Project of a biometric information security system. What are biometric security systems? According to facial geometry

Project of a biometric information security system. What are biometric security systems? According to facial geometry

Identity theft is a growing public concern—millions become victims of identity theft every year, according to the Federal Trade Commission, and “identity theft” has become the most common consumer complaint. In the digital age traditional methods Authentication - passwords and IDs - is no longer enough to combat identity theft and ensure security. “Surrogate representations” of personality are easy to forget somewhere, lose, guess, steal or transfer.

Biometric systems recognize people based on their anatomical features (fingerprints, facial image, palm line pattern, iris, voice) or behavioral traits (signature, gait). Because these traits are physically associated with the user, biometric recognition is reliable as a mechanism to ensure that only those with the necessary credentials can enter the building, access computer system or cross the state border. Biometric systems also have unique advantages - they do not allow one to renounce a completed transaction and make it possible to determine when an individual uses several documents (for example, passports) under different names. Thus, with proper implementation in appropriate applications biometric systems provide a high level of security.

Law enforcement agencies have relied on biometric fingerprint authentication in their investigations for over a century, and recent decades have seen rapid growth in the adoption of biometric recognition systems in government and commercial organizations around the world. In Fig. 1 shows some examples. While many of these implementations have been highly successful, there are concerns about the insecurity of biometric systems and potential privacy violations due to the unauthorized publication of users' stored biometric data. Like any other authentication mechanism, a biometric system can be bypassed by an experienced fraudster with sufficient time and resources. It is important to allay these concerns to gain public trust in biometric technologies.

Operating principle of the biometric system

At the registration stage, the biometric system records a sample of the user's biometric trait using a sensor - for example, films the face on camera. Individual features - such as minutiae (fine details of the lines of a finger) - are then extracted from the biometric sample using a feature extractor software algorithm. The system stores the extracted features as a template in a database along with other identifiers such as name or ID number. For authentication, the user presents another biometric sample to the sensor. The traits extracted from it constitute a query that the system compares to a template of the claimed personality using a matching algorithm. It returns a match score that reflects the degree of similarity between the template and the query. The system only accepts an application if the compliance rating exceeds a predefined threshold.

Vulnerabilities of biometric systems

The biometric system is vulnerable to two types of errors (Fig. 2). When the system does not recognize a legitimate user, a denial of service occurs, and when an impostor is incorrectly identified as an authorized user, an intrusion is said to occur. For such failures there are many possible reasons, they can be divided into natural restrictions and malicious attacks.

Natural limitations

Unlike password authentication systems, which require an exact match of two alphanumeric strings, a biometric authentication system relies on the degree of similarity of two biometric samples, and since individual biometric samples obtained during registration and authentication are rarely identical, as shown in rice. 3, the biometric system can make two kinds of authentication errors. A false match occurs when two samples from the same individual have low similarity and the system cannot match them. A false match occurs when two samples from different individuals have high similarity and the system incorrectly declares them a match. A false match leads to denial of service to a legitimate user, while a false match can lead to an impostor intrusion. Since he does not need to use any special measures to deceive the system, such an intrusion is called a zero-effort attack. Much of the research in biometrics over the past fifty years has focused on improving authentication accuracy—minimizing false nonmatches and matches.

Malicious attacks

The biometric system can also fail as a result of malicious manipulation, which can be carried out through insiders, such as system administrators, or through a direct attack on the system infrastructure. An attacker can bypass the biometric system by colluding with (or coercing) insiders, or taking advantage of their negligence (for example, not logging out after completing a transaction), or by fraudulently manipulating the registration and exception handling procedures that were originally designed to help authorized users. External attackers can also cause a biometric system failure through direct attacks on user interface(sensor), feature extraction or matching modules, or connections between modules or template database.

Examples of attacks targeting system modules and their interconnections include Trojan horses, man-in-the-middle attacks, and replay attacks. Since most of these attacks also apply to password authentication systems, there are a number of countermeasures such as cryptography, timestamping, and mutual authentication that can prevent or minimize the effect of such attacks.

Two serious vulnerabilities that deserve special attention in the context of biometric authentication are UI spoofing attacks and template database leaks. These two attacks have a serious negative impact on the security of the biometric system.

A spoofing attack consists of providing a fake biometric trait that is not derived from a living person: a plasticine finger, a snapshot or mask of a face, a real severed finger of a legitimate user.

The fundamental principle of biometric authentication is that although the biometric features themselves are not secret (a photo of a person's face or a fingerprint can be secretly obtained from an object or surface), the system is nonetheless secure because the feature is physically tied to a living user. Successful spoofing attacks violate this basic assumption, thereby seriously compromising the security of the system.

Researchers have proposed many methods for determining the living state. For example, by verifying the physiological characteristics of the fingers or observing involuntary factors such as blinking, it is possible to ensure that the biometric feature recorded by the sensor actually belongs to a living person.

A template database leak is a situation when information about a legitimate user's template becomes available to an attacker. This increases the risk of forgery, since it becomes easier for an attacker to restore the biometric pattern by simply reverse engineering the template (Fig. 4). Unlike passwords and physical IDs, a stolen template cannot simply be replaced with a new one, since biometric features exist in a single copy. Stolen biometric templates can also be used for unrelated purposes - for example, to secretly spy on a person in various systems or to obtain private information about his health.

Biometric template security

The most important factor in minimizing the security and privacy risks associated with biometric systems is protecting the biometric templates stored in the system's database. While these risks can be mitigated to some extent by decentralized template storage, such as on a smart card carried by the user, such solutions are not practical in systems like US-VISIT and Aadhaar, which require deduplication capabilities.

Today, there are many methods for protecting passwords (including encryption, hashing and key generation), but they are based on the assumption that the passwords that the user enters during registration and authentication are identical.

