CYB 302 - BIOMETRIC SECURITY

Course Outline:
Introduction to Biometrics and Digital Image Processing. MATLAB in Biometric
Image/Signal Processing, Biometric Algorithms and Systems with emphasis on
face, fingerprint, eyes (iris), speech (voice). Automated Biometric Identification,
Multimodal Biometrics. Biometric Data: Raw Data, Templates Data, and Data
Methods. Biometric Matching Basics: Biometric Authentication, Enrollment,
Correct User and Incorrect User. Match Threshold and Matching Performance,
Setting a Threshold. Biometric Authentication: Matching Data, Ground Truth,
Calculating Error rates and Graphs. Biometric Data: Storage of Biometric Data
Elements, Transactions, Errors, and Quality upgrades. Data Security and Integrity.
Privacy Issues and other aspects of biometrics. Applications for Biometrics and
Future Trends. Challenging Issues: challenging issues: Security Strength and
Recognition Rates, Alternatives of Passwords and Smart Cards.

Lab work: Practical exercises on biometric capture, image processing, matching

threshold, and performance. Learn the practical aspect of automated biometric
identification of multimodal authentication and calculation of error rates, work on
biometric algorithms, privacy, and security of stored biometric data.

INTRODUCTION TO BIOMETRICS

Biometrics is a modern technology design to improve security features across

various industries for identification and access control. This technology is
developed by combining three different fields, i.e., information technology (digital
data), electronics (sensors and measuring tools), and biology (human body
measurements).

Biometric authentication systems are completely different from traditional

identification systems like passwords, PINs, etc. as they are unique to individuals
and more reliable

Biometrics can be defined as technologies used to identify or verify individuals

based on their biological or behavioral characteristics.
1
The primary objective of designing and developing biometrics is to provide highly
secure and convenient authentication methods for individuals.

A very common example of biometrics that we see every day is when using the
fingerprint (or face) to unlock our smartphones or office doors. Biometrics are
developed for making identification and access control more secure, fast, and
reliable. When compared with passwords and PINs, biometrics are more secure
and convenient, as it is free from issues like forgetting and stealing.

However, biometrics also has its own challenges like any other security
technology. One of the major issues with biometrics is the privacy concerns of
personal data of an individual. Also, once the biometrics data of someone is
compromised, it cannot be changed like a password. Therefore, it is very important
to protect this sensitive data from potential risks and breaches.

Biometrics are nothing but measurements and calculations related to the human
body to determine their characteristics and features. These measurements and
calculations are then used for authentication, identification, and access control to
electronic systems and are known as Biometric Authentication or Realistic
Authentication.

Biometric authentication is widely used in computerized systems like smartphones,

laptops, security doors, lockers, and more for access control. In various digital
systems, like digital identity cards, it is also used for identification of individuals.

Biometric authentication systems use unique and measurable characteristics of

individuals to identify them uniquely. These biometric characteristics are generally
categorized as physiological characteristics and behavioral characteristics.

In simple terms, Biometrics simply means automatic identification or verification

of individuals based on measurable biological or behavioral characteristics. The
word comes from:
Bio = life
Metrics = measurement
Thus, biometrics means measurement of human characteristics.

2
Biometrics is a technology used to identify, analyze, and measure an individual's
physical and behavioral characteristics.

Each human being is unique in terms of characteristics, which make him or her
different from all others. The physical attributes such as fingerprints, color of iris,
color of hair, hand geometry, and behavioral characteristics such as tone and
accent of speech, signature, or the way of typing keys of computer keyboard etc.,
make a person stand separate from the rest.

This uniqueness of a person is then used by the biometric systems to:

 Identify and verify a person.

 Authenticate a person to give appropriate rights to system operations.
 Keep the system safe from unethical handling.

Characteristics of Biometrics
i. Physiological Characteristics

These characteristics are related to the shape of the body. Based on physical body
traits Examples of physiological characteristics include fingerprints, face
structure, DNA, palm print, hand geometry, iris, retina, shape of ear, odor, scent,
etc.

ii. Behavioral Characteristics

These characteristics are related to the pattern of behavior of an individual. Based

on human behavior patterns. Examples of behavioral characteristics include typing
rhythm, signature, mouse movement, voice, Keystroke dynamics, gait (walking
pattern) etc.

What is a Biometric System?

A biometric system is a technology which takes an individual's physiological,

behavioral, or both traits as input, analyzes it, and identifies the individual as a
genuine or malicious user.

3
A technological system that captures physiological or behavioral data of a person
as input and processed for identification of the person is referred to as a biometric
system. A biometric system is a technology that automatically identifies
individuals using biometric traits.

