Performance of a biometric system is defined by a number of parameters. The principal among them are defined below: For a detailed treatment of performance parameters, please refer to http://en.wikipedia.org/wiki/Biometrics.
• False Acceptance Rate (FAR) or False Match Rate (FMR) - The probability that the system incorrectly declares a successful match between the input pattern and a nonmatching pattern in the database. It measures the percent of invalid matches. These systems are critical since they are commonly used to forbid certain actions by disallowed people.
• False Rejection Rate (FRR) or False Non-match Rate (FNMR) - The probability that the system incorrectly declares failure of match between the input pattern and the matching template in the database. It measures the percent of valid inputs being rejected.
• Equal Error Rate (EER) - The rate at which both accept and reject errors are equal. ROC or DET plotting is used because it shows how FAR and FRR can be changed. When quick comparison of two systems is required, the EER is commonly used. Obtained from the ROC plot by taking the point where FAR and FRR have the same value. The lower the EER, the more accurate the system is considered to be.
• Failure To Enroll rate (FTE) - The percentage of data input is considered invalid and fails to input into the system. Failure to enroll happens when the data obtained by the sensor are considered invalid or of poor quality.
In mobile biometric systems, where the user’s authenticity is to be verified, false acceptance should be as low as possible, with a little higher margin on false rejection rate.
Overview of Mobile Banking Threats and payment security
Mobile banking can be divided into three types:
- Text systems
- Thin client model: mobile web
- Fat client model: client side applications
While each of these models has its quota of risk, fat client model seems to be the most dangerous because the code is downloaded on to a physical device. This introduces concerns about authentication, stolen devices, viruses, encryption and a host of other security issues. It is difficult for experts, let alone bankers to accurately determine the risks involved in these systems. Nevertheless Banks such as Community Bank are implementing these being driven by demand, security concerns mostly arising as an afterthought. It would be prudent to involve security professionals to drive the creation of solutions for mobile banking systems. Moreover, there is need for cooperation among various stakeholders – the device makers, telecom companies, product retailers, banks, microfinance institutions, standardization bodies, app stores etc.
Protection Strategies
We will now review some of the measures used for protecting the user data and dealing with situations when the biometric identity is compromised.
Match-on-card
Match-on-card technology can be used with virtually any biometric and usually takes the form of a smart card. The card has a biometric template (for example, a digitized and encoded fingerprint) stored in a computer chip. A live version of the fingerprint is then compared with the stored template for verification purposes. The technology’s advantage is that it can be used as part of a network where the presented biometric is compared to a centralized database (e.g., the US-VISIT program), for comparison with local databases, or for an offline comparison between the presented biometric and the stored template on the card itself. Smart cards essentially act as the “issuer’s security agent in the hands of the user.” In addition, the security levels available are scalable. One could use the card and biometric, cards combined with PINs, cards with biometric templates used in conjunction with PINs. The proposed E-passport system now under development worldwide is a form of match-on-card technology.
Cancelable biometrics
Apart from user acceptance, Biometrics should have permanence in usage. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity. All data, including biometrics is vulnerable whether in storage or in processing state.
Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al. [2] Besides reliable accuracy performance and the replacement policy cancelable biometric has to be non-revisable in order to fulfill the aim. Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme. Some of the proposed techniques operate using their own recognition engines, such as Teoh et al. [3] and Savvides et al. [4] whereas other methods, such as Dabbah et al.[5] take the advantage of the advancement of the well-established biometric research for their recognition front-end to conduct recognition. Although this increases the restrictions on the protection system, it makes the cancelable templates more accessible for available biometric technologies.
2 N. K. Ratha, J. H. Connell, and R. M. Bolle, "Enhancing security and privacy in biometrics-based authentication systems," IBM systems Journal, vol. 40, pp. 614-634, 2001.
3 A. B. J. Teoh, A. Goh, and D. C. L. Ngo, "Random Multispace Quantization as an Analytic Mechanism for BioHashing of Biometric and Random Identity Inputs," Pattern Analysis and Machine Intelligence, IEEE Transactions on, vol. 28, pp. 1892-1901, 2006.
4 M. Savvides, B. V. K. V. Kumar, and P. K. Khosla, ""Corefaces"- Robust Shift Invariant PCA based Correlation Filter for Illumination Tolerant Face Recognition," presented at IEEE Computer Society Conference on Computer Vision and Pattern Recognition (CVPR'04), 2004.
5 M. A. Dabbah, W. L. Woo, and S. S. Dlay, "Secure Authentication for Face Recognition," presented at Computational Intelligence in Image and Signal Processing, 2007.