Template security requirements

The main difficulty in developing biometric template security schemes is to achieve an acceptable compromise between the three requirements.

Irreversibility. It must be computationally difficult for an attacker to recover biometric traits from a stored template or to create physical forgeries of a biometric trait.

Distinguishability. The template protection scheme must not degrade the authentication accuracy of the biometric system.

Cancellability. It should be possible to create multiple secure templates from the same biometric data that cannot be linked to that data. This property not only allows the biometric system to revoke and issue new biometric templates if the database is compromised, but also prevents cross-matching between databases, thereby maintaining the privacy of user data.

Template protection methods

There are two general principles for protecting biometric templates: biometric trait transformation and biometric cryptosystems.

When transformation of biometric traits(Fig. 5, A) the protected template is obtained by applying an irreversible transformation function to the original template. This transformation is usually based on the individual characteristics of the user. During the authentication process, the system applies the same transformation function to the request, and the comparison occurs for the transformed sample.

Biometric cryptosystems(Fig. 5, b) store only part of the information obtained from the biometric template - this part is called a secure sketch. Although it is not sufficient by itself to restore the original template, it still contains the necessary amount of data to restore the template if there is another biometric sample similar to the one obtained during registration.

A secure sketch is typically obtained by associating a biometric template with a cryptographic key, however a secure sketch is not the same as a biometric template encrypted using standard methods. In conventional cryptography, the encrypted pattern and the decryption key are two different units, and the pattern is secure only if the key is also secure. In a secure template, both the biometric template and the cryptographic key are encapsulated. Neither the key nor the template can be recovered with only a protected sketch. When the system is presented with a biometric request that is sufficiently similar to the template, it can recover both the original template and the cryptokey using standard error detection techniques.

Researchers have proposed two main methods for generating a secure sketch: fuzzy commitment and fuzzy vault. The first can be used to protect biometric templates represented as fixed-length binary strings. The second is useful for protecting patterns represented as sets of points.

Pros and cons

Biometric trait transformation and biometric cryptosystems have their pros and cons.

The mapping to feature transformation in a schema often occurs directly, and it is even possible to develop transformation functions that do not change the characteristics of the original feature space. However, it can be difficult to create a successful transformation function that is irreversible and tolerant of the inevitable change in a user's biometric traits over time.

Although there are techniques for generating a secure sketch based on information theory principles for biometric systems, the challenge is to represent these biometric features in standardized data formats such as binary strings and point sets. Therefore, one of the current research topics is the development of algorithms that convert the original biometric template into such formats without loss of meaningful information.

The fuzzy commitment and fuzzy vault methods have other limitations, including the inability to generate many unrelated patterns from the same set of biometric data. One of possible ways A way to overcome this problem is to apply the trait transformation function to the biometric template before it is protected by the biometric cryptosystem. Biometric cryptosystems that combine transformation with the generation of a secure sketch are called hybrid.

Privacy puzzle

The inextricable connection between users and their biometric traits gives rise to legitimate concerns about the possibility of disclosure of personal data. In particular, knowledge of information about biometric templates stored in the database can be used to compromise private information about the user. Template protection schemes can mitigate this threat to some extent, but many complex privacy issues lie beyond the scope of biometric technologies. Who owns the data - the individual or the service providers? Is the use of biometrics consistent with the security needs of each specific case? For example, should a fingerprint be required when purchasing a hamburger at a fast food restaurant or when accessing a commercial Web site? What is the optimal tradeoff between application security and privacy? For example, should governments, businesses, and others be allowed to use surveillance cameras in public places to secretly monitor users' legitimate activities?

Today there are no successful practical solutions for such issues.

Biometric recognition provides stronger user authentication than passwords and identification documents, and is the only way to detect impostors. Although biometric systems are not completely secure, researchers have made significant strides towards identifying vulnerabilities and developing countermeasures. New algorithms for protecting biometric templates address some of the concerns about system security and user privacy, but more improvements will be needed before such methods are ready for use in the real world.

Anil Jain([email protected]) - Professor in the Department of Computer Science and Engineering at the University of Michigan, Karthik Nandakumar([email protected]) is a research fellow at the Singapore Institute of Infocommunications Research.

Anil K. Jain, Kathik Nandakumar, Biometric Authentication: System Security and User Privacy. IEEE Computer, November 2012, IEEE Computer Society. All rights reserved. Reprinted with permission.


xxxxxxxxxxxxxxxxxxx
xx

Essay

On the topic of:

"Biometric methods of information security
in information systems"

Completed: xxxxxxxxxxxxxxxxxxxxxxxxx

Checked:
xxxxxxxxxxxxxxxxxxxxxxxxx

Xxxxxxxxxxxxxxxx
2011

    Introduction ……………………………………………………… ………………………. 3
    Basic information………………………………………………………… …………. 4
    A little history…………………………………………………………… ………… 5
    Advantages and disadvantages………………………………………………………………………………... 6
    Parameters of biometric systems……………………………………………. 7
    Scheme of work……………………………………………………………… ……………. 8
    Practical application………………………………………………………………………………... 9
    Technologies……………………………………………………………………………….. 10

      Fingerprint authentication…………………………………. 10

      Retinal authentication…………… ………………………….. 10

      Iris authentication …………………………… 11

      Authentication by hand geometry……………………………………….. 12

      Authentication based on facial geometry……………………………………….. 12

      Authentication using facial thermogram…………………………………… 13

      Voice authentication……………………………………………………. 13

      Handwriting authentication……………………………………………………………. . 14

      Combined biometric authentication system…………. 14

    Vulnerability of biometric systems……………………………………………. 15
    Methods to counter spoofing attacks……………………………………… 16

Introduction

Various controlled access systems can be divided into three groups according to what a person intends to present to the system:

