Rebecca Heyer
DSTO-GD-0538
ABSTRACT
RELEASE LIMITATION
Executive Summary
In recent years automated biometric systems have been developed to facilitate a range of
functions broadly categorised as verification or identification functions. Such automated
systems offer advantages over current strategies including the elimination of fatigue
effects associated with human performance and adding the possibility of measuring
features (e.g. iris pattern) that cannot be readily sensed by humans. Biometrics have been
successfully applied across a range of procedures and processes to enhance security
including physical and logical access control, management of major plant and machinery,
weapons control, identity management, and personnel management. Automated
biometric systems need to be seen as an adjunct to existing systems, adding to techniques
already used, and organisations contemplating the adoption of biometric technology need
to understand that there are a range of issues that should be addressed. Privacy and
security concerns, the vulnerability of biometric systems to attack, the importance of
usability and user acceptance, training and education and a range of integration and
support requirements all need to be addressed.
This paper is an updated version of the Biometrics Technology Review 2002 paper
published in 2003 by Blackburn et al * . After an introduction, and in line with its
predecessor, the paper provides an overview of the basic elements of biometrics (Section
2); a detailed examination of current and future biometric technologies (Section 3);
discusses the many different applications of biometrics (Section 4); and highlights the
current issues associated with using such technology (Section 5).
Meaney K, Smith B and Sunde J 2003, Biometrics technology review 2002, DSTO-GD-0359
Contents
1. INTRODUCTION ............................................................................................................... 1
2. BIOMETRICS BASICS....................................................................................................... 2
2.1 Components of a biometric system ....................................................................... 2
2.2 Pattern recognition ................................................................................................... 3
2.3 Error rates ................................................................................................................... 4
2.4 Biometric applications ............................................................................................. 5
2.4.1 Verification ................................................................................................. 6
2.4.2 Identification .............................................................................................. 6
5. ISSUES ...................................................................................................................... 40
5.1 Security concerns - biometric vulnerabilities.................................................... 40
5.1.1 Addressing biometric vulnerabilities ................................................... 42
5.2 Usability and user acceptance .............................................................................. 44
5.3 Health concerns ....................................................................................................... 46
5.4 Privacy issues........................................................................................................... 47
5.5 Integration and support requirements................................................................ 49
5.5.1 Education and training ........................................................................... 50
5.6 Evaluation requirements ....................................................................................... 51
5.7 Interoperability issues ........................................................................................... 51
6. CONCLUSION .................................................................................................................. 52
7. REFERENCES..................................................................................................................... 53
Figures
Figure 1: The technical components of a generic biometric system.................................... 3
Figure 2: Detection error trade-off: FMR vs. FNMR (reproduced from Mansfield et al, 2001)
....................................................................................................................................................... 5
Figure 3: Minutiae ...................................................................................................................... 8
Figure 4: Optical fingerprint sensor......................................................................................... 8
Figure 5: Capacitance fingerprint sensor and output ........................................................... 9
Figure 6: Ultrasound fingerprint sensor ................................................................................. 9
Figure 7: Thermal fingerprint sensor....................................................................................... 9
Figure 8: 3D fingerprint image ............................................................................................... 10
Figure 9: Face measurements.................................................................................................. 10
Figure 10: 3D face images........................................................................................................ 11
Figure 11: Decreasing error rates for face recognition technology 1993-2006 ................. 13
Figure 12: Collage of irises ...................................................................................................... 13
Figure 13: Desktop iris scanning ............................................................................................ 14
Figure 14: Speaker recognition headset and microphone .................................................. 15
Figure 15: Hand geometry sensor for access control........................................................... 16
Figure 16: Signature verification ............................................................................................ 16
Figure 17: The eye..................................................................................................................... 17
Figure 18: Scanning area of the retina ................................................................................... 17
Figure 19: Retina scan of Iraqi Army recruit ........................................................................ 18
Figure 20: A DNA molecule.................................................................................................... 18
Figure 21: Schematic diagram of an electronic nose............................................................ 18
Figure 22: Ear biometric .......................................................................................................... 19
Figure 23: Vein scanner ........................................................................................................... 19
Figure 24: Fingernail bed scanner .......................................................................................... 20
Figure 25: Brainwaves depicted in an electrocephalogram trace ...................................... 20
Figure 26: Identification by analysis of physiometric variation ........................................ 21
Figure 27: Facial thermogram................................................................................................. 21
Figure 28: Gait as a biometric ................................................................................................. 22
Figure 29: Lips as a biometric ................................................................................................. 22
Figure 30: Dynamic grip recognition sensors on a handgun ............................................. 23
Figure 31: Different shapes and surface textures of the tongue ........................................ 24
Figure 32: Biometric/fingerprint mouse............................................................................... 30
Figure 33: Biometric/fingerprint mobile phone .................................................................. 30
Figure 34: Sensor-on-card system .......................................................................................... 31
Figure 35: Match-on-card system........................................................................................... 31
Figure 36: Template-on-card system ..................................................................................... 32
Figure 37: Qantas aircrew member using a Smart Gate terminal ..................................... 35
Figure 38: Fingerprint scanner at a sporting arena in Amsterdam ................................... 36
Figure 39: Face recognition at a distance (50-300m) ............................................................ 39
Figure 40: Biometric threat vectors (reproduced from Roberts, 2007).............................. 42
Tables
Table 1: Classification of biometrics (adapted from Bolle et al, 2004) ................................ 7
Table 2: Benefits and disadvantages of fingerprint, face, iris, speaker/voice and hand
biometrics (reproduced from www.dell.com) ..................................................................... 25
Table 3: Comparison of Biometric Technologies ................................................................. 25
Table 4: Parameters to guide selection of biometrics (from Sanderson & Erbetta, 2000)26
Table 5: Parameters to guide selection of face, fingerprint and iris biometrics in the
Defence environment............................................................................................................... 27
Table 6: Factors that impact on biometric system usability and performance ................ 45
Table 7: BioPrivacy Application Impact Framework .......................................................... 48
Glossary
ADF Australian Defence Force
AGIMO Australian Government Information Management Office
ATM Automatic Teller Machine
BAT Biometric Automated Toolset
BISA Biometric Identification System for Access (US)
CAC Common Access Card (US)
CCD Charge Coupled Device
CCTV Closed Circuit Television
CESG Communications-Electronics Security Group (UK)
DBIDS Defense Biometric Identification System (US)
DET Detection Error Tradeoff (curve)
DGR Dynamic Grip Recognition
DNA Deoxyribonucleic Acid
DoD Department of Defense (US)
DSBTF Defense Science Board Task Force (US)
EEG Electrocephalogram
FBI Federal Bureau of Investigation
FMR False Match Rate
FNMR False Non Match Rate
FP Fingerprint
FRVT Face Recognition Vendor Test
FTA Failure to Acquire
FTE Failure to Enrol
FVC Fingerprint Verification Competition
HUMINT Human Intelligence
IBG International Biometric Group
ICAO International Civil Aviation Organization
ICE Iris Challenge Evaluation
INPASS Immigration and Naturalization Service Passenger Accelerated
Service System (US)
IT Information Technology
MIT Massachusetts Institute of Technology
MoD Ministry of Defence
NIST National Institute of Standards and Technology (US)
PIV Personal Identity Verification (US)
ROC Receiver Operator Characteristic (curve)
TWIC Transport Workers Identity Credential (US)
UK United Kingdom
UKBWG United Kingdom Biometrics Working Group
US United States
DSTO-GD-0538
1. Introduction
Biometrics is the measurement of personal physical features, actions or behavioural
characteristics that distinguish between individuals. Biometrics is not a new concept.
History suggests that potters from Asia and the Middle East used their fingerprints to sign
their work as long ago as 1500 BC (Down & Sands, 2004). Technology development in the
area, however, is a much newer concept. The history of biometrics, like most other
technologies, has followed a familiar route, beginning with an initial build up of excessive
optimism followed by a trough of scepticism as the limitations of the technologies became
apparent. Realistic expectations, combined with a plethora of research and development,
are now seeing many biometric systems reach the levels of success originally touted
(Simpson, 2007). In 2001 the MIT Technology Review named biometrics one of the ‘top ten
emerging technologies that will change the world’ and in early 2006 the International
Biometric Group (IBG) projected that global biometrics annual revenues would grow from
$2.1 billion in 2006 to $5.7 billion in 2010. IBG expect that the United States and Asia will
be the largest global markets for biometrics products and services in the coming decade
(http://www.biometricgroup.com/).
In recent years automated biometric systems have been developed to identify persons and
verify identity. The systems offer advantages over current recognition strategies, including
the elimination of fatigue effects associated with human performance and adding the
possibility of measuring features (e.g. iris pattern) that cannot be readily sensed by
humans. Automated biometric systems should be seen as an adjunct to existing personal
identification systems, adding to techniques already used. In addition to the development
of individual biometric systems, more and more research and development is being
devoted to multimodal biometric systems; those that use more than one biometric or more
than one measure of the same biometric, and thus increase levels of accuracy and security.
In early 2005, the military components of the US Department of Defense (DoD) were
surveyed to ascertain their level of current biometric usage, or intended future usage. At
that time, 83 different systems were reported including those based on fingerprints
(accounting for 65%), hand geometry (12%), iris (6%), multimodal systems (16%) and
other, such as deoxyribonucleic acid (DNA) (1%). The biometric systems in use at the time
primarily supported the areas of identity background checking, access control, and
detainee processing (Kauchak, 2006).
Biometric systems are socio-technical systems, comprising both the technology and a
range of social subsystems (such as the users and the environment/s in which the
technology operates). Biometrics can be applied to two types of problems: verification (i.e.
access control) and identification. Many technologies are suitable for access control type
applications, but identification applications typically result in relatively high error rates
(often due to the environment) and few technologies are suitable. Despite some successful
applications, biometric systems do have some limitations. Error rates still remain relatively
high for some methods, even in the areas where biometric measures are thought to be
unique to the person (i.e. fingerprints, iris). In these cases it is the measuring process itself
that produces uncertainties (such as the smearing of a fingerprint). Biometric systems are
also susceptible to attack and there remain a string of social, ethical and acceptance issues
1
DSTO-GD-0538
with their use. As such, there are many factors that need to be considered when
contemplating a biometric solution including technical, privacy and human factors issues.
This paper is an updated version of the Biometrics Technology Review 2002 paper published
in 2003 by Blackburn et al. After an introduction, and in line with its predecessor, the
paper provides an overview of the basic elements of biometrics (Section 2); a detailed
examination of current and future biometric technologies and applications (Section 3);
discusses the many different applications of biometrics (Section 4); and highlights the
current issues associated with using such technology (Section 5).
2. Biometrics basics
Biometric systems are socio-technical systems comprised of both technical and social
subsystems. The social aspects of the system include the users and the environment/s in
which the system operates. In technical terms, a biometric system consists of several
components (see Figure 1):
• A data collection component which collects the biometric data.
• A data storage component which stores the biometric data.
• A signal processing component which processes the biometric data.
• A decision component which makes decisions regarding matches between biometric
data and whether to accept or reject.
• A transmission component which aids the data collection, data storage and signal
processing components in compressing and expanding files required at different stages
of the process.
2
DSTO-GD-0538
All biometric processes require the comparison of measured data from a person with
known data from a database to determine if there is a match. There are two basic
approaches to the comparison problem. The first is based on the step-by-step construction
of the decision-making process, an algorithm, and the other is based on the use of some
form of ‘learning mechanism’ in which the decision-making algorithm still exists, but may
be hidden from the users, such as artificial neural networks. Whichever comparison
approach is adopted, each biometric system recognition process is comprised of two
phases – enrolment and operational.
