Biometric devices are defined as the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In computing terms it refers to the ability for a computer to uniquely identify a person based upon uniquely identifiable physical or behavioral traits of humans. It is in general considered to be the most secure form of authentication available to date. There exist at present several different types of biometric devices each with its pros and cons. The focus in today’s world has shifted from trying to find a perfect type to device to focusing on perfecting facial recognition systems which have become somewhat the standard in real world applications, they are already in place in many different locations, such as amusement parks, high security areas, and it was also used in a large scale in the superbowl for the past several years. This paper will attempt to cover the most popular types of biometric devices and explain their strengths and weaknesses compared to each other.
COMPARING BIOMETRIC DEVICES
When comparing biometric devices it is important to decide and have an agreed upon standard as to what a biometric device needs to do, the following listed items are all goals of biometric devices, when comparing upon them we will have a better understanding of each device individually.
- Universality – Does Each Person Have It?
- Uniqueness – Is It Unique Per individual?
- Permanence – Does It Have Lasting Power?
- Collectability – Is It Measured Easily?
- Performance – Is The Device Accurate, Fast?
The previous categories are somewhat self explanatory, but I will give some minor details regarding them. An absolute necessity to measuring authenticity in biometric devices is uniqueness, without uniqueness the ability to authenticate is completely compromised. The other attributes are also very important, however they seem to be where different devices vary, and all biometric devices generally have uniqueness. There are also several other areas in which comparison of biometric devices is made easier if a standard exist, these include:
- Reliability(Causes of Errors)
- False Positives
- False Negatives
- Ease Of Use
These also are rather self explanatory with the expectation of false positive and false negative. A false positive is how easy a fake user can impersonate a real user. While a false negative is how often a real user is denied access. All of these areas of error can be very problematic in a real life implementation of any biometric security system.
There are several different types of biometric devices, these include:
- Face Recognition
- Iris Recognition
- Retinal Recognition
- Hand Geometry
- Voice (could also be classified as a physiological characteristic, however recently it is more focused on how one speaks to uniquely identify, thus making it behavioral based)
Physiological Based Devices
I will begin by discussing fingerprint scanners; they are very good at identifying a unique individual because a fingerprint is very unique to each person. Some factors that may contribute to a false positive or a false negative reading include: age, dirt, and cosmetics, such as band-aids. There has also been some controversy as to the ability for someone to obtain a fingerprint from someone and fraudulently use it to authenticate themselves. These concerns are largely eliminated with more expensive systems, because they have sensors capable of detecting blood flow in a finger, thus making fake (non-fingers) and severed fingers fail to be read even if the print is intact. In general, the rate of errors while using a fingerprint scanner is 1 in 500+. Which makes them relatively good compared to other devices. Facial recognition is the use of a camera, or sensor to uniquely identify ones face. They in general are moving away from simply matching a face to a stored face in a database, which was easy to be fool if a person had grown a beard, or shaved their face. This also gives the ability to recognize a face without a full view of the face, or a side view. There are still a few things that could throw off a facial recognition system which include lighting. More in-depth details on facial recognition system will be discussed later. Iris scanners authenticate a user by reading the surface of one’s iris. The iris of a person is considered to be nearly as unique as a fingerprint, with 200 plus points of comparison. They in general are fairly hard to fool, with an acceptance rate of nearly 1 – 131,000. Which is a very good number compared to other biometric devices. The iris scan itself is capable of a false reading only a few things, which include lighting, and glasses. Retinal scanners are similar to iris scanners, however they read the layer of the blood vessels behind the eye. They are considered to be highly effective. A major improvement over iris scanners is that retinal scanners are capable of authenticating those who are blind, or those who have lack of pigment in there iris. They are however, considered less convenient then iris scanners because of their invasive nature. They by nature of how the device works require the person who is being authenticated to be very close to the device itself, which scares some people. In general however, they are hard to fool, and have an error rate of only 1 in 1,000,000, which is exceptional among all biometric devices. Hand geometry is one of the first types of biometric devices, given its age, advancements have made comparable in effectiveness to other biometric devices, however there are still causes for error. These include age, and hand injury, and well as jewelry and band-aids. All in all, the rate of spoofing a hand geometry device is relatively low, and the error rate is 1 in 500, making it somewhat similar to fingerprint scanners prior to their implementation of blood flow sensors being imbedded in fingerprint scanners.
