Top Biometric Identifiers: Risks & Rewards
-
Upload
veridium -
Category
Technology
-
view
60 -
download
1
Transcript of Top Biometric Identifiers: Risks & Rewards
©Veridium All Rights Reserved
Top Biometric Identifiers: Risks & Rewards
B E F O R E W E B E G I N
Attendees have been muted
You may submit questions at any time, but we will respond at the conclusion of the presentation during the Q&A session
©Veridium All Rights Reserved
Asem Othman, PhDBiometric Scientist
• PhD in Electrical Engineering from West Virginia University. Post-Doc Fellow at Michigan State University
• Holds 3 patents/patents pending related to biometrics
• Lead scientist behind our 4 Fingers TouchlessID technology & Distributed Data Model using Visual Cryptography
B E F O R E W E B E G I N
©Veridium All Rights Reserved
• The Power of Mobile Biometrics
• Top Five Biometric Identifiers
• The Privacy Issue
• How We Address Privacy Concerns
AGENDA
©Veridium All Rights Reserved
P R O V I N G I D E N T I T Y
©Veridium All Rights Reserved
Passwords only authorize access, while
authentication is the process of verifying the
claim that identity makes.
Identity is the “claim” you make to access information, but making that claim with a password doesn’t prove who
you are.
Only biometrics – your face, your voice, your fingerprints – prove you are who you say
you are.
Universality (Does every user have it?)Distinctiveness (Is it unique across users?)Permanence (Does it change over time?)Collectability (Can it be measured quantitatively?)
H O W T O C H O O S E A B I O M E T R I C T R A I T
©Veridium All Rights Reserved
A biometric recognition system is a pattern recognition system that recognize individuals based on their biometric trait(s)
B I O M E T R I C S Y S T E M S
©Veridium All Rights Reserved
• Touch ID made it easy (and convenient) for the consumer to understand biometrics.
• Accessing your phone• Apple Pay
T O U C H I D
©Veridium All Rights Reserved
Finger
Face
Iris
Voice
Traditional Hardware Veridium Technologies
All major biometrics can be captured using different maneuvers with a smartphone
O U R A P P R O A C H T O B I O M E T R I C S
©Veridium All Rights Reserved
• Mobile devices have changed the fundamental way we interact with technology.
• Mobile devices allow for the elimination of proprietary hardware, moving beyond traditional biometric scanners.
M O B I L E B I O M E T R I C S
©Veridium All Rights Reserved
Performance (Does it meet error rate, throughput..?)Users Perception and Acceptability (Is it acceptable to users?)Vulnerability (Can it be easily spoofed?)App Integration (Can it be acquired by available devices?)Large-Scale Adoption ”Usability” (What is the post-usage
attitude?)
“A P R A C T I C A L M O B I L E B I O M E T R I C ”
H O W T O C H O O S E A B I O M E T R I C T R A I T
©Veridium All Rights Reserved
T O P B I O M E T R I C S
FACE
• People are used to taking selfies.
• It’s socially accepted.
• It’s well established.
• Reliable face recognition systems are already in use.
F A C E A S A M O B I L E B I O M E T R I C
©Veridium All Rights Reserved
• Face – We Naturally Use It
• The location and shape of facial attributes.
• The overall analysis of the face.
• In practice, a facial recognition system should automatically …
• Detect the face.
• Locate the facial attribute.
• Recognize the face.
Shape
Color
Texture
Requiring a simple background and illumination
F A C E A S A M O B I L E B I O M E T R I C
©Veridium All Rights Reserved
The database is designed to test difficult real world situations that a face system must cope with.
The leading matcher algorithms performed very similarly on our test databases.
~3% FRR at 1% FAR for controlled illumination and office environments.30-50% FRR at 1% FAR for whole database.
V E R I D I U M F A C E D ATA B A S E
©Veridium All Rights Reserved
• Post-usage attitude:• Pose variation• Taking selfie in the middle of a
meeting, indoor, or outdoor• Older generation• Culture• Womens‘ appearance concerns
• Twins and look-alikes• Easily spoofed
I S S U E S
©Veridium All Rights Reserved
VOICE
• Voice is a combination of physiological and behavioral biometrics.