Enrolment, the initial phase, requires the capture of biometric data. The way the biometric
is captured differs according to both the type of biometric being captured (i.e., a photo or
fingerprint scan) as well as the application of the system itself (i.e., watch list versus
verification). For instance, in a watch list application, enrolment often takes place without
the knowledge of the person of interest; whereas in a verification application biometrics
are usually sampled several times to ensure the best possible chances for matching. Each
sample is then checked to ensure that it is of sufficient quality to generate a match. Data is
then processed to extract the key features which enable different subjects to be separated
from one another by a classifier, known as feature extraction. The result of this process is a
data vector, commonly referred to as a template once it is enrolled into the database.
3
DSTO-GD-0538
Once a database of subjects is established the system can move into the operational phase.
In the operational phase, an individual’s biometric data is once again captured and
compared to the enrolled template. When an individual provides biometric samples in an
attempt to gain access to a secured area (known as a transaction), these samples are
compared with those in the enrolled template. Access can be granted, or identification
verified, if the degree of match between the transaction and enrolled data are above a
given threshold or decision value, which is ultimately driven by the costs associated with
the range of error rates that biometric systems produce.
There is generally a trade-off between these two types of error, based on a decision
threshold in the biometric processor. If the decision threshold is raised to reduce the FMR,
the FNMR will generally increase and vice versa. In addition to the error trade-offs, errors
vary between technologies based on the discrimination quality of the biometric data
measured.
A parametric plot of FMR against FNMR is the most useful representation allowing
complete comparison of various biometrics. Linear or log scales are commonly used on the
axes, and the plots are then referred to as receiver operator characteristic (ROC) or
detection error tradeoff (DET) curves respectively. Other axis scaling could be more
useful, for example see Parks et al (2006) which introduces scaling based on generalised
hyperbolic functions. The independent parameter which varies along the plotted curves is
the similarity score.
Figure 2, reproduced from Mansfield et al (2001), is an FMR vs. FNMR plot comparing
face, fingerprint (FP), hand, iris, vein and voice biometrics. The iris system used in the
study had a pre-determined threshold and the FMR was in fact zero. There were
approximately 200 subjects, mainly comprising volunteers working at the National
Physics Laboratory site. The report was published in 2001 and since then it is known that
some biometrics have made remarkable improvements.
4
DSTO-GD-0538
Figure 2: Detection error trade-off: FMR vs. FNMR (reproduced from Mansfield et al, 2001)
Sampling error should be considered when comparing the results from any biometric trial.
At DSTO the Wilson confidence limits for proportions (see Hogg & Tanis, 2000) are
routinely calculated for FMR and FNMR values. A recent development in the presentation
of results is the inclusion of these confidence limits on FMR versus FNMR plots, see DSTO
(2007) for examples. In trials it is common practice to obtain multiple biometric samples
from each subject. Multiple samples from the same person cannot be expected to be
distributed in the same way as biometric samples from multiple persons. This complicates
the determination of the correct sample size to use when calculating confidence limits. In
DSTO (2007) upper and lower bounds for sample size are calculated assuming complete
independence or complete dependence, respectively, of samples from the same person.
When planning a trial or evaluating the validity and applicability of trial results it is also
important to consider the desired population scope and the sampling method. In
particular, consideration should be given to how well the sample frame represents the
population of interest. In biometrics this is particularly important because biometrics can
vary considerably across demographic groups.
The viability of a biometric system depends on more than just its error rates. Operational
issues such as acceptability to the user, user skill requirements and niche requirements all
must be considered.
5
DSTO-GD-0538
2.4.1 Verification
In verification applications ‘the user makes a positive claim to an identity, features derived
from the submitted sample biometric measure are compared to the enrolled template for
the claimed identity, and an accept or reject decision regarding the identity claim is
returned’ (ISO/IEC 19795-1, 2006, p. 5). Biometric systems of this type conduct one-to-one
(1:1) comparisons to determine whether the identity claimed by the individual is true. An
example would be to verify that a pass holder is the authorised user.
2.4.2 Identification
Related to the identification is watch list. Watch list screening is the most demanding of all
applications. It involves two distinct steps. The system must first detect if a person is on
the watch list and, if so, correctly identify them. An example would be a system at a
border crossing to search for drug couriers of known appearance. This is much more
difficult than an identification or verification task, as some potential persons of interest
may not be in the database and current systems present a number of possible matches for
the human operator to then consider.
6
DSTO-GD-0538
While the following review focuses on the six most popular biometrics in the market today
– fingerprint, facial, iris, speaker recognition, signature verification and hand geometry, a
brief summary of other biometric technologies is also provided. The review concludes
with a cross-comparison of the common biometric technologies.
3.1 Fingerprint
Fingerprint recognition is currently the leading biometric technology, comprising around
32% of the total market, and looks set to remain there for some time to come. This is due
mainly to the range of environments in which fingerprint systems can be deployed, the
years of development that the systems have undergone, and the many companies
involved in the technology's manufacture and development. IBG estimates that fingerprint
revenues will grow from $198 million in 2003 to $1.493 billion in 2008
(http://www.biometricgroup.com/).
Fingerprint recognition systems are a proven technology and have been shown to be
capable of very high levels of accuracy. Their sensors and processors are low cost and easy
to use and the reduced size and power requirements of fingerprint systems, along with
their resistance to environmental changes such as background lighting and temperature,
enable the systems to be deployed in a range of logical and physical access environments.
Modern fingerprint acquisition devices are quite small (often less than 1.5 cm x 1.5 cm and
very thin) and are capable of acquiring and processing images (Roberts, 2006). Fingerprint
7
DSTO-GD-0538
systems are being used daily to enable users to access networks and PCs, enter restricted
areas, operate plant, and to authorise transactions.
Figure 3: Minutiae 2
The relative positions and types of the minutiae form a description of the fingerprint that
can be matched against other fingerprints. Approximately 80% of biometric vendors utilise
these minutiae in some fashion, but some choose to use pattern matching that extrapolates
data from a particular series of ridges on the fingerprint (Roberts, 2006). This series of
ridges used in enrolment is the basis of comparison, and verification requires that a
segment of the same area be found and compared. Once a high-quality image is captured,
there are a several steps required to convert its distinctive features into a compact
template. This process, known as feature extraction, is at the core of fingerprint
technology. Each vendor of fingerprint systems has a proprietary feature extraction
mechanism; the vendors guard these unique algorithms very closely.
Multiple sensor types are currently available to scan fingerprints including optical,
capacitance, ultrasound and thermal.
Capacitance sensors were introduced in the late 1990s and have gained popularity since
that time. In these sensor types, the capacitance sensor acts as one plate of a capacitor, the
finger the other. An 8-bit gray scale digital image, more detailed than an image captured
by an optical scanner, is generated from the capacitance between the plate and the finger.
While it would appear that the coating applied to the capacitance sensors would be more
2 www.factsfinder.com/fingerprinting.htm
3 http://computer.howstuffworks.com
8
DSTO-GD-0538
durable than those of optical sensors, this has yet to be tested across the range of
conditions in which the sensor could be deployed (Roberts, 2006).
Ultrasound sensors are still in their infancy and not yet widely used, however, they have
great potential to lead the fingerprint technologies market due to their reported high
accuracy. Ultrasound sensors transmit acoustic waves that measure the impedance of the
finger, the sensor platen and the air. Beside their reported high accuracy, ultrasound
sensors have the advantage that they can penetrate dirt and other contamination on the
finger and platen, one of the major drawbacks of other fingerprint technology.
Work is currently underway into the use of 3D scanners that use touchless technology and
very high contrast multi-camera imaging of the finger (Chen et al, 2006).
4 www.ntt-tec.jp
5 http://perso.orange.fr
6 www.britestone.com.hk
9
DSTO-GD-0538
3D fingerprint scanners create more accurate minutiae and pattern matching and more
reliable, higher speed database indexing schemes. In addition to 3D images, most 3D
systems also output 2D fingerprint data that is compatible with legacy fingerprint
databases to ensure interoperability is maintained. The advantage of 3D systems is their
ability to overcome the smudging and distortion issues inherent in touch based systems
(Simmons, 2005).The major drawback of many fingerprint recognition systems is the
contact nature of many of the sensors. Because of this touch sensing, the pattern being
sensed is often distorted at acquisition and can make matching difficult. Other major
drawbacks of fingerprint sensing include the inability of the sensing process to
accommodate dirt and other environmental contamination and the apparent inability of a
few users to record reliable fingerprints (due to injury or age). Research has shown that
certain ethnic and demographic groups have lower quality fingerprints and are more
difficult to enrol, including the elderly, manual labourers, and some Asian populations
(Roberts, 2006).
3.2 Face
Facial recognition technology is the second most popular biometric technology after
fingerprint and is expected to grow rapidly during this decade, particularly in the area of
surveillance systems. IBG estimates that global facial recognition revenues will grow from
$50 million in 2003 to $800 million in 2008, accounting for 17% of the biometrics market
(http://www.biometricgroup.com/). Facial recognition technology is being used widely
7 www.send2press.com
8 www.idwarehouse.co.uk
10
DSTO-GD-0538
The most common input sensors are 2D video or digital cameras, although 3D systems are
becoming more commonplace. 2D images are generated using analog or digital camera,
scanned documents or video sequence. The more recent facial recognition systems are
based on skin or skull geometry and require 3D images to achieve this.
There are three main types of 3D facial recognition systems available on the market today.
The first type, stereo acquisition, uses two or more cameras to take simultaneous snapshots
of a subject and then uses this information to calculate depth information and reference
points. Stereo acquisition is relatively low cost and easy to use. The second type, structural
light, projects a light pattern onto the face of a subject and uses a standard camera to
record the information, which is then used to calculate depth information and reference
points. Structural light is the fastest of the 3D facial systems. The third type uses a laser
sensor to capture a 3D image of a subject’s face. Although improving all the time, laser
sensors are expensive and slower than the other options (Akarun, Gokberk & Salah, 2005).
Recent research has found that a multimodal or fusion approach of using 2D and 3D facial
recognition systems in combination with one another performs significantly better than
using either alone (Tao, van Rootseler, Veldhuis, Gehlen & Weber, 2007; Chang, Bowyer &
Flynn, 2005).
Other systems have used near infrared and facial thermograms with varying results. The
performance of facial recognition systems is closely tied to the quality of the images
captured by the various sensors, and images from near infrared and facial thermograms
still have a way to go.
Vendors currently use four methods to identity or verify subjects using facial recognition –
eigenfaces, feature analysis, neural networks and automatic face processing (Woodward,
Horn, Gatune & Thomas, 2003).
11
DSTO-GD-0538
Feature analysis is currently the most widely used facial recognition technology. Specific
features are extracted from many different regions of the face and these features (both
their type and arrangement) are used for identification and verification. Although, like
most facial recognition systems, feature analysis works best with front-on images, one of
its distinct advantages is its ability to deal with changes in appearance or the angles at
which a face is presented.
Eigenface utilises 2D gray scale images which represent distinctive characteristics of the
face. Once a user has enrolled, their eigenface is mapped to a series of coefficients. In
verification mode (i.e. for access control) a user’s live template is compared against the
enrolled template and in identification mode (i.e. for surveillance) the template is
compared to many in a pre-existing database to determine coefficient variation. The
degree of coefficient variance determines acceptance or rejection. Eigenface is best suited
to well-lit environments and when using front-on image capture.
Neural network mapping utilises a matching algorithm to determine whether features from
an enrolment/reference and verification/live face are similar or different. Neural
networking technology uses as many features of the face as possible to ascertain whether
there is a match or not. A false match prompts the algorithm to modify the weights it gives
to certain features of the face to double check that the false match is the correct decision to
make.
Automatic face processing uses distance and distance ratios between the distinctive features
of the face (such as the distance between eyes) for matching purposes. Although automatic
face processing is a more simple technology and is best suited to front-on image capture
situations, it has been shown to be ineffective in dimly lit environments.
