 |
|
| Background | Back to Homepage |
|
|
| Introduction
Biometrics provide a highly secure way to authenticate a person’s identity. The following definition from the biometrics industry can help illustrate this claim. The lowest level of security is something you have, such as an identification (ID) badge containing a photograph. The second level of security is something you know, such as a password to access a computer or a Personal Identification Number (PIN) to access funds at a bank teller machine. The highest level of security is something that you do and something that you are. This is where biometrics fit. With biometrics, there are no cards to be lost or stolen, and no passwords to forget. A simple characteristic, such as a fingerprint, which is unique to every potential user, can securely grant access to secure resources. How Do Biometrics Work? All biometric devices use a four-stage procedure to grant access to its resources. The first stage is capture, where a physical or behavioral sample is captured by the system during the authentication process. The second stage is extraction, where unique characteristics are taken from the sample and a template is created. The third stage is comparison, where the template is compared to the original enrollment. The final stage is decision. In this stage the system then decides if the new sample is a match. Distribution Statement A - Approved for public release; distribution is unlimited. Biometrics do not guarantee an accuracy of 100%. Humans are not perfectly consistent in their physical and behavioral characteristics. For example, a finger can be cut and the resulting scar could change the overall template of the fingerprint. It becomes impossible to match the fingerprint to its corresponding template. Another problem is that a person may not always interact with a computer the same way he did at his original enrollment. His face may be in a different position or his voice may be lower due to a cold. Because of these inconsistencies, thresholds are set to allow for subtle changes in the user’s characteristics. When a sample is taken from a user, it must be close to the original template to be authenticated. Biometric Technologies There are a wide variety of biometric techniques being developed in industry. Each of these techniques has strengths and weaknesses, and problems to be resolved as these technologies mature. The most common biometric technologies are described in the next few pages. Eye Biometrics that involve the eye are considered to be the most accurate and secure of all technologies. A user cannot unwittingly leave his "eye print" like a stray fingerprint or a voice sample. The eye can be divided into two different categories: the iris and the retina. Iris The iris is the colored section of the eye that surrounds the pupil. The intricate pattern of filaments, freckles, and striations provide a complex structure which is unique to every individual. The probability that two irises are identical is said to be about 1 in 1078. Considering the entire population of the world is only 1010, those using iris scans can be very confident of the uniqueness of the iris. Retina The retina is another traithuman characteristic which is virtually impossible to replicate. This complex layer of blood vessels form a biometric which is considered even more secure than the iris. Another advantage to the eye technologies is its long-term stability. The patterns on the iris and retina do not change over time. A sample taken today will be the same years into the future. Though the eye furnishes the most secure of biometrics, it may have problems with its implementation. It is the most intrusive device, which forces a user to hold something very close to his face and let it peer into his eye. People may not feel comfortable with such a device, or may be anxious of any health repercussions that may result. Fingerscanning Law enforcement has been using fingerprints for identification purposes for many years. Society is confident that fingerprints are a valid means of identification. This confidence is an advantage for the finger-print devices. Users may feel awkward or apprehensive about using unfamiliar devices or technologies. This does not apply to fingerprints. From applying for a passport to cashing a check at a bank, society is familiar with giving fingerprints. This gives fingerprint devices a distinct advantage over other, less familiar biometrics. Certain conditions do seem to have a negative effect on this biometric. Dry or cracked fingers will negatively affect the quality of the print. Age, gender, and ethnic background have also been found to cause problems. Of course situations that require gloves render this technology inadequate, or at least inconvenient. Industry is currently developing a device which will read fingerprints through latex gloves, which will solve this problem for some users. Fingerscans are accurate, accepted means to identify individuals. In situations where they can be implemented, fingerscans hold a distinct advantage over other biometrics. Face There is great potential for a reliable and accurate face recognition technology. A simple look towards the camera is all that is needed for verification. There is nothing to use, remember, or touch. There is no worry of spreading sickness through an often-touched instrument. Only one simple device is needed: a camera. This technology has the potential to sift through crowds making their way through an airport, cross-checking everyone against a database of known terrorists. This technology does have problems to overcome. Human faces change over time. Weight loss and gain can affect one’s appearance. Glasses and facial hair likewise change a person’s face. Outside influences like lighting or water can pose problems for this technology. If these problems can be overcome, face recognition can provide an