    Password protection. The user provides secret data (for example, a PIN code or password).
    Using keys. The user presents his personal identifier, which is the physical carrier of the secret key. Typically, plastic cards with a magnetic stripe and other devices are used.
    Biometrics. The user presents a parameter that is part of himself. The biometric class is different in that the person’s personality is identified - his individual characteristics (papillary pattern, iris, fingerprints, facial thermogram, etc.).
Biometric access systems are very user-friendly. Unlike passwords and storage media, which can be lost, stolen, copied. Biometric access systems are based on human parameters, which are always with them, and the problem of their safety does not arise. Losing them is almost harder. It is also impossible to transfer the identifier to third parties

Basic information

Biometrics is the identification of a person by unique biological characteristics inherent only to him. Access and information security systems based on such technologies are not only the most reliable, but also the most user-friendly today. Indeed, there is no need to remember complex passwords or constantly carry hardware keys or smart cards with you. You just need to put your finger or hand on the scanner, put your eyes to scan or say something to enter the room or gain access to information.
Various biological characteristics can be used to identify a person. All of them are divided into two large groups. Static features include fingerprints, the iris and retina of the eye, the shape of the face, the shape of the palm, the location of the veins on the hand, etc. That is, what is listed here is something that practically does not change over time, starting from the birth of a person. Dynamic characteristics are voice, handwriting, keyboard handwriting, personal signature, etc. In general, this group includes the so-called behavioral characteristics, that is, those that are built on features characteristic of subconscious movements in the process of reproducing any action . Dynamic signs can change over time, but not abruptly, abruptly, but gradually. Identification of a person using static features is more reliable. Agree, you cannot find two people with the same fingerprints or iris. But, unfortunately, all these methods require special devices, that is, additional costs. Identification based on dynamic features is less reliable. In addition, when using these methods, the likelihood of “type I errors” occurring is quite high. For example, during a cold a person's voice may change. And the keyboard handwriting may change during times of stress experienced by the user. But to use these features you do not need additional equipment. A keyboard, microphone or webcam connected to a computer, and special software are all that is needed to build a simple biometric information security system.
Biometric technologies are based on biometrics, the measurement of the unique characteristics of an individual person. These can be unique characteristics received from birth, for example: DNA, fingerprints, iris; as well as characteristics acquired over time or that can change with age or external influences. For example: handwriting, voice or behavior.
The recent increase in interest in this topic in the world is usually associated with the threats of intensified international terrorism. Many states are planning to introduce passports with biometric data into circulation in the near future.

A little history

The origins of biometric technology are much older than their futuristic image might suggest. Even the creators of the Great Pyramids in Ancient Egypt recognized the advantages of identifying workers by pre-recorded bodily characteristics. The Egyptians were clearly ahead of their time, as practically nothing new happened in this area for the next four thousand years. It was only in the late 19th century that systems began to emerge that used fingerprints and other physical characteristics to identify people. For example, in 1880, Henry Faulds, a Scottish physician living in Japan, published his thoughts on the diversity and uniqueness of fingerprints, and suggested that they could be used to identify criminals. In 1900, such a significant work as the Galton-Henry fingerprint classification system was published.
With the exception of a few scattered works on the uniqueness of the iris (the first working technology based on which was presented in 1985), biometric technology practically did not develop until the 1960s, when the Miller brothers in New Jersey (USA) began to the introduction of a device that automatically measured the length of a person’s fingers. Voice and signature identification technologies were also developed in the late 1960s and 70s.
Until recently, before September 11, 2001 to be exact, biometric security systems were used only to protect military secrets and sensitive business information. Well, after the terrorist attack that shocked the whole world, the situation changed dramatically. At first, airports, large shopping centers and other crowded places. Increased demand provoked research in this area, which, in turn, led to the emergence of new devices and entire technologies. Naturally, the increase in the market for biometric devices has led to an increase in the number of companies dealing with them; the resulting competition has caused a very significant reduction in the price of biometric security systems information security. Therefore, today, for example, a fingerprint scanner is quite accessible to the home user. This means that a second wave of boom in biometric devices, associated specifically with ordinary people and small firms, is possible soon.

Advantages and disadvantages

The most important advantage of information security systems based on biometric technologies is high reliability. Indeed, it is almost impossible to fake the papillary pattern of a person’s finger or the iris of an eye. So the occurrence of “errors of the second type” (that is, granting access to a person who does not have the right to do so) is practically excluded. True, there is one “but” here. The fact is that under the influence of certain factors, the biological characteristics by which a person is identified can change. Well, for example, a person may catch a cold, as a result of which his voice will change beyond recognition. Therefore, the frequency of “type I errors” (denial of access to a person who has the right to do so) in biometric systems is quite high. In addition, an important reliability factor is that it is absolutely independent of the user. And indeed, when using password protection a person can use a short keyword or keep a piece of paper with a hint under the computer keyboard. When using hardware keys, an unscrupulous user will not strictly monitor his token, as a result of which the device may fall into the hands of an attacker. In biometric systems, nothing depends on the person. And this is a big plus. The third factor that positively influences the reliability of biometric systems is the ease of identification for the user. The fact is that, for example, scanning a fingerprint requires less work from a person than entering a password. Therefore, this procedure can be carried out not only before starting work, but also during its execution, which, naturally, increases the reliability of protection. Particularly relevant in this case is the use of scanners combined with computer devices. For example, there are mice in which the user's thumb always rests on the scanner. Therefore, the system can constantly carry out identification, and the person will not only not pause the work, but will not notice anything at all. The last advantage of biometric systems over other methods of ensuring information security is the inability of the user to transfer his identification data to third parties. And this is also a serious plus. IN modern world Unfortunately, almost everything is for sale, including access to confidential information. Moreover, the person who transferred identification data to the attacker risks practically nothing. About the password, we can say that it was picked, and the smart card, that they were pulled out of their pocket. If biometric protection is used, such a “trick” will no longer work.
The biggest disadvantage of biometric information security systems is the price. This is despite the fact that the cost of various scanners has dropped significantly over the past two years. True, competition in the market of biometric devices is becoming increasingly tough. Therefore, we should expect further price reductions. Another disadvantage of biometrics is the very large size of some scanners. Naturally, this does not apply to identifying a person using a fingerprint and some other parameters. Moreover, in some cases special devices are not needed at all. It is enough to equip your computer with a microphone or webcam.