Of the leading three biometric technologies, face is the only viable tool for surveillance or
watch list functions. Facial recognition systems are able to capture faces of people in
public areas and images from some distance away, suggesting that no physical contact is
required. Thus the system’s covert capability and capacity to be used in coordination with
existing national security databases and surveillance cameras or closed circuit television
(CCTV) systems make it a valuable biometric tool (Woodward, Horn, Gatune & Thomas,
2003). The performance of facial recognition technology has improved dramatically over
the past 14 years, with error rates dropping dramatically over this time (see Figure 11).
This increase in performance has been attributed to the development of the recognition
technology, higher resolution imagery and improved picture quality due to greater
consistency in lighting. Note that in Figure 11, FRR (false reject rate) equates to FNMR and
FAR (false accept rate) equates to FMR.
12
DSTO-GD-0538
Figure 11: Decreasing error rates for facial recognition technology 1993-2006 10
In terms of user acceptance, facial recognition is generally widely acceptable since human
beings are already familiar with this process and the sensors (i.e. cameras) are well
understood and unobtrusive (Woodward, Horn, Gatune & Thomas, 2003).
3.3 Iris
Iris recognition systems are based on visible qualities of the iris (such as the trabecular
meshwork, rings, furrows and the corona).
Iris structure is practically unique and may be sensed via regular and or/infrared light.
The first step in acquisition of an iris image is to position the camera the required distance
from the eye. Once the camera has situated the eye it narrows in (from right to left to avoid
the eyelids) to locate the outer edge of the iris. The unique visible characteristics of the iris
are converted into a template and stored for future matching.
10 Phillips et al (2007)
11 www.cl.cam.ac.uk
13
DSTO-GD-0538
Iris recognition technologies are used primarily in high security environments and account
for around 8% of the entire biometric market. IBG estimates that their use will increase
markedly, with revenues set to increase from $36 million in 2003 to $366 million in 2008
(http://www.biometricgroup.com/). Competition in the development of iris recognition
software had been stifled by a company called Iridian Technologies, who held patents for
iris recognition since the 1980s. These patents expired in 2005 and development of iris
recognition algorithms has flourished since (Phillips et al, 2007).
The claimed error rates for iris systems are exceedingly low. Iris Challenge Evaluation
2006 (ICE2006) reported an FNMR of 0.09 for an FMR of 0.001 (Phillips et al, 2007). Iris
technology appears to be very well suited to a range of verification applications,
particularly high security applications where low error rates are essential. The technology
does not lend itself to some identification activities because it requires a co-operative
enrolment process. Users must stay still while the iris image is being captured and many
users take some time to become accustomed to this aspect of iris recognition systems. For
this reason reported user satisfaction with systems that are used infrequently has been
poor (Bourlai et al, 2006).
Speaker recognition is based on the analysis of the temporal and spectral characteristics of
a voice when articulating a set of words (either text dependent/known set, or text
independent or unknown). Speaker recognition is often confused with speech recognition
which translates what a user is saying, but does not verify it. The technology can utilise
any audio capture devices (such as mobile and land-line telephones and a range of
microphones). During enrolment users are prompted to either repeat a phrase or set of
numbers of approximately 1 to 1.5 seconds in length, several times. The temporal and
spectral characteristics are stored and a live voice recording is analysed for the same
features.
12 www.eyenetwatch.com
14
DSTO-GD-0538
Speaker recognition systems currently command around 5% of the total biometric market.
IBG estimate that revenues from voice recognition systems will increase from $23 million
in 2003 to $225 million in 2008, in line with the demand for the systems in telephony-based
environments (http://www.biometricgroup.com/). It is the only biometric technique that
could be used to verify the identity of someone using a voice communication link,
although it is not a strong solution when speech is being introduced as a new process. Its
strength lies in the field of telephony and the cost savings made in reducing staff numbers
in call centres. Although speaker recognition systems have caused frustration among users
they are not considered invasive and for this reason are seen as preferable to some other
biometrics (Bolle et al, 2004).
Speaker recognition systems produce relatively low to medium error rates (particularly
FNMR), but are dependent on the quality of the data channel (communication link) used
to transmit the voice. For this reason it is preferable that the same device used for
enrolment is also used for verification. Speaker recognition systems may also be affected
by the quality of the voice itself (i.e. if the user is congested or is in a particularly noisy
environment).
In terms of sensors, hand geometry is captured using a charge coupled device (CCD)
digital camera. Users place their hand onto the reader’s surface, aligning it with several
13 www.vocollect.com
15
DSTO-GD-0538
pegs designed to keep the hand in place. The CCD digital camera then takes upwards of
100 measurements, which are converted to a template for storage and matching purposes
when verification is required.
Hand geometry is a relatively accurate technology, user perceptions of the technology are
favourable and a wide range of users can use it with ease (Bolle et al, 2004). The
technology is at the more expensive end of the biometric spectrum, has not progressed
much in recent times, and its size may preclude it from being used in many access control
environments. Due to the fact that it is not uncommon to find similarities between hands,
hand geometry systems are restricted to verification programs only (i.e. are not suitable
for identification programs).
3.6 Signature
Signature verification systems use the distinctive behavioural features of a signature (such
as speed, pressure and stroke order) to verify the identity of the user, as opposed to a
simple physical crosscheck of one signature and another. Signature verification systems
currently account for around 2% of the biometric market. As the demand for signing
contracts, agreements and other documents electronically increases, signature verification
systems should grow. Indeed, IBG estimates that global revenue for signature verification
systems will increase from $9 million in 2003 to about $107 million in 2008.
14 www.datafoundry.com
15 http://economictimes.indiatimes.com
16
DSTO-GD-0538
Signature verification systems work in conjunction with signature capture systems (such
as specialised tablets and styluses). Once captured, the signature is transmitted to a
computer for template generation and matching, where a decision is made whether to
accept or deny its authenticity. Signature verification systems have been found to have
relatively low FMR, can easily leverage off of other systems, and, as they are less invasive
than some other biometrics, user acceptance is high (Bolle et al, 2004). On the converse,
signature verification systems do not deal well with individuals who do not sign their
names consistently. In addition, illness or injury as well as the difference between signing
on paper with a pen versus on a tablet with a stylus may also affect the consistency of the
signature and FNMR.
3.7 Retina
The retina is a sensory tissue of the eye that consists of millions of photoreceptors which
gather light rays and transform them into electrical impulses which then travel through
the optic nerve into the brain to be converted into images. In the 1930s it was discovered
that every retina possesses a unique blood vessel pattern and, for this reason, photographs
of the blood vessel patterns of the retina could be used as a means of identification (Simon
& Goldstein, 1935).
Figure 17: The eye 16 Figure 18: Scanning area of the retina 17
Retina biometric systems use a light source projected into the eye to scan the vein pattern
of the retina. The error rates are claimed to be very low, but retinal scanning is a relatively
expensive and intrusive process that could only be considered for high security
applications with willing users (Bolle et al, 2004). For these reasons, retina biometrics have
tended to be used by large government departments or organisations with willing
participants requiring access to highly secure material or environments.
16http://ravidas.net
17 http://ravidas.net
17
DSTO-GD-0538
3.9 Odour
Chemical odour has come to the fore due to recent advances in chemical analysis.
Electronic noses (e-noses) have been developed that can measure a spectrum of different
chemicals.
The technology is still far from deployable, however, with a raft of issues such as the
impact of deodorant and perfumes and different health issues still to be addressed
(Korotkaya, 2003).
18 http://www.defensetech.org
19 Korotkaya (2003)
18
DSTO-GD-0538
3.10 Ear
3.11 Veins
Veins have also been recognised as a unique characteristic that can be applied as a
biometric for verification. Veins are developed before birth and remain highly stable
throughout life, even differing between twins. Vascular pattern recognition systems
identify a person by using the patterns of veins on their finger, back of the hand, or palm
(although almost any body part with visible veins could be used). A camera captures the
vein pattern with a focus on the shape and location of the vein structure. Venous pattern
recognition is particularly popular in Japan, and is currently in use in selected banks and
ATMs throughout the country (Khan, 2006).
Fingernail bed biometrics use scanners to capture the distinctive identifying characteristics
of the nail bed, such as ridges and valleys. Like iris patterns and fingerprints, these ridges
and valleys are thought to be unique to each individual (Bolle et al, 2004).
20 www.mit.bme.hu
21 www.dex.co.za
19
DSTO-GD-0538
3.13 Skin
The reflectance spectrum of skin and its ability to provide information about the highly
person-dependent distribution of certain light sensitive chemicals, has lead to an
increasing amount of research into skin biometrics. The focus thus far, has been on skin
biometrics being used with fingerprints to provide liveness detection and to prevent spoof
attacks (Bolle et al, 2004).
3.14 Physiometrics
The study of physiometrics (biological indicators) for use in biometrics has been prompted
by the need to enhance the reliability and robustness of verification and identification
systems (Damousis, Tzovaras & Bekiaris, 2008). Such research has included investigations
into the utility of brainwaves as a biometric (Figure 25). The research assumes that
brainwaves, like iris and fingerprint patterns, are unique and this uniqueness could be
exploited in the security realm. Instead of passwords, people would instead use ‘pass
thoughts’ based on electrocephalogram (EEG) patterns to access a system or restricted area
(Ortiz Jnr, 2007; Riera, Soria-frisch, Caparrini, Cester & Ruffini, 2008).
A quick search of patents databases uncovers several patents for the development of
biometrics using various kinds of physiometrics such as heart rate variability or
cardiovascular function (Wiederhold, Israel, Meyer & Irvine, 2003, see Figure 26) as well as
acoustic body scanning for both verification and identification (Koenig, 2002).
22 www.perso.orange.fr
23 http://neurocog.psy.tufts.edu
20
DSTO-GD-0538
Thus far such systems have required the attachment of monitors or have required close
proximity to a sensor (Greneker, 2006). Future research is aimed at eliminating the need
for monitors and the work ongoing in micro and nano-sensor development area
(Damousis, Tzovaras & Bekiaris, 2008) coupled with the lessons learned from non-contact
lie detection systems (Greneker & Geisheimer, 2001) may be of value here.
3.15 Thermogram
Thermograms are also beginning to gain popularity, particularly in the face and hand
recognition area. Thermograms are pictures of the body showing areas from which heat is
emanating. Such pictures are thought to be unique to individuals, although research is
ongoing (Jain, Ross & Prabhakar, 2004).
21
DSTO-GD-0538
3.16 Gait
Gait refers to the unique combination of motions by
which people walk. An analysis of temporal and
frequency components of motion from a radar sensor
may be used to identify people walking at a distance.
Work pattern analysis is based on the individual idiosyncrasies unique to each person
carrying out a task. For example, the speed of typing, along with types and occurrences of
errors may be used to identify the user of a keyboard (key stroke analysis). Work pattern
analysis is carried out completely in the background and is not in any way obtrusive or
threatening to the user (Bolle et al, 2004).
3.18 Lips
The potential of lips as a biometric was discovered during research into speech and facial
recognition. It involves the capture of video footage of a subject’s lip motion during
speech. Specific features of the lips during speech are then extracted and used as a
comparison for future verification.
Rather than a standalone biometric, it looks likely that lip motion would be used in
conjunction with other biometrics (such as facial recognition) (Cetingul, Yemez, Evzin, &
Tekalp, 2004). Researchers have also looked at lip shape as a possible identifying feature
(Gomez, Traviesco, Briceno & Ferrer, 2002).
26 www.perso.orange.fr
27 www.perso.orange.fr
22
DSTO-GD-0538
3.19 Footprints
Research has also been devoted to the use of footprints. Most commonly used in the
forensic/crime science analysis field, work has recently been devoted to developing
technologies to capture and analyse footprint biometrics for identification and verification.
The aim is to capture directional and positional information of the feet, such as the
Euclidean distance between the feet and other geometric information. Pressure
distribution of the feet has also been investigated (Nakajima, Mizukami, Tanaka, &
Tamura, 2000).
