(IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 A COMPARATIVE STUDY OF SOME BIOMETRIC SECURITY TECHNOLOGIES BY OGINI, NICHOLAS OLUWOLE Department of Mathematics and Computer Science, Delta State University, Abraka, Delta State. . ABSTRACT Authentication plays a very critical role in security related applications. This is obvious from the breaches of information systems recorded around the world. This has become a major challenge to ecommerce and many other applications. One of the techniques that is implemented today to improve information security is biometrics, and this is gaining attention as the days go by. Having realized its value, biometrics is used in most systems today for the verification and identification of users as it overcomes the problems of being stolen, borrowed, forged or forgetting. In this paper therefore, we show the origin and types of biometrics, thier areas of application, and what to look out for in selecting a biometric technology. INTRODUCTION Biometric technology is an automated method to allow the determination and verification of ones’ identity based on one or more physical or behavioural characteristics. In simple terms, it turns one’s personal features or attribute into a password to enable access into information systems. Uludag et al (2004). The first use of biometrics technology was the finger printing in the 14th century by an European explorer Joao de Barros in China. It was followed sometimes in 1890 by Alphonse Bertilon who studied body mechanics and measurements this was to help in identification of criminals. This was used by the police until a failure caused it to be abandoned in the early 20th century, signature based biometric authentication procedures were developed, however the coming of the military and security agencies led to the development of this technology beyond the finger printing method. People can be 110 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 identified basically from attributes which can be expressed as physiological characteristics or behavioural characteristics. These technologies now serve as the backbone of highly secured systems for identification of individuals. Jain et al (2003). The physiological biometrics consists of measurements and data gathered from the direct measurement of a part of the human body. Examples of physiological characteristics include hand geometry, facial recognition, finger print, iris scan, e.t.c. The indirect measurement of the unique characteristics of the human unique characteristics is the behavioural biometrics, examples are key strokes scan, signature scan, vioce recognition e.t.c. However, the behavioural biometrics is impacted by time. Shoniregun (2003). Uludag et al (2004) opines that for an ideal biometric, the system should posses the following ¾ Universality- each person should posses this characteristic ¾ Uniqueness- the biometric separates one individual from another (no two persons share that characteristic) ¾ Permanence- the biometric should resists ageing and other variations over time ¾ Collectability- it should be acquired easily for measurement ¾ Performance- the technology should provide accuracy, speed and robustness if used. ¾ Acceptability- the users of the biometric should have a degree of approval of a technology ¾ Circumvention- relates to the ease with which a trait might be imitated using an artifact or substitute Some popular biometric techniques in use today include Finger print, Iris scan, Retina, Hand geometry, Face, Vioce, and Signature. METHODOLOGY The entire process of image processing starts from the receiving of visual information to the giving out of description of the scene from what is stored in the database, and this can be divided into five major stages, which are listed below. 111 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 CAPTURING THE BIOMETRIC PRE‐ PROCESSING FEATURE EXTRACTION TEMPLATE CREATION STORE IN DATABASE fig. 1: the entire enrollment process i. Enrollment: The first time an individual uses a biometric system is called enrollment. During the enrollment, biometric information from an individual is captured for storage. This is the interface between the real world and the system. ii. Pre processing: For efficiency of data, all the data acquired are pre processed to remove noise and enhance the features required for reference. iii. Feature extraction: This is extraction of the match points from the biometric that will be used for comparison. iv. Template creation: using an algorithm, the digital form of the biometric data is processed as match points for comparison with inputs for identification or verification. v. A database to store the information in the form of vector of numbers or an image with particular properties used to create a template that can be compared with the biometric data sent in as input when a user tries to gain access. Thus a biometric system is essentially a pattern recognition system, which makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristic possessed by the user. An important issue in designing a practical system is to determine how an individual is identified. Depending on the context, a biometric system can be either a verification system or an identification system. SOME TYPES OF BIOMETRICS AND THEIR METHODOLOGIES FINGERPRINT SCAN The impression left by the patterns of the ridges of the finger pads of a human being are called fingerprints which can be