Week 5 - Biometrics and Access Control Basics

Question 1

A personal characteristic of a Human Being that is used to verify and confirm the presence of that individual from a previous enrolled sample

Answer 1

biometric verification

Question 2

A personal characteristic of a Human Being that is used to identify that individual in a population using a set of previously enrolled samples

Answer 2

biometric identification

Question 3

physiological characteristics

Answer 3

• Fingerprint
  - Iris patterns
  - Retinal Pattern
  - Facial features
  - Hand Geometry
  - DNA

Question 4

Behavioral characteristics

Answer 4

traits that are learned or acquired, such as:

- Hand Signature
- Keystroke dynamics

Question 5

Various biometric characteristics are called…

Answer 5

Modalities

Question 6

Biometric Technologies using multiple characteristics are called…

Answer 6

Multimodal

Question 7

Biometric Sample / Data

Answer 7

The unprocessed image or recording of a physiological or behavioral characteristic. Sample Types are:
Fingerprint: Fingerprint image
Voice recognition: Voice recording
Facial recognition: Facial Image
Iris recognition: Iris Image . Retina-scan: Retina Image
Hand geometry: 3-D image of top and sides of hand and fingers
Signature verification: Image of signature and record of related dynamics measurements
Keystroke biometrics: Recording of characters typed and record of related dynamics measurements

Question 8

How does DNA differ as biometric

Answer 8

DNA requires a tangible physical sample as opposed to an impression, image, or recording.
DNA matching is not done in real-time, and currently not all stages of comparison are automated.
DNA matching does not employ templates or feature extraction, but rather represents the comparison of actual samples

Regardless of the above differences, DNA is a type of biometric inasmuch as it is the use of a physiological characteristic to verify or determine identity.

Question 9

Acquisition Devices

Answer 9

Read, Scan or Collect Data about biological characteristic that is being measured. The output is called the Biometric Sample. (e.g., Fingerprint Sensors or scanners for gathering fingerprints)

Question 10

Signal Processing Algorithms

Answer 10

Perform a series of quality control activities to improve the quality of the acquired biometric sample

Question 11

Template Generators

Answer 11

Generate Templates with a standards-based or Proprietary template format using the in-built feature extraction algorithms

Question 12

Matchers with Matching Algorithms

Answer 12

Compare templates generated from acquired samples (verification template) to existing templates in storage (enrollment template) to generate a score

Compare score against a chosen threshold (Configuration parameter) to arrive at a Match or No-Match decision

Question 13

Chosen threshold for biometric matching

Answer 13

Configuration parameter

Question 14

Enrollment Phase Processes

Answer 14

Enrollment Phase (Processes)
- User Submission - Data Capture (Acquisition)
- Image or Signal processing – Feature
Extraction
- Template Generation
- Standardized Templates

Question 15

Determinants

Answer 15

Used to asses quality of samples

Question 16

Design Determinant

Answer 16

Quality of Acquired Input Samples

   - Better Sensor Design
   - Better User Interface Design
   - Standards Compliance

Question 17

Non-Design Determinant in Biometrics

Answer 17

Improve Quality of Analysis

    - Initiating Reacquisition from a user
    - Real-time selection of best Sample
    - Selective invocation of different processing methods

Question 18

Feature Extraction

Answer 18

The automated process of locating and encoding distinctive characteristics from a biometric sample in order to generate a template

Closely held secret

Question 19

Characteristics used in Feature Extraction include:

Answer 19

Fingerprint: Location and direction of ridge endings and ridge bifurcations on fingerprint (called Minutiae points)
Voice recognition: Frequency, cadence and duration of vocal pattern
Facial recognition: Relative position and shape of nose, position of cheekbones
Iris recognition:Furrows and striations in iris
Retina-scan: Blood vessel patterns on retina

Question 20

Biometric Template

Answer 20

A comparatively small but highly distinctive file derived from the features of a user’s biometric sample or samples, used to perform biometric matches.

Question 21

When is a template created?

Answer 21

A template is created after a biometric algorithm locates features in a biometric sample

Question 22

Enrollment templates

Answer 22

created upon the user’s initial interaction with a biometric system, and are stored for usage in future biometric comparisons

Question 23

Verification templates

Answer 23

generated during subsequent verification attempts, compared to the stored (enrollment) template, and generally discarded after the comparison

Question 24

Biometric template interoperability

Answer 24

Biometric templates are not interoperable - a template generated in vendor A’s fingerprint system for a person may not match when compared to a template generated in vendor B’s fingerprint system for the same person.

To make the Templates interoperable, ANSI and ISO have developed Standardized formats for templates pertaining to various biometric characteristics.

Question 25

Two processes in biometric data matching

Answer 25

Identification and Verification

Question 26

Matching of a single live sample with large number (may be millions) of stored samples is called

Answer 26

Identification or 1-to-n or 1-to-many matching

Question 27

Matching of a single live sample with a single stored sample is called

Answer 27

Verification or 1-to-1 matching

Question 28

Biometric Identification

Answer 28

The process of determining a person’s identity by performing matches against multiple biometric templates

Identification systems are designed to determine identity based solely on biometric information

There are two types of identification systems: positive identification and negative identification

Question 29

Positive Identification

Answer 29

Find a match for a user’s biometric information in a database of biometric information

Question 30

Negative Identification

Answer 30

Compares 1-to-Many but designed to ensure that a person is not present in a database

Question 31

Biometric Veification

Answer 31

The process of establishing the validity of a claimed identity by comparing a verification template to an enrollment template.

