BIOMETRICS – NO MORE A FUTURISTIC WHIM
With the increase of online communication and transactions, the demand for security and privacy increases. There are several solutions already in use to protect confidential information and to authenticate people electronically. Proving identity is becoming an integral part of our daily lives. We use a wide assortment of methods to verify our identity. For example, usernames, passwords, signatures, keys, cards etc. But the main disadvantage with these systems is, a key or card may fall into someone else’s hands or passwords may not be remembered for a longtime or can be easily guessed by others.
As per the saying “NECESSITY IS THE MOTHER OF INVENTION”, the need for a new type of identification and authentication technique has led to the development of BIOMETRICS
“ Biometrics is an automated method of recognizing a person based on a physiological or behavioral characteristic and later comparing it to a library of characteristics belonging to many people. “
Nature has made human beings with different characteristics which may vary from one person to another. This property is made use of by Biometric technology to distinctly identify each person. The main advantage of this science is it requires the person himself for identification and these critical details cannot be lost or forged.
This paper provides an overall idea of biometrics, the typical Biometric Model, a detailed walkthroughs in the few types of biometrics such as:
Ø Hand scan
Ø Finger scan
Ø Facial scan
Ø Iris scan
Ø Retinal scan
Ø Voice recognition
Ø Signature scan
Ø Keystroke biometrics
“Biometrics is an automated method of recognizing a person based on a physiological or behavioral characteristic. “
Biometric technologies are becoming the foundation of an extensive array of highly secure identification and personal verification solutions. As the level of security breaches and transaction fraud increases, the need for highly secure identification and personal verification technologies is becoming apparent.
Biometric-based solutions are able to provide for confidential financial transactions and personal data privacy. Most systems make use of a personal identification code in order to authenticate the user. In these systems, the possibility of malicious user gaining access to the code cannot be ruled out. However, combining the personal identification code with biometrics provides for robust user authentication system. Biometrics is of two kinds: One deals with the physical traits of the user (Retinal scanning, Fingerprint scanning, DNA testing etc.,) and the other deals with the behavioral traits of the user (Voice recognition, Keystroke dynamics, etc.) .Utilized alone or integrated with other technologies such as smart cards, encryption keys and digital signatures, biometrics is set to pervade nearly all aspects of the economy and our daily lives.
THE BIOMETRIC MODEL
The biometric authentication system consists of the following parts
· User interface or the biometric reader
· Communication Subsystem
· The Controlling software
· Data storage
Biometric system works by taking a number of samples of physiological or behavioral characteristics to produce a reliable template of the user information. The user is verified against a template in the memory, which he claims to be himself and the user is authenticated if the biometric pattern of the user matches with the template. The biometric sample of the person is not stored in the host computer or the controller. So there is no possibility of the others getting it. Moreover, the biometric template of person is stored in the form of a dynamic binary template with suitable encryption to provide utmost security
Ø Fingerprint Verification:
This is one of the oldest forms of biometric techniques which involves mapping of the pattern of the fingerprint of the individual and then comparing the ridges, furrows, within the template. The fingerprint given to the device is first searched at the coarse level in the database and then finer comparisons are made to get the result.
Ø Iris Recognition:
In Iris and Retinal scanning, the iris and the retina are scanned by a low intensity light source and the image is compared with the stored patterns in the database template. They are the fastest and the secure form of biometry.
Ø Facial Scanning:
Facial scanning involves scanning of the entire face and checking of critical points and areas in the face with the template. This method is not completely reliable and so it is used in association with another biometric technique.
Ø Hand and Finger geometry:
This method uses the data such as length, shape, distance between the fingers, overall dimensions of the hand and also the relative angle between the fingers. Modern systems use this technique in association with the Fingerprint scanning technique.
Ø Voice Biometry:
It is proved that the frequency, stress and accent of speech differ from person to person. Voice biometry uses this concept to solve the problem of illegal user.
Ø Signature Verification:
This technology uses the dynamic analysis of a signature to authenticate a person. This technology is based on measuring speed, pressure and angle used by the person when a signature is produced.
Ø Keystroke dynamic:
In this technique, the system analyses the rhythm of typing the password.