Much research has occurred in the US into the smart guns concept that uses dynamic grip
recognition (DGR) to enable a firearm to fire. DGR works through pressure sensors
embedded into a firearm’s grip (see Figure 30).
When a user holds a gun their grip is like a password; the system can either match and
accept it (enabling the user to fire) or reject it (Chang et al, 2005). Other smart gun related
research is looking at the use of fingerprints, in addition to handgrip recognition, as a
method of user verification (Bolle et al, 2004).
3.21 Tongue
Researchers in Hong Kong have recently begun investigating the utility of using tongue
prints for verification and identification (Zhang, Liu, Yan & Shi, 2007). They argue that the
tongue is unique in terms of both its shape and surface texture (see Figure 31). Using
sample images of tongue-prints of 134 people, these researchers obtained a 93.3%
recognition rate.
28 www.weaponsblog.org
23
DSTO-GD-0538
The tongue has other advantages in that it is well protected from the environment and
difficult to forge, but health and hygiene issues will prove challenging. Further research is
required before the technology could be commercialised.
Table 2, reproduced from the Dell Corporation website 30 , summarises five of the main
biometrics on the market today in terms of their benefits and disadvantages.
24
DSTO-GD-0538
Table 2: Benefits and disadvantages of fingerprint, face, iris, speaker/voice and hand biometrics
(reproduced from www.dell.com)
25
DSTO-GD-0538
Table 4: Parameters to guide selection of biometrics (from Sanderson & Erbetta, 2000)
Parameter Explanation
Accuracy Is the system accurate in terms of low error rates?
Environment Is the technology fully deployable?
Ergonomics/user friendly Is the system user friendly?
Stability and Uniqueness Is the feature being measured unique and stable over time?
Security Is the system secure? Could it be easily tampered with or
spoofed?
Safety Is the system safe to use? Does it present any dangers to the
user?
Speed of enrolment and How long does it take to enrol a subject? How long does
recognition verification take?
Non-intrusiveness Is the technology intrusive to use?
Convenience Is the system convenient to use? Is the system convenient to
integrate with other systems or processes?
Cost How much does the technology cost?
Size of stored template How big is the stored template?
Operational limitations What are the limitations of the technology in the deployed
environment? (i.e. how well does the technology cope if the
user is wearing protective clothing?)
Requirement What is the system required to do? Can it perform both
identification and verification tasks?
Credible scientific research Is there credible scientific research to support the
technology?
Human acceptance Is the technology acceptable to users?
Besides application in the fixed strategic environment, biometrics will inevitably need to
be applied in a range of operational environments (particularly in the military and law
enforcement fields). Consideration of the above parameters should take into account the
26
DSTO-GD-0538
Table 5: Parameters to guide selection of facial, fingerprint and iris biometrics in the Defence
environment
Parameter Fingerprint Face Iris
Accuracy Very accurate Accurate, although not as Most accurate of all
good as iris or fingerprint commercially available
biometrics (second only to
DNA)
Environment Can be used across a range of Can be used across a range Can be used across a range
environments, but contaminated of environments, but of environments
environments may cause issues susceptible to poor lighting
and different backgrounds
Ergonomics/user Once user is familiar, easy to use Easy to use Once user is familiar, easy to
friendly use
Stability and Stability may be affected by Likely to change (e.g. with Stable, probability of two
Uniqueness injury, environment and age. age, and health status), due people having the same iris
Probability of two people to similarity in face shapes, is 1 in 1078
possessing the same fingerprint is uniqueness is questionable
1 in 1080
Security Susceptible to spoofing, low Susceptible to spoofing, Spoofing is possible, but low
probability of success in high medium probability of probability of success in high
security systems. success. security systems.
Safety May be some hygiene issues with Safe to use Safe to use
sensors that require contact,
otherwise safe to use
Speed of Enrolment < 30 sec, verification < Enrolment < 35 sec, Enrolment < 1 minute,
enrolment and 1 sec, verification < 1 sec, verification < 2 sec,
recognition identification proportional to size identification proportional identification 1-2 sec based
of database to size of database on database of 100,000 irises
Non- Needs user cooperation Unobtrusive Needs user cooperation
intrusiveness
Convenience Range of different sensor sizes, Range of different camera Range of different sensor
fixed and free sizes, fixed and free sizes, fixed and free
Cost Low - Medium, varies according Low, varies according to Low - Medium, varies
to sensor sensor according to sensor
Size of stored Varies according to sensor, Varies according to sensor, Varies according to sensor,
template approx 250 bytes approx 1300 bytes approx 512 bytes
Operational Unsuitable for use with Poorly or excessively lit Possibly effected by the use
limitations protective clothing, damaged or environments may pose of protective eye wear,
soiled hands, but has been shown problems, backgrounds although some studies have
to work successfully in a variety may also impact on picture shown it to work through
of environments quality them
27
DSTO-GD-0538
There are several current trends in biometrics that are worthy of discussion. They include
the rise of multimodal or fusion biometrics, the wide range of form factors now available,
and the combination of biometrics and smart cards.
The previous sections provided a summary of the main classes of biometrics. It should be
noted that not all of the above systems are used in isolation. It is currently more
commonplace to see multiple biometrics used in systems (such as fingerprints combined
with photographs). Such systems are referred to as multimodal (Ross & Jain, 2004).
The way biometric technologies are combined (the fusion strategy) can vary according to
the systems concerned. Systems can be fused at the decision level (i.e. feature extraction
and matching is done completely independently of each other, the individual decisions of
each system are then combined), matching score level (i.e. feature extraction and matching
is done completely independently of each other, the matching scores are combined to
arrive at a single decision), or the feature extraction level (i.e. the features extracted from
each system are combined into a single feature vector and used as a basis for matching and
decision making).
Multimodal biometric systems generally require more sensors, more data, and can,
therefore, take longer to verify. In addition, as they are comprised of single biometric
systems, they are also liable to suffer the shortcomings of those systems (Ko, 2005).
Advantages of using multimodal biometrics include that they are more reliable if one of
the biometrics is damaged (i.e. if a fingerprint is degraded due to age or injury, the other
biometric can be used for verification) so they improve population coverage and enhance
verification performance (Khan, 2003). Research has found that while the security
advantages of multimodal systems are clear, the performance gains achieved have been
smaller than expected due to accuracy of the individual systems themselves (Snelick,
Uludag, Mink, Indovina & Jain, 2005). Recent studies by the University of Canberra’s
National Centre for Biometric Studies, have found that combining text dependent and
independent voice recognition technologies to be very successful in terms of performance
(Summerfield, 2006).
A recent example of a multimodal biometric system used for military purposes is the
Biometric Automated Toolset (BAT), which uses iris recognition and fingerprint scanning.
28
DSTO-GD-0538
The US military has used BAT in Afghanistan, Cuba and Iraq to populate HUMINT
databases that are shared with the Federal Bureau of Investigation. Interest in the
application of multimodal systems is increasing. The US DoD, for instance, is particularly
interested in the use of multimodal biometrics to provide the highest levels of accuracy
and probability of identification and verification, as well as to increase the security of their
applications (Kauchak, 2006).
The goal of multimodal biometrics is to reduce one or more of the FMR, FNMR, failure to
enrol rates, or susceptibility to attack (Ko, 2005) and research has demonstrated that
multimodal biometric systems are more accurate and more resistant to failure (Simpson,
2007).
NIST recently established the Multiple Biometric Grand Challenge (MBGC) 32 . The aim of
MBGC is to ‘investigate, test and improve performance of face and iris recognition
technology in both still and video imagery through a series of challenge problems and
evaluation’ (Phillips 2008, p. 2). The three main challenges for 2008’s MBGC are:
• Iris and Face Recognition from Portal Video. The goal is to develop algorithms that
recognise people from nIR image sequences and high definition video sequences,
acquired while the person of interest walks through a portal.
• Iris and Face Recognition from Controlled Images. The goal is to improve
performance on iris and face imagery using real-world high and low resolutions
frontal face images and still and video iris sequences.
• Still and Video Face. The goal is to advance recognition from unconstrained outdoor
video sequences and still images.
The results of the MBGC will be available in mid-2009 and it is envisaged that MBGC will
be a regular event that will investigate the utility of other multimodal systems in the
future.
Biometric sensors can be embedded into an acquisition device and the manner in which
this is done is known as the form factor (see Figure 32 and Figure 33 for two examples).
Sensors can be embedded in a device in a number of ways – on the side, protruding, on
top, recessed; the choice of which will obviously depend on the biometric concerned and
other ergonomic considerations. The range of device types that users can interact with
includes desktop peripherals, embedded desktop solutions, embedded physical access
solutions, and embedded wireless handheld solutions, although there is a trade-off
between sensor size and performance (Narayanaswami, 2005). Decreasing the sensor too
much can impact negatively on performance and increase costs.
32 http://face.nist.gov/mbgc/
29
DSTO-GD-0538
The type of application being deployed and the environment in which it is being applied
will ultimately drive the form factor.
Smart cards have the ability to store large amounts of data, carry out their own card
functions and interact with a range of devices, such as the smart card reader. Combining
biometrics with smart cards provides users with trusted credentials for a wide range of
applications including access to facilities and secure networks. Such a multi-factored
method of verification is particularly well suited to high security environments. If a smart
card storing a biometric is lost or stolen, the card will be useless to anyone other than the
owner of the biometric. There are several options available for combining a smart card
with biometrics, each with their own advantages and disadvantages. These are discussed
in more detail below.
Sensor-on-card systems (see Figure 34), enable capture of the biometric (through the
embedded sensor), encryption and protection of the stored information, and the execution
of a matching algorithm (Bella, Bistarelli & Martinelli, 2003). The advantages of this
approach are that the bearer of the card has control of their own biometric template at all
times and the sensor resides on the card, which facilitates portability. The disadvantages,
however, include that the addition of the sensor can make the card bulky and expensive,
and the quality of the biometric captured is questionable. Sony was one of the few
companies engaged in developing such a smart card product in the late 1990s, but due to
increasing costs and size issues interest slowed. There is a resurgence in this technology
however, with a company in Austria currently developing paper thin fingerprint sensors
to be embedded into smart credit cards (Bullis, 2006) and another company in the US
currently marketing fingerprint sensor embedded cards for access control
(www.biometricassociates.com).
33 www.germes-online.com
34 www.casio.co.jp/
30
DSTO-GD-0538
Match-on-card systems (see Figure 35) enable encryption and protection of the stored
information, and the execution of a matching algorithm (Bella, Bistarelli & Martinelli,
2003). The bearer of the card has control of their own biometric template at all times, as
opposed to other match-on systems that release the biometric template to another device
(either directly or over a network) to perform the matching function. In its most common
application, fingerprints and their associated matching algorithm are stored on a smart
card without compromising security. Fingerprint systems of this type have been studied
and found to be more robust in terms of their security against attack (Martinez-Diaz et al,
2006). A recent pilot program in Texas for 30,000 Medicaid members used match-on-cards
to overcome security and privacy concerns, as well as potential litigation issues, that may
come with storing large amounts of biometric information in a database (Piazza, 2005).
However, while the algorithms behind such smartcards can overcome some critical
privacy and security concerns, there is very little publicly available independent data on
their actual performance in comparison with traditional systems.
35 www.fidelica.com
36 www.fidelica.com
37 http://bias.csr.unibo.it/fvc2006/
31
DSTO-GD-0538
Template-on-card systems (see Figure 36) are the most common combination of biometrics
and smart cards currently available in the market (Bella, Bistarelli & Martinelli, 2003).
While this option enables encryption and protection of the stored biometric information, it
provides no protection when the template is released to another device (either directly or
over a network) to perform the matching function. This is the main disadvantage of this
option and raises a series of privacy and security issues.
