540 likes | 796 Vues
Computer Security. Biometrics Digital Watermarking Document Security Video Surveillance Computer Virus Spam Filtering Web-server Log-files Encryption Artificial Immune Systems Machine Safety.
E N D
Computer Security • Biometrics • Digital Watermarking • Document Security • Video Surveillance • Computer Virus • Spam Filtering • Web-server Log-files • Encryption • Artificial Immune Systems • Machine Safety
Biometrics (ancient Greek: bios ="life", metron ="measure") is the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits. In information technology, biometric authentication refers to technologies that measure and analyze human physical and behavioural characteristics for authentication purposes. Examples of physical (or physiological or biometric) characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioural characteristics include signature, gait and typing patterns. All behavioral biometric characteristics have a physiological component, and, to a lesser degree, physical biometric characteristics have a behavioral element. Wikipedia on Biometrics
Retina DNA Odor Gait (Walk pattern) Eye color IQ Hand geometry Ear shape ... Many choices... • Fingerprint • Face • Iris • Height • Voice • Signature • Handwriting • Hand veins • Facial Thermogram • Keystrokes One is wrong here! Which one?
Why not IQ? • IQ is used for ranking persons • different persons can have the same IQ • criteria for computing IQ can vary over time • a smart person can simulate a lower IQ • the “acquisition time” for getting the IQ is too large • some of these may be also true for other biometrics, but never all of them
...and becoming more An OTOACOUSTIC EMISSION (OAE) is a sound which is generated from within the inner ear. Having been predicted by Thomas Gold in 1948, their existence was first demonstrated experimentally by David Kemp in 1978 and they have since been shown to arise by a number of different cellular mechanisms within the inner ear. Numerous studies have shown that OAEs disappear after the inner ear has been damaged, so OAEs are often used in the laboratory and the clinic as a measure of inner ear health. There are two types of otoacoustic emissions: Spontaneous Otoacoustic Emissions (SOAEs), which can occur without external stimulation, and Evoked Otoacoustic Emissions (EOAEs), which require an evoking stimulus. Recently, Beeby, Brown and White from University of Southhampton, UK, have studied the use of OAE for biometric systems (e.g. included in mobile telephones).
Two application modi • Identification • Given a biometric pattern, identify the person out of a set of n persons (1:n match) • Verification • Given a biometric pattern, verify the identity of that person by comparing with a biometric template of the same person that was given before (1:1 match). • Detection? • What could it mean in this context?
Universality describes how commonly a biometric is found in each individual. Uniqueness is how well the biometric separates one individual from another. Permanence measures how well a biometric resists aging. Collectability explains how easy it is to acquire a biometric for measurement. Performance indicates the accuracy, speed, and robustness of the system capturing the biometric. Acceptability indicates the degree of approval of a technology by the public in everyday life. Circumvention is how hard it is to fool the authentication system. Several Aspects...
Fingerprints Impression of friction ridges of tip part of the finger. Known from history as being unique for every person. Used in legal issues for more than 100 years (first use reported 1892 by Argentine police to identify a murder). Several countries maintain large collections of fingerprints, so-called AFIS (automated fingerprint identification systems).
Some related questions • Do twins have the same fingerprint? • Are the fingerprints of different fingers of the same person different? • Do the same left and right finger of the same person have a mirrored fingerprint? • Are relatives having similar fingerprints? • Are the fingerprints of the same person aged 20 and aged 60 identical? • Can the gender be concluded from a fingerprint?
Some related questions • Do twins have the same fingerprint? no • Are the fingerprints of different fingers of the same person different? yes • Do the same left and right finger of the same person have a mirrored fingerprint? no • Are relatives having similar fingerprints? no • Are the fingerprints of the same person aged 20 and aged 60 identical? nearly • Can the gender be concluded from a fingerprint? no
Universality? Our criteria (L,M,H)
Fingerprint: Universality • Medium! • There is so-called Naegeli syndrome. Affected persons have a dimished function of the sweat glands, therefore, they are not producing a fingerprint. • Injuries may also affect the fingerprint pattern.
Uniqueness? Our criteria (L,M,H)
Fingerprint: Uniqueness • High! • No two fingerprints have ever been found identical. • However, between features like minutiae position there might be some similarity (twins).
Permanence? Our criteria (L,M,H)
Fingerprint: Permanence • High! • Despite of affections during lifetime (injuries), the fingerprint pattern is preserved during skin alterations during lifetime.
Collectability? Our criteria (L,M,H)
Fingerprint: Collectability • Medium! • Need special devices and procedures to visualize a fingerprint. • Comparison of two fingerprints is very hard for the naked eye, and needs training and expertize.
