Heilman1

TheTopSecretsofBiometrics

PhilipHeilman

EnglishIIIStandardPd.2
Mr.Piatak
February26,2015

Heilman2

PhilipHeilman
EnglishIII
Mr.Piatak
February26th,2015
TheTopSecretsofBiometrics
TheworldofBiometricsengagesinmoderntimestodaybyfingerprintscanners.Major
companiesusethetechnologyinbiometricsforsecurity.Biometricsrelatestoarelativelynew
career,however,thehistoryworthdiscussing.Withoutproperlyexplainingthistopicitcan
becomeconfusing.Thepathtotaketobecomeabiometricengineermultipliesinnumbers.
Thehistoryofbiometricsdatesbackasearlyasthe1800sandgoestomoderntimes.
AlphonseBertillon,aPerisiananthropologist,discoveredasystemknownasbertillonage(Pike,
JohnE).Bertillonagebecameknowasaformofanthropometry.Thisrequiresnumerousof
precisemeasurementsofpartsofthehumananatomyforidentification.Scars,birthmarks,
tattoos,etcshowsanotherwayofrecordinginthissystem.Thesystemreliesheavilyonprecise
measurementsforidentificationpurposes.Fingerprintingcantracedasfarthe14thcenturyin
China.Thefingerprintbecameasignatureandauniqueidentificationability.
Fingerprintsstartedoutasameanforidentification.Fingerprintsstartedasaformof
criminalidentificationbyDr.HenryFaulds.Inthelate1870s,Fauldsbecameinvolvedin
archaeologicaldigsinJapanandnoticingfingerprintsonancientpottery.Helaterstudied
modernfingerprintsandwrotehisideastoCharlesDarwin.In1880,Fauldspublishedapaper
calledNaturemagazineonfingerprints.Heobservedthatfingerprintswereusedtocatch

Heilman3

criminals.WhileinTokyoFauldwouldusehisownfingerprintasasignatureoncontractswith
thelocals.SirFrancisGalton,whosharedtheknowledgeofFauldsresearchthroughhisuncle,
CharlesDarwin,wouldalsocontributetomakingsignificantadvancementtofingerprint
identification.SirFrancisGaltonmadehistorythoughhisuncleCharlesDarwin.Although
Galtonplannedtobecomeadoctorbutafterhisfathersdeath,hechoseadifferentpathafter
evaluatingtheinfluencedbyCharlesDarwin.Galtonbegandevelopingtheoriesoninherited
traitssuchasfingerprints.InGaltonlateryearhebegantothinkthatonesfingerprintsexpanded
thehumangeneticpuzzle.Galtonmadetheassumptionthatnotwofingerprintslookedalike
(
Pike,JohnE)
.Henotedthatdifferentiatingcharacteristicswouldshowintheridgeofthe
fingerprint.Alsothatthefingerprintwouldremainreliable,unchanging,andprovide
identificationthroughoutanindividual'slife.Thoughnoonewilleverknowwhooutofthe
threemendiscoveredfingerprintsasameansofidentification(
Pike,JohnE)
.
Thenumberofscannersintheworldtodaycompileendlessly,butthreetypesofscanners
stickout.Majorcompaniesusefacial,fingerprint,andvoicescannersforsecurity.Facial
recognitionsoftwarescanpickoutanindividualsfacefromacrowd,thenextractsthefacefrom
thecrowdandcomparestheimagetothedatabaseofstoredimages.Facialrecognitionusesa
PCattachedcameratorecordanindividual'sfacialgeometry.Thefacialrecognitionwouldscan
theindividual'sfaceandusethedistancebetweentheeyes,widthofthenose,depthoftheeye
sockets,theshapeofthecheekbones,andalsothelengthofthejawline(Bonsor,Kevin,and
Ryan).Thesepoints,calledafaceprint,representsthefaceinthedatabase.Oncethebiometric
databecomesstoredinthecomputer,theindividualsfacewillcomparedwiththestoreddata
versustheliveface.Mostoftheimagesbecome2Dimagesandcomparetotheother2Dstored