Question 32

Biometric Matching

Answer 32

Comparison between the match or verification template (created using submitted sample) with reference or enrollment template that is stored in the database to determine the degree of similarity or correlation

Results in score

Question 33

Threshold

Answer 33

The threshold is a pre-determined value that limits what is acceptable or not for a system

If the score exceeds the threshold, the result is a match;

When resource has low value, the threshold is set low

Question 34

Score

Answer 34

A number indicating the degree of similarity or correlation of a biometric match

Question 35

Technology Evaluation

Answer 35

• Evaluates the performance of the underlying technology
• Evaluates correct matching rates between a combination of Fingerprint Extractors and Fingerprint Matchers
• Give a large sample of known matching pairs and see how well a matcher performs

Question 36

Scenario Evaluation

Answer 36

Assesses how well a biometric technology works under

a given scenario – Large number of human samples

Question 37

Biometric System Performance Metrics

Answer 37

False Match Rate (FMR)
False Non-Match Rate (FNMR)
Failure to Enroll (FTE) Rate

Question 38

False Match Rate (FMR)

Answer 38

The probability that a given user’s verification template will be incorrectly judged to be a match for a different user’s enrollment template.

Also referred to as false acceptance rate

Informally speaking a high FMR will get unauthorized persons IN instead of rejecting them

Question 39

False Non-Match Rate (FNMR)

Answer 39

The probability that a user’s verification template will be incorrectly judged to not match that same user’s enrollment template

Also referred to as false rejection rate

Keeps the Good Guy OUT

Question 40

Failure to Enroll (FTE) Rate

Answer 40

The probability that a given user will be unable to enroll in a biometric system due to insufficiently distinctive biometric sample(s) – Any sample collected does not meet the necessary quality criteria

Question 41

Correlation between Metrics

Answer 41

Decreasing the FMR, or making the system less susceptible to imposters, results in an increased likelihood that legitimate users will be rejected (FNMR)

Decreasing the FTE by allowing a higher percentage of subject to enroll successfully leads to higher FNMR, as users with low-quality biometric samples have an increased presence in the system.

Question 42

Biometric Data in PIV Program

Answer 42

Ten Fingerprints
Face Image
Images of two fingers (or Irises if not collectable)

Question 43

IMP-1

Answer 43

Combined plain impression of the four fingers on the right hand (no thumb)

Question 44

IMP-2

Answer 44

Combined plain impression of the four fingers on the left hand (no thumb)

Question 45

IMP-3

Answer 45

Combined impression of the two thumbs

Question 46

Confidentiality

Answer 46

refers to the need to keep information secure and private

Question 47

Integrity

Answer 47

refers to the concept of protecting information from being improperly altered or modified by unauthorized users

Question 48

Availability

Answer 48

refers to the notion that information is available for use when needed

Question 49

Every organization typically has a unique set of requirements that dictate the circumstances and conditions under which users are permitted access to resources. These requirements are called….

Answer 49

access control policies

Question 50

the third part of an access control system that uses a set of components that work together to bring about policy preserving access (or enforce access control policies) is called…

Answer 50

Access control mechanism

Question 51

Components of access control mechanism

Answer 51

include access control data for expressing policies and representing attributes, as well as a set of functions for tracking access requests, and for computing and enforcing access decisions over those requests in accordance with policies

Question 52

access control models

Answer 52

To facilitate building a robust access control mechanism, access control models are used as an intermediary between access control policies and mechanisms. Models help to define policies in a formal way without redundancies and contradictions.

Question 53

Authorizations are expressed using four basic notions

Answer 53

user, subject, operation and permission

Question 54

user

Answer 54

a person who interfaces with the computer system

Question 55

subject

Answer 55

A computer process acting on behalf of a user is referred to as a subject

Question 56

object

Answer 56

An object can be any resource accessible on a computer system – files, databases, individual records or devices such as printers.

Question 57

operation

Answer 57

An operation is an active process invoked by a subject (e.g., read, write). A subject can invoke multiple operations (deposit, withdraw in an ATM)

Question 58

Permissions

Answer 58

Permissions (or privileges) are rights to perform some operation on a given object.

Question 59

access control matrix

Answer 59

In an access control matrix, the state of an access control system is defined by the triple (S,O,A)

S – set of subjects, O – set of objects and A – access matrix

Rows correspond to subjects (S)
Columns correspond to objects (O)

Each matrix entry A[s,o] is a set of allowed operations (rights)

An access control matrix is an interesting construct but rarely implemented as such in an access control system due to: (a) for a system with large number of users and objects, matrix will become very large and (b) Matrix will be sparsely populated

Question 60

access control enforcement

Answer 60

The basic function of the access control system is to ensure that only the operations specified by the matrix can be enforced. This basic function is called access control enforcement.

Question 61

Access Control List (ACL)

Answer 61

In Object or Resource-centric representation (ACL) authorizations are expressed by attaching a list of authorized users and permitted operations (permissions) to each object/ resource.

Question 62

Capability List

Answer 62

In User or Subject-centric representation (Capability List) authorizations are expressed by attaching a list of objects/resources and allowed operations on those objects/resources for each user or subject. The list thus represents the complete capability possessed by the designated user or subject.

On the other hand, it is difficult to review the subjects that can access a particular object

Question 63

Biometric Enrollment Processes

Answer 63

1. user submission - data capture
2. image or signal processing - feature extraction
3. Template Generation
4. Matching phase

Question 64

Decreasing the FMR, or making the system less susceptible to imposters, results in

Answer 64

an increased likelihood that legitimate users will be rejected (FNMR)

Question 65

Decreasing the FTE by allowing a higher percentage of subject to enroll successfully leads to

Answer 65

higher FNMR, as users with low-quality biometric samples have an increased presence in the system.