Biometric system parameters

The likelihood of FAR/FRR errors occurring, that is, false acceptance rates (False Acceptance Rate - the system grants access to an unregistered user) and false access denial rates (False Rejection Rate - access is denied to a person registered in the system). It is necessary to take into account the relationship of these indicators: by artificially reducing the level of “demandingness” of the system (FAR), we, as a rule, reduce the percentage of FRR errors, and vice versa. Today, all biometric technologies are probabilistic; none of them can guarantee the complete absence of FAR/FRR errors, and this circumstance often serves as the basis for not very correct criticism of biometrics.

Unlike user authentication using passwords or unique digital keys, biometric technologies are always probabilistic, since there is always a small, sometimes extremely small chance that two people may have the same biological characteristics. Because of this, biometrics defines a number of important terms:

    FAR (False Acceptance Rate) is a percentage threshold that determines the likelihood that one person can be mistaken for another (false acceptance rate) (also called “type 2 error”). Value 1? FAR is called specificity.
    FRR (False Rejection Rate) - the probability that a person may not be recognized by the system (false access denial rate) (also called “type 1 error”). Value 1? FRR is called sensitivity.
    Verification - comparison of two biometric templates, one to one. See also: biometric template
    Identification - identification of a person’s biometric template using a certain selection of other templates. That is, identification is always a one-to-many comparison.
    Biometric template - biometric template. A set of data, usually in a proprietary, binary format, prepared by a biometric system based on the characteristic being analyzed. There is a CBEFF standard for the structural framing of a biometric template, which is also used in BioAPI

Scheme of work

All biometric systems work in almost the same way. First, the system remembers a sample of the biometric characteristic (this is called the recording process). During recording, some biometric systems may ask for multiple samples to be taken in order to create the most accurate image of the biometric characteristic. The received information is then processed and converted into mathematical code. In addition, the system may ask you to perform some more actions in order to “assign” the biometric sample to a specific person. For example, a personal identification number (PIN) is attached to a specific sample, or a smart card containing the sample is inserted into a reader. In this case, a sample of the biometric characteristic is again taken and compared with the submitted sample. Identification using any biometric system goes through four stages:
Recording - a physical or behavioral pattern is remembered by the system;
Extraction - unique information is removed from the sample and a biometric sample is compiled;
Comparison - the saved sample is compared with the presented one;
Match/mismatch - the system decides whether the biometric samples match and makes a decision.
The vast majority of people believe that a computer's memory stores a sample of a person's fingerprint, voice, or picture of the iris of his eye. But in fact, in most modern systems this is not the case. Stored in a special database digital code up to 1000 bits long, which is associated with a specific person who has access rights. A scanner or any other device used in the system reads a certain biological parameter of a person. Next, it processes the resulting image or sound, converting it into digital code. It is this key that is compared with the contents of a special database for personal identification.

Practical use

Biometric technologies are actively used in many areas related to ensuring the security of access to information and material objects, as well as in tasks of unique personal identification.
The applications of biometric technologies are diverse: access to workplaces and network resources, information protection, ensuring access to certain resources and security. Conducting electronic business and electronic government affairs is possible only after following certain procedures for personal identification. Biometric technologies are used in the security of banking, investing and other financial movements, as well as retail trade, law enforcement, health issues, and social services. Biometric technologies will soon play a major role in matters of personal identification in many areas. Used alone or used in conjunction with smart cards, keys and signatures, biometrics will soon be used in all areas of the economy and private life.
Biometric information security systems are developing very actively today. Moreover, their prices are constantly decreasing. And this may well lead to the fact that biometric systems will soon begin to crowd out other methods of information security from the market.

Technologies

Fingerprint authentication

Fingerprint identification is the most common, reliable and effective biometric technology. Due to the versatility of this technology, it can be used in almost any area and to solve any problem where reliable user identification is required. The method is based on the unique design of capillary patterns on the fingers. The fingerprint obtained using a special scanner, probe or sensor is converted into a digital code and compared with a previously entered standard.
All fingerprints of each person are unique in their papillary line pattern and are different even between twins. Fingerprints do not change throughout the life of an adult; they are easily and simply presented for identification.
If one of the fingers is damaged, you can use the “backup” fingerprint(s) for identification, information about which, as a rule, is also entered into the biometric system when registering the user.
Specialized scanners are used to obtain information about fingerprints. There are three main types of fingerprint scanners: capacitive, rolling, optical.
The most advanced fingerprint identification technology is implemented by optical scanners.

Retinal authentication

The retinal authentication method came into practical use around the mid-50s of the last century. It was then that the uniqueness of the pattern of the blood vessels of the fundus was established (even in twins these patterns do not match). The retinal scan uses low-intensity infrared light directed through the pupil to the blood vessels at the back of the eye. Several hundred special points are selected from the received signal, information about which is stored in the template. To the disadvantages similar systems First of all, the psychological factor should be attributed: not every person likes to look into an incomprehensible dark hole where something shines into the eye. In addition, such systems require a clear image and, as a rule, are sensitive to incorrect retinal orientation. Therefore, you need to look very carefully, and the presence of certain diseases (for example, cataracts) may prevent the use of this method. Retinal scanners are widely used for accessing top-secret objects because they provide one of the lowest probabilities of type I error (denial of access for a registered user) and almost zero percentage of type II errors. Recently, this recognition method has not been used, since in addition to the biometric sign it carries information about human health.

