing a complete image of the fingerprint.
5.3 Panasonic Authenticam
A special camera acquires an image of the user’s iris with infrared illumination,
and compares it to the enrollment template. An led inside the camera guides
the user in lining up their eye with the camera so that it can acquire an image.
The software component of the authentication system only allows six users to
be enrolled. For this reason, on the first week only a few test subjects could
enroll. Before the second week of testing, the hard drive was divided into six
partitions, and the operating system and Authenticam software were installed on
each partition. Then all users who attempted to enroll succeeded, but two users
required 10 minutes each to enroll, and one of these two only achieved a “marginal”
enrollment. In both of the testing sessions in which he attempted to authenticate
he failed.
For all genuine users, the FRR was 28.1% for a single attempt, and 16.1%
for three attempts. By equation (2.6), if the outcomes of three attempts were
independent, the FRR for three attempts should be 0.2813, or 2.2%. It is clear
117
that a person who fails the first attempt is much more likely to fail the next two
attempts than the average user.
Like the thumbprint mouse, the iris scan actually performs identification,
comparing to the enrollment templates of all users. If one user attempts to
authenticate as another user, they will instead be granted access to their own
account. When an impostor who was not enrolled attempted to authenticate as her
fraternal twin sister, she was rejected.
For another attempt at spoofing, a close-up digital photo of the eye of an
authorized user was printed on a color printer. The iris was cut out, and the
impostor looked through the hole to line it up. The Authenticam acquired an
image, but rejected the impostor. The photo used in the attempt did not appear
as sharp as the iris images shown on the monitor when the Authenticam acquires
images of real eyes.
Thalheim et al. have succeeded in authenticating with an Authenticam by
means of a photograph of an eye printed on mat paper with a high resolution inkjet
printer, but they state that “under real life conditions it would not be easy to
obtain iris images of authorized persons” [49]. In our tests, we were unsuccessful in
spoofing the Authenticam, so it achieved a FAR of 0.
5.4 Voice Scan
Software extracts data from a spoken phrase recorded by a microphone and
sound card. The result is compared to an enrollment template. The user must
always use the same phrase, but it is claimed that the software analyzes unique
characteristics of the user’s voice. Our results with this software were poor. The
FAR was 60%, and the FRR was 46.8%, indicating that imposters had slightly
more success in authenticating than did authorized users. There are two likely
reasons for the difficulties. First, the testing room had a noisy ventilation system.
Second, the suggested method of adjusting the sensitivity of the sound card relied
118
on a different version of software than that on our computer. Near the end of
testing, the recording level was readjusted, and the results seemed to be much
better, but it was too late to re-enroll the test subjects.
5.5 Multiple System Results
In order to achieve lower FAR and FRR than any of our individual devices,
we desired to somehow combine the results of the iris, thumbprint, and signature
devices. Use of the sum rule is not possible, because only the dynamic signature
verification provides a score. However, we can use the thumbprint and iris results
to divide our results into six subsets:
1 accepted by iris and accepted by thumbprint on the first try,
2 accepted by iris and accepted by thumbprint on the second or third try,
3 accepted by iris and rejected by thumbprint after three tries,
4 rejected by iris and accepted by thumbprint after one try,
5 rejected by iris and accepted by thumbprint on the second or third try, and
6 rejected by both iris and thumbprint after three tries.
Then we can determine a likelihood ratio 2.7 after Prabhakar and Jain [43] for
each region.
We had 31 authentication attempts in which the test subjects (genuine users)
attempted to authenticate on the iris, thumbprint, and signature devices. We
also had results on spoofing the devices. Because no impostors succeeded in
authenticating on the iris scan, the likelihood ratio R is zero for regions 1 to 3, and
any subject who authenticates on the iris scan can be immediately authenticated
by the system, without even requiring an attempt on the other two devices. This
cascading biometric authentication system will save time for users, reducing the
cost of authentication. In our 31 authentication attempts on all three devices, 25,
or 80.6%, authenticated on the iris scan.
119
The other 19.4%, who failed the iris, could attempt to authenticate on
the thumbprint device. In our test results, if these subjects were allowed three
attempts, all the genuine users would pass (of course if we had continued testing we
would eventualy expect to have some failures after three tries, but in our testing
there were no such failures). This would leave no genuine users in region 6, and R
in this region would be infinite, so any authentication attempt that fails three tries
on the fingerprint could be rejected.
Regions 4 and 5 would contain both genuine and impostors. Because an
impostor with a silicone finger bearing the thumbprint of an authorized user
would have a 33.9% chance of authenticating in three tries, but if only one try is
allowed the FAR would be 12.9%, R would be higher in region 5 than in region 4.
Authentication attempts in region 4 would be allowed to continue with signature
verification. A policy decision must be made on whether to allow users in region 5
to continue, to achieve a lower FRR at the expense of a higher FAR, or, if a lower
FAR is judged more important, to reject them.
If subjects in regions 4 and 5 are allowed to continue with the signature
verification, with the threshold set at .85 for the “Sum Rule” score, and if one
attempt is allowed, we expect a FAR of 50% assuming the imposter uses tracing,
on the signature verification. All users among our 31 genuine attempts passed the
signature on their first try, so this method would give a FRR of 0, but the FAR
would be 0.50X0.339 = 17.0%.