obtained from the finger or the palm of the hand, the toe or the sole of the foot. It is the oldest of all the biometric techniques. the uniqueness of fingerprint also lies in the fact 112 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 that even two fingers of the same individual can never produce an identical match in establishing the identity of an individual. Fingerprints serve an integral part of investigative measures as no two humans (including identical twins) can have exactly the same fingerprint. There are a variety of approaches to fingerprint verification. The varieties of fingerprint devices available are more than any other biometric system at present. The traditional method uses the ink to get the finger print onto a piece of paper. This piece of paper is then scanned using a traditional scanner. Some of them try to emulate the police method of matching minutiae, others are straight pattern matching devices, and some adopt a unique approach all of their own. In modern approach, live fingerprint readers are used, they are based on optical, thermal, silicon or ultrasonic principles. It takes a digital scan of a person’s fingertips and records its unique physical characteristics, such as whorls, arches, loops, ridges and furrow. They are based on reflection changes at the spots where finger papillary lines touch the reader surface. All the optical fingerprint readers comprise the source of light, the light sensor and a special reflection surface that changes the reflection according to the pressure. Some readers are fitted out with the processing and memory chips as well. Fingerprint verification is a good choice for systems where adequate explanation and training can be provided to users and where the system is operated within a controlled environment. Many access applications seem to be based almost exclusively around fingerprints, due to the relatively low cost, small size and ease of integration. It is capable of good accuracy. 113 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 HAND GEOMETRY Source: http://fingerchip.pagesperso-orange.fr/biometrics/types/hand/hand_features.jpg Hand geometry is concerned with measuring the physical characteristics of the users hand and fingers, from a three-dimensional perspective. It measures and analyzes the overall structure, shape and proportions of the hand, e.g length, width and thickness of hand, fingers, hand curvature, knuckle shape, dsitance between joints and bone structure and translucency. It translates that information into a numerical template. This methodology may be suitable where we have larger user bases or users who may not access the system frequently and may therefore be less disciplined in their approach to the system. To use a hand scanner, you simply place your hand on a flat surface, aligning your fingers against several pegs to ensure an accurate reading. Then, a camera takes one or more pictures of your hand and the shadow it casts. Accuracy can be very high if desired. The hand and finger scanner/reader devices still maintain accuracy even when hands are dirty, which are good in construction areas; and also have the ability to work under extreme temperatures ranging from -300F to +150oF. It is one of the more established methodologies; it offers a good balance of performance characteristics and is relatively easy to use. Hand geometry readers are deployed in a wide range of scenarios, including time and attendance recording where they have proved extremely popular. Ease of integration into other systems and processes, coupled with ease of use makes hand geometry attractive to many biometric projects. Unlike fingerprints, human hand is not unique. However, hand geometry-based biometrics is not as intrusive as a fingerprint recognition system and hence may be sufficient enough to be used for verification (after the identity of the individual has been established through another mechanism. VOICE VERIFICATION 114 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 Speaker recognition systems discriminate between speakers by making use of the combination of physiological defferences in the shape of vocal tracts and learned speaking habits. They are mostly passphrased-dependent. During the enrolment phase, a user is required to speak a particular passphrase (like a name, birth date, birth city, favourite colour, a sequence of numbers e.t.c) over a microphone for a certain number of times. This phrase is converted from analog to digital format, and the distinctive vocal characteristics such as pitch, cadence, and tone, are extracted and a speaker model is established. A template is then generated and stored for future comparisons. This is a potentially interesting; however, many of them have suffered in practice due to the variability of both transducers and local acoustics. In addition, the enrolment procedure has often been more complicated than with other biometrics leading to the perception of voice verification as unfriendly in some quarters. RETINA SCANNING source: http://upload.wikimedia.org/wikipedia/commons/thumb/4/48/Fundus_photograph_of_normal_left_eye. jpg/220px-Fundus_photograph_of_normal_left_eye.jpg This is an established technology where the unique patterns of the retina are scanned by a low intensity light source via an optical coupler. Retinal scanning has proved to be quite accurate in use but does require the user to look into a receptacle and focus on a given