Iris authentication

Iris recognition technology was developed to eliminate the intrusiveness of retinal scans that use infrared rays or bright light. Scientists have also conducted a number of studies that have shown that the human retina can change over time, while the iris remains unchanged. And most importantly, it is impossible to find two absolutely identical iris patterns, even in twins. To obtain an individual recording of the iris, the black and white camera makes 30 recordings per second. A subtle light illuminates the iris, allowing the video camera to focus on the iris. One of the records is then digitized and stored in a database of registered users. The entire procedure takes a few seconds and can be fully computerized using voice guidance and autofocus.
At airports, for example, the passenger's name and flight number are matched to an iris image; no other data is required. The size of the created file, 512 bytes with a resolution of 640 x 480, allows you to save a large number of such files on your computer’s hard drive.
Glasses and contact lenses, even colored ones, will not affect the image acquisition process. It should also be noted that eye surgery, cataract removal or corneal implantation do not change the characteristics of the iris; it cannot be changed or modified. A blind person can also be identified using the iris of the eye. As long as the eye has an iris, its owner can be identified.
The camera can be installed at a distance of 10 cm to 1 meter, depending on the scanning equipment. The term "scanning" can be misleading, since the process of obtaining an image does not involve scanning, but simply photographing.
The iris has a net-like texture with many surrounding circles and patterns that can be measured by a computer. The iris scanning program uses approximately 260 anchor points to create a sample. In comparison, the best fingerprint identification systems use 60-70 points.
Cost has always been the biggest deterrent to adopting the technology, but now iris identification systems are becoming more affordable for a variety of companies. Proponents of the technology claim that iris recognition will very soon become a common identification technology in various fields.

Hand geometry authentication

This biometric method uses the shape of the hand to authenticate an individual. Due to the fact that individual hand shape parameters are not unique, it is necessary to use several characteristics. Hand parameters such as finger curves, length and thickness, width and thickness of the back of the hand, distance between joints and bone structure are scanned. Also, the geometry of the hand includes small details (for example, wrinkles on the skin). Although the structure of the joints and bones are relatively permanent features, swelling of the tissues or bruises of the hand can distort the original structure. The technology problem: Even without considering the possibility of amputation, a disease called arthritis can greatly interfere with the use of scanners.
Using a scanner, which consists of a camera and illuminating diodes (when scanning a hand, the diodes turn on in turn, this allows you to obtain different projections of the hand), then a three-dimensional image of the hand is built. The reliability of hand geometry authentication is comparable to fingerprint authentication.
Hand geometry authentication systems are widely used, which is proof of their convenience for users. Using this option is attractive for a number of reasons. All working people have hands. The procedure for obtaining a sample is quite simple and does not place high demands on the image. The size of the resulting template is very small, a few bytes. The authentication process is not affected by temperature, humidity or dirt. The calculations made when comparing with the standard are very simple and can be easily automated.
Authentication systems based on hand geometry began to be used around the world in the early 70s.

Facial geometry authentication

Biometric authentication of a person based on facial geometry is a fairly common method of identification and authentication. The technical implementation is a complex mathematical problem. The extensive use of multimedia technologies, with the help of which one can see a sufficient number of video cameras at train stations, airports, squares, streets, roads and other crowded places, has become decisive in the development of this direction. To build a three-dimensional model of a human face, outline the contours of the eyes, eyebrows, lips, nose, and others. various elements faces, then calculate the distance between them, and use it to build a three-dimensional model. To determine a unique pattern corresponding to a specific person, 12 to 40 characteristic elements are required. The template must take into account many variations of the image in cases of turning the face, tilting, changing lighting, changing expression. The range of such options varies depending on the purpose of using this method (for identification, authentication, remote search over large areas, etc.). Some algorithms allow you to compensate for a person’s glasses, hat, mustache and beard.

Authentication using facial thermogram

The method is based on studies that have shown that a thermogram (image in infrared rays showing the distribution of temperature fields) of the face is unique for each person. The thermogram is obtained using infrared cameras. Unlike facial geometry authentication, this method distinguishes between twins. The use of special masks, plastic surgery, aging of the human body, body temperature, cooling the facial skin in frosty weather do not affect the accuracy of the thermogram. Due to the low quality of authentication, the method is not this moment is not widespread.

Voice authentication

The biometric voice authentication method is characterized by ease of use. This method No expensive equipment is required, just a microphone and a sound card. Currently, this technology is developing rapidly, as this authentication method is widely used in modern business centers. There are quite a few ways to build a voice template. Usually, these are different combinations of frequency and statistical characteristics of the voice. Parameters such as modulation, intonation, pitch, etc. can be considered.
The main and defining disadvantage of the voice authentication method is the low accuracy of the method. For example, the system may not recognize a person with a cold. An important problem is the variety of manifestations of one person’s voice: the voice can change depending on the state of health, age, mood, etc. This diversity presents serious difficulties in identifying the distinctive properties of a person’s voice. In addition, taking into account the noise component is another important and unsolved problem in the practical use of voice authentication. Since the probability of type II errors when using this method is high (on the order of one percent), voice authentication is used to control access in medium-security premises, such as computer labs, laboratories of manufacturing companies, etc.

