Biometrics: Detecting the "Goats"
Biometrics have been applied in a variety of ways for many years. In basic terms, biometrics is the science of measuring unique physical characteristics - the tiny swirls etched in the skin of a fingertip, the pattern of blood vessels, the micro-visual pattern on the retina, the geometry of the hand or a finger, the style of handwriting, facial appearance or the pattern of the voice. These measurements are then matched against previously recorded information to determine a person's identity.
In recent years, biometric technology has attained a very high degree of sophistication, with accuracy rates far surpassing the use of personal identification numbers (PIN) and passwords.
The system issues which need to be understood when designing a biometric system are:
Vulnerability to fraud: what possibilities are there for fraud and what can be done about it? Both the enrollment and the verification phases are subject to fraud and these phases must be taken into account
Ease of use: Is the system easy to use? Does it require special instructions? Is it socially acceptable or does it frighten the general public? Again, both the enrollment in the verification phase should be simple and user friendly.
Applicability: is the method of verification applicable to everyone or is there a group of people who cannot use this method? Are there alternatives for these people?
Speed of verification: how long does it take to enroll and verify a person with this method?
Size of storage for verification tokens: how many bytes of storage are needed to verify a person? This is particularly important if the data is stored in special media such as bar codes, magnetic cards or smart cards in addition to the normal database.
Designers also need to consider the long-term stability of the biometric properties, how often the system itself will be used, what infrastructure is needed for the system and how easily it can be integrated with existing systems.
Here are the advantages and disadvantages of some existing biometric technologies:
Retinal scans (electronic scan of the innermost layer of the eyeball's wall): Because the retina generally remains stable through life, the accuracy of this method is assured. However, it requires close physical contact with the scanning device, and may not be accepted by the general public.
Fingerprint imaging: This method is widely accepted as being reliable by the public and law enforcement officials, but requires close physical contact with the scanning device, leaves residue on the finger which may cause recognition problems. In addition to having criminal overtones, a significant percentage of the population has fingerprints that do not register.
Voice verification: This has the advantage of working well over the phone.
Signature recognition: Users are comfortable providing a signature, but this method offers a poor long-term reliability and its accuracy is difficult to ensure.
Detecting the Goats
In each of the above methods, the bulk of false rejections are caused by a very small group who have unstable biometric data. These people, for reasons not entirely clear, have come to be referred to as "goats." If this group could be isolated, and identified in with a different system, the false rejection rate would be improved dramatically. Typically, the "goats" who get through one type of biometric system, are not the same as those who cause a problem with another system. It is extremely unlikely that someone whose fingerprints are read inaccurately, for example, would also have a voice print that is hard to recognize.
The key to bringing higher performance to the market with additional user friendliness therefore, is layered biometric authentication. Layered biometric authentication combines two or more biometric processes into one system, improving performance above the best of any individual biometric measure.
But the combination of layers is not an easy task, since each layer has special characteristics, both in the enrollment and verification phases.
Different markets require different biometric levels of security. The access control market aims for a higher acceptance rate at the expense of lower false rejection rate. The on-line banking market on the other hand will not accept high false rejection rates because this leads to a high customer insult rate, causing customers to become reluctant to use the system.
This article looks at the two extremes, a low false acceptance rate (FAR) and a low false rejection rate (FRR) and how they can be measured by sequential, parallel and a hybrid system called expert-supervisor.
Suppose we have two different biometric authentication methods: A and B, as depicted below in a sequential setup.
In a sequential system, enrollment needs to be done for both systems. Users will only go onto system B after successful verification by system A. The number of users that were falsely accepted determines the FAR. Thus, in a system where we seek a low FAR, we have to monitor the number of persons accepted. To get a good FAR, we should design a system which takes the acceptance process closely into account. Below, we look at the sequential process, where acceptance is done first by system A and second by system B. As a result the FAR is determined by the FAR of both systems.
Combining both systems this way will provide an overall performance which can be expressed mathematically as:
FARsystem = FARA 3 FARB
FRRsystem = FRRA + (1-FRRA) 3 FRRB
The FRRsystem cannot be improved by changing the order of the separate systems.
Suppose we have two different biometric authentication methods: A and B as depicted below in a parallel setup.
The number of users falsely rejected determines the FRR, so the FRR is related to the rejection of users (false or not.) A system seeking a low FRR, such as on-line banking, has to monitor the number of persons who are rejected. To get a good FRR, we should design a system that takes the rejection process closely into account.
With a parallel system, the acceptance of a user by system A will not reroute the verification procedure to system B. The acceptance procedure of the parallel system therefore does not involve both systems and the FAR will depend only on the first system.
If we consider the parallel system, then the rejection of a user by system A will reroute the verification procedure to system B. The rejection procedure of a parallel system therefore involves both systems and the FRR will be dependent on both.
Acceptance and rejection scenarios for the parallel system are depicted below.
Combining both systems this way will provide an overall performance characterized by :
FARsystem = FARA
FRRsystem = FRRA 3 FRRB
Expert-Supervisor - A Hybrid Approach
In the expert-supervisor paradigm the different layers are regarded as separate experts who provide separate scores. The supervisor groups all the scores and makes its decision. The strength of this architecture lies in the power of the separate experts, in the discriminative power of the supervisor and the way the expert scores are combined into a supervisor score.
