Close Menu
    Thursday, December 5
    Login
    Subscribe Login
    preview16 Simplyforensic
    Biometrics Branches of Forensics Study Materials Topics & Articles 1 Views

    Biometrics

    SimplyforensicBy 1 Views

    The use of biometrics has increased significantly over the past few years. This rise has been a boon for those who want to protect their personal information from being accessed unauthorized. Undoubtedly, the ease with which individuals can adopt, the convenience, and the security features they provide gained the attention. They also help prevent an individual from being exploited by criminals or other unauthorized individuals. 

    Biometrics aims to provide people with a secure and convenient way to identify themselves. The use of biometric authentication and verification has brought a steep upturn in corporate and public security, consumer electronics, and POS (Point-of-sale) applications by significantly advancing their security, customer experience, and scalability. 

    It was estimated that the global biometric technology market is expected to grow at a compound annual growth rate ( CAGR) of 10.5%, reaching a total value of $8.5 billion between 2020 and 2025. In addition, investment in research and development in this sector is also skyrocketing. 

    So let’s explore more about biometrics, its types, advantages, and use. 

    What is Biometrics?

    The term biometrics is derived from the Greek words bio (meaning life) and metric (meaning to measure). Thus the word biometrics directly translates into “life measurements.”

    Biometrics is the measurement and statistical analysis of biological measurements (or physical characteristics) and behavioral characteristics to identify individuals. The basic principle of biometric authentication is that an individual’s intrinsic physical or behavioral traits are unique. In addition, most of these traits are inherited and thus cannot be predicted or stolen. Therefore, these traits can help accurately identify every person. 

    For example, the most recognized traits existing in biometrics authentication systems today are DNA, fingerprint, facial recognition, voice recognition, and IrisIris, or retina scan. In addition, based on research, the shape of the ear, body odors, veins in one’s hand and hand patterns, facial contortions, and gait (the manner of walking and sitting) are other identifiers that further define biometrics. 

    What are the Types of Biometrics?

    Biometrics were primarily used for forensic purposes. However, in recent years the use of biometrics in identification and authentication has seen rapid growth, mainly in the security sector. Biometrics can be broadly classified into three types, with several techniques in each group.

    1. Biological Biometrics: They utilize an individual’s genetic and molecular traits. These traits can be accessed through a sample of an individual’s body fluid, such as blood. Biological biometric techniques include DNA, body salinity, blood chemistry, body odor, 3D thermal Imaging, and Neural wave analysis. 

    2. Morphological Biometrics: Such biometrics are concerned with the body structure of an individual. Physical characteristics such as fingerprint, facial shape, and size of the Iris, retina, and ear are examples of such biometrics. 

    3. Behavioral Biometrics: These biometric techniques are based on the patterns unique to each individual. Gait (how people move and walk), speaking (voice recognition), signing (signature recognition), and even typing on a keyboard (Keystroke dynamics) can reveal individual identity. 

    What is Biometric System?

    A biometric system is a system that allows persons to be identified and authenticated using specific recognizable and verifiable characteristics (physiological, behavioral, or both qualities) of an individual (as input data). The system then uses mathematical algorithms to compare with hundreds of millions of biometric templates (in database storage) to determine the authenticity of the individual within a few seconds. 

    How does a biometric system identify a user?

    The process by which a biometric system identifies a user based on his physical and behavioral traits consists of two main phases. 

    1. Enrollment Phase: The enrollment phase is a learning phase that acquires the biometric data from the individual and stores the collected data in a database along with the person’s identity. During this phase, a biometric sensor captures an individual’s biometric characteristics. Next, this data is processed to extract an individual’s salient and distinctive features, which are then represented in digital form (signatures) and stored in the database. The processing related to the enrollment has no time constraint since it is performed “offline.”

    While some systems require an initial enrollment of biometric data into the system, other systems do not require this phase. 

    2. Recognition Phase: In this phase, the biometric data is re-acquired from the individual and compared against the stored data in the database to determine the individual’s or user’s identity.  

    Functionalities of biometric Systems: 

    A biometric system has two basic modes: verification and identification. 

    • The verification or authentication mode is a “one-to-one” comparison, in which the system validates a person’s identity by comparing the biometric data entered with the biometric template of that person stored in the system’s database. 

    In such a mode, the system must then answer the question related to the user’s identity. For example, is the person who they claim they are? 

    The verification is carried out via a personal identification number, a user name, or a smart card. It requires less processing power and time and is often used for accessing places or information.

    Verification is typically used in applications that aim to prevent unauthorized persons from accessing data or services. 