Handwriting authentication

There are usually two ways to process signature data:
    Analysis of the painting itself, that is, simply the degree of coincidence of the two pictures is used.
    Analysis of the dynamic characteristics of writing, that is, for authentication, a convolution is built, which includes information on the signature, temporal and statistical characteristics of writing the signature.
Classical verification (identification) of a person by handwriting involves comparing the analyzed image with the original. This is exactly the procedure that a bank operator, for example, performs when preparing documents. Obviously, the accuracy of such a procedure, from the point of view of the likelihood of making an incorrect decision (see FAR & FRR), is low. In addition, the subjective factor also influences the spread of the probability of making the right decision. Fundamentally new possibilities for handwriting verification open up when using automatic methods for handwriting analysis and decision making. These methods eliminate the subjective factor and significantly reduce the likelihood of errors in decision making (FAR & FRR). The handwriting biometric authentication method is based on the specific movement of the human hand when signing documents. To preserve the signature, special pens or pressure-sensitive surfaces are used. This type of person authentication uses his signature. The template is created depending on the required level of protection. Automatic identification methods allow you to make a decision not only by comparing the image of the verified and control sample, but also by analyzing the trajectory and dynamics of the signature or any other keyword.

Combined biometric authentication system

A combined (multimodal) biometric authentication system uses various additions to use several types of biometric characteristics, which makes it possible to combine several types of biometric technologies in authentication systems in one. This allows you to meet the most stringent requirements for the effectiveness of the authentication system. For example, fingerprint authentication can easily be combined with hand scanning. Such a structure can use all types of human biometric data and can be used where it is necessary to force the limitations of one biometric characteristic. Combined systems are more reliable in terms of the ability to imitate human biometric data, since it is more difficult to falsify a whole range of characteristics than to falsify one biometric feature.

Vulnerability of biometric systems

Biometric systems are widely used in information security systems, e-commerce, crime detection and prevention, forensics, border control, telemedicine, etc. But they are vulnerable to attacks at various stages of information processing. These attacks are possible at the sensor level where an image or signal is received from an individual, replay attacks on communication lines, attacks on the database where biometric templates are stored, attacks on comparison and decision-making modules.
The main potential threat at the sensor level is spoofing attacks. Spoofing is the deception of biometric systems by providing the biometric sensor with copies, dummies, photographs, severed fingers, pre-recorded sounds, etc.
The purpose of a spoofing attack during verification is to present an illegal user in the system as legitimate, and during identification, to achieve undetectability of the individual contained in the database. Countering spoofing attacks is more difficult because the attacker has direct contact with the sensor and it is impossible to use cryptographic and other security methods.
Articles about successful spoofing attacks on biometric devices appeared
etc.................

Today, biometric security systems are being used more and more often thanks to the development of new mathematical authentication algorithms. The range of problems that can be solved using new technologies is quite extensive:

  • Law enforcement and forensics;
  • Access control system (ACS) and restriction of access to public and commercial buildings, private homes (smart home);
  • Transfer and receipt of confidential personal and commercial information;
  • Carrying out trade, financial and banking electronic transactions;
  • Login to an electronic remote and/or local workplace;
  • Blocking the operation of modern gadgets and protecting electronic data (cryption keys);
  • Maintaining and accessing government resources;

Conventionally, biometric authentication algorithms can be divided into two main types:

  • Static – fingerprinting, iris; measuring the shape of the hand, the line of the palms, the placement of blood vessels, measuring the shape of the face in 2D and 3D algorithms;
  • Dynamic – handwriting and typing rhythm; gait, voice, etc.

Main selection criteria

When choosing a capable installation for measuring a biological parameter of any type, you should pay attention to two parameters:

  • FAR - determines the mathematical probability of the coincidence of key biological parameters of two different people;
  • FRR - determines the likelihood of denying access to a person entitled to it.

If manufacturers omitted these characteristics when presenting their product, then their system is ineffective and lags behind competitors in functionality and fault tolerance.

Also important parameters for comfortable operation are:

  • Ease of use and the ability to perform identification without stopping in front of the device;
  • The speed of reading the parameter, processing the received information and the size of the database of biological reference indicators.

It should be remembered that biological indicators, static to a lesser extent and dynamic to a greater extent, are parameters that are subject to constant changes. Worst performance for static system are FAR~0.1%, FRR~6%. If a biometric system has failure rates below these values, then it is ineffective and ineffective.

Classification

Today, the market for biometric authentication systems is extremely unevenly developed. In addition, with rare exceptions, security system manufacturers also produce proprietary software. source code, which fits exclusively with their biometric readers.

Fingerprints

Fingerprint analysis is the most common, technically and software-advanced method of biometric authentication. The main condition for development is a well-developed scientific, theoretical and practical knowledge base. Methodology and classification system for papillary lines. When scanning, the key points are the ends of the pattern line, branches and single points. Particularly reliable scanners introduce a system of protection against latex gloves with fingerprints - checking the relief of papillary lines and/or finger temperature.

In accordance with the number, nature and placement of key points, a unique digital code is generated and stored in the database memory. The time for digitizing and verifying a fingerprint usually does not exceed 1-1.5 seconds, depending on the size of the database. This method is one of the most reliable. For advanced authentication algorithms - Veri Finger SKD, reliability indicators are FAR - 0.00%...0.10%, FRR - 0.30%... 0.90%. This is enough for reliable and uninterrupted operation of the system in an organization with a staff of more than 300 people.

Advantages and disadvantages

The undeniable advantages of this method are:

  • High reliability;
  • Lower cost of devices and their wide selection;
  • Simple and fast scanning procedure.

The main disadvantages include:

  • Papillary lines on the fingers are easily damaged, causing system errors and blocking access for authorized employees;
  • Fingerprint scanners must have a system to protect against counterfeit images: temperature sensors, pressure detectors, etc.

