What Is A Biometric System, and How To Secure It

biometric systemThis is part of a series of blogs diving into the technical aspects of Veridium’s distributed data model, biometrics, and computer vision research and development by our chief biometric scientist Asem Othman.

In our vast, inter-connected world, the need for reliable identity authentication techniques has become of paramount importance. And addressing this need is the emergence of biometrics. Biometrics refers to the science of establishing individuals’ identities based on their physical and behavioral traits such as fingerprints, face, iris, voice, and gait. Compared to traditional authentication schemes that are knowledge-based (passwords) or token-based (RSA tokens), biometric-based systems are considered more convenient and secure. Users don’t have to memorize passwords or possess proof of identity such as ID cards, and impostors can be deterred or detected with increased ease. Hence, biometric systems have been deployed in numerous commercial, civilian, and forensic applications to establish identity.

Boiled down to their fundamental essence, biometric-based recognition systems rely on the comparison of a digital representation of a physical or behavioral trait with a previously recorded one of the same trait. Thus, a biometric recognition system, or simply a biometric system, is a pattern recognition system that recognizes individuals based on their biometric traits.

Anatomy of a Biometric System

A typical biometric system consists of four main modules, the first being the sensor module. This is the first step in any biometric system for acquiring the user’s raw biometric data. The device used to acquire said data varies based on the type of the trait. For example, an optical sensor is typically used to scan a fingerprint or palm and a digital camera is used to capture facial images or certain aspects of the retina or iris. These sensors or cameras generate a digital image of the biometric.

The second module performs feature extraction. In this module, the observed raw biometric data (the image) is reduced into a set of salient characteristics, the feature set. These feature sets are approximations of the acquired images but contain more discriminatory and invariant information than the raw digital data. These are sometimes referred to as the biometric template.

The third module is the database module where the features extracted by the second module, along with some biographic or other pertinent labels, are stored.

The final module is for performing matching, where the biometric system checks whether the extracted feature set has a matching template in the database.

Biometric System Performance

These modules will operate in two main stages: Enrollment and recognition. The enrollment stage generates the digital representation of an individual’s biometric trait and then stores this representation in the system database.

The recognition stage again falls into two different categories: Verification and identification.

Verification involves confirming or denying an individual’s claimed identity. “Are you who you claim to be?” These systems are referred as 1-to-1 authentication systems, as a probe is compared against a single (or relatively small) number of gallery entries.

Identification involves establishing an individual’s identity. ”Who are you?” These systems are referred as 1-to-N authentication systems, as the entire database is typically searched during the recognition stage. The figure below shows a block diagram of a typical biometric recognition system.

Errors of a Biometric System 

In the recognition phase for both scenarios, biometric authentication can be interpreted as a binary classification problem where a user will be labeled as “genuine” or “impostor.” Both could be a right or wrong choice, allowing for a total of four possible outcomes: (i) A genuine user that is accepted as “genuine individual,” (ii) a genuine user that is labeled as an “impostor individual,” (iii) an impostor user that is labeled as a “genuine individual,” and (iv) an impostor that is recognized as an “impostor individual.” Outcomes (i) and (iv) are correct while (ii) and (iii) are incorrect. These incorrect cases, or errors, are due to intra-class variation and inter-class similarities

Intra-class variations are the variability observed in the biometric feature sets of an individual’s trait. For example, two samples of the same biometric characteristic from the same person (two impressions of a user’s right index finger) are not exactly the same. This can occur due to imperfect imaging conditions (sensor noise or dry fingers), changes in the user’s physiological or behavioral characteristics (cuts and bruises on the finger), ambient conditions (temperature and humidity), or the user’s interaction with the sensor (finger placement).

Therefore, samples of the same biometric trait of a user obtained over a period of time can differ dramatically, which is why the template created during the enrollment phase could be significantly different from template proposed in the recognition phase. For this reason, a large intra-class variation can lead to rejecting a registered user with high probability. 

Biometrics systems also have to deal with inter-class similarities, similarities between different users referred to the same biometric trait. More formally, this refers to the overlap of features space corresponding to multiple individuals. For example, some pairs of individuals can have nearly identical facial appearance due to genetic factors (father and son, identical twins, etc.). Then, large inter-class similarities can lead to accepting impostors not registered in the database with high probability. 

Free Whitepaper: Top 10 Challenges in Biometric Security Deployments

Measuring Biometric System Performance

The basic system of measurement for the accuracy of a biometric system regarding these errors is False Rejection Rate (FRR) and False Acceptance Rate (FAR).

FRR is the probability that a genuine user being rejected as an impostor. When the intra-class variation is large, two samples of the same biometric trait of an individual may not be recognized as a match, leading to a false reject error.

FAR is the probability of an impostor being recognized as a genuine individual. A false match occurs when two samples from different individuals are incorrectly recognized as a match, possibly due to large inter-class similarity.

There is a trade-off between FAR and FRR in every biometric system. In fact, both FAR and FRR are functions of the system threshold. If the threshold is decreased to make the system more tolerant to input variations and noise, then FAR increases. On the other hand, if the threshold is raised to make the system more secure, then FRR increases accordingly.

What Do These Errors Really Mean?

An FRR of 5 percent indicates that, on average, 5 in 100 authentication attempts by genuine users will not succeed. A majority of the false non-match errors are usually due to the incorrect interaction of the user with the biometric sensor and can be easily rectified by allowing the user to present his biometric trait again. This is similar to the case where the user in a password-based authentication system makes a mistake while entering a password and is allowed to re-enter the password.

A FAR of 0.02 percent indicates that, on average, 1 in 5,000 authentication attempts by random impostors are likely to succeed. This would be comparable to a knowledge-based authentication system that uses a four-digit numeric PIN, it’s actually quite strong. Since a four-digit PIN can take up 10,000 different values, it would require an average of 5,000 impostor attempts to correctly guess the PIN. Does this mean that the security of a biometric system operating at 0.02 percent FAR is equivalent to the security provided by a four-digit PIN?

No, because of two reasons. Firstly, the effective security provided by a four-digit PIN is typically much less than 1 success in 5,000 impostor attempts, because most users tend to use numbers that are easy to remember, like 1234, or their year of birth. Such PINs can be easily guessed by the adversary in a few attempts.

Secondly, while a single adversary can theoretically attempt any number of guesses for a PIN, he has only a limited number of biometric samples (say 10 fingers or two irises) that can be attempted. To overcome this limitation, the adversary can make use of an off-line database of biometric samples or templates. However, in order to input these samples/templates, he must circumvent a physical component in the biometric system, such as a sensor, feature extractor, or communication channels. This circumvention can be made very difficult by securing the physical infrastructure of the biometric system with a solution that utilizes visual cryptography to deploy a distributed model for the database module.

Security of a Biometric System

The bottom line is that any biometric system can be made infinitely more secure than traditional passwords, tokens, or PINs, in a number of ways. Better protection from brute force and similar attacks is simple, and protection from biometric-specific attacks, like spoofing, can be accomplished in a number of ways. It’s all a matter of determining the acceptable threshold for FAR and FRR and using the necessary methods and biometric modalities to meet those needs. I will discuss the various biometric modalities in future posts.

Read parts two and three of this series here.

For more information on the various biometric modalities and how they integrate with VeridiumID, download our webinar on demand, “Top Biometric Identifiers.”