Biometric Security for Mobile Banking
As per the Markets+Enterprise White Paper produced by World Resources Institute in March 2008, use of mobile banking backed by cost effective Wi-Fi or Wi-Max networks is seen in many countries. There are Bank-centric networks in South Africa (Wizzit), Philippines (Smart money) and Kenya (m-Pesa). G-cash deployed by Global Telecom is a telecom-centric model. Countries like Mexico, Nigeria and Pakistan will soon follow.
Use of Biometrics for mobile banking works as follows:
When a customer initiates a mobile banking transaction, the handset would request that the user register his or her fingerprint on the sensor, and the handset would compare the fingerprint to the one already stored in the phone (and, as a backup, also stored on the bank mobile transaction server). The handset would then send the transaction request and the result of the fingerprint comparison—in effect, a biometric ID authentication—to the bank server for approval and execution of the transaction. That would replace the device-based security safeguard (the SIM card) with something much more robust and harder to defeat.
In keeping with the latest financial security standards, banks may want to employ two-factor identification, whereby two criteria are used to verify the customer’s identity, but this is entirely feasible with the mobile phone. One solution is to register the handset, usually via the user’s cell phone number, and link it with a particular individual account holder, and then send this information along with the biometric confirmation to the financial institution’s processing systems.
Based on the enrolment and the matching procedure (described elsewhere) there is a 1: 1 comparison to see if the match falls within the specified threshold say 95%. This threshold or accuracy level is determined by the administrator of the security system. Parameters determining the performance are False Accept Rate (FAR), False Reject Rate (FRR), Equal Error Rate (ERR – where FAR = FRR) and Failure To Enroll (FTE) rate. Failure to enroll may occur due to various reasons including illness and physical injury.
Local matching seems to be the preferred method for this application. Storing and verification of reference template locally is better for preserving the privacy of personal data. Further technological developments enable many biometric systems use each successive live scan to enhance and improve the reference template on the local device is another reason for preferring local matching systems. Central matching systems on the other hand require large storage spaces and multiple reference templates used for identification for different purposes.
The biometrics that lend themselves most to the small form-factor inherent with a cell phone are facial recognition, voice recognition, iris recognition and fingerprints. (Signatures and sign recognition are proving to be reliable authentication tools, but they require larger and more sophisticated screens than would be found on most cell phones nowadays, so they are excluded from this analysis.) The issues to consider in evaluating these measures include accuracy, reliability, acceptability, susceptibility to fraud, ease of enrollment, usability, environmental effects, hardware and software size, and cost.
Facial recognition
Facial recognition is not the ideal choice for verification. It requires ideal illumination conditions, angular position, dependence on sensitiveness of the cameras used etc. It often returns a number of matches rather than a single match. It cannot distinguish between identical siblings, can be defeated by a high-resolution video monitor playing a video of an authorized user, and can also be defeated by the use of a severed head. Religious and cultural prohibitions against facial photographs in some regions of the world may limit voluntary uptake by target users.
For these reasons facial recognition is largely deployed in 1: N environments for large-scale identification opportunities, surveillance and law enforcement.
Voice Recognition
Although technology is well developed is easy to implement and has wide user acceptance, voice recognition has its drawbacks:
It suffers from a high reject rate in noisy environments, which is a problem for outside usage. Performance can also vary according to audio signal quality as well as variations between enrollment and verification devices, and with variations in environments (inside versus outside, variations in background noise, etc.). Voice changes that occur as a result of time, injury, cold or illness can also be an issue. Voice recognition can be defeated by playing back a high fidelity recording, which would obviously be of great concern to financial institutions. The impact of environmental issues upon performance renders it of low to medium accuracy, which is not likely to meet the security needs of most financial institutions.
Iris Recognition
Iris scans require hardware that is not usually found on today’s average cell phones. Typical cell phone cameras are still too low in resolution for accurate iris scanning applications, and a proper iris scan requires a near-infrared illumination filter instead of the more common visible light filter found in cell phone cameras. Additionally, to prevent a picture from being able to fool the system, advanced devices may vary the light shone into the eye and watch for pupil dilation, a feature that is not currently viable on small devices like cell phone.
Fingerprints
Three of the traditional means of fingerprint recognition employ Optical, Captive Resistance/Pressure, and Thermal scanning technologies. While all three have been in use for years, with good reliability and accuracy, they do have weaknesses. All three types of scanning can be defeated using dead fingers or copying the last print and used with adhesive film and re-presenting to the scanner. Instances such as elderly, manual laborers and some Asian populations may pose enrolment problems.
A newer fingerprint technology, employing RF Imaging, uses ultrasonic holography of the outer layer of dead skin as well as the inner layer of live skin to create the template, rendering it nearly 100% accurate, not to mention resistant to the use of fake or dead fingers, or dirt and oil. In addition, the newer fingerprint systems use each new scan of the finger to enhance the existing template, thus making it more accurate with use over time.