Several researchers are, however, currently trying to overcome these security and privacy
issues by using the embedded cryptographic modules of the card to perform the match
(Bella, Bistarelli and Martinelli, 2003). The main advantage of this system is the research
and development behind it, proven performance, and its low cost in comparison with
match-on-card and sensor-on-card systems (this is because small operating systems and
onboard applications are generally sufficient for template-on-card systems to function).
There are many examples of smart cards and biometrics in practice around the world
today, both within and outside of the Defence environment. In the US DoD, for instance,
there are several biometric enabled smart cards currently in use for access control and
identity management. They include the Common Access Card (CAC), which uses face and
fingerprint, the Defense Biometric Identification System (DBIDS), which uses face,
fingerprint and/or hand geometry, and the Biometric Identification System for Access
(BISA), which uses face, fingerprint and iris. The Personal Identity Verification (PIV) card
is a new identity card for US Federal employees. The PIV uses face and fingerprint
biometrics for both access control and identity management (collecting all ten fingerprints
at enrolment to send to the FBI for background checking) (Hamilton, 2007). The US
transportation sector has recently introduced the Transport Workers Identity Credential
(TWIC), which uses fingerprint and face for access control and identity management. The
Italian MoD has introduced an identity card that utilises face, signature and fingerprint
with the option of adding further biometrics as required, such as iris. Perhaps the largest
project combining smart cards and biometrics is the Ration Card System in India, which
combines a smart card with identification information and an iris biometric. The card has
been distributed to some 80 million people across the country in a bid to better manage
rationing and reduce fraud (Ryan, 2007).
38 www.fidelica.com
32
DSTO-GD-0538
4. Biometric applications
Biometrics can be applied to a range of functions broadly categorised as verification,
identification or watch list functions. The following sections provide a little more detail on
the vast range of applications of biometrics.
Biometric systems could alleviate some of the problems with existing processes, but it
should be highlighted that biometric systems only distinguish between people and, with
the exception of some facial recognition systems, they do not have mechanisms to identify
that there is someone present who should be subjected to an identification process. Thus,
biometric systems may be most useful where access is supervised by humans to prevent
people from bypassing the biometric device, or where access is physically restricted until
biometric identification has been completed. This could include gates where a guard
maintains a general surveillance of the gate area or an automated gate/doorway which
only allows people through one at a time. In these circumstances, a biometric system could
be considered if it improved security, added an ability to track access by authorised users,
and reduced costs. Other limitations of using biometrics for access control include:
• the security of the biometric information (should it be stored on a database or on a
smart card?, security and privacy issues arise with each);
• environmental issues and their impact on the functioning of sensors (e.g., the deployed
environment presents a series of challenges to biometric sensor functioning);
• usability issues (e.g., failure to acquire a usable fingerprint due to degradation with
age or injury); and
33
DSTO-GD-0538
• spoofing and other system vulnerabilities (e.g., a user attempts to use a moulded
fingerprint overlay to gain access to a system).
IT systems have two main vulnerabilities. First, the main server areas and communication
links are physically at risk, and second, unauthorised users may access the data on a
network via unsecured software. These two types of vulnerability may be reduced using
biometric technologies. In the case of the physical security of server hardware,
technologies such as facial recognition, fingerprint and iris scanning are appropriate.
Information access control on computer systems is currently implemented by a
combination of physical access control for terminals, hierarchical access control in
operating systems that restrict a user to software that he/she is authorised to use, and
logon identification with unique (and regularly changing) passwords. Physical access to
terminals could also be regulated using biometric technologies such as fingerprint and iris.
Once again, there are several limitations of using biometrics for control of access to IT
systems, including the security of the stored data (i.e., can the database be compromised?);
environmental concerns when used in the deployed environment (e.g. gritty fingerprints
are hard to read and verify); usability and user acceptance issues (i.e., high FNMR due to
poor fingerprint quality may negatively impact on usability); and the impact of spoofing
and other system vulnerabilities (i.e., the system could be compromised by the use of a
substitute biometric, such as a picture of a face or iris).
34
DSTO-GD-0538
employees and placing this and other identification data on a smart card, which is then
used for a range of personnel management and physical access functions.
Limitations of using biometrics for personnel management include the security of the
stored data (i.e., can the database be compromised?); usability and user acceptance issues
(i.e., will staff be willing to accept the change, will staff trust the organisation to only use
the biometric information for the intended purpose?); and the impact of system
vulnerabilities (i.e., if the system was to fail, what contingencies are in place?).
In the travel and tourism sector, biometrics are now playing a key role in identity
management. The International Civil Aviation Organisation (ICAO) sets international
standards in the industry and have recommended facial recognition as the primary
biometric with iris and fingerprint as backup (but not compulsory). In Australia, border
processing is being automated by use of the SmartGate system (see Figure 37). SmartGate
acquires a live image of a subject’s face and uses facial recognition technology to match the
image with the digitised image stored in the subject’s ePassport. If there is a successful
match, the subject is cleared to proceed through the Customs control point. If there is not a
successful match they would be referred to a Customs Officer for processing in the
traditional, manual way.
Other biometrics are also being used in the travel and tourism sector. The United States’
Immigration and Naturalisation Service Passenger Accelerated Service System (INPASS),
for instance, uses hand geometry biometrics to enable frequent travellers to by-pass long
immigration lines at several international airports through the United States and Canada
(Wasem et al, 2004).
Biometrics also have application in the crowd management area. In January 2007, for
instance, officials at a sporting arena in Amsterdam trialled the use of fingerprint scanners
39 www.customs.gov.au
35
DSTO-GD-0538
to exclude known trouble makers from major football games (see Figure 38). Similar
systems were also trialled during the 2006 World Cup in Germany.
Biometrics are also being used in welfare management. The Ration Card System in India
combines a smart card with identification information and an iris biometric. The card has
been distributed to some 80 million people across the country in a bid to better manage
rationing and reduce fraud in the country’s welfare system (Ryan, 2007).
In the education sector, biometrics are being tied to school identity cards in a bid to reduce
crime and fraud in schools. Fingerprints and handprints are the most commonly used
biometrics in schools to manage student identity. Acceptance of biometrics in the
education sector has been mixed, with many civil libertarian groups banding with parents
and students to force institutions to offer alternative security arrangements to biometrics,
for those that protest (Deubel, 2007).
The need to manage detainees of any kind is crucial and biometrics have come to the fore
in providing identity assurance in this area. Biometrics, in particular face, fingerprint and
iris, have been used by the military to manage prisoners of war and refugees, and to track
persons of interest (Krane, 2003). Biometrics have been particularly useful in this area to
overcome language and literacy barriers. Biometrics, specifically fingerprints, are also
being used in the correctional system to track inmates when they move within or between
different facilities (Miles & Cohn, 2006).
There are several limitations of using biometrics for identity management, including:
• acceptability, ethical and cultural issues (i.e., have users been adequately educated, do
they find the system acceptable, is the system accessible and usable by all?);
• the security of the biometric information (i.e, should it be stored on a database or on a
smart card?, security and privacy issues arise with each);
• cost and maintenance issues (i.e., how will the system be funded, what maintenance
will be required, how will biometrics change with age/how often will new biometrics
be required?); and
40 http://www.engadget.com
36
DSTO-GD-0538
• spoofing and other system vulnerabilities (e.g., a user attempts to use a moulded
fingerprint overlay to gain access to a system).
Some forms of weapon systems have strategic as well as tactical implications and are
subject to strict control measures to ensure that they cannot be used without proper
authorisation, or by accident. Biometric identification would offer an additional safeguard
in identifying valid persons to operate these systems. There may also be occasions where
weapon systems require a high degree of training in order for them to be used safely and
without risk to friendly forces. Biometrics could be used as an additional identifier of
persons authorised to use such weapon systems. In cases requiring extreme security, iris
recognition would appear to be the most suitable technology, due to the exceptionally low
error rates claimed for the technology. High quality fingerprints may also be suitable. The
United States Navy have recently integrated a fingerprint scanner into a prototype
Advanced Tomahawk Weapons Control System with pleasing results (Wilson & Shank,
2003). Face, hand, voice or fingerprint recognition could be considered for applications
requiring lower security levels. In some circumstances, it may be feared that conventional
arms could fall into enemy hands and be used against friendly forces. In those
circumstances, it may be possible to include a biometric verification into the activation
process to ensure that enemy forces could not use such systems. Much research has
occurred in the US into the smart guns concept that uses either dynamic grip recognition
(Chang et al, 2005) or fingerprint or iris scans (Bolle et al, 2004) to authorise a user to fire.
The value of biometrics in this type of application would need to be balanced against the
need for weapons to be available to other friendly forces in an emergency. Any technology
used in this type of application would need to be quick acting and robust, with error rates
a secondary consideration to positive function (i.e., there would be a trade-off between
FMR and FNMR, with a need to minimise FNMR). Limitations include the impact of
environmental conditions on the system’s ability operate effectively (i.e. the use of certain
protective clothing may impact on the ability of a sensor to capture a biometric of
adequate quality to be able to verify a user); and the impact of spoofing and other system
vulnerabilities (e.g. increasing the FMR (through decreasing the FNMR) may make the
system easier to attack).
As with other applications, there are limitations here, including the security of the stored
data (i.e., can the database containing biometric information be compromised?);
environmental concerns when used in the deployed environment (e.g. protective clothing
37
DSTO-GD-0538
may impact on the ability of the sensor to capture an adequate biometric); usability and
user acceptance issues (e.g., high FNMR due to issues with protective clothing may
negatively impact on usability); and the impact of spoofing and other system
vulnerabilities (i.e., the system could be compromised by an attack which denies service to
all users which would have a major domino effect on related business).
Secure communications are essential to many sectors of society (such as the military, law
enforcement or financial sectors), for relaying information, orders and other time critical
information. Information may be transferred by a variety of channels and protocols, such
as voice, image or data formats. In all cases, there is a need to ensure that the data
originated from a trusted source and is valid. This could be accomplished in a number of
ways. First, written information could be validated by recognition of handwritten
signatures, as is currently done by humans. The advantage of an automated system is that
it may be more reliable than a human. Second, data and images, including electronic
messages, could be validated by including a biometric measure of the person who
originated the message. This could be checked against stored biometrics of people in
authority for validation of the authenticity of the message. Suitable biometrics would
include fingerprint, face, iris, or voice, or combinations of these (multimodal option).
Biometric verification in this application would be quick and accurate, but such a system
would be dependent on the security of stored biometric templates at the receiver. Third,
information transmitted over audio links could be verified by incorporating speaker
recognition software at the receiver with a gallery of known templates of authorised
persons.
As with other forms of biometric verification, there are a series of limitations such as the
security of stored data at the receiver (could it be compromised and what would be the
impact?); the impact of environmental conditions on the system’s ability operate
effectively (e.g., particularly noisy environments can wreak havoc on a speaker
recognition system to function efficiently); and the impact of spoofing and other system
vulnerabilities (e.g. a damaged sensor could render the whole system useless).
Biometrics are now providing an added ability to identify persons of interest, particularly
at border crossings, or near vulnerable facilities. In addition, movement of such persons of
interest can be tracked by monitoring biometrics used for other purposes, such as those
used for banking or travel. In stand-off recognition operations, biometric technologies
could enable the identification of persons of interest at a distance (e.g., using facial
recognition software and a pre-prepared database of images of these persons of interest).
Imaging is the most appropriate sensing technology for stand-off operations and the
biometrics that may be applied include face, gait, ear, thermogram and iris. Of these, face
and iris systems (close-range, with cooperative users) are well developed with known
error rates, but the others are still in varying phases of development (Bolle, Connell,
Pankanti, Ratha & Senior 2004). Speaker (or voice) recognition is another technology that
38
DSTO-GD-0538
is applicable, particularly at a distance. Like face, it is well developed with known error
rates, but most research and development has occurred in support of verification, as
opposed to identification. Other emerging biometrics, such as footprints, lips, odour and
physiometrics (biological signals), show some potential, although development of these
modalities is still in its infancy.
