Biometrics Week 2 Flashcards

Question

False Matching Rate (FMR)

Answer 1

Also referred to as False Acceptance Rate (FAR) The ratio between numbers truly non-matching samples, which are matched by the system and total numbers of test. It is the probability that a user making a false claim about her identity will be verified as that false identity It usually tell you the strength of the matching algorithm

Answer 2

Also referred to as False Rejection Rate (FRR) The ratio between numbers truly matching samples, which are not matched by the system and total numbers of test. It is the probability that a user making a true claim about her identity will be rejected as herself. It usually tell you the accuracy and robustness of the matching algorithm

Answer 3

It is the probability that a user attempting to biometrically enroll will be unable to. Vendors usually use the Rule of Three. It usually tell you the coverage for the population that the biometric system has.

Answer 4

The point on the error rate diagrams where the false match and false non-match are equal Can be computed from the crossover point of FRR/FAR or using the Receiver Operating Characteristics (ROC).

Answer 5

Formal Cooperation between (at least) two separate security functions Streamlined Provisioning/de-Provisioning Shared Authentication Credentials Common Security Policies

Answer 6

Commercial Proprietary Enterprise Systems Federal FIPS 201/PIV Standards driven Open interoperable system

Answer 7

Support multi-factor authentication in many combinations Fingerprint biometrics Face biometrics Proximity cards Smart cards Personal Identification Numbers (PIN)

Answer 8

Multi-factor Authentication Solution that uses a wide range of strong authentication methods. Enterprise Network Logon for desktop and network security. Enterprise-level Single Sign On for Windows and Web applications. Managed by a robust and extensible Role- Based Access Control Policy Engine.

Answer 9

Both physical and logical control

Answer 10

Common policies across physical and logical access Role-based Authorization Harmonized security privileges Centralized Enrollment Processes Similar models for Commercial and Government systems A range of Authentication Factors can be coordinated Authentication factors can be “cascaded” Events can be coordinated

Answer 11

Card with the capability to store and/or process information for a particular application Can store financial, personal, and specialized information Types of smart cards Memory: only memory card; more storage than the magnetic strip Microprocessor: Memory, processor, and co-processor to support cryptography

Answer 12

Declining cost in the price of smart cards From $15 in the 1980’s to couple of dollars in 2000, to sub-dollars now Fears that magnetic strip cards can’t provide the necessary security against fraud and security breaches.

Answer 13

Smart cards come in two forms Contact Contact-less. May contain its own battery, Most of the times, the power is supplied by an inductive loop

Answer 14

Identified by its gold connector plate ISO Standard (7816-2) defined eight contacts, Though only 6 are actually used: 8 metallic pads on the surface: Vcc: supply voltage - generally, 5 volts. GND: ground reference RST: Reset is the signal line that is used to initiate the state of card- Reset the microprocessor Clock: used drive the logic of the IC (Clock Signal) Vpp: used for the high voltage signal that is necessary to program the EPROM memory. Serial input/output (SIO) connector: used to receive commands and interchanges data with the outside world. 2 RFU: reserved for future use.

Answer 15

Microprocessor unit (MPU) 32-bit RISC I/O Control: manage the flow of data in/out of the card RAM: for temporary storage ROM for Chip OS (COS) or Mask EEPROM: Application memory (Electrically erasable programmable ROM) For permanent application data storage

Answer 16

A Chip OS is required to: Manage data in/out of the card Manage of files Access the data and function Management of card security Maintain reliability, interrupt, data consistency, error recovery A COS can be General purpose COS for all applications Dedicated COS for specific applications No standard COS

Answer 17

Card level protection by several passwords Card get reset in case of hardware attack File level security Secret password based A second password based External authentication Encrypted Mutual authentication

Answer 18

Two Index Fingers Templates generated from segmented 10-print enrollment images Stored as ANSI/INCITS 378 templates PIV Card fingerprint templates Interoperable PIV Card fingerprint templates can only be read through the contact interface following entry of a PIN

Answer 19

PIV Card used for Logical and Physical Access Logical Access primarily based on PKI PIN required for access to private key and other data Physical Access systems typically not configured for PKI Physical Access systems typically based on contactless readers for throughput and durability Questions/Concerns How to achieve interoperability across both logical and physical access whilst meeting the demands of both environments?