BEHAVORIAL BASED DEVICES
The previously mentioned biometric devices are all what would be considered physiological based devices. They are all based upon intrinsic traits that a particular person themselves has. There is an additional broad category of biometric devices based upon behavioral traits of human beings; these include keystrokes, and voice recognition. These types of biometric devices are less common, and in some instances more expensive and difficult to implement given the added complexities involved in authenticated a user, because information must be thoroughly analyzed, and not just matched to a previously stored template. Key stroke biometric devices authenticate a user based on the rhythmic typing patterns used by individuals. These include time it which it takes for an individual to type a most of the time secret password. It may also include in some more expensive models the ability of sensing hand placement on the keyboard. Given the fact that a secret password is also required, the keystroke analyzer is considered relatively secure, and however it is not very frequently implemented. Some weaknesses to the devices include fatigue and injury, all of which would alter the way one types a passphrase. Voice recognition is considered a behavioral based biometric device because typically in the advancements of biometric devices the focus of voice recognition is on how a person speaks, and not what they say. Thus, these devices often measure pauses, accents, as well as what the person says. The fact that the said statement is often unknown, and it acts like a password offers some additional security to this device; however it is not considered to be a very secure method of authentication. Typically, these types of biometric devices are used for server or PC which only have a few authenticated users. The cost of these types of devices varies, but it is in general a relatively expensive system to implement. Many outside factors contribute to the devices not being very secure, which include weather, and background noise. The focus of future advancements seems to be focusing on eliminating or at least lessening the effects of outside noises on such devices.
FOCUSING ON FACIAL RECOGNITION
As previously mentioned, I would address facial recognition systems with further detail given their increasing popularity. Today the world of biometric research is focusing on perfecting and implementing wide scale facial recognition systems. From systems which are used today such as law enforcement systems and border/immigration control the field of facial recognition biometrics is expanding to include wide-spread large scale identification of suspects or specific people, even in a large crowded room. The type of technology that completes this type of task is currently in use by the military, but still has a large number of false positives and false negatives when attempting to match a known face. Things such as wearing mask, sunglasses and making gestures are enough to obstruct some of the poorer models. In many test cases these devices proved to only have a 60-70% success rate. The company Facelt is becoming a popular manufacturer of facial recognition systems. Currently they have a system which can distinguish a face to a high degree of accuracy using the distance and shape of certain facial “landmarks” including the distance between the eyes, width of the nose, depth of the eye socket. Ect.
Future advances in the area of facial recognition look promising, the focus appears to be shifting from traditional 2D “image mapping” to 3D facial recognition. By measuring the face in a 3D model, the image cannot be interfered by light, and is capable of profiling a face from a complete 90 degree angle. There are also recognition software devices that are using the texture of skin in identifying subjects that are currently being researched. The company Identix has developed a scanner that in test results was capable of identifying between identical twins. This type of recognition has focused on eventually implementing facial texture analysis in conjunction with another form of facial recognition to help eliminate the number of false readings. These systems are currently capable of identifying even through glasses and beard/mustache growth. However they are incapable of recognizing a face because of sunglasses, and lighting/resolution issues that are working to be resolved currently.
In conclusion it appears as though the majority of scientist and researchers have concluded that the shift to facial recognition biometric security devices has shifted so that this agreed upon standard will be used in everyday modern life during such activities like using a passport, and withdrawing money from an ATM without a pin number.
The future of biometrics appears to be very bright; however there appear to be some major concerns. The majority of concerns focus around privacy. The question remains, who, if anyone can be trusted with vital personal information from millions of people that is who can be the trust anchor for distributing this information, and do so in a way that is a impossible as possible to intercept. Given this problem some new forms of encryption information need to be developed. In addition to this privacy concern, there is also the privacy concern regarding the possible misuse of personal information. It needs to be determined if someone with bad intentions could use the information regarding your facial configuration for example what can they do with it, and what additional security measures can be put into place to guarantee that the person is who they say they are.
There are some future technological advances that are expected in the near future. A large project undertaken by the U.S. government is to create some form of biometric passport device, something that will aid in the tracking of immigrants to this country, not so much the actions of U.S. citizens, this of course will only been known as time passes, and may cause other security issues itself. There are some additional consciences about how biometric devices such as facial recognition can be implemented widespread, but be able to encapsulate all, if at worst well of 95% of people are able to be authenticated through a device, or a combination of devices. This includes coming up with more additional ways to authenticate people with facial deformities, identical twins, and perhaps make the facial recognition system even easier to use, so that there is little if any use time for the device, thus keeping the public using the device happy.
In conclusion, it can be seen from this paper that there are many different types of biometric devices, each of which have positive and negative attributes about them. These devices include the more popular choices like fingerprint scanners and facial recognition systems, as well as less common, older systems, like hand geometry and keystroke sensors. It can be seen that facial recognition appears to be the upcoming standard; however it still has its problems, which are in the process of being solved. The future of biometrics looks promising; however it will not be without challenges. There are major privacy concerns about who should have access to vital very private data, regardless if this data is useful on its own or not. Regardless of the advances however, it appears as though traditional problems like encrypting data will still need to be address, and advanced. There will need to be some additional concentrations on implementing this type of authentication for all people, which proves to be a very difficult task, given the wide range of person body appearances.