On the other hand, if only one thumbprint trial was allowed, one genuine user
who had failed the iris would fail the thumbprint and be rejected. All those who
passed the thumbprint would pass the signature in one trial, so the FRR would be
1/31 = 3.2%. The FAR, assuming the imposter uses a silicone finger and traces
the signature, would be 0.5x0.129, or 6.5%.
120
Table 5–8: Comparison of single biometric authentication systems with a cascad-ing multiple biometric system. The highest false acceptance rate for each device isused.
Device(s)andAttemptsAllowed SignatureIris Thumbprint Signature Accept Range FAR FRR
- 1 - - 12.9% 10.7%- 3 - - 33.9% 03 - - - 0 16.1%0 0 1 ≥ .85 50% 7.0%3 3 1 ≥ .85 17.0% 03 1 1 ≥ .85 6.5% 3.2%0 0 1 .85 ≤ score ≤ .96 13.3% 14%3 3 1 .85 ≤ score ≤ .96 4.5% 3.2%3 1 1 .85 ≤ score ≤ .96 1.7% 6.5%
Alternatively, if signature scores from .85 through .96 are accepted, with higher
and lower scores rejected, the signature FAR becomes 13.3%, assuming signature
impostors now sign without tracing, and without looking at the signature while
they sign, but know the victim’s full name. With this decision rule, tracing only
achieves a FAR of 10%. However, under this rule one attempt in region 4, with a
sum score of .98, would be rejected.
If users are permitted only one try on the thumbprint scan, the FRR will be
2/31 = 6.5%, and the FAR would be .129x.133 = 1.7%. Alternatively, if users are
permitted three tries on the thumbprint, only the user with the signature score of
.98 will be rejected, for a FRR of 3.2%, and the FAR will be .339x.133 = 4.5%.
In Table 5–8, the FAR and FRR of individual devices and the combination
of three devices are compared. These data are from a limited amount of testing.
It should be expected that some small number of genuine users would fail three
attempts on the thumbprint. Also, it might be possible for a user with a good
quality picture of a genuine user’s iris to authenticate, as was done by Thalheim et
al. [49]
121
The other possibility for combining our three biometric systems would be
a majority vote. This method would have two disadvantages over the cascading
system. Firstly, users who successfully authenticated on the iris scan would still
have to authenticate on one of the other devices. Among our 31 authentication
attempts, one attempt which was successful on the iris scan required two signature
attempts and three thumbprint attempts. Thus, unless the system were modified
to allow two signature attempts, an additional user would suffer false rejection,
raising the FRR by 3.2%, with no compensating decrease in the FAR. Secondly,
the 83.9% of users who succeed on the iris system would be required to spend ad-
ditional time attempting the thumbprint and signature systems. Thus, recognition
of the different strengths and weaknesses of the individual systems allows improved
performance in the combined system.
This cascading system would also be superior to the sum rule. If users who
do well on the iris scan but get scores of 0 on the thumbprint and signature
are to be accepted, as would be the case with the cascading system, the system
threshold must be low enough that the iris score alone can reach the threshold.
Then impostors who do well on either thumbprint or signature would be accepted,
leading to a very high FAR.
A weighted sum rule might be able to achieve better performance than the
cascading system described above. It is certainly true that some information is lost
in hardening to outputs of the iris and thumbprint systems. However, if scores were
available for these devices it might be possible to modify the cascading scheme to
use this information in its later stages.
5.6 Summary
From results in tables 5–6 and 5–7, three of the four devices show a real
ability to distinguish between authorized users and impostors. However, none is
completely satisfactory. The iris scan is difficult to spoof, but a FRR of 16.1%
122
with three attempts is probably not acceptable. If users are allowed three attempts,
none were rejected by the thumbprint mouse. However, if the FAR for a single
attempt with a silicone thumb is 12.9%, from equation (2.5) for three attempts we
would expect a FAR of 1 − (1 − 0.129)3, or 33.9%. If we allow only a single try
at authentication, we have a FRR of 10.7% and a FAR of 12.9%, both of which
might be unacceptably high.
With the signature device, the availability of scores allows an investigation
of the behavior of the device. The attack that produces the highest FAR is
tracing. A plot of the scores does not decrease monotonically, so an improvement
in behavior might be possible by rejecting and accepting particular regions, rather
than simply setting a threshold, and accepting everything above it.
We might decide to allow one attempt, and use the “Sum Rule” score available
through BioAPI. Then if we select a normalized threshold of 0.85, the FRR would
be 7% and the FAR would be 50%, again unacceptable values. If scores from 85
through 96 are accepted, the FRR is 14% and the FAR is 13.3%, an improvement,
but not good enough.
One possible way to improve the system is to combine scores from several
systems. A cascading biometric authentication system is proposed, in which users
start out with the iris scan. If they are successful, they are authenticated by the
combined system, and need not proceed to the other systems. If they fail, they
proceed to the thumbprint scan. If they fail again, they are rejected. Otherwise,
if they succeed they attempt the dynamic signature verification. If they succeed
here, they are accepted. Otherwise they are rejected. This system has better
performance than any of the individual systems, and requires less effort of the
majority of users, who succeed on the iris scan. Given that the thumbprint and
iris systems do not provide a score, the only alternative would be a majority vote,
which would have a higher FRR and would require more effort, because all users
123
would have to attempt at least two devices. Even if scores were available from all
devices, the cascading combining method would still have advantages over the sum
rule.
CHAPTER 6CONCLUSIONS AND FUTURE WORK
Theoretical analysis shows that combining multiple biometric systems can give
improved performance, and that use of the sum rule to combine scores should give
a greater improvement than majority voting.