Heilman4

image.Togetanexactmatch,orclosetoone,thevictimmustlookdirectlyatthecameraorelse
thephotowillnotwork.Inmoderntimes,companiesuse3Dfacialscannerinsteadof2D.The
systemgoesthroughfivestepstocaptureafacein3D.Itacquirestheexistingphotograph(2D)
orbyusingthevideoimagefromthelivefeed(3D).Oncetheimagehasfinalizethesystem
determinestheheadsposition,sizeandpose.Later,thesystemusessubmillimeterstomeasure
thecurvesofthefaceandcreatesatemplate(Bonsor,Kevin,andRyanJohnson).Thesystem
translatesthetemplateintoauniquecode.Thiscodinggiveseachtemplateasetofnumbersto
representthefeaturesonasubject'sface.Whena3Dimageistaken,usually3differentpoints
becomeidentified.Forexample,theoutsideofthe
eye
,theinsideoftheeye,andthetipofthe
nosebecomesextractedandmeasured.Oncethosemeasurementsshowinplace,astepbystep
procedure,knowasanalgorithm,willappliedtheimagetoandconvertittoa2Dimage.After
conversion,thesoftwarewillthencomparetheimagewiththe2Dimagesinthedatabasetofind
apotentialmatch.Inthepast,theprimaryuseroffacialrecognitionsoftwaresuchaslaw
enforcementagencies,usedthesystemtocapturerandomfacesincrowds.Somegovernment
agencieshavealsousedthesystemsforsecurityandtoeliminatevoterfraud.TheU.S.
governmenthasrecentlybegunaprogramcalledtheUnitedStatesVisitorandImmigrantStatus
IndicatorTechnology(USVISIT),aimedatforeigntravelersgainingentrytotheUnitedStates.
AirportsandUSVISITalsousefingerprintscannersfordatabaseusage.
Thefingerprintscannercomesintwodifferenttypes,CapacitanceandOpticalscanners.
Thetwobasicjobsafingerprintscannerimplymakinganimageofone'sfingerandalsomatch
theimageofthefingerfromprescans.Thescanneritselfshinesalightthroughaprismthat
reflectsofftheindividualsfingertoachargecoupleddevice(CCD)(Harris).Beforecomparing

Heilman5

theimagetothestoreddata,thesystemmakessuretheimagebecomesviewablebefore
continuingontothenextstep.Duringthescaniftheimagebecomestoodarkortoolight,the
scannerwillrejecttheimage,adjustwhatisneeded,andretaketheimage.Thesystemalso
knownasaopticalscanners.Unliketheopticalscanner,thecapacitancescannersfocusesonthe
ridgesandvalleysinanindividual'sfingerprint.Insteadofusinglight,liketheoptical,the
capacitanceuseselectricalcurrentswithinthesystem(Harris).Thecapacitivesensoruses
semiconductorchipscontainingtinycells,whicheachincludestwotinyconductorplates.These
microscopiccellsbecomesmallerthanonesridgeonafinger.Thescannerprocessorreadsthe
voltageoutputofthecharacteristicsofaridgeorvalley.Afterthesystemreadthevoltage,the
scannerprocessesthefingerprintandmakestheprintintoanimage,similartotheimage
capturedbytheopticalscanner.
Avoicerecognitionvoiceprintknownasaspectrogram,whichgraphssound
frequenciesonaverticalaxisandtimeonthehorizontalaxis.Allofthevoicesintheworld
developveryuniquelyandnoonecanduplicateanindividual'svoice,noteventwins.Two
componentsmakeupspeech,aphysiologicalcomponent(thevoicetract),andabehavioural
component(theaccentwithinthevoice).Somecompaniesusevoicerecognitionsothatpeople
cangainaccesstoinformationoveracellphonewithoutshowingupattheaccesspoint.Speech
recognitioncandivideintotwomethods,textdependentandtextindependentmethods
.
Text
dependentreliesonapersonsayingapredeterminedphrase,whereastextindependentcan
containanytextorphrase.Themethodscaneasilybecomedeceivedbysomeoneplayingapre
recordedphraseofapersonwhosealreadyauthorized.Aspeechrecognitionsystemhastwo
phases.Enrolmentandverification.Duringenrolment,thespeaker'svoicebecomesrecorded