    • The identification mode is a “one-to-N (many-to-one)” comparison, in which the system tries to recognize an individual by matching it with one of the models in the database. 

    This mode consists of associating an identity with a person. Who is this? Is the person known to the system already under a different identity? 

    This mode requires a large amount of processing power and time, depending on the size of the database. Nevertheless, this method is often seen in forensics to determine the identity of a suspect from the crime scene samples.

    IdentificationAuthentication
    It determines the identity of the person. Who is this? Is the person known to the system already under a different identity? It determines whether the person is indeed who he claims to be. 
    There is no identity claim from the user. The user makes an identity claim. The system uses the claim to compare the user’s record.
    The system has to search through its record to find the identity. This search is called a many-to-one mapping.It is a one-to-one mapping. The system uses the identity as a key to call for the identity’s record. 
    The cost of computation in the identification task increases in proportion to the number of records of users. The computation cost does not depend on the number of records of users.
    It is often assumed that a captured biometric signature comes from a set of known biometric features stored in the system. This set is referred to as closed-set identification.The captured biometric signature comes from a large set of unknown users and is called open-set verification.
    The difference between identification and authentification.
    Biometric systems include the following elements:

    • The capture module, a reader or scanning device, is the entry point of the biometric system to extract a digital representation of the biometric factor being authenticated. Examples of such modules are fingerprint scanners or voice recorders. The process of capturing biometric data is also known as the enrollment or registration process. 

    • The signal processing module uses software to convert the scanned biometric data into a standardized digital format called a biometric template. These templates, also called reference templates, are usually made using special algorithms that select only unique and distinctive features to create a biometric template. As a result, a template is not a complete image or record of the original biometric, thus minimizing the template’s size and storage requirement and optimizing the processing time to speed searches.

    • The storage module or a database securely stores biometric data or biometric templates for comparison. The template can be stored in a card-to-token (with barcode, magnetic chips, RFID chip, or smart card) or in the biometric device (sensor) itself or a central database accessed by the sensor. 

    • The matching module software compares the data extracted by the extraction module with the data of the registered models and determines the similarity between the two biometric data.

    • The decision module determines whether the similarity index returns through the matching module are sufficient to decide an individual’s identity.

    The following figure represents the architecture of a biometric system:

    Performance of biometric systems

    The performance of any biometric system depends on three characteristics. They are the following: False Rejection Rate (FRR), False Acceptance Rate (FAR), and Equal Error Rate (ERR).  

    False Rejection Rate (FRR) represents a biometric system’s probability of detection errors, meaning the biometric device won’t recognize an already authorized person in the database. In such False Rejection, the person must verify their identity again, which could be highly frustrating to the user. The false Rejection Rates quotes for current biometric systems range from 0.00066% to 1.0%. However, this rate does not mean that the security and safety of the users are at risk.

    A False Acceptance Rate (FAR) means the probability that a system will allow an unauthorized person to access it. It means the system fails, and the biometric characteristic of a person matches with an incorrect template and grants the wrong person permission to access it. This can result in a potential threat to the safety and security of the user. However, the current biometric system claims to have a False Acceptance Rate ranging from 0.0001% to 0.1%. 

    Equal Error Rate (EER) is the point at which false accept and false reject curves intersect. It is an essential indicator based on which a system accepts or rejects biometric input. This rate is the value of equality between FRR and FAR and represents the ideal number of errors between the two. Therefore, EER provides a good indicator of the system’s performance. The smaller the Equal Error Rate, the better the system’s performance.

    What are Biometrics Characteristics?

    The expanding innovative advance permits the quick estimation of natural characteristics that recognize a human being. The unwavering quality and the suitability of traits used for biometrics are based on the essential features below. 

    1. Universality:  Every individual conceivable should have the measured characteristic.

    2. Uniqueness: The characteristic must be distinctive for all individuals – two persons should not have the same term or measurement of characteristics.

    3. Consistency or Permanence: measured esteem or characteristic should be invariant with time – should be stable and not change over time.

    4. Measurability or collectability: The character can be practically measured or quantified. Additionally, the acquired data must be in a form that permits subsequent processing and extraction of relevant feature sets. 

    5. Performance: The identification system’s accuracy, speed, and robustness must be high.

    6. Acceptability: The extent to which individuals in the relevant population accept the particular biometric technology in their daily lives. 

    8. Circumvention: The ease with which a trait might be imitated using an artificial or substitute. The biometric system needs to be harder to circumvent.

     

    What are the Uses of Biometrics?