• An individual’s voice is based on the shape and size of the appendages (e.g., vocal tracts, mouth, nasal cavities, and lips) that are used in the synthesis of the sound.
• Natural signal to produce.• No visual contact is required.• No special equipment is required.• Can be done while doing other things.
V O I C E A S A B I O M E T R I C
©Veridium All Rights Reserved
• Text-dependent recognition
– Recognition system knows text was spoken by a person
– Examples: Fixed phrase, prompted phrase
– Used for applications with strong control over user input
– Knowledge of spoken text can improve system performance
• Text-independent recognition
– Recognition system does not know text was spoken by a person
– Examples: User selected phrase, conversational speech
– Used for applications with less control over user input
– More flexible system but also more difficult problem
– Speech recognition can provide knowledge of spoken text
S P E E C H M O D A L I T I E S
©Veridium All Rights Reserved
• The physiological characteristics of human speech are unvaried for an individual, but the behavioral part of the speech of a person changes over time due to age, medical conditions (such as common cold), emotional state, etc.
• Voice is also not very distinctive and may not be appropriate for large-scale identification.
• Acoustic environment and background noise
• Presentation attacks• Tape recordings• Identical twins / sound-alikes
• A disruption to working memory*
*Trewin, Shari, et al. "Biometric authentication on a mobile device: a study of user effort, error and task disruption." Proceedings of the 28th Annual Computer Security Applications Conference. ACM, 2012.
I S S U E S
©Veridium All Rights Reserved
FINGERPRINT
• Is the most well recognized biometric.
• A fingerprint is the pattern of ridges and valleys on the surface of a fingertip.
• The formation of the fingerprint is determined during the first seven months of fetal development.
• Fingerprints of identical twins are different, as are the prints on each finger of the same person.
• Fingerprints don’t change over time.
• It’s widely believed fingerprints are unique.
F I N G E R P R I N T A S A B I O M E T R I C
©Veridium All Rights Reserved
S M A R T P H O N E S W I T H F I N G E R P R I N T S E N S O R S
©Veridium All Rights Reserved
Ridge ending Bifurcation Short ridge
MinutiaType x y θ
Ridge 35 24 12’
... ... ... ...
... ... ... ...
H O W F I N G E R P R I N T M AT C H I N G W O R K S
©Veridium All Rights Reserved
• Proprietary acquisition sensors• Scars and wet fingers• Presentation attack
• Spoofing
I S S U E S
©Veridium All Rights Reserved
IRIS
• The only internal “protected” organ readily visible from the outside of a person.
• Unlike fingerprints, capturing the iris biometric is similar to taking a picture.
• The iris pattern has a high degree of randomness.
• Different even for identical twins.
• The pattern is stable through lifetime .
• Extremely difficult to surgically tamper the texture of the iris.
I R I S A S A M O B I L E B I O M E T R I C
©Veridium All Rights Reserved
Light Irises
“ L I K E TA K I N G A P I C T U R E ”
©Veridium All Rights Reserved
S M A R T P H O N E S W I T H I R I S S E N S O R S
©Veridium All Rights Reserved
©Veridium All Rights Reserved
• Proprietary acquisition sensor.• Small target to acquire from a distance.• Located behind a curved, wet, reflecting surface.• Obscured by eyelashes, lenses.• Partially occluded by eyelids, often drooping.• Deforms non-elastically as pupil changes size.• Uncomfortable for some.
Deviated gaze
Accessories
Illumination
Deformations
Motion blur
Occlusions
I S S U E S
©Veridium All Rights Reserved
4 FINGERSTouchlessID
• Multimodal Biometric system
• Consolidate the evidence presented by multiple biometric sources.
• Typically provides better recognition performance compared to systems based on a single biometric modality.
• Provides anti-spoofing measures by making it difficult for an intruder to spoof multiple biometric instance simultaneously.
Patent US 9,361,507
©Veridium All Rights Reserved
©Veridium All Rights Reserved
• False rejection rate (FRR) is as low as 1% at false acceptance rate (FAR) of 0.01%.