Answer 20

Interoperable PIV Card fingerprint templates can only be read through the contact interface following entry of a PIN However, the card holder unique ID (CHUID) can be read from the contactless interface and without a PIN Also, Agency-specific data (biometric template) can be written to PIV Card and accessed via contactless interface Can appropriate biometric PAC Scenarios for FIPS 201 be established using the CHUID and biometric template?

Answer 21

SP 800-76, Sec. 1.2 states: “...for both logical and physical access applications, and for applications using biometric data stored either on or off the PIV Card, this document neither requires nor precludes the use of: The PIV Card fingerprint templates; Specific authentication paradigms such as match-on-card; Data from other biometric modalities (e.g., hand geometry, iris, etc.); Data formatted according to other standards; Data whose format is proprietary or otherwise undisclosed.”

Answer 22

Biometric Industry Association Viewpoint: PIN entry is not necessary for Minutiae templates Previous privacy issues related to full fingerprint images Biometric Templates stored on PIV Card are digitally signed A live version of the biometric sample is required for verification Mutual Authentication between card and reader can provide template privacy Consider 2-factor Authentication Use Cases with Contactless Access to PIV Card and Biometrics

Answer 23

Read off slides

Answer 24

Knowledge Possession Biometrics Any combination of the three

Answer 25

Biometrics = bio (life) + metrics (to measure) Deals with automated methods of verifying or recognizing living persons based on their: Biological characteristics (e.g., face, fingerprint, iris, hand geometry, retina) Behavioral characteristic (e.g., signature, gait) Combined (e.g., Voice) No human involved in the authentication process Should be done in real-time

Answer 26

False Matching Rate (FMR) False Non-Match Rate (FNMR) Failure to Enroll (FTE) Equal-Error-Rate (EER)

Answer 27

Based on the ridges of the fingers Very mature technology especially in forensic applications Can use live-scan or inked impression

Answer 28

Fingerprints don’t change over time Things to consider: Small population might not be able to use it because of cuts, scars, occupational requirement. Requires a contact with a sensor Highly associated with law enforcement Attacks on Fingerprints Finger decapitation “Gummy” fingers Defenses Measure physical properties of a live finger (pulse, oxygen level).

Answer 29

Minute ridges with furrows between them are present on the inside surface of hands and feet of human beings. Such a structure, called friction skin, allows for: Good grip Good sense of touch Exudation of perspiration The structure and function of friction skin is different from other skin that covers our fingertips: Not covered by hair Does not contain oil glands It contains a high concentration of nerve endings and sweat glands A lack of pigmentation

Answer 30

Fingerprints are permanent marks on the skin. They are formed at the fetal stage and stay the same throughout lifetime. Fingerprints of an individual are “unique” features of the individual; different person, even identical twins, have distinctive fingerprints. Around 4% of the human population though might be born without fingerprints or their fingerprints might have deteriorated

Answer 31

Criminal records Finger prints for diplomats and military personnel National identity card E-voting

Answer 32

Link a person to the crime place Link person to previous records (history)

Answer 33

Banking Welfare Smartcards Access Control Time and Attendance

Answer 34

Sensing Feature extraction Matching

Answer 35

Taking an imprint of the fingertip On-line acquisition or off-line fingerprint acquisition using the ink-technique. Nowadays, live-scan is the most widely fingerprint acquisition technique used.