There are several limitations of using biometrics for support to such operations including:
• limitations in the type of biometrics that can be used (i.e., for surveillance and watch
list type operations, facial and voice recognition technology are the only tried and
tested technologies currently available to use; it is difficult to enrol many persons of
interest in the more intrusive biometric technologies such as iris);
• challenges of the deployed environment (e.g., many facial recognition systems still
have difficulty with poor lighting; the need to carry more kit); and
• the impact of spoofing and other system vulnerabilities (e.g., the system could be
compromised by the use of a substitute biometric, such as a picture of a face or iris).
41 Yao et al (2006)
39
DSTO-GD-0538
5. Issues
Like any technology, the use of biometrics carries with it some risks and issues. The
following sections discuss the vulnerabilities of biometrics and ways to mitigate against
these vulnerabilities, as well as a range of other issues such as: usability and user
acceptance; health concerns; privacy issues; policy impacts; and integration and
interoperability issues.
Attacks on biometric systems include zero effort, minimal effort and group. Zero effort
attacks are those in which an intruder makes no effort to maximise the chance of success.
In such attacks, an intruder may find (or steal) a smart card with a biometric and attempt
to gain access to a system using their own biometric on the off chance that they will be
successful. Minimal effort attacks are like zero effort attacks accept that the intruder steals
or gains access to a smart card belonging to someone with similar biometric characteristics
to them (i.e. similar hand size or facial features). In organised attacks, a group of intruders
uses a range of resources and combined effort to gain access to a system.
Mimic. A user attempts to copy the biometric of a true user. Someone attempting to ‘sound
like’ someone else by modifying his or her voice pitch and annunciation would be an
example, as would the use of a facial disguise to confuse a facial recognition system.
Substitution or fake biometric. A user attempts to use a substitute input to the sensor.
Examples include a person using a moulded fingerprint overlay with someone else’s
pattern embossed on it, or use of digital face images or digitised latent fingerprints.
Synthesised features. A fake data stream is injected into the system as in the so-called hill
climbing attack (Jain et al, 2005) that iteratively changes the false data to achieve better
match scores.
Look alike. A person attempts to capitalise on a similarity in biometrics. Identical twins may
be able to confuse a facial recognition system in this way.
40
DSTO-GD-0538
Roberts (2007) has defined the areas in a biometric system that can be attacked (some of
which are described above) as threat vectors. These are summarised in Figure 40.
41
DSTO-GD-0538
The adoption of biometric systems raises a plethora of issues. For instance, decisions
regarding biometric template storage and the location of matching algorithms, in addition
to other system and storage elements, leads to a range of possible architectures. Each one
of these architectural options should be assessed for risks, threats and vulnerabilities.
42
DSTO-GD-0538
Griffin (2004) has proposed a quantitative cost/risk/threat analysis model for biometric
technologies that incorporates the costs of false matches and non-matches as well as the
probability of imposters or attacks. The equations below represent a simple model of the
costs, C, associated with a biometric system, including costs of damages caused by
impostors who achieve a false match, cintruder , compared with a baseline cost. The cost
coefficients, c, represent the average costs associated with true and false matches and non-
matches for genuine users and intruders respectively. The probabilities, P, are functions of
the chosen threshold, with the usual trade off between FMR and FNMR. The variable N
represents the expected number of genuine users and intruders. There may also be fixed
initial and ongoing costs associated with introducing and maintaining a biometric system.
The equations could be modified to include explicit representation of time by giving rates
instead of absolute values for numbers and costs.
Cost coefficients for genuine users should include opportunity costs to account for time
spent interacting with the biometric system, and the additional costs incurred by a false
non-match. In the military context a false non-match could have a large opportunity cost if
a genuine user is prevented from operating a system at a critical time, for example when a
hostile aircraft is fleetingly vulnerable to an air defence system. There could be a deterrent
effect accompanying the introduction of a biometric system which could change the
impostor count. If the intruder count is small the introduction of a biometric system could
cost more than the damage it is trying to prevent. False non-matches could be particularly
costly. By incorporating the threat of attack into the risk analysis, threat models can be
used as the basis for design, policy development, and test and evaluation planning.
Challenge/response defence mechanisms in biometrics prompt the user (at certain time
intervals or in response to a certain stimuli or absence of stimuli) to re-verify (e.g., put
their finger on the sensor).
For users who have enrolled multiple biometric samples (such as three different fingers or
fingerprint and iris) the input biometric required for verification could be randomised (e.g., in
the morning a door might request your index fingerprint, at lunchtime it could request
your iris for verification).
43
DSTO-GD-0538
Liveness detection is used to ensure that the biometric sampled is from a live person.
Examples of liveness detection include blinking of eye, moving eye from side to side or
pulse. Schuckers (2002) and Sandström (2004) provide a range of examples of liveness
detection.
Multimodal biometrics (i.e. combining iris with fingerprint or multiple representations of the
same biometric i.e. 3 fingers) adds a level of complexity and further deters would-be
attackers and defence against spoofing.
Multi-factor verification, such as the combination of a smart card with a biometric, increases
the level of complexity again. As Martinez-Diaz et al (2006) showed, storing a user’s
biometric template and matching algorithm on a smart card can be done without
compromising security and is highly resistant to attack (due to the cryptographic element).
Soft biometrics (such as weight, height, age, gender and ethnicity) could also be stored on a
database and used as further evidence to support verification.
Jain, Ross & Uludag (2005) have reported work ongoing in the use of cryptography to
enhance the security of biometric systems. Biometric cryptosystems are gaining
popularity. They combine biometrics and cryptography, enabling all biometric matching
to occur in the cryptographic domain. Like many of the defence mechanisms in
development, biometric cryptosystems still have a variety of issues to be addressed before
they can be faultlessly applied in an operational setting (Uludag, Pankanti, Prabhakar &
Jain, 2004; Hao, Anderson and Daugman, 2006). Other work is ongoing in areas such as
steganography (embedding biometric information in benign host images to enhance
security); algorithm development (to embed dynamic features into an image, for example);
and distortion functions (that can be used to generate cancellable biometrics).
Cancellable biometrics slightly modify the biometric data at the feature extraction stage
(Ratha, Chikkerur, Connell, & Bolle, 2007). When a stored template is compromised the
current (compromised) template is cancelled and replaced with a new one thereby
assisting in recovery after an attack.
Physical security (the management of access to biometrics systems and stored data) and
activity logging (such as repeated failed access attempts) are also key defence mechanisms
against spoofing and attack.
44
DSTO-GD-0538
usability (minimising false non matches). FNMR can have a significant impact on
throughput time (i.e., the efficiency of the biometric system).
The time taken to enrol and the time taken for the system to match a user are also key
factors in usability of biometric systems. Most leading biometric technologies (such as
fingerprint, face and iris) take less than 1 minute to enrol a user (fingerprint and face
typically less than 30 seconds) and matching can take less than a second, although this is
dependent on the number of records that have to be searched to find the match (Simpson,
2007). Biometric degradation issues (such as age and environment) can greatly impact on
performance, particularly time taken to enrol. There are two additional error conditions
specific to biometrics: failure to acquire (FTA) and failure to enrol (FTE). FTA refers to the
percentage of the target population that does not possess a particular biometric or does not
deliver a usable biometric sample i.e. someone with injury or scarring to their fingers may
not provide usable fingerprints. FTE refers to the percentage of the target population that
cannot be enrolled. This may be due to either procedural, social or technology issues. It is
important, in line with equity and diversity principles, to show that the biometric system
is inclusive of all users (or should outline how it will deal with those users who will be
difficult to enrol). Ashbourn (2005) has identified a range of reasons for FTA and FTE and
these are summarised in Table 6.
User satisfaction is the subjective assessment of the performance of the system from both a
user and administrator perspective. It is important to understand the impact on users and
their feelings about the technology (e.g., hygiene concerns when making contact with a
fingerprint scanner, from a user perspective, and hard to understand instructions from an
administrator perspective). Patrick (2004) found the biometric systems with the highest
levels of user satisfaction were those that were accompanied by training and feedback so
that users could better understand the technology and use it properly.
42 Ashbourn (2005)
45
DSTO-GD-0538
A cost benefit analysis should also be performed to assess the user costs and benefits,
economic costs and benefits, as well as the security costs and benefits of the system. User
costs relate to ‘the physical and mental effort required to interact with a system’ (Sasse,
2003, p.2). To avoid negative user cost, systems have to be safe to use and should not
induce worry or stress. Economic costs relate to the resource expenditure and security
costs relate to the impact on security of the introduction of a biometric system. Some of the
benefits of incorporating biometrics have been discussed previously in this paper (e.g.
enhanced security aspects and enhancing the chain of trust) and more will no doubt come
to light with further evaluation. The US Navy, when assessing the costs of integrating
biometrics with a tactical weapons system, simply looked at the costs of a verification
system in general and compared the existing verification system with a biometric one.
They broke costs down to deployment related (e.g. acquisition of hardware and software)
and operational related (e.g. time to administer, maintenance and replacement costs)
(Wilson & Shank, 2003). As previously discussed, Griffin (2004) has developed a
quantitative cost/risk/threat analysis specific for biometric systems that may be
applicable. It takes the traditional cost benefit analysis a step further to incorporate risks
and threats.
User acceptance is imperative for any system to be efficient and effective (Spence, 2007).
Unhappy users can slow down the system, cause errors or, in extreme cases, sabotage the
system (Sasse, 2003). There are many aspects of a biometrics system that may be
unacceptable to users. Factors such as safety of the equipment (concerns about
contamination or eye damage); chances for mistaken identity; privacy and safety concerns;
or the data being used for alternative purposes are of concern to some users.
According to Bolle et al (2004) three key factors contribute to user acceptance in biometric
systems:
• Users need to believe that there is a credible need for increased security. Good
education programs can help to assure users that they are at risk and a commitment to
good security behaviour reiterates this (Sasse, 2004).
• Users need to believe that the biometric system is more convenient to use than
previous systems and works correctly. For instance, a high level of false rejects or non-
matches would negatively impact on user acceptance of the system.
• Users need to be able to trust that their data is held securely and used only for its
intended purpose. Users need to know that their biometric data is safe (i.e., that it
cannot be copied or changed) and that it will only be used for its intended purpose.
A recent large scale biometrics project in the Italian MoD demonstrated how user
acceptance had a wide ranging influence on some of the practical choices the project
managers made and, as a consequence, was a key factor in the success of their project
(Riccardi, Peticone & Savastano, 2005).
46
DSTO-GD-0538
scanners) and the possibility of those sensors being contaminated with germs from
previous users. In addition, some users also have concerns about the amount of radiant
energy they may absorb during the capture process from some sensors.
Research has shown that the health risks associated with the use of biometrics are
negligible and similar to the health or contamination risks experienced in everyday life
(Bolle et al, 2004). Touching a biometric sensor has been likened to touching a door knob
and the levels of radiant energy emitted from many sensors have been shown to not be
harmful to users. For instance, studies on the Iridian Technologies iris scan systems in use
at the John F Kennedy Airport in New York found that their irradiance (the amount of
energy per unit time per unit area) was way below the maximum allowed limits for the
prevention of heating of the cornea and their radiance (amount of energy per unit time per
unit solid angle per unit area in the direction of travel) was also way below the maximum
allowed limits to prevent thermal damage to the retina
(http://www.jfkiat.com/Iris%20Scan/Iris%20scan%20Health.htm). ‘What may represent
a real risk to the vendors and to the biometric community is casual or intentionally
distorted information on medical risks from biometrics spread indiscriminately by the
media’ (CESG, 2007). A commitment to education, regular safety testing, and accreditation
of systems will help to reassure users that the risks are minimal and in line with those
experienced in everyday life.