• 4 Fingers has its own light source (your phone’s flash) so it works in any lighting condition
• 4 Fingers requires no external hardware.
• We just require a 5MP camera and LED flash.
• 4 Fingers is one of the most secure biometrics available.
©Veridium All Rights Reserved
4 Fingers is reliable in almost any environment
4 Fingers captured print 4 Fingers processed print Standard Fingerprint Sensor
Minutiae
The contactless and contact prints are of comparable quality.The minutia match.
©Veridium All Rights Reserved
Print Quality
• The Cooperative Research and Development Agreement (CRADA) allows NIST to work with U.S. industry, academia and other organizations on cooperative R&D projects
• Build upon NIST's research in developing methodologies for measuring the image fidelity of contactless fingerprint capture devices
• Produce open testing methods, metrics, and artifacts that will support future certification of contactless fingerprint devices for inclusion on Government Certified Products Lists
©Veridium All Rights Reserved
Contactless Fingerprint Capture DeviceMeasurement Research Program
• Missing finger• Gloves• Requires both hands
I S S U E S
©Veridium All Rights Reserved
COMPARISON
CO M PA R I S O N O F T O P “ M O B I L E ” B I O M E T R I C T E C H N O LO G I E S
©Veridium All Rights Reserved
(H=High, M=Medium, L=Low)
Biometrics Universality Uniqueness Permanence Collectability Performance Acceptability
Face H L M H L H
Fingerprint M H H M* H M
Iris H H H M* H L*
Voice M L L M* L H
4 Fingers TouchlessID* H H H H H H
(H=High, M=Medium, L=Low)
Circumventions(Presentation
Attack)
H
M
L
H
L
Anil K. Jain, Arun Ross, and Salil Prabhakar. "An introduction to biometric recognition." Appeared in IEEE Transactions on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No. 1, January 2004.
• Familiarity with technology• Experience with device• Environment of use (e.g., indoor/outdoor, home/work, car/bus,…)• Transaction value (e.g., small, medium, or large transactions)• Time consuming tasks (e.g., enrollment, etc.)
U S A B I L I T Y I S S U E S A N D L A R G E - S C A L E A D O P T I O N I N B I O M E T R I C S
©Veridium All Rights Reserved
• Each biometric has its strengths and weaknesses.
• Liveness, Presentation Attack, Spoofing.
• No biometric is “optimal,” but many are “admissible.”
F I N A L W O R D S
©Veridium All Rights Reserved
PRIVACYAND
SECURITY RISKS
• Biometric data of an individual is often stored in a central database
• Raises issues related to security and privacy of biometric data
• Unlike compromised passwords, it is difficult to re-issue biometric data
• Cross-database matching may be done to track individuals
P R E S E R V I N G D ATA P R I VA C Y
©Veridium All Rights Reserved
O U R S T R AT E G Y – D I S T R I B U T E D D ATA
©Veridium All Rights Reserved
M AT C H I N G – M O B I L E / S E R V E R
©Veridium All Rights Reserved
Cryptography is simply the art of sending and receiving coded messages.
C R Y P T O G R A P H Y
©Veridium All Rights Reserved
• Visual Cryptography Scheme (VCS) is a simple and secure way to allow the secret sharing of secrets without any cryptographic computations.
• It is the encryption of visual information such that decryption can be performed using the human visual system.
• Someone who has no previous knowledge of Cryptography.
• The mathematical proof of this scheme and its perfect encryption are shown in the original paper by Naor & Shamir.
* M. Naor and A. Shamir, “Visual cryptography,” in EUROCRYPT, pp. 1–12, 1994.
V I S U A L C R Y P T O G R A P H Y
©Veridium All Rights Reserved
V I S U A L C R Y P T O G R A P H Y
©Veridium All Rights Reserved
For more information contact: [email protected]
Phone: +1 212.231.0011 • www.VeridiumID.com • Twitter: @VeridiumID • LinkedIn: Veridium
QUESTIONS?
©Veridium All Rights Reserved