Improved performance has been achieved by using multiple biometric systems
in a cascade architecture. The system is designed taking into account the strengths
and weaknesses of individual component systems. Users first attempt to authenti-
cate with the iris scan. Because there were no false acceptances with the iris scan,
if they are successful, they are authenticated by the combined system, and need not
proceed to the other systems. If they fail, they proceed to the thumbprint scan.
If they fail again, they are rejected. Otherwise, if they succeed they attempt the
dynamic signature verification. If they succeed here, they are accepted. Otherwise
they are rejected. This system has better performance than any of the individual
systems, and requires less effort of the majority of users, who succeed on the iris
scan. When three tries are allowed for the thumbprint and a range of high scores
with a high concentration of impostor scores is rejected by the dynamic signature
verification system, an FAR of 4.5% and FRR of 3.2% would be achieved by an
impostor using a silicone copy of a user’s fingerprint and attempting to forge the
signature from a knowledge of the user’s name. Other methods that we tested
would give lower values of the FAR at the expense of a higher FRR. Such a
combined system should assist users, who can still authenticate if they fail a single
test, and make life harder for attackers, who must contrive to be accepted by two
systems instead of just one. This cascading scheme is superior to is superior to ma-
jority voting and to the sum rule, unless weighting is used. Weighting the scores in
124
125
the sum rule is one way of taking into account the unique features of the individual
biometric systems in order to combine them in a better way.
Generally biometric authentication systems use complicated methods to
extract and compare features in order to arrive at a score, which is related to the
system’s level of confidence that the biometric information came from the user in
question. Then a decision rule usually accepts all scores above some threshold,
and rejects all scores below the threshold. By fitting curves to dynamic signature
verification data, we have found that data can have a wide variety of distributions.
The shape of the curves provides information that can be used to design a decision
rule. Regions of the genuine user curve with high slope contain many genuine
users, and should be accepted, while flat regions contain few or no genuine users,
and should be rejected. Regions of an impostor curve with a large slope contain
many impostor scores, and should be rejected, while flat regions contain few or
no impostors and should be accepted. When there are several impostor curves
for different attacks, the curve with the highest FAR should be given the most
attention in designing the decision rule. In one case the data seemed to follow
a bimodal distribution, with data points concentrated in two relatively narrow
regions, one of which was at a very high score, so that it would normally be
accepted. With this kind of distribution, we were able by rejecting very high scores
to achieve a large decrease in FAR at the expense of a relatively small increase in
FRR. Further study of the scores produced by biometric systems may show that
certain ranges or patterns of scores probably come from an impostor, and more
complex decision rules may allow improved performance.
Developers and administrators of biometric authentication systems need to
be aware of the “principle of easiest penetration.” Measurement and reporting of
FAR, in particular, requires caution. We have shown the the FAR depends on
the method used by the impostor, and in some cases large FAR can be achieved
126
by simple means. If test subjects simply claim another user’s identity and present
their own fingerprint, iris, etc., a low FAR may be measured. This FAR could
give a false sense of security to those who deploy the system unless they also test it
against artifacts such as silicone copies of user’s fingerprints.
A wide range of biometric authentication systems, measuring a variety of
features, are either commercially available, or under development. Biometric
features that seem to have a large amount of information unique to the individual
include fingerprint, iris scan, retina scan and infrared face scan. Of these four,
fingerprint, even when equipped with some sort of “liveness check” to attempt to
defeat use of artifacts, seems to be susceptible to spoofing by a variety of methods.
Perhaps the most difficult of these to detect would be a copy of an authorized
user’s fingerprint in a thin sheet of gelatin attached to the finger. Such an artifact
would be at body temperature, and the resistance can be adjusted by moistening
it, so it can defeat “liveness checks.” Iris scan has been spoofed successfully, [49]
but not by us. Attempts could be made to spoof the iris scan with a better quality
photograph of a user’s iris. If the system detects natural iris movement, it may be
difficult to spoof, although it might still be possible with a video of an authorized
user’s eye replayed on a suitable display, rather than a still picture.
Dynamic signature verification was found to be quite susceptible to attack
by tracing of an authorized user’s signature. Signatures can often be found on
documents such as letters. However, a user with a complex signature was relatively
immune to the attacks attempted in this work. Users of signature biometrics
should take precautions to protect their signature. They might also want to
develop a more complex signature. Further study of the effect of characteristics of
the signature of the FAR distribution would be interesting.
Systems may also be susceptible to replay attacks and theft of biometric in-
formation. Protection of biometric systems against replay and theft of biometric
127
information requires that the biometric hardware and the computer should mu-
tually authenticate. If templates are stored on a central database, the database
should also mutually authenticate with the other components. The authentication
protocol should include precautions against replay attacks, such as use of a nonce.
Information passed from one part of the system to another should be encrypted,
because theft of biometric data is more serious than theft of passwords. Passwords
can be changed, but fingerprints cannot. The use of a smart card to authenticate
the biometric system before presenting biometric data is an interesting way of
preventing compromise of one’s biometric data.
Further testing is needed to more accurately characterize the systems we have
studied. A larger number of tests by genuine users could increase the accuracy
of the results. Further efforts at spoofing might increase the FAR′s achieved. It
would also be interesting to investigate other systems that could be combined with
a minimum of hardware and user effort. For example, the Panasonic Authenticam
can be used as a camera for video conferencing. It would also be interesting to use
it to incorporate facial recognition.