    Biometric security systems are used in businesses to protect employees and customers. For instance, Citibank uses voice recognition for customer identification. In addition, some banks, such as the British bank Halifax, are testing devices that can monitor a customer’s heartbeat to check their identity.

    Biometric systems are also being used to protect valuables and documents. Biometric systems are commonly used in e-passports, which are issued in various countries. In the U.S., the chip features a digital image of an individual’s face and a fingerprint or IrisIris. These chips also incorporate a technology that prevents access to this information from unauthorized readers. 

    They can also be used in various other ways, such as in entertainment gadgets and criminal investigations.

    For instance, the facial recognition system of the iPhone uses 30,000 infrared dots on the user’s face to establish a pattern matching. Recent smartphones, laptops, and even door locks also feature a fingerprint scanner and facial recognition system for enhanced security. 

    Since the 1980s, biometrics has been widely used in identifying people. When comparing the collected fingerprints of people involved in a crime with those of individuals in a database, AFIS can help investigators. The appropriate scanners then recognize the data sets and record them. The data collected by biometric systems are encrypted to prevent unauthorized access. 

    CrucialTec, a sensor manufacturer, links a heart-rate sensor to its fingerprint scanners for two-step authentication. This helps ensure that cloned fingerprints can’t be used to access its systems.

    Application of Biometrics:

    The history of biometrics and law enforcement goes a long way back. However, In addition to law enforcement, biometric systems are widely used in various sectors to improve people’s security and practical aspects. Following are some domains that use these technologies to improve people’s daily lives. 

    • Justice and Law Enforcement: The relationship between law enforcement and biometric technology has been instrumental in developing biometric technologies. Today, the police force uses various biometric methods to identify people in criminal investigations. These include facial recognition, fingerprint, and voice recognition. These technologies help improve public safety and keep track of people who are wanted.

    • Border control and airport: A key application area for biometric technology is at the border. Biometric technology helps to automate the process of border crossing. Reliable and automated passenger screening initiatives and automated SAS help to facilitate the international passenger travel experience while improving the efficiency of government agencies and keeping borders safer than ever before.

    • Healthcare: Biometric technologies provided an enhanced model in the healthcare industry. One of the most critical factors that a doctor must consider when making a diagnosis is the accuracy of the medical records. The necessary security and accounting procedures can help prevent health fraud and provide a timely diagnosis. 

    • Security: The increasing number of people worldwide relying on connectivity has highlighted the need for better security measures. With the availability of biometric technology, it is now easier than ever to protect vital and personal items, such as your car, house door, and phone’s PIN.

    • Mobile: The intersection of identity and connectivity is the central issue that drives the development of mobile biometric solutions. These allow people to quickly identify and authenticate themselves using various devices, such as smartphones, tablets, and the Internet of Things. The versatility of mobile technology has allowed them to create unique and adaptable solutions. Due to the increasing number of people relying on connectivity, the need for mobile biometrics is also becoming more prevalent.

    • Finance: In the finance industry, biometric solutions are commonly used to improve the security of financial transactions. They can be utilized to make them more convenient and secure by allowing people to identify themselves whenever they need to access sensitive financial data. In addition, people can use biometric solutions to prevent fraud by comparing their unique characteristics to a model stored on a secure server or device. Today’s payment technologies and banking solutions use various biometric modalities. These include fingerprints, IrisIris, palm veins, face, and voice. These are used alone or in combination to prevent fraud and lock accounts.

    • Automotive Industry: Eye movement and attention are known to have a relationship. In the automotive industry, analyzing the amplitude and duration of eye movements helps to determine the degree of sleepiness, tiredness, or drowsiness experienced by a car driver to avoid dangerous road accidents and casualties. 

    • Screen navigation: One of the most commonly used applications for disabled individuals is screen navigation. Through cameras, this type of technology can track a person’s eye movements and enable them to perform actions, such as typing text or scrolling a web page, by clicking on a button on their mobile device or computer. Due to innovation and the increasing need for new ways of navigating on mobile devices, this application has recently gained more attention.

    • Aviation: Flight simulation tools use cameras to track the pilot’s head and eye movement to evaluate their behavior under real-life conditions. This training tool can also help new pilots by allowing them to inspect the plane’s main flight display regularly.

    Biometrics – Identity & Privacy Concerns

    Despite the advantages of biometric authentication, privacy advocates are still concerned about the potential for unauthorized access to the data of individuals.

    High-quality cameras and improvements in sophisticated sensors help biometric systems function properly, but they can also enable attacks. However, These technologies can also capture biometric data such as an individual’s face, hands, ears, eyes, voice, and gait since they are unshielded and can easily be captured without their consent and knowledge. 