Heilman6

andtypicallyanumberoffeaturesareextractedtoformavoiceprint,template,ormodel.Inthe
verificationphase,aspeechsampleorutterancecomparesagainstapreviouslycreated
voiceprint.Foridentificationsystems,theutterancecomparesagainstmultiplevoiceprintsin
ordertodeterminethebestmatchormatches,whileverificationsystemscompareanutterance
againstasinglevoiceprint.Duetothisprocess,verificationbecomesfasterthanidentification.
Everbodylovestohavesomeprivacytothemselvesright,buteverybodydoesnot
receive.Themorecomplexthepasswordbecomesthehardertoguessandbecomesmoresecure.
Butthemorecomplexpasswordthemorelikelytoendupwrittendownorstoredinaeasily
accessiblelocation.Thusthepasswordbecomeslesssecure.Passwordsecuritybecamethe
commoncoldofthetechnologicalage.Thetechnologiesthatpromisedtoreducedependenceon
passwords(biometrics,smartcards,keyfobs,tokens)haveallthusfarfallenshortintermsof
cost,reliabilityorotherattributes.Apersistentproblemthatseemstostayunsolved.Ongoing
newsreportsaboutpasswordbreachesshowthatpasswordsecuritybecomesmoreimportantday
byday.(Baldwin,Howard).
Theproblemswithpasswordstodaybecomesmoreandmorepopularwithsecurity
issues.Bothweakandstrongpasswordsbecomevulnerabletohumanerror.Amongotherthings,
theymayendupwrittendown,storedinvisibleplacesonline,evenonapersonaldevices,or
sharedwithfriendsandcoworkers.Complexpasswordannoyhackersbecauseitwilltakelonger
tocrackthecode.Thesolutiontothisproblemfollowstwopaths.Asinglesignon(SSO)
technologyortheLightweightDirectoryAccessProtocol(LDAP)(Baldwin,Howard).The
singlesignonformsapropertyofaccesscontrolofmultiplerelated,butindependentsoftware
systems.Withthispropertyauserlogsinonceandgainsaccesstoallsystemswithouthavingto

Heilman7

loginagainateachanindividualwantstoaccessinformation.Asimpleversionofsinglesignon
canshowachievementbyusingcookiesbutonlyifthesitesconnectonthesamedomain.
Benefitsofusingsinglesignoninclude:reducingpasswordfatiguefromdifferentusernameand
passwordcombinations,reducingtimespentreenteringpasswordsforthesameidentity,

reducingITcostsduetolowernumberofIThelpdeskcallsaboutpasswords.
SSOshares

centralizedauthenticationserversthatallotherapplicationsandsystemsuseforauthentication
purposes.Alsocombinesthiswithtechniquestoensurethatusersdonothavetoactivelyenter
onescredentialsmorethanonce.TheSSOalsohassomedrawbacks.Singlesignonalsomakes
theauthenticationsystemshighlycriticalalossofavailabilitycanresultindenialofaccessto
allsystemsunifiedundertheSSO.SSOcanconfigurewithsessionfailovercapabilitiesinorder
tomaintainthesystemoperation.Nonetheless,theriskofsystemfailuremaymakesingle
signonundesirableforsystemstowhichaccessmustallowaccessatalltimes,suchassecurity
orplantfloorsystems.TheLightweightDirectoryAccessProtocol(LDAP)demonstrates
anothersolution.TheLDAPformsanopen,vendorneutral,industrystandardapplication
protocolforaccessingandmaintainingdistributeddirectoryinformationservicesoveranInternet
Protocol(IP)network.Directoryservicesplayanimportantroleindevelopingintranetand
Internetapplicationsbyallowingthesharingofinformationaboutusers,systems,networks,
services,andapplicationsthroughoutthenetwork.TheLDAPprovidesacommonusageofthe
singlesignonprogram/system.AclientusingtheLDAPsystemmayrequesttheseoperations.
StartTLSusetheLDAPv3Transport,LayerSecurity(TLS)extensionforasecureconnection,
BindaauthenticationandspecifyLDAPprotocolversion,Searchasearchforand/orretrieve
directoryentries,Compareatestifanamedentrycontainsagivenattributevalue,Addanew