Ø KEY STROKE BIO METRICS FOR FOOL PROOF SECURITY
“The keystroke biometrics makes use of the inter-stroke gap that exists between consecutive characters of the user identification code.”
When a user types his authentication code, there exists a particular rhythm or fashion in typing the code. If there does not exist any abrupt change in this rhythmic manner, this uniqueness can be used as an additional security constraint. It has been proved experimentally that the manner of typing the same code varies from user to user. Thus this can be used as a suitable biometric. Further, if the user knows before hand about the existence of this mechanism, he can intentionally introduce the rhythm to suite his needs.
As the user logs onto the system for the first time, a database entry is created for the user. He is then put through a training period, which consists of 15-20 iterations. During this time, one obtains the inter-stroke timings of all the keys of the identification code. The inter stroke interval between the keys is measured in milliseconds. The systems’ delay routine can be used to serve the purpose. The delay routine measures in milliseconds and the amount of delay incurred between successive strokes can be used as a counter to record this time interval.
The mean and standard deviation of the code are calculated. This is done in order to provide some leverage to the user typing the code. The reference level that we chose is the mean of the training period and the rounded standard deviation is used as the leverage allotted per user. These values are fed into the database of the user. These details can also be incorporated onto the system’s password files in order to save the additional overhead incurred.
Once the database entry has been allotted for the user, this can be used in all further references to the user. The next time the user tries to login, one would obtain the entered inter-stroke timing along with the password. A combination of all these metrics is used as a security check of the user. The algorithm given below gives the details of obtaining the authorization for a particular user. The algorithm assumes that the database already exists in the system and one has a system delay routine available
Keystroke Biometric and Type print Recognition
Type print is a statistically unique signature created from the type patterns of a person. Like fingerprint and voiceprint, type print can also be used as a biometric signature to uniquely identify and verify a person. Type print recognition is based on the science of Keystroke Biometrics.
While considering any system for authenticity, one needs to consider the false acceptance rate (FAR) and the false rejection rate (FRR).
An increase in one of these metrics decreases the other and vice versa. The level of error must be controlled in the authentication system by the use of a suitable threshold such that only the required users are selected and the others who are not authorized are rejected by the system. In this paper, standard deviation of the user’s training period entry is used as a threshold. The correct establishment of the threshold is important since too strong a threshold would lead to a lot of difficulty in entry even for the legal user, while a lax threshold would allow non-authorized entry. Thus a balance would have to be established taking both the factors into consideration
Analysis of inter-keystroke timing of user code
A graph is plotted between keystrokes and keystroke timing. The ‘X’ axis indicates the number of inter-keystrokes and negative ‘Y’ axis indicates the inter-keystrokes timing in milliseconds.
Graph I shows the inter-keystroke timing analysis when the user is accepted. Here it can be easily seen that when the user is authentic or when he types in his normal rhythm, the user automatically comes into the predefined ranges. The current inter-keystroke timing lies around the database inter-keystroke timing, thereby providing adequate amount of predefined ranges. FAR and FRR can be reduced to a treat extent so that only the legal user gets access to the system. The +R boundary and –R boundary give the desired range so that only the legal user gets access.
In the graph, the line (L3) indicates the current pattern of typing the access code on the keyboard; the line (L2) indicates the keystroke pattern according to reference level and the line (L1) and (L2) indicates the positive and the negative ranges. The ranges can be decided by the standard deviation method, which is used here for analysis or any other adaptive method.
User not accepted:
Graph II indicates inter-keystroke timing when the user is not legal or not following his rhythmic behavior of typing the access code. It can be easily noticed
Keystroke Biometrics offers a valuable approach to current security technologies that make it far harder for fraud to take place by preventing ready impersonation of the authorized user. Even if the unauthorized user discovers the access code, he cannot get access to the system until and unless he also knows the rhythm. Also, the typing rhythm can be self-tuned by the user to suit his needs. As the keyboard has duplicate keys, the typing rhythm also depends whether the user is a left-handed person or a right-handed person. Positively Keystroke Biometrics will replace the entire traditional security systems in the future.