Integration of biometric systems into an authentication system that combines
biometrics would be facilitated if more manufacturers would offer the software
component of their system as a BSP that complies with the BioAPI standard.
The number of such systems listed on the BioAPI website is growing, but at the
time of our experiments a number of the organizations listed were no longer in
existence, and others were unwilling to allow use of their BSP .
REFERENCES
[1] E. L. Baggett, “The standards applied to the admission of soft science expertsin state courts,” American Journal of Trial Advocacy, vol. 26, no. 1, pp.149–183, 2002.
[2] C. Beavan, Fingerprints: The Origin of Crime Detection and the Murder CaseThat Launched Forensic Science. Hyperion Press, May 2001, cited in Pollak,March 13, 2002.
[3] The BioAPI Consortium [Online]. Available: http://www.bioapi.org/, accessedAugust 2003.
[4] The BioAPI Consortium, (2001, Mar. 16) Bioapi specification version 1.1[Online]. Available: http://www.bioapi.org/BIOAPI1.1.pdf, accessed August2003.
[5] M. G. Bulmer, Principles of Statistics. New York: Dover Publications, Inc.,1979.
[6] J. P. Campbell, “Speaker recognition,” in Biometrics: Personal Identificationin Networked Society, Kluwer International Series in Engineering andComputer Science, A. K. Jain, R. Bolle, and S. Pankanti, Eds.,New York, 2002, vol. SECS 479, pp. 165–190 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedOctober, 2003.
[7] L. Chen, S. Pearson, and A. Vamvaleas, “A trusted biometric system,”HP Laboratories Bristol, Tech. Rep., July 15 2002. [Online]. Available:http://www.hpl.hp.com/techreports/2002/HPL-2002-185.pdf, accessedNovember 2003.
[8] J. Daugman, “Recognizing persons by their iris patterns,” in Biometrics:Personal Identification in Networked Society, Kluwer International Series inEngineering and Computer Science, A. K. Jain, R. Bolle, and S. Pankanti,Eds., New York, 2002, vol. SECS 479, pp. 103–122 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedOctober 2003.
[9] (1998, Apr. 22) Interface specification: Human authentication - applicationprogram interface (ha-api) ver 2.0. Department of Defense. [Online]. Available:http://www.biometrics.org/REPORTS/HAAPI20/, accessed September 2003.
128
129
[10] U. Dieckmann, P. Plankensteiner, and T. Wagner, “SESAM: A biometric personidentification system using sensor fusion,” Pattern Recognition Letters, vol. 18,pp. 827–833, 1997.
[11] B. A. Draper, C. E. Brodley, and P. E. Utgoff, “Goal-directed classificationusing linear machine decision trees,” IEEE Trans. Pattern Anal. MachineIntell., vol. 16, pp. 888–893, Sept. 1994.
[12] B. Duc, E. S. Bigun, J. Bigun, G. Maıtre, and S. Fischer, “Fusion of audio andvideo information for multi modal person authentication,” Pattern RecognitionLetters, vol. 18, pp. 835–843, 1997.
[13] R. O. Duda, P. E. Hart, and D. C. Stork, Nonparametric techniques, in PatternClassification, 2nd ed. New York: John Wiley and Sons, Inc., pp. 161–177,2001.
[14] M. Esser. Biometric authentication. University of Maryland ManagementInformation Systems, October, 2000 [Online]. Available: http://faculty.ed.umuc.edu/˜meinkej/inss690/messer/Paper.htm#, accessedAugust, 2003.
[15] H. Faulds, “On the skin-furrows of the hand,” Nature Magazine, Oct. 8 1880.[Online] Available: http://www.clpex.com/Articles/History/Faulds1880.htm,accessed October 2003.
[16] F. Galton, “Personal identification and description,” Nature, pp. 201–202, June28 1888 [Online]. Available: http://www.mugu.com/galton/. accessed Nov. 21,2003.
[17] ——, Finger Prints. London: Macmillan and Co., 1892 [Online]. Available:http://etext.lib.virginia.edu/railton/wilson/galtonfp.html, accessed September2003.
[18] D. Hawkins, “Body of evidence,” US News & World Report, pp. 60–62, Feb. 182002.
[19] R. Hill, “Retina identification,” in Biometrics: Personal Identificationin Networked Society, Kluwer International Series in Engineering andComputer Science, A. K. Jain, R. Bolle, and S. Pankanti, Eds.,New York, vol. SECS 479, pp. 123–142, 2002 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedOctober 2003.
[20] L. Hong and A. K. Jain, “Multimodal biometrics,” in Biometrics:Personal Identification in Networked Society, Kluwer International Series inEngineering and Computer Science, A. K. Jain, R. Bolle, and S. Pankanti,Eds., New York, vol. SECS 479, pp. 327–433, 2002 [Online]. Available:
130
http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedOctober 2003.
[21] International Biometrics, Inc. What is biometric authentication? [Online].Available: http://www.inbiometrics.com/information.htm#, accessed June2003.
[22] International Biometrics, Inc. Level 1, 2 and 3 details... a thumbnail explanationof terms coined by David Ashbaugh. September 13, 1999 [Online]. Available:http://onin.com/fp/level123.html, accessed June 2003.
[23] A. K. Jain, R. P. W. Duin, and J. Mao, “Statistical pattern recognition: Areview,” IEEE Trans. Pattern Anal. Machine Intell., vol. 22, pp. 4–37, Jan.2000.