While fingerprints have proven to be highly reliable and accurate over the years, particularly now using RF imaging, they are not completely infallible. They can be affected over time by such things as years of manual labor or physical injury, so there would probably be a desire to update the reference templates as and when necessary for commercial and financial applications. Other factors that can cause failure in a fingerprint scan are cold and humidity (particularly in the older types of fingerprinting), and location, angle and pressure of placement on the sensor (known as a platen). Other issues to consider are that the use of fingerprints requires physical contact, which can be a problem in some cultures, and the fact that finger printing’s long association with criminal justice lends itself to some privacy resistance, although this will probably ameliorate over time with increased use of biometrics and updated privacy laws.
Fingerprint capture technology is easily accommodated on a cell phone, with sensor sizes ranging from 12 mm x 5 mm to about 1.5 cm x 1.5 cm, and low power and processing requirements. The fingerprint template itself ranges in size from about 256 bytes to 500 bytes.
Biometric data protection
Issues to consider
Since biometric technologies attempt to address security relevant challenges, security requirements need to be defined in detail and at an international level where possible. For instance, the following security practices may be implemented:
(a) When using biometrics for a secure identification process, the complete security cycle should be considered (i.e. enrolment, storage, acquisition, matching and the entire back-end system); (b) enrolment and matching should be performed using ‘live and wellness’ detection, especially in unattended environments and/or the process should be appropriately supervised wherever possible; (c) multimodality (meaning more than one biometric identifier - e.g. facial recognition and fingerprint) is recommended to help prevent spoofing and encrypted templates should be used, rather than original samples, for storing and matching; (d) matching against tokens yields the highest security level and is therefore preferable; (e) implementing an effective key management process is necessary to protect personal data, as is for example the use of the Extended Access Control (EAC) protocol to the e-passport.
Research
A research project undertaken at the University of Geneva attempts to use digital data hiding in order to cross-store the biometric data inside the personal data and vice versa. Robust visual hashing techniques are used in the authentication systems to match the information rates of current image and text data hiding technologies. Experimental results have shown the system to be practically viable.
Speed of Authentication / Enrollment
The following observation made in respect of fixed sensor systems may well be indicative of user tolerance to biometric speeds or lack of it.
In terms of user acceptance of a biometric system the speed at which a sensor and its controlling software accept or reject authentication attempts is the most important factor. The effective throughput, or how many users a biometric sensor can process in a given period, is a function of the entire authentication process.
Speed of authentication will have a good bearing on user acceptance. Acceptable throughput is typically five seconds per person or six to ten people per minute. User frustration begins to set in at lower throughput rates. Figure below depicts the several stages involved.
Cost aspects of BiometricsThe additional cost for including biometric system in mobile would depend on a number of factors such as whether data is centrally stored or not, data encryption is done or not, whether it is a single or multi-mode authentication as well as encryption features, cost of Operating System and application software used etc. However the redeeming features which will make the additional cost burden bearable are:
• As the mobile phones in the market today are already having several features, incremental cost for adding biometric applications may not be significant.
• The user base for mobiles is high and demand for applications such as mobile banking will grow significantly. Hence the cost can be spread over millions of users and may not affect the viability.
• There could be cost sharing between the telecom company and the device manufacturer who would both benefit from increased demand.
• As described in the section on mobile banking, biometrics applied to mobile phones in several countries has proved to be a viable proposition and will generate new growth areas for business.
Reference:
http://www.a-sit.at/pdfs/biometrics_report.pdf
Authentication of biometric identification documents via mobile devices
J. Electron. Imaging, Vol. 17, 011014 (2008); doi:10.1117/1.2896293
Published 26 March 2008
Sviatoslav Voloshynovskiy, Oleksiy Koval, Renato Villán, Fokko Beekhof, and Thierry Pun
University of Geneva, Stochastic Information Processing Group, Department of Computer Science, 24 rue du General-Dufour, 1211 Geneva 4, Switzerland
http://www.brighthub.com/computing/smb-security/articles/2390.aspx?p=5
http://en.wikipedia.org/wiki/Biometrics
http://jackfruity.com/2010/04/mobile-money-is-the-mobile-secure/
http://www.dodcommunitybank.com/
http://jisar.org/2/6/JISAR.2(6).Streff.pdf
http://www.docstoc.com/docs/22684506/BIOMETRIC-TECHNOLOGIES-SECURITY--LEGAL-/
http://en.wikipedia.org/wiki/Biometrics
http://www.scribd.com/doc/14332398/Biometric-Security-For-Mobile-Banking-2008
http://www.docstoc.com/docs/22684506/BIOMETRIC-TECHNOLOGIES-SECURITY--LEGAL-/
No comments:
Post a Comment