easy, non-intrusive solution to security needs. Voice Voice recognition is a biometric that focuses on the sound of the voice, not the actual words that are said. Like face recognition, voice recognition is a very simple and inexpensive biometric. The only hardware necessary for it is a sound card and a microphone. By simply responding to a few questions, a user’s identity can be verified. If combined with a speech recognition product, which recognizes words, this technology has the potential to enable a 100% "hands-free" computer system. It would only take a few words to logon to the computer, and voice commands would start applications. Voice recognition could make a huge impact on telephone-based applications. This technology could easily be integrated into telephone networks, but interference and other noise may pose problems for this technology. Also, as people age, their voices tend to change in subtle ways, negatively affecting the way voice recognition can work. Hand and Finger Geometry Hand and finger geometry require a user to place his hand or finger on a device where a three-dimensional image is analyzed. It looks at the length of fingers, their width and height, and the location of knuckles and other distinguishing characteristics. It then searches for a match as it compares these attributes to the templates. Hand and finger geometry are not the most secure of the biometrics. ItThey can, however, process a large amount of users in a short amount of time. Signature Signature biometrics look more at the mechanics of signing a name than the finished signature itself. Characteristics such as the angle of the pen, the time taken to sign, the pressure of the pen on the paper, and the motion and acceleration of the signature can all be extracted and form a unique template for a signature. All of these dynamics of a signature make forgery very difficult. HeA forger would not only have to trace the signature, but actually sign it in the same way. A signature is an easy way to verify one’s identity. Since the use of a signature is so common, users will not have as many reservations about using this biometric as they will with other, more intrusive devices. Signature biometrics do face the problem of changes to a user’s signature. This characteristic is prone to change more than any other device discussed here. Future Biometrics Industry is developing many other biometric technologies. A product that will analyze the chemical make-up of body odor is currently in development. Real time Deoxyribonucleic Acid (DNA) analysis is also being researched. Ear shape, keystroke, and vein patterns are all being considered for future development. These products may never leave development stages, because improvements to the current devices may overshadow the need for any new technology. Case Study: BioNetrix At the TIC, we evaluated a few biometric devices to become more familiar with these technologies and to experience first-hand the challenges in implementing biometric authentication into an office environment. We chose a product called BioNetrix Authentication Suite because it offered us the opportunity to sample several biometric technologies woven together into a single authentication system. BioNetrix is a suite of biometric devices tied together with a central database of biometric templates. The types of biometric devices included in the BioNetrix Authentication Suite are:
BioNetrix works with Windows NT, Novell NetWare, and Entrust network operating systems. It provides enhanced authentication to network resources by tying biometric authentication to the login process. Our testing took place on a Windows NT network, with Windows 95 and NT client machines. How It Works When a user enters his network username and password, a request is sent to the NT domain controller. If the information is correct, a message is sent to the BioNetrix Server. It retrieves a copy of that user’s information from the database of user templates and sends it back to the client. AThe biometric authentication test is performed at the client computer, and a comparison is made. The templates are then sent back to the BioNetrix Server, where the decision for access is made. If the variance between the two templates falls complies within the threshold set by the administrators, the user is granted access. If not, the user is denied access and must try again. The original user templates are stored in an encrypted structured query language (SQL) database. The integrity of the database is checked at a specified interval, which is every 10 minutes by default. It will lock out any account that is tampered with or corrupted. These templates are also encrypted as they are passed between the server and client. If a template is stolen, it must be decrypted within the allotted time interval. Along with the decrypted template, the user and policy information would be needed to use a stolen template for authentication, but they are not passed along with the template. One problem found in the implementation of BioNetrix is the inability of the program to lock an account. With Windows NT, an administrator can lock an account if the wrong password is supplied x number of times. This prevents someone from making an unlimited number of guesses at a password to try and logon. With BioNetrix, if a username and password did fall into the wrong hands, he may have an unlimited number of tries to imitate a voice, or find a way through the security. The Devices BioNetrix is an OEM product that takes products from different vendors and integrates their technologies into one authentication product. BioNetrix has one administrator program which is used for all of the supported devices on all of the client machines. The devices can be used individually on a client or multiple devices can be installed in a multiple-device configuration. Access policies for groups can be configured to individual needs, much like policies are used in NT. For example, an administrator may have to pass an iris scan, a voice recognition, and a fingerprint device. Where a normal user may only have to pass one or two of the three. This would require a more powerful user to attain a higher level of security. The devices currently supported by BioNetrix Authentication Suite version 3.1 are:
Veridicom Fingerpoint Veridicom Fingerpoint is a device based on fingerprint verification recognizable biometric. The hardware device looks similar to a personal computer (PC) mouse, with a window where the finger is placed during the scanning process. The installation is straightforward. It plugs into the PC’s parallel port and splits power with the keyboard. After installing the driver, the device is ready to scan fingerprints. Enrollmenting To enroll a user in the BioNnetrix Suite, a GUI with the outline of two hands will appear on the screen. After clicking on the tip of one of the fingers, the scanner will begin looking for a fingerprint to scan. A user then places his finger on the window, and a print is taken and displayed in the GUI. The user then has the opportunity to reject that print and retry if he thinks a better image can be obtained. The user is able to enroll multiple fingers, or just one, whichever he prefers. If multiple fingers are enrolled, he may authenticate by placing any one of those fingers on the window and it will automatically scan each of his prints for a match. This is especially useful if a user is holding something in one hand when trying to authenticate.In other words, any of his prints will do. In a fingerprint, there are places where ridges divide and merge, or where they just end. Veridicom stores the locations of these characteristics, and creates a map of the print. To authenticate, a certain number of these characteristics must align with the original. With BioNetrix, the authenticator can set a percentage of matched characteristics for authentication. Our Finding results In tests at the Technology Integration Center, Veridicom Fingerpoint worked reliably pretty well. After enrollment, prints were regularly authenticated by the program. It did not have any problem recognizing any of the enrolled prints. If the finger was off-center or misaligned, it would not authenticate, but a message is displayed in the GUI directing the user to change the position of the finger. It did not seem to matter if the finger was dirty or not. Even a finger entirely covered with ink posed no problem. Obviously something that totally filled or altered the actual ridges denied access, but a lightly soiled finger did not prohibit access. This product would work well for the Army. It could easily be integrated into current workstations now in use. It is easy to use and offers an adequate level of security while requiring a smaller investment than many other devices. One drawback to this device is in situations that require the user to wear gloves, like a soldier wearing a Mission Oriented Protective Posture (MOPP)mop suit. Visionics FaceIt Visionics FaceIt is a face recognition program that verifies the identity of a person and grants access to a computer and its resources. Installation of this device is also fairly easy. The supplied camera plugs into the parallel port, and shares power with the keyboard. Simply installing the driver will set the computer up for face recognition. Enrollement To enroll, a GUI appears with a live shot of what the camera sees. After focusing the camera, the user only needs to press the start button. The camera tries to locate a face, and prompts the user to accept the photo as a "good picture". Once accepted, the camera automatically starts collecting shots of the user and prompts him to vary his pose while the camera continues to take photos. The user can delete poor photos and have them retaken as he wishes. After the photos are taken, they are stored in his template to be used at authentication. The enrollment process is easy because the interface is so well done. Pop-ups appear to help the enrollment along; the user only needs to push a few buttons. To make a template of the face, Visionics locates certain points on the face and creates a map. It analyzes the bone structure of the face so that a different hairdo or facial hair should not cause a denial. It is supposed to see through minor changes in a person like a new pair of glasses or a simple moustache. When a new image is compared to the master template, it is given a score. This score is compared to the threshold score which is set for the device by the administrator. If it meets the threshold, the user is granted access. Our Findings In our tests, this simply was not the case. Visionics FaceIt had a very hard time with the authentication process. Surprisingly, it was easily fooled. In our tests, two brothers could usually verify for one another. Granted, a set of identical twins would be very hard to differentiate one from the other., b But the program should not recognize one sibling who vaguely resembles another. In our tests, a set of brothers could usually verify for one another. Worse than that, a color printout of a 300 dots per inch (dpi) JPEG image of the user was able to authenticate as well. This is totally unacceptable. It is amazing that an image with resolution so poor and an overall picture so grainy can authenticate so easily. The score given to the JPEG image is very close to the score given to the actual live user. Thus, setting the threshold to a higher level will not only exclude the image, but the actual user itself. BioNnetrix Authentication Suite includes an OEM version of Visionics FaceIt. To the credit of Visiononics, another version is available which has the option to require the subject to blink or smile. In the future, BioNetrix may want to consider including this capability. This product has several other problems.
