Original article was published by Trung Anh Dang on Artificial Intelligence on Medium
Biometric Authentication Methods
Fingerprints, facial recognition, hand geometry, iris recognition, retinal identification, voice recognition, keystroke dynamics, and handwritten signature
Biometric has been for long the target of future authentication that expected that biometric authentication will largely displace other means of our current authentication and access control. Biometric systems can be used in two distinct modes as follows.
- Verification (1–1): determining whether a person is who he claims to be. In the verification mode, the system validates the person’s identity by comparing the captured biometric data with the template stored in the database.
- Identification (1-n): determining who the person is. In the identification mode, the system identifies the person by searching the templates of all users in the database for a match.
A biometric system operates by firstly acquiring biometric data from an individual, then extracting feature set from the data, and finally comparing the feature set with the template in the database as shown in the below figure.
What are biometric techniques?
The use of biometrics, or specifically unique human characteristics, has existed for hundreds of years in one form or another, whether it is a physical description of a person or perhaps more recently a photograph. Biometric authentication techniques are classified by the type of characteristics evaluated: physiological attributes or behavioral singularities.
Physiological biometrics are based on classifying a person according to data obtained as part of the human body such as his fingerprints, face, or eye iris.
The most popular biometric to date, fingerprint recognition, can utilize a number of approaches to classification, based on minutiae which are a reproduction of epidermal friction skin ridges found on the palm side of the fingers and thumbs, the palms, and soles of the feet. We can use them for authentication because there are basic principles as follows.
- A fingerprint will remain unchanged during an individual’s lifetime.
- Fingerprints have general ridge patterns that permit them to be systematically classified.
- A fingerprint is an individual characteristic because no two fingers have yet been found to possess identical ridge characteristics.
The second most widely deployed biometric is hand geometry. We use the geometric features of the hand such as the lengths of fingers and the width of the hand to identify an individual.
The system record face images through a digital video camera and then analyze facial characteristics like the distance between the eyes, nose, mouth, and jaw edges.
The iris is the colored tissue surrounding the pupil of the eye and is composed of intricate patterns with many furrows and ridges.
Retina based identification is perceived as the most secure method of authenticating identity. Retinal identification provides true identification of the person by acquiring an internal body image, the retina/choroid of a willing person who must cooperate in a way that would be hard to counterfeit
It consists of measurements taken from the user’s actions, some of them indirectly measured from the human body.
Voice verification systems are different from voice recognition systems although the two are often confused. Voice recognition is the process of recognizing what a person says, whereas voice verification is recognizing who is saying it.
The system measures and compares specific timing events also known as “typing signature”. The way in which a person types on a keyboard has been shown to demonstrate some unique properties.
Signature recognition systems attempt to authenticate people based on their handwritten signature
Comparison of biometric authentication methods
We compare biometric authentication methods based on the following six characteristics that are security, accuracy, permanence, usability, adequacy, and costs with 3 levels which is high, medium, and low.
The following table provides a quick comparison of the biometric types presented in this post.
It is the strength of the system in terms of covered risk and its efficiency to resist potential attacks based on considering the risk they represent and its sophistication.
- High security: fingerprint, hand geometry, iris, retinal.
- Medium security: facial, voice, handwritten signature.
- Low security: keystroke dynamics.
Due to differences in the environment where data is collected, or between readers employed in biometrics, a 100% of accuracy cannot be achieved. Thus, certain performance thresholds must be defined to consider reliable biometric technology. The two conventional metrics used to evaluate biometrics performance are the FAR and the FRR.
- Hight accuracy: fingerprint, iris, retinal.
- Medium accuracy: facial, hand geometry, handwritten signature and voice.
- Low accuracy: keystroke dynamics.
It is the condition that biometric should not change over time.
- Hight permanence: fingerprint, facial, hand geometry.
- Medium permanence: iris, retinal.
- Low permanence: voice, keystroke dynamics and handwritten signature.
The quality of being user-friendly and closer to user needs and requirements
- High usability: fingerprint, facial, keystroke dynamics and voice.
- Medium usability: hand geometry and handwritten signature.
- Low usability: iris and retinal.
The economic impact of the technology in the overall authentication system such as implementation costs, maintenance, etc.
- High cost: hand geometry, iris, retinal and handwritten signature.
- Medium cost: fingerprint.
- Low cost: facial, voice and keystroke dynamics.
The quality of being able to meet the needs and expectations of a particular user segment such as retail, corporate, private, and investor customers’ profile.
How Biometrics are Hacked?
In a replay attack, an intruder has been able to record successful login sessions involving biometric systems or devices and later tries to perform authentication on his own by replaying the captured data.
For instance, in the voice verification system, a hacker was able to intercept and record data that included the user’s voice. He later may attempt to access the same system and will playback the recorded data captured earlier.
Some biometric systems may be vulnerable to attacks using fake credentials. For example, if a biometric system relies on facial recognition a hacker may be able to fool such a system by holding a life-size photograph of the user in front of the camera.
Some biometric systems are more vulnerable to stolen credential attacks than others. But the thought of a stolen eye is just gruesome to us. However, we think you’re pretty safe if your biometric system is voice-based because we have yet to hear of a stolen larynx being used to successfully fool a biometric system.
Nowadays biometric data extraction can be easily achieved without the need for specific sensors; therefore, its implementation can be low cost when taking advantage of modern technologies, such as mobile devices equipped with embedded cameras for facial recognization or fingerprints.
They are the most widely deployed technology even excluding police fingerprinting because of its low costs, easy to use, and deploy.
But there are many methods for defeating biometric finger scanning technology such as dummy latex fingers, a wood with fingerprints etched on the surface. We can tack with these problems by forcing the use of more than one finger.
Facial recognition benefits from high user acceptance because of its costs but nonetheless they get low performance in non-standard environments.
In addition to this method showed to be vulnerable, allowing authentication using “selfies”, which are not difficult to acquire. Therefore, it must be accompanied by additional methods such as liveness detection mechanisms.
Voice verification benefits from a high acceptance rate because of its high usability and costs.
Similar to facial recognition, the results demonstrated low performance in non-standard environments. Thus, voice authentication technologies cannot be considered mature enough and again, they must be accompanied or combined with additional mechanisms.
Moreover, voice recognition algorithms must be tolerant of noise and should not be influenced by variations of the voice produced by sore throat or cold.
Since there are no special devices are required, this method requires almost no costs; its usability and acceptability are considered high because in most cases it can be performed transparently to the user.
However, the main drawbacks of this technique are its low accuracy and low-security level during the training phase; therefore, it is suitable for implementing continuous authentication.