A typical biometric system works as follows:

Step 1: First, the biometric system captures biological data like fingerprints, iris
scan, voice, face patterns, etc. of an individual.

Step 2: The system extracts the pattern or characteristics from the input data.

Step 3: The extracted patterns are then compared with the pre-stored data samples
in the database.

Step 4: Finally, the system gives appropriate results or makes decisions if the input
data matches the samples.

BIOMETRIC SYSTEM ARCHITECTURE

4
1. Sensor: Captures biometric data. The sensor is the first block of the biometric
system which collects all the important data for biometrics. It is the interface
between the system and the real world. Typically, it is an image acquisition
system, but it depends on the features or characteristics required to be replaced or
not.

2. Pre-processing: It is the second block that executes all the pre-processing. Its
function is to enhance the input and to eliminate artifacts from the sensor,
background noise, etc. It performs some kind of normalization.

3. Feature extractor: Extracts unique patterns. This is the third and most
important step in the biometric system. Extraction of features is to be done to
identify them at a later stage. The goal of a feature extractor is to characterize an
object to be recognized by measurements.

4. Template generator: The template generator generates the templates that are
used for authentication with the help of the extracted features. A template is a
vector of numbers or an image with distinct tracts. Characteristics obtained from
the source groups come together to form a template. Templates are being stored in

5
the database for comparison and serve as input for the match. Stores enrolled
biometric data

5. Matcher: The matching phase is performed by the use of a match. In this part,
the procured template is given to a matcher that compares it with the stored
templates using various algorithms such as Hamming distance, etc. After matching
the inputs, the results will be generated. Compares new input to stored templates

6. Application device: It is a device that uses the results of a biometric system.

The Iris recognition system and facial recognition system are some common
examples of application devices.

Characteristics of Good Biometric Traits

A biometric characteristic must satisfy the following:

Property Definition
Universality Every person possesses it
Uniqueness No two individuals share the same trait
Permanence Trait remains stable over time
Collectability Can be measured easily
Performance System must be accurate and fast
Acceptability Users must accept the technology

Types of Biometric Recognition

1. Verification (1:1) - Check if the user matches the claimed identity.

Example: Student enters matric number + fingerprint.

2. Identification (1: N) - Search database to identify user.

Example: Police fingerprint search.

Face Recognition: Identifies individuals via facial features (distance between

eyes, nose, jawline, facial texture).

6
Fingerprint Recognition: Uses ridge patterns: ridge endings, bifurcations.

Iris Recognition: Uses iris texture patterns; highly accurate and stable for life.

Speech / Voice Recognition:

 Speech Recognition: Recognizes what is said

 Speaker Recognition: Recognizes who is speaking

Process of Identification using Biometric System

The identification of using a biometric system is a four-step process. T

 Enrollment: Enrollment is the process of capturing biometric data of a

person and stored in a database as reference values for future comparisons.
 Capturing and Verification: In this step, the biometric system takes the
biometric data of a person as input. Then, it compares the captured data
input with the reference values stored in the database and verifies the person.
 Identification: In this step, the system gives a result to show whether the
input data is matched with a reference value in the database and shows the
identity of the person.
 Authentication: It is the final step of the identification process. In this step,
the biometric system grants or denies access depending on the identification
of results.

Advantages of Biometrics

 Biometrics are unique for an individual, and they are very difficult to forget
or steal as compared to other security mechanisms like passwords, pins, etc.

 Biometrics are more convenient, as users do not need to remember these
data.
 Biometrics are relatively more secure as they are unique and cannot overlap
for multiple users.

7
  Biometric systems based on behavioral data provide more secure
authentication during an ongoing session.
 Provides strong authentication
 Cannot be forgotten like passwords

Disadvantages of Biometrics

Biometrics also have certain disadvantages which are listed below:

 Biometrics are highly personalized data of an individual. Hence, they can

have serious privacy concerns if they are mishandled.
 Biometric systems are relatively more complex and expensive.
 Biometric systems are sensitive to environmental conditions like dirty and
moisturized areas, dark areas, etc. These factors can affect the operations of
biometric systems.
 Some of the biometric techniques, like fake fingerprints, can be used for
unauthorized access to systems.

Evolution of Biometrics

The idea of biometrics was present a few years from now. In 14 th century, China
practiced taking fingerprints of merchants and their children to separate them from
all others. Fingerprinting is still used today.