point. Retina scans are the most accurate. They capture the pattern of blood vessels in the eye. No two patterns are the same, even between the right and left eye, and identical twins. Nor do retinal patterns change with age. To get a usual sample, an individual must cooperate by keeping his head fixed and focusing on a target while an infrared beam is shown through the pupil. The reflected light is then measured and captured by a camera. This is not particularly convenient for those who avoid intimate contact with the source used for the scan and hence this has a few user-acceptance problems although the technology itself can work well. Retinas are also susceptible to diseases, such as glaucoma or cataracts which would defeat a system intended to 115 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 protect the elderly. It is believed to replace traditional ID methods such as P.I.N and virtually every other electronic device used for conducting business where identification is a requirement and prerequisite. IRIS SCAN source: http://3.bp.blogspot.com/maCuJe2_2i8/TujHaEjAB1I/AAAAAAAABeE/pG5zEtdeVQA/s320/connectedgraphics_1080726a.jpg The iris has coloured streaks and lines that radiate out from the pupil of the eye. A camera is used to take a picture of the iris. Iris scanning is the less intrusive of the eye related biometrics. It utilizes a conventional camera element and requires no intimate contact between user and reader The person must be within 36 inches of the camera and focused on a target in order to get a quality scan. Cooperation of the individual is necessary, glasses and coloured contact lenses can change the template created from a single individual. The iris provides the most comprehensive biometric data after DNA. It has more unique information than any other single organ in the body. In this scanning, the characteristics of the iris are taken into account. About 266 unique points are recorded and converted into a 512 byte iris code (somewhat similar to barcode). The iris code constructed contains information the characteristics and position of the unique points. Since the scan is based on the size of the pupil, drugs dilating the eye could defeat an iris scan. Iris based biometric system are more secured than most other systems. However, ease of use and system integration has not traditionally been strong points with the iris scanning devices. FACIAL SCAN 116 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 source:htttp://fingerch hip.pagesperrso-orange.frr/biometrics//types/face/llaun.jpg The faciaal scan tech hnique makees use of speecific characcteristics off the human face. It com mpares data from certtain parts off the face witth your face during a scaan. Only certtain parts of the face are used in this techniquee (the upperr outlines off the eye socckets, the areeas around the t cheekbonne, and the sides of the mouth) because b thesee parts are hard to changge with plastic surgery. Face reccognition sysstems can acccurately veerify the idenntity of a peerson standinng two feet away under few secoonds. A facial recognitioon system iss used to auuthentically identify or verify a perrson from a digital im mage or a video frame from f a videoo source. thiss is done byy comparing selected faccial features that are not n easily altered (upperr outlines off the eye socckets, the areeas around the t cheekbonnes, and the sides of the t mouth) with w those inn the database. SIGNAT TURE RECOGNITION N SYSTEM MS sourcce: http://ww ww.epadlink.com/imagess/ePad-ink-w w-hand_smalll.png Signaturee recognitio on refers too authenticaating the iddentity of a user by measuring m h handwritting signaturees. In a sign nature recognnition system m, a personn signs his or o her name on a digitizzed graphic tablet or a PDA. Thiis method ennjoys a syneergy with exiisting processses that othher biometriccs do not as people are used to signatures s a a means of as o transactioon related iddentity veriffication and mostly see nothing unusual u in extending thiis to encomppass biometrrics. Signatuure verificatioon devices have h proved to be reeasonably acccurate in operation o annd obviouslyy lend them mselves to applications a where the 117 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 signature is an accepted identifier. The signature is treated as a series of movements that contain unique biometric data, such as personal rhythm, acceleration, and stroke order, stroke count and pressure flow. The signature dynamics information is encrypted and compressed into a template. Signature recognition systems (for hand signatures) measure how a signature is signed and are different from electronic signatures, which treat a signature as a graphic image. TABLE 1 : RESULTS AND DISCUSSIONS Finger Iris Retina print scan Universality High High High Uniqueness High High Permanence High Performance High Acceptability Average Face Voice Signature High High High High High Average Average Average High High High High High Average High High High Average High Average Average High High High High Average Average Average Average High High Average High geometry Average Average Circumvention Low Collectability High Cost of device cheap High High Low Average Average High Scanner Camera Camera Scanner Camera Microphone Optic pan telephone touch panel Device Low Hand Low Average Average required Social High Average Low High High High High Average High High Average average average