    In China, facial recognition is a standard part of everyday life. In some cities, such as London, CCTV cameras are already linked to biometric databases to help law enforcers fight crime. Cities such as Chicago, New York, and Moscow are also working on using CCTV cameras to collect data related to crime. In addition, Carnegie Mellon University has developed a camera that can monitor the irises of individuals in crowds within a distance of 10 meters.

    How safe is biometric identification?

    Biometrics may seem foolproof with the unique identifiers of your biology and behaviors. However, biometric identity has made many cautious about its use as standalone authentication.

    Biometric identifiers are based on the uniqueness of a factor when it comes to being considered. For instance, fingerprints are considered to be incredibly unique to every individual. Therefore, they do not change over time. However, facial appearances can change drastically over time. 

    Devices, software used to analyze them, and corporate databases that collect biometric data can be used to reveal users’ authentication credentials, such as fingerprint scans or voice recordings. For example, when the U.S. Office of Personnel Management was hacked in 2015, cybercriminals made off with the fingerprints of 5.6 million government employees, leaving them vulnerable to identity theft.

    There is also the risk of false positives and negatives. For instance, a face recognition system may not be able to identify a user if they are wearing makeup or are weary or sick. Additionally, user voice can be changed or differ due to various reasons. Such instances include voice in the early morning when they get up, the voice in busy public areas, a medical condition, or anger or agitation.

    Fake photos, masks, voice recordings, and replicas of fingerprints and closely related family members of the users, like children and siblings, can be used to deceive a recognition system. Below are such few examples: 

    • In 2016, researchers at North Carolina’s University of Chapel Hill used photos of some volunteers to create 3D facial models to access four of the five security systems they tested successfully.
    • A demonstration at the Black Hat cybersecurity conference showed that cheap materials such as candle wax and molding plastic worth only 10 $ can be used to successfully perform the cloning of a fingerprint in around 40 minutes. 
    • The attack, referred to as the gummy bear hack, was first demonstrated in 2002. It involved lifting a latent fingerprint using a gelatin-based substance from a glossy surface. The Japanese researchers noted that this method could trick biometric fingerprint scanners. 
    • Jan Krissler, a biometric researcher, showed a method in 2015 that could allow an attacker to defeat the biometric authentication of a person using a high-resolution image.
    • In 2017, Krissler revealed that he was able to defeat the security of the iris scanner of the Samsung Galaxy S8 by using a high-resolution photo. He also recreated the user’s thumbprint to show Apple’s Touch ID fingerprint authentication system’s vulnerability.
    • Days after the iPhone 5s, Germany’s Chaos Computer Club released a spoof of Apple’s Touch ID fingerprint reader. The group took a photo of the user’s fingerprint and used it to unlock the device.
    • After the release of the iPhone X, researchers were able to defeat the security of Apple’s Face ID by using a 3D-printed mask. Besides the authenticated user, other people can also be affected by this vulnerability.

    With the risks to privacy and safety, additional protections must be used in biometric systems. For example, security experts recommend that businesses use different authentication methods when possible to increase the likelihood of detecting red flags. 

    When implementing multi-step biometric authentication systems, it becomes harder to get unauthorized access due to the complexity of the authentication process. For instance, a second authentication method might be needed if the fingerprint doesn’t match the face or the account has been accessed from an odd location.

    Some security systems incorporate additional biometric features such as height, gender, and age when collecting biometric data to help prevent unauthorized access.

    India’s Unique ID Authority of India Aadhaar program, initiated in 2019, is a good example. The multi-step authentication program incorporates iris scans, fingerprints from all ten fingers, and facial recognition.

    Conclusion:

    In summary, biometrics remains a growing way to verify identity for cybersecurity systems. Moreover, biometric technology offers very compelling security solutions. 

    The current biometric system provides trusted enrollment through features such as Optical Character Recognition (OCR), duplicate check, face match, age & gender estimation, liveness check, document authenticity and validity, and uniqueness of the applicant. The combined protection of your physical or behavioral signatures with other authentications (a multi-step biometric system) gives some of the most robust known security. In addition, all the gathered enrolled data is stored in a central biometric register to access all the information or avoid potential security risks. Therefore, it is better than using a character-based password as a standalone verification. In addition, the systems are convenient, time-saving, and hard to duplicate. 

    Share.

    Forensic Analyst by Profession. With Simplyforensic.com striving to provide a one-stop-all-in-one platform with accessible, reliable, and media-rich content related to forensic science. Education background in B.Sc.Biotechnology and Master of Science in forensic science.

    Related Posts

    Leave A Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    Verified by MonsterInsights