In the 19th century, an Anthropologist named Alphonse Bertillion developed a

method (named Bertillionage) of taking body measurements of persons to identify
them. He had realized that even if some features of the human body are changed,
such as length of hair, weight, etc., some physical traits of body remain unchanged,
such as length of fingers. This method diminished quickly as it was found that the
persons with same body measurements alone can be falsely taken as one.
Subsequently, Richard Edward Henry from Scotland Yard developed a method for
fingerprinting.

The idea of retinal identification was conceived by Dr. Carleton Simon and Dr.
Isadore Goldstein in 1935. In 1976, a research and development effort was put in at

8
EyeDentify Inc. The first commercial retina scanning system was made available
in 1981.

Iris recognition was invented by John Daugman in 1993 at Cambridge University.

In 2001, Biometrics Automated Toolset (BAT) was introduced in Kosovo, which

provided a concrete identification method.

Today, biometrics have come up as an independent field of study with precise

technologies of establishing personal identities.

Why is Biometrics Required?

With increasing use of Information Technology in the field of banking, science,

medication, etc., there is an immense need to protect the systems and data from
unauthorized users.

Biometrics are used for authenticating and authorizing a person. Though these
terms are often coupled; they mean different things.

Authentication (Identification)

This process tries to find out the answer to the question, Are you the same as who
you are claiming to be? or Do I know you? This is one-to-many matching and
comparison of a person's biometrics with the whole database.

Verification

This is the one-to-one process of matching where live samples entered by the
candidate are compared with a previously stored template in the database. If both
are matching with more than 70% agreeable similarity, then the verification is
successful.

Authorization

It is the process of assigning access rights to authenticated or verified users. It tries

to find out the answer for the question, Are you eligible to have certain rights to
access this resource?
9
Shortcomings of Conventional Security Aids

The conventional methods of information system security used ID cards,

passwords, Personal Identification Numbers (PINs), etc. They come with the
following disadvantages:

 They all mean recognizing some code associated with the person rather than
recognizing the person who actually produced it.
 They can be forgotten, lost, or stolen.
 They can be bypassed or easily compromised.
 They are not precise.

In such cases, the security of the system is threatened. When the systems need a
high level of reliable protection, biometrics come to help by binding the identity
more oriented to the individual.

Basic Components of a Biometric System

In general, a biometric system can be divided into four basic components.

Input Interface (Sensors)

It is the sensing component of a biometrics system that converts human biological

data into digital forms.

For example,

10
  A Metal Oxide Semiconductor (CMOS) imager or a Charge Coupled Device
(CCD) in the case of face recognition, handprint recognition, or iris/retinal
recognition systems.
 An optical sensor in case of fingerprint systems.
 A microphone in case of voice recognition systems.

Processing Unit

The processing component is a microprocessor, Digital Signal Processor (DSP), or

computer that processes the data captured from the sensors.

The processing of the biometric sample involves:

 Sample image enhancement

 Sample image normalization
 Feature extraction
 Comparison of the biometric sample with all stored samples in database.

Database Store

The database stores the enrolled sample, which is recalled performing a match at
the time of authentication. For identification, there can be any memory from
Random Access Memory (RAM), flash EPROM, or a data server. For verification,
a removable storage element like a contact or contactless smart card is used.

Output Interface

The output interface communicates the decision of the biometric system to enable
access to the user. This can be a simple serial communication protocol for RS232,
or the higher bandwidth USB protocol. It could also be TCP/IP protocol, Radio
Frequency Identification (RFID), Bluetooth, or one of the many cellular protocols.

General Working of a Biometric System

There are four general steps a biometric system takes to perform identification and
verification:

11
  1. Acquire live sample from candidate. (using sensors)
 2. Extract prominent features from samples. (using processing unit)
 3. Compare live samples with samples stored in database. (using algorithms)
 4. Present the decision. (Accept or reject the candidate.)

The biometric sample is acquired from a candidate user. The prominent features
are extracted from the sample, and it is then compared with all the samples stored
in the database. When the input sample matches one of the samples in the database,
the biometric system allows the person to access the resources; otherwise prohibits
them.

Biometrics Terminology

Biometric Template: It is a digital reference of the distinct characteristics that are

extracted from a biometric sample.

Candidate/Subject: A person who enters his biometric sample.

Closed-Set Identification: The person is known to be existing in the database.

12
Enrollment: It is when a candidate uses a biometric system for the first time; it
records basic information such as name, address, etc. and then records the
candidate's biometric trait.

False Acceptance Rate (FAR): It is the measure of possibility that a biometric

system will incorrectly identify an unauthorized user as a valid user.

FAR = Number of False Acceptances / Number of Identification Attempts

A biometric system providing low FAR ensures high security.