[24] A. K. Jain, L. Hong, S. Pankanti, and R. Bolle, “An identity-authenticationsystem using fingerprints,” Proceedings of the IEEE, vol. 85, pp. 1365–1388,Sept. 1997.
[25] P. Jourlin, J. Luettin, D. Genoud, and H. Wassner, “Acoustic-labial speakerverification,” Pattern Recognition Letters, vol. 18, pp. 853–858, 1997.
[26] C. Kaufman, R. Perlman, and M. Speciner, Network Security: PrivateCommunication in a Public World, 2nd ed. Upper Saddle River, New Jersey:Prentice Hall PTR, 2002, pp. 238–250.
[27] J. Kittler, M. Hatef, R. P. W. Duin, and J. Matas, “On combining classifiers,”IEEE Trans. Pattern Anal. Machine Intell., vol. 20, pp. 226–239, Mar. 1998.
[28] J. Kittler, J. Matas, K. Jonsson, and M. U. R. Sanchez, “Combining evidencein personal identity verification systems,” Pattern Recognition Letters, vol. 18,pp. 845–852, 1997.
[29] G. Langenburg. Re: Re: Re: South carolina’s daubert, August 5, 2003 [Online].Available: http://www.clpex.com/board/threads/2003-Jul-31/476/491.htm,accessed September, 2003.
[30] G. Levin, “Real world, most demanding biometric system usage.” Arlington,Virginia: The Biometric Consortium Conference, Feb. 13-15, 2002 [Online].Available: http://www.itl.nist.gov/div895/isis/bc/bc2001/FINAL˙BCFEB02/FINAL˙4˙FINALGordonLevinBrief.pdf, accessed September 2003.
[31] R. D. Luce and H. Raiffa, Games and Decisions: Introduction and CriticalSurvey. New York: Dover Publications, Inc., 1957, 1989.
[32] A. J. Mansfield and J. L. Wayman, “Best practices in testing and reportingperformance of biometric devices,” National Physical Laboratory, Queens Road,Teddington, Middlesex, TW110LW, Tech. Rep., Aug. 2002. [Online] Available:
131
http://homepage.ntlworld.com/avanti/bestpractice.pdf, accessed November2002.
[33] MPC Computers, LLC. [Online]. Available: http://www.buympc.com/home/store/notebooks/overview˙transport.html, accessed September 2003.
[34] V. S. Nalwa, “Automatic on-line signature verification,” in Biometrics:Personal Identification in Networked Society, Kluwer International Series inEngineering and Computer Science, A. K. Jain, R. Bolle, and S. Pankanti,Eds., New York, vol. SECS 479, pp. 143–164, 2002 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedOctober 2003.
[35] S. Nanavati, M. Thieme, and R. Nanavati, Biometrics: Identity Verification ina Networked World. New York: John Wiley & Sons, Inc., 2002.
[36] R. E. Newman, University of Florida Computer and Information Science andEngineering Department, Sept. 2003, class lecture, Cryptographic Protocols.
[37] L. O’Gorman, “Fingerprint verification,” in Biometrics: Personal Identificationin Networked Society, Kluwer International Series in Engineering andComputer Science, A. K. Jain, R. Bolle, and S. Pankanti, Eds.,New York, vol. SECS 479, pp. 43–64, 2002 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedOctober 2003.
[38] O. O’Sullivan. Biometrics comes to life. American Bankers Association, January1997 [Online]. Available: http://www.banking.com/aba/cover˙0197.htm,accessed May 2003.
[39] C. P. Pfleeger, Security in Computing, 2nd ed. Upper Saddle River, NewJersey: Prentice Hall PTR, pp. 254–264, 2000.
[40] J. Pollak, United States v. Plaza. United States District Court for theEastern District of Pennsylvania, January 7, 2002 [Online]. Available:http://www.paed.uscourts.gov/documents/opinions/02D0046P.HTM, accessedJuly 2003.
[41] ——. United States v. Plaza. United States District Court for theEastern District of Pennsylvania, March 13, 2002 [Online]. Available:http://www.paed.uscourts.gov/documents/opinions/02D0182P.HTM, accessedJuly 2003.
[42] ——. United states v. plaza. United States District Court for theEastern District of Pennsylvania. Testimony of William Babler, January 7,2002 [Online]. Available: http://www.paed.uscourts.gov/documents/opinions/02D0046P.HTM, accessed July 2003.
132
[43] S. Prabhakar and A. K. Jain, “Decision-level fusion in fingerprint verification,”Pattern Recognition, vol. 35, pp. 861–874, 2002.
[44] F. J. Prokoski and R. B. Riedel, “Infrared identification of faces and bodyparts,” in Biometrics: Personal Identification in Networked Society, KluwerInternational Series in Engineering and Computer Science, A. K. Jain, R. Bolle,and S. Pankanti, Eds., New York, vol. SECS 479, pp. 191–212, 2002 [Online].Available: http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518,accessed September 2003.
[45] Retinal Technologies [Online]. Available: http://www.retinaltech.com/index.html, accessed September 2003.
[46] A. R. Roddy and J. D. Stosz, “Fingerprint features–statistical analysisand system performance estimates,” Proceedings of the IEEE, vol. 85, pp.1390–1421, Sept. 1997.
[47] B. Schneier. Fun with fingerprint readers, 2002 [Online]. Available:http://www.counterpane.com/crypto-gram-0205.html#5, accessed August2003.