Miyros TrueFace Another face recognition device tested was Miros TrueFace. This product used the same hardware camera that the previousVisionics FaceIt product did, along with a dongle. This dongle plugs into the parallel port, and the camera plugs into it. It shares power with the keyboard. Enrollment The enrollment on Miros TrueFacethis product was essentially the same as FaceItas the previous face recognition product. A different look to the GUI was all that separates the enrollment of the two products. As was the case before, enrollment was very simple and straightforward. Our Findings This product was not as easily deceived (e.g., siblings) as did not have the same problems that Visionicshad. An image placed in front of the camera was never able to verify a user,. b But the same problems with lighting and location apply to this product. Though this product scored better than Visionics, iIt would also have to be classified as an immature technology. Veritel Voice Verification Veritiel Voice Recognition is simple to install. The user must plug a microphone into the sound card’s mic or line- in jack. There is nothing elsemore to do. Today, microphones are very common accessories. Because of this, Veritel is the least expensive and the easiest to install of all the biometric devices we tested. Enrollment The enrollment process is extremely simple. Not only is there a small GUI showing the user what is happening, there are voice commands that lead him through the whole process. A start button must be pressed, and then a voice prompts the user for his name. It then asks the same question a second time. This is repeated for the user’s favorite color, birthplace, mother’s name and month of birth etc. If the program does not get a good sample, it simply asks again. When the computer finishes its questions, the enrollment process is complete. Our Findings To verify a user with Veritel Voice Recognition, the questions asked must be answered with a voice that maps closely to the original samples. In our tests, Veritel prompted the user for five different samples: name, birthplace, month of birth, mother’s name, and favorite color. When authenticating, the program randomly asks for two of the five samples questions asked at enrollment. If the voiceprints of the responses are a close enough match, he is granted access. Veritel, like every other biometric, compares the new sample to the template and gives it a score. It simply needs to be higher then the threshold to gain access. An administrator is able to change this threshold easily. Our tests showed that is simply knowing the answers was not enough easy for someone, knowing the answers, to verify on someone else’s account. Low scores resulted in every attempt to imitate the original voice. Unfortunately, a very simple approach easily fooled Veritel. By using a simple hand-held tape recorder, we were able to play back an audio recording of the answer to gain access to the computer. We used a typical analog tape recorder which can be found in many office closets. There were no special features to it. When prompted by the computer, the play button was pressed, and the sample was authenticated by the program. The score given to the recording is almost identical to the live subject. Though gaining voice samples are much more difficult than a photo, a recording device could be placed near the target’s computer, and samples could be gained as he accesses his own computer. This is made more cumbersome by having two random queries, but it is still relatively easy to deceive. A test performed on this biometric, that could not be performed on fingerprint and face recognition devices, was authentication through a MOPP suit. Fingerprints cannot be taken, and there is no way to recognize a face through the mask,. bBut, speech can travel through the mask. The only drawback is that the user must have dual accounts: with and without the mask. As the voice travels through the mask, it changes becomes too much distorted for authentication,. sSo a separate user account with the mask is necessary for access. The technology product seems to filter the voices of different people very well, but Veritel needs to find a solution to a recorded voice fooling its software. Again, like face recognition, this technology does not yet offer the level of security necessary in today’s world. IriScan Of the products we tested, IriScan was the most difficult to install. A new peripheral component inter-connect (PCI) card had to be placed on the motherboard of the PC, and a hand-held camera plugged into the