Conference Paper
Yüklə 114,55 Kb. Pdf görüntüsü
|
| C.
Biometric identification Biometric identification is one of the fundamental social functions: we do it every day from our birth. A child first learns to recognise the voice and face of his/her parents, and later relatives, classmates, friends. The technological advances, however, only made the creation of automatized biometric identification systems possible in the past few decades. These solutions may all be traced back to methods used thousands of years before our time. For example, one of the oldest example is facial recognition. Since the dawn of civilisation, humans have used face recognition to categorise people as acquaintances or strangers. This task, however, grew increasingly difficult as humanity progressed and the travel options broadened. The people previously living in closed societies met with more and more unknown, foreign faces. Generally, every human feature is unique, the question is, however, whether they may be utilised cost-effectively under the given circumstances. Such a circumstance may be the level of technological development or the properties of the particular feature. For example, of all the biometric features available, the DNA sequence is one of the most accurate ones. Given our current technical development levels, however, it is unsuited for automatized identification, as even the fastest sequencing machines require 10 minutes to produce results (with the average being 90 minutes) and it may not be ensured that the DNA is introduced to the system by the authorised owner. A strand of hair or a dead skin flake from a keyboard may all be used for identification. The future, however, points unequivocally into the direction of automatized biometric identification, since this is the only method where identifying the actual authorised user may be ensured. II. T HE PROBLEM At a 30 employee micro company manufacturing cleaning products, there were 10 office and 20 production employees. Secure access and attendance tracking were performed by a fingerprint recognition system. The system was reliable, false rejections and false acceptances were virtually non-existent. Due to the transparent and accurate registry, the profitability the company surpassed the industrial average, and this lead to acquisition by the Hungarian daughter a multi-national company. As employee numbers rose tenfold in just a few months, the false rejection rate increased in the current system to about 15% and at least 10% of the employees couldn’t use the system at all. These problems led to the biometric system being swapped to a card based one. At a 500 employee company, a fingerprint recognition system was deployed in 2004. After 3 months of the installation, 70 employees could not use the system, and this ratio existed during the whole lifetime of the system, which was swapped to a card based one in 2010. Based on the case studies, one should examine the operation mechanisms and risks of biometric identification systems in order to allow decision makers to predict the possibilities and expected results in the planning phase. This study will explore the most important properties of the technologies on the security market. III. B IOMETRIC IDENTIFICATION TECHNOLOGIES Nowadays, in several areas, there is a strong need for personal identification systems that operate with high accuracy. One method for this is biometric identification, where the unique features that are more or less unmodifiable and unforgeable are being examined. Many such feature exists, e.g. the well-known iris, fingerprint or retina. While these technologies are not totally free from weaknesses, they still provide far more security than knowledge or possession based ones. The biometric samples used for access control systems: Fingerprint Iris Retina Face o 2D o 3D Hand geometry Face heatmap Vein patterns o Hand veins o Finger veins Voice There are many ways to categorise biometric identification technologies, although from the user side, there are three very important parameters, which are: how much physical contact the device needs for operation, identification time (including any additional time required for positioning or other identification related actions) and the amount of cooperation/effort the device requires from the user for proper operation. For the customer, the main parameters are the accuracy and security, which guarantee a small percentage of false acceptance. Contactless technologies are often preferred, since many users have (both founded and unfounded) hygienical fears towards objects that many other people touch as well (seemingly except for door knobs, for some reason). This fear unjustly discriminates biometric identification systems, however user acceptance is an important factor in successful deployment of such system nevertheless. Identification time is usually negligible in contrast of the whole access cycle, however depend on the level of cooperation required from the user, and this means it may vary between large bounds. The algorithms in the systems available nowadays perform generally under a second, however a few seconds at most. The problems stem from improper usage of the system. A single rejection is frustrating for a user, and multiple rejections – depending on the security protocols in place – may well require the intervention of the guard force, causing jams in the entry queue and significant inconveniency for the user involved. We must accept that such situations will – every now and then – occur, and they may not be 100% eliminated, so we must prepare for handling them. The required cooperation from a user shows us how much effort must be put into the identification process by the user, for example, proper positioning which involves a specific sequence of actions. The user may be supported in this with various surfaces and signs. We may take away degrees of freedom, reducing the error possibilities. A good example for this is hand geometry identification, where the user is supported by both signs and restrictive surfaces that reduce degrees of freedom to 1, and as such, unsuccessful identification is extremely rare with that technology. On the flip side, though, this means an increase of physical contact requirements that may cause user dissatisfaction according to the factors described above. The systems requiring high user cooperation, however, may be more difficult to use or require more attempts if the user is not cooperative or may not cooperate. An important factor for successful identification is how well the system may adapt to changes in the particular biometric features. In the case of face recognition systems, a large change in the facial features (e.g. moustaches and beards, different hairstyle or glasses) may significantly influence the success levels. In the case of a fingerprint recognition system, the contamination or injury of the fingertips may cause problems. Some systems may detect whether the sample is presented by a living user or whether it’s fake, which will improve the security of the system significantly. Based on the facts above, the success rate of identification and the fluency of the process are all inversely proportional to the convenience of the system. The more we restrict the degrees of freedom for the user, the more fluid and accurate the identification is, however user satisfaction will most likely decrease. The more degrees of freedom we give a user, however, the harder it is for the system to perform successful identification on the first attempt, and although the requirement for contactless operation will be fulfilled, the longer identification times and unsuccessful attempts will also lead to decreased user satisfaction. This is why educating the users, justification of the deployment and fighting misconceptions are very important. IV. C OMPARISON OF BIOMETRIC TECHNOLOGIES The biometric solutions mentioned in the previous point may be categorised and compared by several factors and indicators. Such a comparison will provide directions when planning the deployment of a new system, and also help predict the results. The definition of the terms used in the tables: FAR: False Acceptance Rate: This shows how often a system will recognise an unauthorised person as an authorised one. Measured in percentages. FRR: False Rejection Rate: This shows how often the system will mishandle an authorised person as an unauthorised one and reject access. Measured in percentages. GFRR: Generalized FRR: This shows – with the help and extensions provided by the research of [1] ABI - the FRR of a device under realistic circumstances, including the user errors. Measured in percentages. FTE: Failure to enrol: This shows the amount of people who may not be enrolled in the system and thus are unable to use it. Measured in percentages. Risk of spoof: It shows how easily may the system be circumvented by some method (e.g. instead of an actual fingerprint, showing only a photo of it to an optical fingerprint scanner). Live sample detection: This shows whether the system may distinguish a living user from a spoofing attempt. User acceptance: This shows a general acceptance of the technology from a user standpoint, including the willingness of cooperation and any misconceptions or fears that influence said acceptance. Contact requirement: This shows whether the user has to maintain physical contact with the device to perform the identification. Stability of the biometric sample: This shows whether the sample changes with time and if any external factors may influence them. Risks: Any risks that may arise during usage, that affect operation negatively in a significant way |