[48] J. Stanley and B. Steinhardt, Drawing a blank: The failure of facial recognitiontechnology in Tampa, Florida. ACLU, January 3, 2002 [Online]. Available:http://archive.aclu.org/issues/privacy/drawing˙blank.pdf, accessed September2003.
[49] L. Thalheim, J. Krissler, and P.-M. Ziegler. Body check. Verlag Heinz Heise,November 2002 [Online]. Available: http://www.heise.de/ct/english/02/11/114/, accessed September 2002.
[50] C. Tilton. Biometric standards report no. 1. International Biometric IndustryAssociation, May 7, 1999 [Online]. Available: http://www.ibia.org/apibull.htm,accessed September 2003.
[51] United States v. Mitchell, daubert hearing transcript, day 3. UnitedStates District Court for the Eastern District of Pennsylvania, July 9,1999 [Online]. Available: http://www.clpex.com/Information/USvMitchell/2DaubertHearingTranscripts/US˙v˙Mitchell˙Daubert˙Hearing˙Day˙3.pdf,accessed July 2003.
[52] J. J. Weng and D. L. Swets, “Face recognition,” in Biometrics:Personal Identification in Networked Society, Kluwer International Series inEngineering and Computer Science, A. K. Jain, R. Bolle, and S. Pankanti,Eds., New York, vol. SECS 479, pp. 65–86, 2002 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedSeptember 2003.
133
[53] R. P. Wildes, “Iris recognition: An emerging biometric technology,” Proceedingsof the IEEE, vol. 85, pp. 1348–1363, Sept. 1997.
[54] J. M. Williams, “Biometrics or... biohazards?” in Proceedings New SecurityParadigms Workshop 2002, C. F. Hempelmann and V. Raskin, Eds. VirginaBeach, VA: Association for Computing Machinery Special Interest Group onSecurity, Audit, and Control, Sept. 23–26 2002, pp. 97–107.
[55] R. L. Zunkel, “Hand geometry based verification,” in Biometrics:Personal Identification in Networked Society, Kluwer International Series inEngineering and Computer Science, A. K. Jain, R. Bolle, and S. Pankanti,Eds., New York, vol. SECS 479, pp. 87–102, 2002 [Online]. Available:http://emedia.netlibrary.com/reader/reader.asp?product˙id=69518, accessedSeptember 2003.
APPENDIX ATEST SUBJECTS
Table A–1: Test subjects
Test Subject Age Height Weight Sexa - - - mb - - - fc - - - md - - - me 21 68 - mf 22 72 175 mg 22 65 128 fh 23 69 180 mi 46 72 170 mj 19 71 155 mk 21 72 168 ml 22 67 185 m
m 20 70 - mn 19 65 155 fo 47 72 195 mp 21 69 160 mq 22 67 132 mr 23 62 108 fs 21 70 190 mt - 72 - mu 22 68 - mv 22 63 130 fw 22 61 130 fx 20 67 180 m
134
APPENDIX BDYNAMIC SIGNATURE VERIFICATION DATA
Tab
leB
–1:
Sig
nat
ure
genuin
esc
ores
Per
son
Date
Tim
eSig
nat
ure
Sco
res
Res
ult
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
1=
pass
,D
yn.
Sta
t.D
yn.
Sta
tD
yn.
Sta
t0
=fail
1try
23
1try
23
a-
-88
100
--
--
188
(88)
(88)
94(9
4)(9
4)a
3/25
1450
9010
0-
--
-1
90(9
0)(9
0)95
(95)
(95)
b2/
2094
591
100
--
--
191
(91)
(91)
95(9
5)(9
5)c
2/20
-91
100
--
--
191
(91)
(91)
95(9
5)(9
5)c
2/27
1739
9910
0-
--
-1
99(9
9)(9
9)99
(99)
(99)
c3/
2017
2094
100
--
--
194
(94)
(94)
97(9
7)(9
7)d
2/13
1222
8910
0-
--
-1
89(8
9)(8
9)94
(94)
(94)
d2/
2012
0670
100
5510
079
100
070
7079
8585
89e
2/11
1733
8610
0-
--
-1
86(8
6)(8
6)93
(93)
(93)
e2/
2717
5293
100
--
--
193
(93)
(93)
96(9
6)(9
6)e
3/25
1748
9010
0-
--
-1
90(9
0)(9
0)95
(95)
(95)
f2/
1110
1587
100
--
--
187
(87)
(87)
93(9
3)(9
3)f
2/20
1000
8310
0-
--
-1
83(8
3)(8
3)91
(91)
(91)
g2/
1310
0583
100
--
--
183
(83)
(83)
91(9
1)(9
1)g
2/20
945
8310
0-
--
-1
83(8
3)(8
3)91
(91)
(91)
h2/
1310
0087
100
--
--
187
(87)
(87)
93(9
3)(9
3)h
2/20
945
8710
0-
--
-1
87(8
7)(8
7)93
(93)
(93)
i2/
1316
1588
100
--
--
188
(88)
(88)
94(9
4)(9
4)i
2/20
1600
8910
0-
--
-1
89(8
9)(8
9)94
(94)
(94)
i3/
2016
0089
100
9110
091
100
189
9191
9495
95i
3/27
1640
8810
0-
--
-1
88(8
8)(8
8)94
(94)
(94)
j2/
1317
3891
100
--
--
191
(91)
(91)
95(9
5)(9
5)k
2/11
1250
8495
--
--
184
(84)
(84)
89(8
9)(8
9)
Con
tinued
onnex
tpag
e
136
137
Table
B–1
–co
nti
nued
Per
son
Date
Tim
eSig
nat
ure
Sco
res
Res
ult
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
1=
pass
,D
yn.