Manufacturers

Foreign companies that produce biometric systems, devices for access control systems and software for them should be noted:

  • SecuGen – mobile compact USB scanners for PC access;
  • Bayometric Inc – production of biometric scanners various types for complex security systems;
  • DigitalPersona, Inc – release of combination scanner-locks with integrated door handles.

Domestic companies producing biometric scanners and software for them:

  • BioLink
  • Sonda
  • SmartLock

Eye scan

The iris of the eye is as unique as the papillary lines on the hand. Having finally formed at the age of two, it practically does not change throughout life. The exception is injuries and acute pathologies of eye diseases. This is one of the most accurate methods of user authentication. The devices perform scanning and primary data processing for 300-500 ms; comparison of digitized information on a medium-power PC is carried out at a speed of 50,000-150,000 comparisons per second. The method does not impose restrictions on the maximum number of users. FAR statistics - 0.00%...0.10% and FRR - 0.08%... 0.19% were collected based on the Casia EyR SDK algorithm. According to these calculations, it is recommended to use such access systems in organizations with more than 3,000 employees. Modern devices widely use cameras with a 1.3 MP matrix, which allows you to capture both eyes during scanning, which significantly increases the threshold of false or unauthorized positives.

Advantages and disadvantages

  • Advantages:
    • High statistical reliability;
    • Image capture can occur at a distance of up to several tens of centimeters, while physical contact of the face with the outer shell of the scanning mechanism is excluded;
    • Reliable methods that exclude counterfeiting - checking the accommodation of the pupil - almost completely exclude unauthorized access.
  • Flaws:
    • The price of such systems is significantly higher than that of fingerprint systems;
    • Ready-made solutions are only available for large companies.

The main players in the market are: LG, Panasonic, Electronics, OKI, which operate under licenses from Iridian Technologies. The most common product that you can encounter on the Russian market are ready-made solutions: BM-ET500, Iris Access 2200, OKI IrisPass. Recently, new companies worthy of trust have appeared: AOptix, SRI International.

Retinal scan

An even less common, but more reliable method is scanning the placement of the capillary network on the retina. This pattern has a stable structure and remains unchanged throughout life. However, the very high cost and complexity of the scanning system, as well as the need to remain still for a long time, make such a biometric system available only to government agencies with an increased security system.

Face recognition

There are two main scanning algorithms:

2D is the most ineffective method, producing multiple statistical errors. It consists of measuring the distance between the main organs of the face. Does not require the use of expensive equipment, just a camera and appropriate software are enough. Recently it has gained significant popularity on social networks.

3D - this method is radically different from the previous one. It is more accurate; the subject does not even need to stop in front of the camera to identify it. Comparison with information entered into the database is made thanks to serial shooting, which is performed on the go. To prepare data on a client, the subject turns his head in front of the camera and the program generates a 3D image with which it compares the original.

The main manufacturers of software and specialized equipment on the market are: Geometrix, Inc., Genex Technologies, Cognitec Systems GmbH, Bioscrypt. Among Russian manufacturers, Artec Group, Vocord, ITV can be noted.

Hand scan

Also divided into two radically different methods:

  • Scanning the pattern of hand veins under the influence of infrared radiation;
  • Hand geometry - the method originated from criminology and has recently become a thing of the past. It consists of measuring the distance between the joints of the fingers.

The choice of a suitable biometric system and its integration into the access control system depends on the specific requirements of the organization’s security system. For the most part, the level of protection against counterfeiting of biometric systems is quite high, so for organizations with an average level of security clearance (secrecy), budget fingerprint authentication systems are quite sufficient.

The topic of our scientific and practical work is “Biometric methods of information security.”

The problem of information security, ranging from an individual to a state, is currently very relevant.

Information protection should be considered as a set of measures, including organizational, technical, legal, programmatic, operational, insurance and even moral and ethical measures.

In this work, we examined the modern developing direction of information security - biometric methods and security systems used on their basis.

Tasks.

During the study, we had to solve the following problems:

  • theoretically study biometric methods of information security;
  • explore their practical application.

The subject of our research was modern systems access control and management, various biometric personal identification systems.

The object of the study was literary sources, Internet sources, conversations with experts

The result of our work are suggestions for use modern technologies personal identification. They will generally strengthen the information security system of offices, companies, and organizations.

Biometric identification technologies make it possible to identify the physiological characteristics of a person, rather than a key or card.

Biometric identification is a method of identifying a person using certain specific biometric characteristics inherent in a particular person.

This problem is given much attention at international forums held both in our country and abroad.

In Moscow, at the specialized forum “Security Technologies” on February 14, 2012 at the International Exhibition Center, the most popular and new equipment for access control and time tracking, recognition by fingerprint, facial geometry and RFID, biometric locks and much more were demonstrated.

We researched a large number of methods; their abundance simply amazed us.

We included the following main statistical methods:

identification by capillary pattern on the fingers, iris, facial geometry, retina of the human eye, pattern of the veins of the hand. We also identified a number of dynamic methods: voice identification, heartbeat, gait.

Fingerprints

Each person has a unique papillary fingerprint pattern. The features of each person’s papillary pattern are converted into a unique code, “Fingerprint Codes” are stored in a database.

Advantages of the method

High reliability

Low cost devices

A fairly simple procedure for scanning a fingerprint.

Disadvantages of the method

The papillary pattern of a fingerprint is very easily damaged by small scratches and cuts;

Iris

The iris pattern is finally formed at the age of about two years and practically does not change throughout life, except for severe injuries.

Advantages of the method:

Statistical reliability of the method;

Images of the iris can be captured at distances ranging from a few centimeters to several meters.

The iris is protected from damage by the cornea

A large number of methods to combat counterfeiting.

Disadvantages of the method:

The price of such a system is higher than the cost of a fingerprint scanner.