card. Certain databases had to be installed on the computer, as well as the drivers for the hardware. The installation process is documented in the user guide, but we still needed to call the customer - support may still be needed. Of the devices tested, IriScan would have to be the most intrusive. This is not to say that using IriScan is a negative experience, but since it is a newer technology, users will be unfamiliar with its workings. It will be awkward for the first few uses. Users may also be apprehensive about putting things near their eyes for fear of some kind of radiation, etc. Like every other product in the BioNetrix Suite, Iriscan enrollment is clear and straightforward due to a well-made GUI. After choosing either the left or right eye, a live shot of the camera appears on screen, and the user is directed to place the camera directly in front of his eye. The user then has to find a position where the eye appears in focus, which is about three inches away. With one eye looking into the lens, and the other eye looking at the computer screen, the user can move the camera in and out to enable the program to get a valid sample. This is rather awkward for most users. Once the sample is taken, a conformation screen appears, and the user has the chance to accept or reject the image. Our Findings The authentication of a user is almost identical to his enrollment. He just places the camera in front of his eye and the program authenticates within a second or two. There is no way to vary the settings on this product. It either passes or fails. Despite a few bugs in the BioNetrix Administrator Program that affected this product, the actual product worked very well. IriScan was able to enroll/authenticate users with glasses and contacts without any problems. We tried using colored contacts, which have different colors and striation patterns printed on them, and found no negative results. When tested with a gas mask, IriScan was able to authenticate the user without any difficulty. This technology seems to be a great fit for any organization wanting to secure its resources. Though more costly than the other devices tested, IriScan can be used at individual workstations, at the entrance to secure rooms, and in the field where the use of a mopMOPP suit is required. Despite the software glitches in BioNetrix Authentication Suite, the actual IriScan product was the most versatile and secure of the devices, and would be recommended before any other of those devices. IriScan is actively seeking to make their product easier to use. They have just released a camera version, which will replace the awkward hand-held version now in use. It is a Universal Serial Bus (USB) device, which does not require the additional PCI card. It is advertised to be less awkward, but we have not yet tested it. BioNetrix Authentication Suite As a whole, the BioNetrix Authentication Suite is a product which is easy to use and easily adapted to different situations. It has a central administration program which allows the administrator complete control of the entire program. He can put multiple devices on a workstation, and select which device, or chain of devices, is to be used for each individual user. He can change user groups and policies the same way he would do so in an NT domain. A significant advantage of this product is the ease and intuitiveness of the administrator program. The BioNetrix Suite had the following problems:
BioNetrix Authentication Suite is close, but not yet ready for widespread use. It should be considered as a viable security measure in the future once the patch for the Administrator program is released. Of the five individual devices tested, only two seem advanced enough to be used in a security setting, Veridicom Fingerpoint and IriScan. As far as tactical situations where a MOPPmop suit is required, Veritel Voice Verification and IriScan are the only devices that make authentication possible. Summary Secure computers and networks of the future will include biometric devices. It is an easy and sure way to identify a user. The Army will be well served by this technology. There are devices today that can offer a very high level of security, and many other devices will attain this level in the near future. Acronyms and Abbreviations DNA: Deoxyribonucleic Acid dpi: dots per inch GUI: graphical user interface ID: identification MOPP: Mission Oriented Protective Posture PC: personal computer PIN: Personal Identification Number SQL: structured query language USB: Universal Serial Bus |
|
|
|
| Back to Technology | Back to top |
|
|