Sta
t.D
yn.
Sta
tD
yn.
Sta
t0
=fail
1try
23
1try
23
k2/
2012
2085
100
--
--
185
(85)
(85)
92(9
2)(9
2)k
3/18
-92
98-
--
-1
92(9
2)(9
2)95
(95)
(95)
l2/
1114
1595
98-
--
-1
95(9
5)(9
5)96
(96)
(96)
l2/
2014
2079
100
7198
9280
179
7980
8989
89l
3/20
-89
94-
--
-1
89(8
9)(8
9)91
(91)
(91)
m2/
1117
2885
99-
--
-1
85(8
5)(8
5)91
(91)
(91)
m2/
2718
0486
100
--
--
186
(86)
(86)
93(9
3)(9
3)m
3/25
1756
8610
0-
--
-1
86(8
6)(8
6)93
(93)
(93)
n2/
1310
0047
100
3498
--
047
(47)
-73
(73)
-n
2/20
945
701
755
6094
01
560
3539
77o
2/14
1600
9590
--
--
190
(90)
(90)
92(9
2)(9
2)p
2/11
1749
8210
0-
--
-1
82(8
2)(8
2)91
(91)
(91)
p3/
2518
0283
98-
--
-1
83(8
3)(8
3)90
(90)
(90)
q2/
1316
0087
100
--
--
187
(87)
(87)
93(9
3)(9
3)q
2/20
1600
8510
0-
--
-1
85(8
5)(8
5)92
(92)
(92)
q3/
2016
0096
100
--
--
196
(96)
(96)
98(9
8)(9
8)r
2/11
1500
8310
0-
--
-1
83(8
3)(8
3)91
(91)
(91)
r2/
1815
0083
100
--
--
183
(83)
(83)
91(9
1)(9
1)r
3/18
1500
8710
0-
--
-1
87(8
7)(8
7)93
(93)
(93)
r3/
25-
8410
0-
--
-1
84(8
4)(8
4)92
(92)
(92)
s2/
1115
0082
100
--
--
182
(82
(82)
91(9
1)(9
1)s
2/18
1500
8810
0-
--
-1
88(8
8)(8
8)94
(94)
(94)
t2/
1314
0094
100
--
--
194
(94)
(94)
97(9
7)(9
7)t
2/21
1240
8610
0-
--
-1
86(8
6)(8
6)93
(93)
(93)
Con
tinued
onnex
tpag
e
138
Table
B–1
–co
nti
nued
Per
son
Date
Tim
eSig
nat
ure
Sco
res
Res
ult
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
1=
pass
,D
yn.
Sta
t.D
yn.
Sta
tD
yn.
Sta
t0
=fail
1try
23
1try
23
t3/
1912
4087
100
--
--
187
(87)
(87)
93(9
3)(9
3)u
2/11
1740
8910
0-
--
-1
89(8
9)(8
9)94
(94)
(94)
u2/
2717
4690
100
--
--
190
(90)
(90)
95(9
5)(9
5)u
3/25
1734
9310
0-
--
-1
93(9
3)(9
3)96
(96)
(96)
v2/
2012
5075
100
8610
0-
-1
75(7
5)(7
5)87
93(9
3)w
2/13
1734
8510
0-
--
-1
85(8
5)(8
5)92
(92)
(92)
x2/
1117
1090
100
--
--
190
(90)
(90)
95(9
5)(9
5)x
2/18
1713
8810
0-
--
-1
88(8
8)(8
8)94
(94)
(94)
x3/
1817
3553
100
9410
0-
-1
5394
(94)
7697
(97)
x3/
2518
0999
1290
100
--
112
90(9
0)55
95(9
5)
139
Tab
leB
–2:
Sig
nat
ure
impos
tor
scor
es,tr
acin
g
Im
post
orV
icti
mD
ate
Tim
eSig
nat
ure
Sco
res
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
Res
ult
1try
23
1try
23
Dyn
Sta
Dyn
Sta
Dyn
Sta
aw
2/28
1130
6965
5693
7810
00
6565
7866
7489
av
2/28
1130
5510
069
100
--
055
69(6
9)77
84(8
4)a
w3/
1815
0099
100
--
--
199
(99)
(99)
99(9
9)(9
9)a
w-
-99
100
7698
--
199
99(9
9)99
99(9
9)a
v-
-49
100
4892
5710
00
4949
5774
7478
rw
3/18
1500
9499
--
--
194
(94)
(94)
96(9
6)(9
6)r
w-
-94
100
9410
0-
-1
9494
(94)
9797
(97)
rv
--
9710
079
100
7910
01
9797
9798
9898
ra
--
7189
5598
7510
00
7171
7579
7987
ie
3/27
-6
0-
--
-0
0-
-3
--
140
Tab
leB
–3:
Sig
nat
ure
impos
tor
scor
es,im
pos
tor
look
sat
vic
tim
’ssi
gnat
ure
and
copie
sit
.