Performance? Our criteria (L,M,H)
Fingerprint: Performance • High! • Accuracy: allows for the identification of a fingerprint among several thousands of fingerprints (but not millions!) • Speed: Verification is today possible “on-board”, needs a few millisecond on modern computer (acquisition takes longer!) • Robustness: error measures state a FAR at 1% for a FRR of 0.1%. What does this mean? Later!
Acceptability? Our criteria (L,M,H)
Fingerprint: Acceptability • Medium! • Usual association of taking a fingerprint is related to crime cases. • Many countries pose data protection regulations on the collection of fingerprints (often only databases of criminals and public authorities are allowed to be collected). • The fingerprint pattern can be easily “stolen.”
Circumvention? Our criteria (L,M,H)
Fingerprint: Circumvention • Medium! (some say High) • Gels can be used to produce a copy of the ridge pattern of a person. • Finger gloves also fake human warmth.
Fingerprint: Bonus • Do other animals have fingerprints? More similar to human than primates: from which animal is the fingerprint to the left?
Fingerprint Sensors capacitive optical thermal
Minutia and Terminals • Unique features of a fingerprint pattern are the location of forkings of ridges (minutiae) and their endpoints (terminals). • Most persons have between 20 and 80 such positions. The set of all minutiae and terminals of a given fingerprint is called a template. It is used for comparing two fingerprints.
Forkings and Endings Mahadik, S., Narayanan, K., Bhoir, D. V., and Shah, D. 2009. Access Control System using fingerprint recognition. In Proceedings of the international Conference on Advances in Computing, Communication and Control (Mumbai, India, January 23 - 24, 2009). ICAC3 '09. ACM, New York, NY, 306-311. DOI= http://doi.acm.org/10.1145/1523103.1523166
Fingerprint Scan Fingerpint image, as received from sensor. First it needs to enhance the contrast of the image. The goal is to enhance the ridge structures of the fingerprint.
Image Enhancement In smaller areas of the image, the ridges appear to be parallel straight lines – thus having frequency and orientation. A method called Fourier Transformation can be used to filter only the lines having the major frequency and orientation. orientation frequency
Binarization All pixels in the image are either assigned Black (0) or White (255) by using a threshold.
Orientation Field For some points, the direction of the line is represented by an arrow. This also helps to identify the fingerprint class (but not used in this system).
Region of Interest (ROI) The further processing has to be restricted to some part of the image. Only in this part, the minutia and terminals can be safely extracted. Other parts, out of the border, will not provide a good enough quality.
Thinning The ridges (lines in the image) are “eroded,” until only a line of one pixel width remains – but while preserving the topological structure of the connected parts of the binary image. There are several algorithms for such a Thinning, mostly from the so-called Mathematical Morphology, a discipline of image processing.
Candidate Points From the former result, candidates for minutia and terminal positions can be found by looking into the neighborhood of each white point. However, it can be seen that there are too many candidates, some only caused by artefacts of the thinning process. Using the ROI, and other information, the wrong candidates can be removed.
Matching Template to test Stored Template
Assumed Corresponding Points Template to test Stored Template
Testing according to assumed correspondance, points should be e.g. about here in the stored template one nearly matches, the other do not Template to test Stored Template
Better assumed corresponding points Template to test Stored Template
Better assumed corresponding points now, nearly each estimated position is about correct Template to test Stored Template
Last but not least... • the pair of points, for which the number of matching other points is highest, is found (A,B) • the ratio for these matching points is determined (80%) • if it is larger than a threshold, than the system replies that both fingerprints are from the same person (same finger) (80% > 70% -> ok) • note that this threshold is important for the correct decision of the system
Performance • A biometric system can make two kinds of errors, false acceptances and false rejections – the best trade-off between them is called equal error rate and an objective measure for biometric system performance However, the weighting of these two errors might be different (forgeries are not as likely as correct transactions)
False Acceptance • the template to test is from person A, the stored template from person B • the system replies that the fingerprints are the same (and the door opens...) • this is a False Acceptance • the ratio among a number of test then is called False Acceptance Rate (FAR)
False Rejection • the template to test is from person A, the stored template also from person A • the system replies that the fingerprints are different (and keeps the door closed...) • this is a False Rejection • the ratio among a number of test then is called False Rejection Rate (FRR)
Equal Error Rate • but the reply of the system depends on the threshold • assume the treshold t varies from 0% to 100% • for 0%, any match is larger, and the system will always ACCEPT, so FAR will be 100%, and FRR will be 0% • for 100%, the system will never ACCEPT, thus FAR is 0%, and FRR is 100% • if threshold goes from 0% to 100%, the FAR line will decrease from 100% to 0%, the FRR will increase from 0% to 100% • thus, both lines will intersect for some threshold • this is the so-called equal error rate (EER)