Facial geometry

These methods are based on the fact that the facial features and shape of the skull of each person are individual. This area is divided into two areas: 2D recognition and 3D recognition.

2D facial recognition is one of the most ineffective biometric methods. It appeared quite a long time ago and was used mainly in forensics. Subsequently, computer 3D versions of the method appeared.

Advantages of the method

2D recognition does not require expensive equipment;

Recognition at significant distances from the camera.

Disadvantages of the method

Low statistical significance;

There are lighting requirements (for example, it is not possible to register the faces of people entering from the street on a sunny day);

Necessarily frontal image faces

Facial expression should be neutral.

Venous drawing of the hand

This is a new technology in the field of biometrics. An infrared camera takes pictures of the outside or inside of the hand. The pattern of veins is formed due to the fact that hemoglobin in the blood absorbs infrared radiation. As a result, the veins are visible on the camera as black lines.

Advantages of the method

No need to contact the scanning device;

High reliability

Disadvantages of the method

The scanner should not be exposed to sunlight

The method is less studied.

Retina

Until recently, the method based on scanning the retina was considered the most reliable method of biometric identification.

Advantages of the method:

High level of statistical reliability;

There is little chance of developing a way to “deceive” them;

Non-contact method of data collection.

Disadvantages of the method:

Difficult to use system;

High cost of the system;

The method is not well developed.

Technologies practical application biometrics

While researching this topic, we collected enough information about biometric security. We have concluded that modern biometric solutions are accompanied by stable growth. The market is witnessing a merger of biometric companies owning different technologies. Therefore, the appearance of combined devices is a matter of time.

A big step to improve the reliability of biometric identification systems is to combine the reading of different types of biometric identifiers into a single device.

Several IDs are already scanned when issuing visas to travel to the United States.

There are different forecasts for the development of the biometric market in the future, but in general we can say about its further growth. Thus, identification by fingerprints will still account for more than half of the market in the coming years. This is followed by recognition based on facial geometry and iris. They are followed by other recognition methods: hand geometry, vein pattern, voice, signature.

This is not to say that biometric security systems are new. However, it must be recognized that recently these technologies have made great strides, which makes them a promising direction not only in ensuring information security, but also an important factor in the successful operation of security services.

The solutions we have studied can be used as an additional identification factor, and this is especially important for comprehensive information protection.

To confirm the user’s identity, biometric security systems use what belongs to a person by nature - a unique pattern of the iris, retinal vessels, fingerprint, palm print, handwriting, voice, etc. Entering this data replaces entering the usual password and passphrase.

Biometric security technology has been around for quite some time, but it became widespread only recently with the advent of the fingerprint scanner (Touch ID) in smartphones.

What are the benefits of biometric security?

  • Two-factor authentication. Traditionally, most people use passwords to protect their devices from unauthorized access. This the only way protect yourself if the gadget is not equipped with Touch ID or Face ID.

Two-factor authentication forces the user to confirm their identity with two different ways, and this makes hacking the device almost impossible. For example, if a smartphone was stolen and the thief managed to get its password, he will also need the owner’s fingerprint to unlock it. To unnoticedly scan someone else's finger and create an ultra-precise 3D model of it from a material close to the skin is an unrealistic process at the everyday level.

  • Difficulty getting around. Biometric security is difficult to bypass. The fact is that the mentioned characteristics (iris pattern, fingerprint) are unique for each person. Even among close relatives they are different. Of course, the scanner allows for some error, but the likelihood that a stolen device will end up in the hands of a person whose biometric data is 99.99% identical to the owner’s data is almost zero.

Are there any disadvantages to biometric security?

The high degree of protection provided by biometric scanners does not mean that hackers are not trying to bypass it. And sometimes their attempts are successful. Biometric spoofing, the deliberate impersonation of a person's biometric attributes, is a big problem for security officials. For example, attackers can use special pens and paper that record the pressure used when writing, and then use this data to log into a system that requires handwritten input.

An Apple smartphone protected by Face ID can be easily unlocked by its owner's twin. There have also been cases of bypassing the iPhone X lock by using a plaster mask. However, this is not a reason to think that Apple has not invested enough in protecting its users. Of course, Face ID is far from military and industrial security scanners, but its task is to protect users at the everyday level, and it does this very well.

Maximum security is provided by combined biometric security systems that use several different types of identity confirmation (for example, iris scan + voice confirmation). AuthenTec's anti-spoofing technology can measure the properties of the skin of a finger placed on the sensor during scanning. This is a patented technology that provides high accuracy testing.

How will biometric security evolve in the future?

It is already clear today that the use of biometric authentication tools is growing at the household level. If 2-3 years ago only premium smartphones were equipped with a fingerprint scanner, now this technology has become available for low-price devices.

With the advent of the tenth iPhone model and Face ID technology, authentication is no longer possible. new level. According to Juniper research, more than 770 million biometric authentication apps will be downloaded by 2019, up from 6 million downloaded in 2017. Biometric security is already a popular technology for data protection in banking and financial services companies.



Popular in the category:
How to create a karaoke clip on a computer?
How to create a karaoke clip on a computer?
read
The Origin app is required for the game, but it is not installed. FIFA 16 requires Origin.
The Origin app is required to play, but it is not installed FIFA...
read
Registering a personal page on the social network Facebook
Registering a personal page on the social network Facebook
read
How to Run a Simple Nmap Nmap Scan
How to Run a Simple Nmap Nmap Scan
read

Latest Articles
How to rotate an image a few degrees...
read
Disabling advertising in Yandex browser Where...
read
Troubleshooting Wi-Fi connection problems on...
read
Change password on Windows 10 profile
read
Instructions for setting up wireless routers...
read
How to choose a hard drive and which one is better to buy...
read
Meizu for dummies. Calls and address book....
read
Download PDFMaster program
read
Top