Table 7 presents a framework that the US DoD have recently recommended employing to
help assess the potential privacy impact of their biometric programs (DSBTF, 2007). As the
Defense Science Board Task Force (DSBTF) evaluation highlighted, the majority of the
DoD’s biometric applications, particularly those relating to identity management, fall into
the right hand side of the framework (i.e., towards the greater risk of privacy
invasiveness).
47
DSTO-GD-0538
Overt Covert
1. Are users aware of the system's operation?
Optional Mandatory
2. Is the system optional or mandatory?
Verification Identification
3. Is the system used for identification or verification?
Individual, Employee,
6. In what capacity is the user interacting with the
Customer Citizen
system?
Enrolee Institution
7. Who owns the biometric information?
Personal Database
Storage 8. Where is the biometric data stored? Storage
43 www.bioprivacy.org
48
DSTO-GD-0538
impact that policy changes may have on the availability of their personal data,
sometimes referred to as function creep.
• Employees are inevitably mandated to use biometric systems and privacy concerns
include those such as function creep. Employees need to be informed and their consent
obtained when changes are made to the system or the way their biometric data may be
used.
• Biometric systems where institutions maintain ownership of a user’s biometric data
raise a range of privacy issues. Systems that give the user complete control of the
storage, use and disposal of their biometric data (such as storage solely on a smart
card) are less likely to raise privacy issues.
• Linked to the above, biometric systems that opt for database storage of information are
more liable to be abused or attacked than those that store biometric information locally
(such as on a smart card). Although the chance of biometric templates being reverse-
engineered is slight, the risks should never be underestimated (Roberts, 2007). The
perceived risk of personal information, even in template form, being copied, changed
or stolen is enough to raise the privacy concerns for many users.
• Physiological biometrics are, by their nature, very difficult to change or mask and can
be collected without user compliance. This raises privacy concerns for users.
• The decision to retain identifiable biometric images obviously raises more privacy
issues compared with the decision to store templates only. It should be noted though
that many users still do not understand the difference between a biometric image and
template and this is where education is important.
To reiterate, the perceived risk of personal information, even in template form, being
copied, changed, used for another purpose or stolen is enough to raise privacy concerns
for many users. It is imperative that any introduction of biometrics is accompanied by
policy, and education and training that cover the privacy aspects of the technology. Such
education and policy needs to include a well-defined vision and set of objectives for the
application of biometrics. The benefits of using biometrics over other systems must also be
discussed and the policy should demonstrate how the use of biometrics is the best solution
(technical, scenario and operational evaluations can help to achieve this).
Template storage issues – should the biometric information (template) be stored on the smart
card exclusively or in a database (in support of the chain of trust)? What are the associated
security and privacy issues?
49
DSTO-GD-0538
Computer resources – what computer resources will be required to support sensors and
matching algorithms?
Maintenance – what are the maintenance requirements of the chosen biometric system?
What implications do these have in terms of cost and time, and who is responsible?
Contingency planning – in the event of technology breakdown what contingency plans need
to be developed? If the technology fails, what backup methods could be used (e.g., use
picture on card only?) Who is responsible for developing these?
Upgrades – as with any technology, biometric technology will require system and sensor
upgrades from time to time. What implication does this have in terms of cost and time,
and who is responsible? In addition, as the algorithms underlying the biometric systems
will also require upgrades, what will be the impact of such upgrades? What will be the
backwards and forwards compatibility issues?
Testing/evaluation/compliance testing – Who will conduct testing and evaluation of the
biometric system? Who will be responsible for ongoing compliance testing on the system?
Increasing user awareness through education and training has been shown to increase
user acceptance of biometrics (Riccardi, Peticone & Savastano, 2005; Ashbourn, 2005). A
world-wide study commissioned by Unisys Corp in 2006, found that 66% of consumers
supported the use of biometrics for identity verification (which was a significant
improvement on previous studies). Respondents from the US and Canada supported
biometrics for identity verification more than any other region (over 70%), although the
Asia Pacific region also showed good support (68%). The researchers concluded that the
reason for the significant change in acceptance was the level of education ongoing in the
field. Besides formal training programs, Unisys cited other methods, such as daily
reminders of biometrics through posters and login messages, and articles in relevant
publications, as being integral to user awareness and acceptance (Unisys, 2006).
It is important to note that education and training can start before biometrics have even
been implemented. Green and Romney (2005) surveyed 200 employees from the
education, technology and public service sectors about their feelings towards biometrics.
Responses were very negative, with security (regarding data storage and access), and
privacy concerns the dominant issues. Respondents were then invited to take part in an
online technology briefing about biometrics with a focus on security, safety, and privacy
issues after which they were surveyed again. Significant differences were found between
the initial survey and the second one, enabling the researchers to conclude that education
has a positive impact on the perceptions of biometrics.
Training has also been found to be a key in meeting expectations about manufacturer’s
performance specifications. Wilson and Shank (2003) found that by training users (through
a formal classroom briefing followed by close supervision during enrolment, to provide
users with guidance) they were able to ensure they stored good quality templates and
minimised error rates as a result. The media hype regarding health issues associated with
the use of biometrics could also be addressed in training and education programs, as
could the many privacy concerns. ‘An informed, aware user is probably one of the key
factors contributing to a successful real-world deployment of biometrics’ (CESG, 2007).
50
DSTO-GD-0538
Technology evaluations test the biometric systems off-line, using data that has not been seen
by the algorithm developers in order to compare competing algorithms from a single
technology.
Scenario evaluations evaluate the biometric systems in a simulated real-world environment
in order to determine overall system performance in the simulated environment.
Operational evaluations employ a biometric system in a real world environment to
determine if it is sufficiently mature to meet operational performance requirements
(Mansfield and Wayman, 2002).
DSTO has developed techniques for analysing the characteristics of biometric systems, for
verification purposes, in operational settings, for both Defence and other Government
departments. This involves consideration not only of technical factors but also the conduct
of trials in the operational setting. This approach takes into account a large number of the
variables (e.g., environmental factors such as lighting, human behaviour such as crowding
and organisational processes) that influence the performance of biometric systems in real-
world applications. In addition, DSTO have identified work process considerations and
other human factors issues (such as usability) that effect the introduction of the technology
(Kaine, 2003).
Any decision to adopt biometrics also needs to take into account the range of inter-
operability issues that such a decision presents. Interoperability issues will exist locally,
nationally and internationally and involve the examination of hardware and software,
data formats, and guidelines.
Given the substantial growth of the biometrics market and interest in the technology,
many industry standards have emerged to cover a range of biometric technologies and
issues. Standards help to increase the quality and competitiveness of the market, while
enabling interoperability across jurisdictions, both nationally and internationally. While
the US currently has the lead on developing biometric standards, there is much work
ongoing in Europe (see http://www.eubiometricforum.com), and standards are also
currently being developed in Australia (led by Standards Australia and the Australian
Government Information Management Office or AGIMO). In addition, Australia also has
representatives commenting on the key set of international standards for the
implementation of biometrics, namely ISO/IEC JTC1 SC37 (http://isotc.iso.org). Many
51
DSTO-GD-0538
other countries are developing their own standards, both on a country-wide and sector by
sector basis. For instance, the US DoD is working closely with the National Institute of
Standards and Technology (NIST) to ensure biometric standards are reflecting the
intricacies of the military environment. It is vitally important that the biometric standards
of others be taken into account to facilitate interoperability.
6. Conclusion
In recent years automated biometric systems, such as facial, fingerprint, and iris
recognition systems, have been developed to facilitate a range of functions broadly
categorised as verification, identification or watch list functions. Such automated systems
offer advantages over current strategies, including the elimination of fatigue effects
associated with human performance and adding the possibility of measuring features
(e.g., iris pattern) that cannot be readily sensed by humans. Biometrics have been
successfully applied across a range of procedures and processes to enhance security
including physical and logical access control, management of major plant and machinery,
weapons control, identity management, and personnel management.
The decision to introduce biometrics should not be taken lightly. Automated biometric
systems need to be seen as an adjunct to existing systems, adding to techniques already
used, and organisations contemplating the adoption of biometric technology need to
understand that there are a range of issues that should be addressed. Privacy and security
concerns need to be addressed early and have multiple policy implications (security,
identity management, and privacy policies etc.). In terms of security, the vulnerability of
biometric systems to attack should be determined in any system application, and any
system under consideration should be subjected to a thorough vulnerability assessment,
including analyses of system vulnerability, attacker profiles, and threat vectors. The
decision to adopt biometrics should also be subject to a usability and user acceptance
study, and the privacy issues of introducing biometrics should be noted and addressed in
relevant policy. A training and education package to accompany the introduction of
biometrics should also be considered. The introduction of biometrics brings with it a range
of integration and support requirements that should also be addressed, specifically those
relating to interoperability. Common standards, data formats, guidelines and evaluation
programs should be developed or adopted to take into account the various biometric
standards and frameworks already in place. Finally, biometric systems should only be
considered where they add significant operational advantages to an existing capability.
The future appears lucrative for biometrics. With annual global biometrics revenues
projected to grow from $2.1 billion in 2006 to $5.7 billion in 2010 and with inspection of
patent databases uncovering a range of new and exciting applications, biometrics truly
appear to be living up to the tag applied to them by the MIT Technology Review in 2001 as
one of the ‘top ten emerging technologies that will change the world’.
52
DSTO-GD-0538
7. References
Akarun, L, Gokberk, B & Salah, AA 2005, ‘3D Face Recognition for Biometric
Applications’, Proceedings of the 13th European Signal Processing Conference (EUSIPCO),
September 4-8, 2005, Antalya, Turkey,
http://www.arehna.di.uoa.gr/Eusipco2005/defevent/papers/cr1899.pdf, last
accessed 27 March 2007.
Ashbourn, J 2005, The social implications of the wide scale implementation of biometric and
related technologies, background paper for the Institute of Prospective Technological
Studies, DG JRC, Sevilla, European Commission.
http://cybersecurity.jrc.es/docs/LIBE%20Biometrics%20March%2005/SocialImplicati
ons_Ashbourn.pdf, last accessed 27 March 2007.
Bolle, RM, Connell, JH, Pankanti, S, Ratha, NK & Senior, AW 2004, Guide to Biometrics,
Springer, New York.
Bullis, K 2006, ‘Smart cards with built-in fingerprint scanners’, MIT Technology Review.
http://www.technologyreview.com/Biztech/17040/, last accessed 27 March 2007.
Celent 2006, Biometric ATMs in Japan: Fighting Fraud with Vein Pattern Authentication,
http://www.celent.com/PressReleases/20060329(2)/BiometricsJapan.htm, last
accessed 20 July 2007.
Cetingul, HE, Yemez, Y, Evzin, E & Tekalp, AM 2004, ‘Discriminative Lip Motion
Features for Biometric Speaker Identification’, Proceedings of the 2004 International
Conference on Image Processing (ICP),
http://ieeexplore.ieee.org/iel5/9716/30678/01421480.pdf, last accessed 27 March
2007.
53
DSTO-GD-0538
Chang, KI, Bowyer, KW & Flynn, PJ 2005, ‘An Evaluation of Multimodal 2D+3D Face
Biometrics’, IEEE Transactions on Pattern Analysis and Machine Intelligence, 27(4), pp. 619-
624, http://ieeexplore.ieee.org/iel5/34/30436/01401913.pdf, last accessed 27 March
2007.
DSBTF (Defense Science Board Task Force) 2007, Report of the Defense Science Board Task
Force on Defense Biometrics, March 2007, http://www.acq.osd.mil/dsb/reports/2007-
03-Biometrics.pdf, last accessed 12 April 2007.
DSTO (Defence Science and Technology Organisation) 2007, SmartGate Series One Factory
Acceptance Testing Eragny, France, DSTO-TR-2036, DSTO Edinburgh, SA (RESTRICTED).
Greneker, EF 2006, ‘Radar Technology for Acquiring Biological Signals’, The Journal of
Credibility Assessment and Witness Psychology, vol. 7, no. 2, pp. 127-134.