Im
post
orV
icti
mD
ate
Tim
eSig
natu
reSco
res
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
Res
ult
1try
23
1try
23
Dyn
Sta
Dyn
Sta
Dyn
Sta
aw
--
577
--
--
07
--
31-
-p
u3/
2518
0073
073
428
00
04
436
3838
mu
3/25
1800
7734
6813
7476
034
3474
5555
75e
u3/
2518
0068
070
068
00
00
034
3535
qa
3/20
1600
630
--
--
00
--
31-
-q
n3/
2016
0076
0-
--
-0
0-
-38
--
xm
3/25
1800
9950
9582
9699
150
8296
7488
97r
w3/
1815
0078
0-
--
-0
0-
-39
--
ue
3/25
1800
010
00
990
100
00
00
5050
50
141
Tab
leB
–4:
Sig
nat
ure
impos
tor
scor
es,im
pos
tor
know
snam
eof
vic
tim
but
has
not
seen
sign
ature
.
Im
post
orV
icti
mD
ate
Tim
eSig
natu
reSco
res
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
Res
ult
1try
23
1try
23
Dyn
Sta
Dyn
Sta
Dyn
Sta
ry
3/18
1500
9930
--
--
030
--
64-
-a
s-
-88
0-
--
-0
0-
-44
--
aq
--
045
--
--
00
--
22-
-a
e-
-33
0-
--
-0
0-
-16
--
an
--
740
--
--
00
--
37-
-r
k3/
1815
0076
0-
--
-0
0-
-38
--
ib
3/17
-36
0-
--
-0
0-
-18
--
io
3/17
-0
0-
--
-0
0-
-0
--
iq
3/17
-46
0-
--
-0
0-
-23
--
is
3/17
-88
100
--
--
188
--
94-
-i
y3/
17-
7410
096
100
--
174
96(9
6)87
98(9
8)i
x3/
20-
537
647
5561
07
755
2935
57i
w3/
17-
6630
--
--
030
--
48-
-i
v3/
20-
7194
7999
7787
071
7979
8288
88i
p3/
20-
859
890
850
09
99
4646
46
142
Tab
leB
–5:
Sig
nat
ure
impos
tor
scor
es,im
pos
tor
know
son
lyth
euse
rnam
eof
the
vic
tim
.
Im
post
orV
icti
mD
ate
Tim
eSig
natu
reSco
res
Min
Rule
Sum
Rule
Tri
al1
Tri
al2
Tri
al3
Res
ult
1try
23
1try
23
Dyn
Sta
Dyn
Sta
Dyn
Sta
ie
3/17
-27
0-
--
-0
0-
-13
--
ip
3/17
-87
0-
--
-0
0-
-43
--
ir
3/17
-78
0-
--
-0
0-
-39
--
im
3/17
-98
0-
--
-0
0-
-49
--
ik
3/17
-75
0-
--
-0
0-
-37
--
ic
3/17
-78
0-
--
-0
0-
-39
--
in
3/17
-60
0-
--
-0
0-
-30
--
il
3/17
-75
0-
--
-0
0-
-37
--
iu
3/17
-76
100
6592
--
076
76-
8888
-i
z3/
17-
7963
--
--
063
--
70-
-i
t3/
17-
725
--
--
05
--
38-
-i
g3/
17-
9026
--
--
026
--
58-
-i
x3/
17-
410
--
--
00
--
20-
-
APPENDIX CRESULTS OF AUTHENTICATION ATTEMPTS ON MULTIPLE DEVICES
Tab
leC
–1:
Auth
enti
cati
onat
tem
pts
inw
hic
hth
euse
rat
tem
pte
don
finge
rpri
nt,
sign
ature
,an
dir
issy
stem
s.A
1in
the
succ
ess
colu
mn
indic
ates
succ
ess
wit
hin
thre
eat
tem
pts
,an
da
0in
dic
ates
failure
.
Fin
ger
prin
tSig
natu
reIri
sA
ttem
pts
Succ
ess
1try
2tri
es3t
ries
Succ
ess
Att
empt
sSucc
ess
Dyn
Sta
Dyn
Sta
Dyn
Sta
11
9010
00
00
01
11
11
8810
00
00
01
11
11
8610
00
00
01
11
11
8710
00
00
01
11
11
9910
00
00
01
11
11
7010
055
100
7910
00
11
31
9310
00
00
01
30
11
9010
00
00
01
20
11
8710
00
00
01
11
11
8910
00
00
01
11
11
9110
00
00
01
11
11
8810
00
00
01
11
11
8495
00
00
11
11
185
100
00
00
12
11
192
980
00
01
31
11
9598
00
00
13
01
179
100
7198
9280
11
11
189
940
00
01
11
21
8610
00
00
01
11
21
8610
00
00
01
11
Con
tinued
onnex
tpag
e
144
145
Table
C–1
–co
nti
nued
Fin
ger
prin
tSig
natu
reIri
sA
ttem
pts
Succ
ess
1try
2tri
es3t
ries
Succ
ess
Att
empt
sSucc
ess
Dyn
Sta
Dyn
Sta
Dyn
Sta
11
8510
00
00
01
30
11
9610
00
00
01
30
11
8310
00
00
01
11
11
8710
00
00
01
30
11
8410
00
00
01
21
11
9010
00
00
01
11
11
9310
00
00
01
11
11
7510
086
100
00
11
11
188
100
00
00
11
13
153
100
9410
00
01
11
11
9912
9010
00
01
11
BIOGRAPHICAL SKETCH
David Hitchcock was born in Kansas City, Missouri in 1956. He earned a
master’s degree in ceramic engineering at the University of Missouri-Rolla in 1981
and a PhD in Materials Science at University of California, Berkeley in 1985.
146
