Usable Biometrics

Ashley BrooksUsability and Privacy 95-899Cranor, Reiter, and HongApril 11, 2006

Outline Biometric Basics

What is Biometrics?Why use Biometrics?Model of Biometric systemTypes of Biometrics

Evaluating Accuracy User Acceptance Advantages & Disadvantages

Biometrics Derived from the Greek words

“Bio”: Life“Metric”: to measure

Measures and Analyzes characteristicsPhysiologicalBehavioral

Authentication

Authentication 2 major means for authentication

IdentificationVerification

Identification vs. VerificationQuestion raisedAnalysisUses

Biometric Components

Types of Biometrics

PhysiologicalFingerprintsFaceEyesDNA

BehavioralVoiceKeystroke

Fingerprinting

Face

Eyes

DNA

Voice

Key Stroke Requires no special

hardware Methods are

transparent to users increasing user acceptance

Can be used for cryptographically stronger secrets for login and encryption

Accuracy Usability Metrics

Failure to Enroll (FTE)Failure to Acquire (FTA)

Performance MetricsFalse Acceptance Rates (FAR)False Rejection Rates (FRR)

Usability MetricsFailure to enroll (FTE)

Medicine IntakeHoarsenessSticky fingersCataractRare skin diseases

Failure to acquire (FTA)Smudged finger

printsRetina alignmentMumblingHand positioning

Performance Metrics

User Acceptance Socially acceptable

Knowledge of technology and computers

Acceptance of the concept Usability Security Personal privacy

Usability ConsiderationsFamiliarity with characteristicsExperience with devicesEnvironment of useTransaction Criticality

Security Considerations Biometrics are not secrets and are

therefore susceptible to modified or spoofed measurements

There is no recourse for revoking a compromised identifier

Strategic Solutions Liveness testing Multi-biometrics

Privacy Considerations

A reliable biometric system provides an irrefutable proof of identity

Threatens individuals right to anonymity Cultural concerns Religious concerns Violates civil liberties

Strategic Solutions Biometric cryptosystems Transparency

AdvantagesReduces cost within organizations Increases securityCompetitive advantageConvenience to employeesNon-repudiationEliminates a paper trail

DisadvantagesAccuracy of PerformanceFailure to enroll rate Information AbuseMay violate privacy

Conclusion Biometrics is a technology that

can simplify the process of authentication

Biometrics can be best used in situations where specific identity or exception identity is desired

References Tynan, Dan, “Biometrics: from Reel to Real”

www.pcworld.com/resource/printable/article/o,aid,120889,00.asp Yudkowsky, Chaim, “Byte of Success”,

http://accounting.smartpros.com/x40536.xml http://perso.wanadoo.fr/fingerchip/biometrics/movies.htm Biometrics

http://searchsecurity.techtarget.com/sdefinition/0,,sid14_gci211666,00.html International Biometric Group,

http://www.biometricgroup.com/reports/public/reports/ Patrick, Andrew S., “Usability and Acceptability of Biometric Security

Systems” , Institute for Information Technology National Research Council Biometric Assessment Benefits http://www.ax-sbiometrics.com/riskans.htm Bioidentification http://www.bromba.com/faq/biofaqe.htm Fact sheet

http://www.jrc.cec.eu.int/download/press/20050330_biometrics_fact_sheet.pdf