Greneker, EF & Geisheimer, J 2001 ‘Non-Contact Lie Detector using Radar Vital Signs
Monitor (RVSM) Technology’, IEEE Aerospace and Electronic Systems Magazine, vol. 16, no.
8, pp. 10-14.
54
DSTO-GD-0538
Graves, I, Johnson, R & McLindin, B 2003, ‘Problems with False Accept Rate in
Operational Access Control Systems, Proceedings of the 4th Australian Information Warfare
and IT Security Conference, Adelaide, November 2003, pp. 129-135.
Hogg, RV & Tanis EA 2000 Probability and Statistical Inference, 6th Edition, Prentice Hall,
New York.
ISO/IEC JTC 1/SC 37 Biometrics 2004, 1st Working Draft 24714, Biometrics – Technical
Report on Cross Jurisdictional and Societal Aspects of Implementation of Biometric
Technologies, American National Standards Institute.
Jain, AK, Ross, A & Prabhakar, S 2004, ‘An Introduction to Biometric Recognition’,
IEEE Transactions on Circuits and Systems for Video Technology, 14(1), pp. 4-20.
Jain, A, Ross, A & Uludag, U 2005, ‘Biometric Template Security: Challenges and
Solutions’, Proceedings of the 13th European Signal Processing Conference (EUSIPCO),
September 4-8, 2005, Antalya, Turkey.
Kaine, A 2003, ‘The Impact of Facial Recognition Systems on Business Practices within
an Operational Setting’, Proceedings of the 25th Conference on Information technology
Interfaces ITI 2003, June 16-19, 2003, Cavtat, Croatia.
Kaplan, D 2007, ‘From InfoSec 2007: Effective biometric solutions still face hurdles before
widespread deployment’, SC Magazine, 20 March 2007,
http://scmagazine.com/us/news/article/644931/from-infosec-2007-effective-biometrics-
solutions-face-hurdles-widespread-deployment/, last accessed 9 May 2007.
55
DSTO-GD-0538
Ko, T 2005, ‘Multimodal Biometric Identification for Large User Population Using
Fingerprint, Face and Iris Recognition’, Proceedings of the 34th Applied Imagery and Pattern
Recognition Workshop (AIPR05).
Koenig P 2002, Personal identification method and apparatus using acoustic resonance analysis of
body parts, US Patent 6724689,
http://patft.uspto.gov/netacgi/nph-
Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-
bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=%22Personal+identification+method
+apparatus+using+acoustic+resonance+analysis+body+parts%22.TI.&OS=TTL/, last
accessed 10 May 2008.
Krane, J 2003, ‘U.S Military Compiles Biometric Database On Iraqi Fighters, Saddam
Loyalists’, Information Week,
http://www.informationweek.com/story/showArticle.jhtml?articleID=9800069&ls=T
W_051403_fea&fb=20021204_security, last accessed 27 March 2007.
Mansfield, AJ & Wayman, JL 2002, Best Practices in Testing and reporting Performance of
Biometric Devices, NPL Report CMSC 14/02,
http://www.cesg.gov.uk/site/ast/biometrics/media/BestPractice.pdf, last accessed
27 March 2007.
Miles, CA & Cohn, JP 2006, ‘Tracking Prisoners in Jail With Biometrics’, NIJ Journal 253,
http://www.ojp.usdoj.gov/nij/journals/253/tracking.html, last accessed 20 July 2007.
56
DSTO-GD-0538
Narayanaswami, C 2005, ‘Form Factors for Mobile Computing and Device Symbiosis’,
Proceedings of the Eighth International Conference on Document Analysis and Recognition
(ICDAR'05), pp. 335.
Nixon, MS & Carter, JN 2004, ‘On Gait as a Biometric: Progress and Prospects’,
Proceedings of EUSIPCO 2004, Vienna, Austria.
Ortiz Jnr, S 2007, ‘Brain-computer Interfaces: Where Human and Machine Meet’,
Computer.
http://www.computer.org/portal/cms_docs_computer/computer/homepage/Jan07
/COM_017-021.pdf, last accessed 27 March 2007.
Parks, DR, Roederer, M & Moore, WA 2006 ‘A New ‘‘Logicle’’ Display Method Avoids
Deceptive Effects of Logarithmic Scaling for Low Signals and Compensated Data’,
Cytometry Part A, 69(A): 541–551, International Society for Analytical Cytology,
http://herzenberg.stanford.edu/Publications/Reprints/LAH517.pdf.
Piazza, P 2005, ‘The Smart Cards are Coming…Really’, Security Management Online,
http://www.securitymanagment.com/library/001697.html, last accessed 27 March
2007.
Phillips, PJ 2008, Multi Biometrics Grand Challenge Kick-Off Workshop, Presentation, April 18,
http://face.nist.gov/mbgc/mbgc_presentations.htm, last accessed 12 June 2008.
Phillips, PJ, Scruggs, WT, O’Toole, AJ, Flynn, PJ, Bowyer, KW, Schott, CC & Sharpe, M
2007, FRVT2006 and ICE 2006 Large-Scale Results,
http://face.nist.gov/frvt/frvt2006/FRVT2006andICE2006LargeScaleReport.pdf, last
accessed 5 April 2007.
Riccardi, L, Peticone, B, & Savastano, M 2005, ‘Biometrics for massive access control –
traditional problems and innovative approaches’, Proceedings of the 2005 IEEE Workshop
on Information Assurance and Security, United States Military Academy, West Point,
New York.
57
DSTO-GD-0538
Roberts, C 2007, ‘Biometric attack vectors and defences’, Computers and Security,
26(2007), pp. 14-25.
Ryan, R 2007, ‘How to successfully design and deploy biometrics to protect identity
and overcome privacy concerns’, The Winter 2007 Biometrics Summit. Feb 26 – March 1,
2007, Miami, Florida.
Sanderson, S & Erbetta, JH 2000, Authentication for Secure Environments Based on Iris
Scanning Technology, http://ieeexplore.ieee.org/iel5/6829/18346/00847019.pdf, last
accessed 27 March 2007.
Schuckers, SAC 2002 Spoofing and Anti-Spoofing Measures, online article for Elsevier
Information Security Report on Biometrics,
http://www.citer.wvu.edu/members/publications/files/15-SSchuckers-Elsevior02.pdf.
Simon, C & Goldstein, I 1935, ‘A New Scientific Method of Identification’, New York State
Journal of Medicine, 35(18), pp. 901-906.
Simpson, I 2007, ‘Biometrics: Issues and Applications’, Proceedings of the 6th Annual
Multimedia Systems Conference, January 13, 2007, University of South Hampton.
58
DSTO-GD-0538
Snelick, R, Uludag, U, Mink, A, Indovina, M & Jain, A 2005, ‘Large Scale Evaluation of
Multimodal Biometric Authentication Using State-of-the-Art Systems’, IEEE
Transactions on Pattern Analysis and Machine Intelligence, 27(3), pp. 450-455.
Spence, B 2007, Biometrics in Physical Access Control: Issues, Status and Trends,
http://www.siaonline.org, last accessed 27 March, 2007.
Tao, Q, van Rootseler, R, Veldhuis, R, Gehlen, S & Weber, F 2007, ‘Optimal Decision
Fusion and Its Application on 3D Face Recognition’, Proceedings of the Workshop on
Biometrics and eCards, Darmstadt, Germany,
http://www.3dface.org/files/papers/veldhuis-CAST2007-
OptimalDecisionFusion.pdf last accessed 27 July 2007.
Thalheim, L, Krissler, J & Ziegler, P-M 2002, Body Check: Biometric Access protection
Devices and their Programs Put to the Test,
http://www.heise.de/ct/english/02/11/114/, last accessed 27 March 2007.
UKBWG (United Kingdom Biometrics Working Group) 2002, Use of Biometrics for
Authentication and Identification: Advice on Product Selection, Issue 2.0,
http://www.idsysgroup.com/ftp/Biometrics%20Advice.pdf, last accessed 27 March
2007.
Victor, B, Bower, K & Sarkar, S 2002, ‘An Evaluation of Face and Ear Biometrics’,
Proceedings of the ICPR, http://ieeexplore.ieee.org/iel5/8091/22378/01044746.pdf, last
accessed 27 March 2007.
Wasem, RE, Lake, J, Seghetti, L, Monke, J, Vina, S 2004, Border Security: Inspections,
Practices, Policies and Issues, CRS Report for Congress,
http://www.ilw.com/immigdaily/news/2004,1006-security.pdf, last accessed 27
March 2007.
Wiederhold MD, Israel SA, Meyer RP & Irvine JM 2003, Identification by analysis of
physiometric variation, United States Patent 6993378,
http://www.wipo.int/pctdb/images4/PCT-
PAGES/2003/012003/03000015/03000015.pdf, last accessed 10 May 2008.
59
DSTO-GD-0538
Wilson, P & Shank, B 2003, ‘Costs and Benefits of Integrating Biometrics with a Navy
Tactical Weapons System’, Proceedings of the 2003 IEEE Workshop on Information
Assurance, United States Military Academy, West Point, New York.
Woodward, JD, Watkins Webb, K, Newton, EM, Bradley, MA, Rubenson, D, Larson, K,
Lilly, J, Smythe, K, Houghton, B, Pincus, HA, Schachter, J & Steinberg, P 2001, Army
Biometric Applications: Identifying and Addressing Sociocultural Concerns,
http://www.rand.org/pubs/monograph_reports/MR1237/, last accessed 27 March
2007.
Woodward, JD, Horn, C, Gatune, J & Thomas, A 2003, Biometrics A Look at Facial
Recognition, RAND Documented Briefing,
http://www.rand.org/pubs/documented_briefings/DB396/DB396.pdf, last accessed
27 March 2007.
Yao, Y, Abidi, B, Kalka, ND, Schmidt, N & Abidi, M 2006, ‘High magnification and long
distance face recognition: database acquisition, evaluation, and enhancement’, Proceedings
of the 2006 Biometrics Symposium,
http://ieeexplore.ieee.org/iel5/4341611/4341612/04341635.pdf?tp=&isnumber=&arnum
ber=4341635, last accessed 8 July 2008.
Zhang, D, Liu, Z, Yan, J & Shi, P 2007, ‘Tongue-Print: A Novel Biometrics Pattern’, in
Lecture Notes in Computer Science, Berlin: Springer, pp. 1174-1183.
60
Page classification: UNCLASSIFIED
Document (U)
Title (U)
Abstract (U)
6a. DSTO NUMBER 6b. AR NUMBER 6c. TYPE OF REPORT 7. DOCUMENT DATE
DSTO-GD-0538 AR 014-200 General Document May 2008
8. FILE NUMBER 9. TASK NUMBER 10. TASK SPONSOR 11. NO. OF PAGES 12. NO. OF REFERENCES
2007/1101846 CCT07/029 CDS 66 79
OVERSEAS ENQUIRIES OUTSIDE STATED LIMITATIONS SHOULD BE REFERRED THROUGH DOCUMENT EXCHANGE, PO BOX 1500, EDINBURGH, SA 5111
16. DELIBERATE ANNOUNCEMENT
No Limitations
Automation
Biometrics
Biometric Identification
Security
19. ABSTRACT
Biometrics is the measurement of personal physical features, actions or behavioural characteristics that distinguish between individuals. In
recent years automated biometric systems, such as facial, fingerprint and iris recognition systems, have been developed to facilitate a range of
functions. These functions can be broadly categorised as verification or identification, and include, for instance, physical and logical access
control, management of major plant and machinery, weapons control, identity management, surveillance operations, and personnel
management. This paper is an updated version of the Biometrics Technology Review 2002 published in 2003 by Blackburn et al. It provides
an overview of the basic elements of biometrics; a detailed examination of current and future biometric technologies; discusses the many
different applications of biometrics; and highlights the issues associated with using such technology.