Heilman8

entry,Deleteanentry,Modifyanentry,ModifyDistinguishedName(DN)moveorrenamean
entry,Abandonabortapreviousrequest,ExtendedOperationgenericoperationusedtodefine
otheroperationsand,Unbindclosetheconnection(nottheinverseofBind)(
"Lightweight
DirectoryAccessProtocol.")
.Overall,theSSOmakesuserslivessimplerandLDAPmakes

securityadministrationeasier.(Baldwin,Howard).MarkMcCurrybecameaInformation
TechnologistorITforshort.TobecomeanITconsultant,onemusttakecommunication,
business,andprogramming.TheprogrammingclassbecameimportanttoMr.McCurrybecause
itshowedthatthetroubleshootingportionoftheclasscansolveanyproblemsinthisfield.The
beststepsMr.McCurrytookaftercollegeconnecterFaith,Networking,andRelationships.Mr.
McCurrybecameinterestedinthisfieldduringthe4thgrade.Histeachershowedhimtheworld
ofprogrammingfromthere.Mr.McCurryusesaconceptofWhenitrains,itpoursconcept.It
dependsontheday,someendupcalm.Whichallowshimtoworkonlongtermprojects.Other
dayshecanworkfromhishomeoffice.FlexibilitybecameMr.McCurryfavoritethingabouthis
jobbutontheflipsideselfreliancemakesitdifficult.TheresponsibilitiesofanITConsultant
areveryhigh.MakingonemistakeinamajorcompanyasanITguy.TheITguycanscrewup
thesysteminthematterofseconds.ExpectationversusrealityforMr.McCurryendedup
makingaboatloadofmoneyforhisexpectation.Butrealitybecamejustanothercareer.Mostof
therealityrequiresaboatloadofsacrifice.Onlythetrulysuccessfulknowhowtobalancework
andlife.Thebestwaytoprepareforthiscareerengageonlearningonhowthingswork,learn
process,andmostlylearnpeople.
BiometricsstartedasasmallsimplecontractbackinChinainthe14thcenturyandnowit
hasbecometheworldofsecurity.Manypeopleseebiometricseverywhere,eveninyourvery

Heilman9

hand.Theiphone,aprimeexample,showsusbiometricstounlockthephonewithyour
fingerprint.OthersseebiometricsinmoviessuchastheAvengers.Theworldusesbiometrics
eveniftheyknowitornot.ThedifferenttypesofbiometricsgoesfromFingerprintscannerto
SSOandLDAPsystems.Theworldusesiteveryday.Thinkaboutit.

Heilman10

WorkCited
Baldwin,Howard."WhyPasswordsStillFailUs."
Computerworld
46.20(2012):28.
MAS
Complete
.Web.5Jan.2015
http://search.ebscohost.com/login.aspx?direct=true&AuthType=ip,custuid&custid=s8455861&db
=mat&AN=83319859&site=srclive

Bonsor,Kevin,andRyanJohnson."HowFacialRecognitionSystemsWork"04September2001.
HowStuffWorks.com.24February2015.

http://electronics.howstuffworks.com/gadgets/hightechgadgets/facialrecognition.htm

Harris,Tom."HowFingerprintScannersWork"24September2002.HowStuffWorks.com.24February
2015.
http://computer.howstuffworks.com/fingerprintscanner.htm

"LightweightDirectoryAccessProtocol."
Wikipedia
.WikimediaFoundation,5Jan.2012.Web.15Mar.
2015.
http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol#cite_note10
McCurry,Mark(2015,February18th)EmailInterview

Pike,JohnE."HomelandSecurity."
Biometrics
.N.p.,13July2011.Web.17Feb.2015.
http://www.globalsecurity.org/security/systems/biometricshistory.htm