An intelligent supervisor offers the following advantages:
Bypassing the goat problem: during the enrollment it is possible that a single layer is not fully capable of capturing a person's biometric characteristics. The supervisor can mark his enrollment database after deciding that the specific score is not good enough. When the verification procedure is initiated this can then be taken into account, i.e. lower (or zero) weights are attached to the score of such layers.
Multi-options enrollment: the supervisor will have knowledge of all possible enrollment scenarios of the different experts.
Modular: the supervisor should be open and modular so that new experts can be easily added to the system.
Such a hybrid approach represents the ultimate in layered biometrics and should produce a very low false acceptance rate as well as a very low false rejection rate.
Biometrics was once the stuff of science fiction movies and spy thrillers: futuristic gadgets which can scan a person's hand, eyes or speech patterns and determine instantly who the person is. But it is no longer a futuristic idea and it has implications for our lives today. With the Internet revolution upon us, the need for effective biometrics can only grow.
The question any company needs to ask itself in a security application is "How secure is secure enough?" And of course, there are cost considerations. Which biometric measures work best varies with the application. But with layers of biometrics, the whole will always be better (more secure) than the individual parts.
Maarten Willems is the director of engineering for Keyware Technologies, headquartered in Woburn, MA and Brussels, Belgium.
Is it Time to Retire PINs, Passwords and Maiden Names?
As accelerating numbers of system integrators and consumers climb on the speech recognition bandwagon, will speaker verification be right behind? Speech recognition of course determines what is being said, whereas verification determines who is speaking.
Both consumers and system integrators have realized that PIN-based user authentication is simply too vulnerable to fraud. Not only is mothers maiden name also vulnerable to fraud, but it requires expensive, on-line human operator time to obtain and verify the information. Everyone wants something better - and speaker verification looks like the answer. Voiceprint verification has a lower equipment cost per user than other biometric applications since there are no client-side hardware/software requirements for each user terminal or workstation. In addition, voiceprint verification is much less intrusive than other biometrics.
A word of caution is in order. A few companies are offering so-called speaker verification systems which are, in fact, mere speech recognition capture of spoken PINS or passwords. These systems have the same vulnerabilities to fraud which PINS and passwords do. True speaker verification actually compares a persons unique voice print characteristics stored in a speech template to verify that the person speaking is the authorized user.
Major verification suppliers, ITT Industries (www.speakerkey.com), T-NETIX (www.tnetix.com) and Veritel (www.veritelcorp.com), among others, have seen significant recent increases in the number of customers and variety of applications.
ITT, whose SpeakerKey verifier has been on the market since 1994, has a strong presence in the corrections marketplace, with voice-based offender tracking. Ameritech/SecurityLink (www.ameritech.com/products/securitylink/com.elee.html), VoiceTrack (www.voicetrack.com) and several other companies are using SpeakerKey-based systems to provide accurate, cost-effective telephone-based monitoring of criminal offenders on house-arrest, parole, probation and work-release programs.
A recent ITT growth area is web access control, such as offered by Austin-based iNTELLiTRAK Technologies (www.intellitrak.com). iNTELiTRAKs CITADELTM Gatekeeper utilizes SpeakerKey verification technology for network access. Other recent customer applications include physical access control, voice-based authentication for unattended door opening, remote time-card inputs, electronic purchasing, employee phone services and consumer access to financial services and records, among others.
T-NETIXs original application area was caller verification for prison pay phone collect calls. Many prison inmates are assigned PINs which must be used to initiate a collect phone call. These PINs are vulnerable to theft, barter, borrowing and other abuses. Voice-based authentication of callers reduces these abuses. More recently, T-NETIX has entered into a program with GTE to verify the identity of cellular phone users, in response to the growth of wireless telephone fraud. They also provide products such as: a banking application for verifying customer phone transactions; a voice protection system for PBXs which can replace calling cards and reduce improper phone use while protecting the voice mail system and, most recently, a computer access security system. Other applications being pursued are a website security system.
Veritel, Lucent Technologies and Tapestry Integration Specialists recently announced the availability of VoiceLok for Lucent Technologies Intuity CONVERSANT IVR system. VoiceLok is a SDK which makes it easy to add speaker verification voice print technology to new and existing Conversant IVR applications. The VoiceLok SDK utilizes Veritels Authentigate API, which provides a standard interface to Veritels Voice Verification system for PC, IVR, Internet and other applications.
Lucent Speech Processing Solutions (1 800 772-5785) is taking an ever increasing role in verification. While Lucent has been offering boards appropriate for verification and other speech applications for some time, they recently doubled their board capacity while holding the price, significantly reducing cost. In addition, they are now pursuing applications such as phone banking, voice dialing, personal assistant, home incarceration projects with both in-house and third party developer teams.
So whats in the future for speaker verification? ITTs latest version of SpeakerKey requires voice authentication before a user is allowed to log on to a computer. If the would-be users voice does not match the authorized voice, the impostor is locked out. Several users can be stored for multi-user access. It was created in collaboration with Tampa-based National Registry Inc., (www.nrid.com), the contractor who developed the Department of Defense sponsored Human Authentication API (HAPI) standard proposal for biometrics. The system is, of course, HAPI compliant, which allows developers to integrate speaker verification with other biometrics.
Frank Smead is Director of SpeakerKey, Marketing Manager, ITT Industries in Fort Wayne, IN. He can be reached at (219) 451-6321 or email@example.com.
Companies and Suppliers Mentioned