Answer 36

Adv: possibility of producing rolled impression

Answer 37

Considerations Resolution Area Dynamic range Image quality Signal to Noise

Answer 38

Sweep and touch systems

Answer 39

3 Main categories: Optical sensors Solid-state sensors or silicon sensors Ultra-sound sensors. Additional Multispectral 3-D touchless

Answer 40

A fingerprint is produced when a fingertip is pressed against a smooth surface producing ridges (black in the picture) and valleys (white).

Answer 41

Level 1: refers to macroscopic patterns formed by the flow of the ridges Level 2: refers to major ridge path deviations, also known as minutiae. Level 3: refers to intrinsic or innate ridge formations: the alignment and shape of each ridge unit, pore shape, and relative pore positions).

Answer 42

Singularities are regions where ridges assumes distinctive shapes: – Loop, delta, whorl, core

Answer 43

Used as index for searching a large DB of fingerprints. FP can be broadly classified into: Left and right loop, whorl, Arch and tented Arch

Answer 44

5% of the FP have Arch type 65% of the FP have Loop type 30% of the FP have Whorl type

Answer 45

Minutia: refers to various ways that a ridge can be discontinued For each minutia, we keep: the x,y coordinates The angle of the tangent line to the ridge with the x-axix The FBI model considers only termination and bifurcation minutiae

Answer 46

Local Ridge Orientation Local Ridge Frequency Singularity Detection Segmentation Fingerprint Enhancement Binarization Thinning Feature Extraction

Answer 47

Fingerprints are unique Fingerprints are not time-variant A very mature and proven core technology It can provide a high level of accuracy It can be deployed in a range of environments Uses ergonomic and easy-to-use devices Numerous sources (ten fingers) available for collection

Answer 48

Associated with crime control/investigation Require user cooperation Cuts and scars will affect fingerprints Sensor interoperability Hygiene: Important to keep capture surface clean Most devices are unable to enroll some small percentage of users

Answer 49

Message, Language, Speech disorders/pathologies, Emotional state, and Speaker identity Voice Biometric: Automated use of voice as the biometric trait to recognize speakers

Answer 50

Physiological factors: Vocal tract characteristics, articulatory organs: dimension of vocal cavities, length of vocal tract and folds, etc. Linguistic Habits: phonological, prosodic (emotional state of the speaker, sarcasm, focus,…), linguistic and semantic habits (influenced by geographic, family, socio-cultural and professional factors)

Answer 51

Idiolectal: how a speaker use a specific linguistic system Considered as a linguistic pattern unique among speakers Determining factors include: Family, level of education, sociological, region,… Phonotactics: describes the use by each speaker of the phonemes units and possible realizations available. Not all languages have same phonemes Key in foreign language training

Answer 52

Automatic and natural (unlike fingerprinting), Low cost of input device: Can use standard microphone or telephone set Low cost of processing using DSP technology, Telemetric - Most suited modality over the telephone User friendly - non-invasive, lacks the negative perceptions associated with other biometrics such as fingerprint Can collect samples from uncooperative subjects. Can be combined with challenge/response techniques

Answer 53

Affected by pathological changes in physical characteristics (cold) Less unique than fingerprints, iris,, retina,…DNA. more susceptible to replay attacks than other biometrics. Its accuracy is challenged by low-quality capture devices, ambient noise, channel, distortion and so on. Temporal drift The large size of the template limits the number of potential applications.

Answer 54

AUTHENTICATION

Answer 55

Possesion Biometrics Knowledge

Answer 56

No need to remember the password

Answer 57

Can be guessed by imposters

Answer 58

Access is linked to a person

Answer 59

Antropometry

Answer 60

Universality

Answer 61

Capture, Process, Enrollment. Identification, Verification

Answer 62

Formal cooperation between atleast 2 seperate security functions

Answer 63

Clear return on investment

Answer 64

Streamlined provisioning. Shared credentials, common security policies

Answer 65

Data access and functionality

Answer 66

Security and confidentiality of the record is important

Answer 67

Scalability of the solution