Average acceptability Reliability Biometric technologies have come to stay and play very vital roles in providing security through a good means of authentication. Most systems that have been able to withstand security challenges are biometric systems. However this is not without some issues such as , injuries or scars to fingers used for enrollment in fingerprint technology, eye diseases in retina and iris systems, cough in voice recognition e.t.c. The reliability of a technology tends to be the inverse of the social acceptance of that technology. Fingerprints are socially accepted with some resistance from those that associate them with criminal 118 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 behaviour. Facial recognition is quite uncontroversial but equally has relatively high failure rates. It is generally regarded that eye scans are the most reliable form of biometrics. However, technology such as iris and retina scanning appears to have more social resistance due to its perceived intrusive nature, especially the retina. For this reason iris scanning is now more prevalent than the deeper retina scan. Facial recognitionis non intrusive, Cheap technology, but it is affected by changes in lighting, the person’s hair, the age, and if the person wear glasses and it requires some camera equipment for user identification; thus, it is not likely to become popular until systems include cameras as standard equipment. For the Voice recognition, it is also non intrusive and has a high social acceptability it is a cheap technology but a person’s voice can be easily recorded and used for unauthorised activities. The level of accuracy is also low as illness such as a cold can change a person’s voice, making absolute identification difficult or impossible. Signature recognition non intrusive, it is a cheap technology, however, signature verification is designed to verify subjects based on the traits of their unique signature. As a result, individuals who do not sign their names in a consistent manner may have difficulty enrolling and verifying in signature verification. Retina scanning has a very high accuracy and there is no known way to replicate a retina and the eye from a dead person would deteriorate too fast to be useful, so no extra precautions have to been taken with retinal scans to be sure the user is a living human being. It is however very intrusive and people have the stigma of thinking it is potentially harmful to the eye, also it is very expensive. Iris recognition is very high in accuracy. It shares similar attributes with the retina. However it requires a lot of memory for the data to be stored and it is very expensive. The fingerprint is also very high in accuracy. It is the most economical biometric authentication technique and one of the most developed biometrics and has become very easy to use. Its small storage space required for the biometric template reduces the size of the database memory required. Some people feel it is intrusive because it is related to criminal identification and it can make mistakes with the dryness or dirty of the finger’s skin, as well as with the age (especially with children, because the size of their fingerprint changes quickly). Hand Geometry though it requires special hardware to use, it can be easily integrated into other devices or systems. It has no public attitude problems as it is associated most commonly with authorized access. The amount of data required to uniquely identify a user in a system is the smallest by far, allowing it to be used with SmartCards easily. It is however very expensive. CONCLUSION 119 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal of Computer Science and Information Security, Vol. 11, No. 4, April 2013 Some. Some people consider the retina scan to be too intrusive and hence hesitant to expose themselves to scanning the least expensive and easiest to use is however the finger print technology. For highly sensitive systems, they may need to be updated regularly, and a multimodal (more than one) biometric technology will be a near perfect approach to providing security. REFERENCES What is The Most Reliable Biometric Technology? http://www.chqconsulting.co.uk/reliable-biometric/ What are the functions of biometric devices? http://www.ehow.com/facts_6087565_functions-biometric Advantages and disadvantages of technologies http://biometrics.pbworks.com/w/page/14811349/Advantages%20and%20disadvantages%20of%20tech nologies Biometric Technology www.slideshare.net/biometric-technologythe-most-reliableHow Reliable Is Biometric Technology? www.argus‐global.co.uk/how‐reliable‐is‐biometric‐technology Biometric Technologies: Security, Legal, and Policy Implications http://www.heritage.org/research/reports/2004/06/biometric‐technologies‐security‐legal‐and‐policy‐ implications Uludag, U., Pankanti, S., Prabhakar, S, and A.K. Jain (2004), Biometric cryptosystems: issues and challenges, Proceedings of the IEEE, vol. 92, no. 6, pp. 948‐960. An introduction to biometric recognition (2004) , Anil K. Jain , Arun Ross , Salil Prabhakar , IEEE , www.csee.wvu.edu Shoniregun C.A. (2003), ‘Are existing internet security measures guaranteed to protect user identity in the financial services industry?’, International Journal of Services, Technology and Management (IJSTM), vol. 4, no. 3, pp. 194–216; ISSN 1460‐6720 (print), ISSN 1741‐525X (online) 120 http://sites.google.com/site/ijcsis/ ISSN 1947-5500