False Reject Rate (FRR): It is the measure of possibility that the biometric system
will incorrectly reject an authorized user as an invalid user.

FRR = Number of False Rejections / Number of Identification Attempts

Open-Set Identification: The person is not guaranteed to be existing in the

database.

Task: It is when the biometric system searches the database for a matching
sample.

Application Areas of Biometrics

There are a number of applications where biometric systems are useful. Few of
them are given below:

 Controlling workplace access.

 Identity of the establishment of people for authentic citizenship and
immigration systems.
 Applying access control to sensitive information and systems.
 Identifying criminals by forensics.
 Executing online e-commerce transactions.
 Fraud and theft reduction.
 Law enforcement.

Biometric data can exist in two forms:

13
Data Type Example
Image Face, fingerprint
Signal Voice

Digital Image Processing Basics

Digital Image Processing means processing digital images by means of a digital

computer. We can also say that it is a use of computer algorithms to get enhanced
images to extract some useful information.

Digital image processing is the use of algorithms and mathematical models to

process and analyze digital images. The goal of digital image processing is to
enhance the quality of images, extract meaningful information from images, and
automate image-based tasks.

The basic steps involved in digital image processing are:

1. Image acquisition: This involves capturing an image using a digital camera

or scanner or importing an existing image into a computer.
2. Image enhancement: This involves improving the visual quality of an image,
such as increasing contrast, reducing noise, and removing artifacts.
3. Image restoration: This involves removing degradation from an image, such
as blurring, noise, and distortion.
4. Image segmentation: This involves dividing an image into regions or
segments, each of which corresponds to a specific object or feature in the
image.
5. Image representation and description: This involves representing an image in
a way that can be analyzed and manipulated by a computer and describing
the features of an image in a compact and meaningful way.
6. Image analysis: This involves using algorithms and mathematical models to
extract information from an image, such as recognizing objects, detecting
patterns, and quantifying features.
7. Image synthesis and compression: This involves generating new images or
compressing existing images to reduce storage and transmission
requirements.
14
 8. Digital image processing is widely used in a variety of applications,
including medical imaging, remote sensing, computer vision, and
multimedia.

Image processing mainly includes the following steps:

1. Importing the image via image acquisition tools;

2. Analyzing and manipulating the image;
3. Output in which result can be altered image or a report based on analyzing
that image.

What is an image?

An image is defined as a two-dimensional function F (x, y), where x and y are

spatial coordinates, and the amplitude of F at any pair of coordinates (x, y) is
called the intensity of that image at that point. When x,y, and amplitude values of
F are finite, we call it a digital image.
In other words, an image can be defined by a two-dimensional array specifically
arranged in rows and columns.
Digital Image is composed of a finite number of elements, each of which elements
have a particular value at a particular location. These elements are referred to as
picture elements, image elements, and pixels. A Pixel is most widely used to denote
the elements of a Digital Image.

Types of an image

1. BINARY IMAGE- The binary image as its name suggests, contains only
two-pixel elements i.e. 0 & 1, where 0 refers to black and 1 refers to white.
This image is also known as Monochrome.
2. BLACK AND WHITE IMAGE- The image which consists of only black
and white color is called BLACK AND WHITE IMAGE.
3. 8-bit COLOR FORMAT- It is the most famous image format. It has 256
different shades of colors in it and is commonly known as Grayscale Image.
In this format, 0 stands for Black, and 255 stands for white, and 127 stands
for gray.
15
 4. 16-bit COLOR FORMAT- It is a color image format. It has 65,536
different colors in it. It is also known as High Color Format. In this format,
the distribution of color is not the same as the Grayscale image.

A 16-bit format is divided into three further formats which are Red, Green and
Blue. That famous RGB format.

Image as a Matrix

As we know, images are represented in rows and columns we have the following
syntax in which images are represented:

The right side of this equation is digital image by definition. Every element of this
matrix is called an image element, picture element, or pixel.

PHASES OF IMAGE PROCESSING:

1. ACQUISITION: It could be as simple as being given an image which is in

digital form. The main work involves:

a) Scaling

16
b) Color conversion (RGB to Gray or vice-versa)

2. IMAGE ENHANCEMENT: It is amongst the simplest and most appealing

areas of Image Processing. It is also used to extract some hidden details from an
image and is subjective.

3. IMAGE RESTORATION- It also deals with the appeal of an image, but it is

objective (Restoration is based on mathematical or probabilistic model or image
degradation).

4. COLOR IMAGE PROCESSING: It deals with pseudo color and full color
image processing color models are applicable to digital image processing.

[Link] AND MULTI-RESOLUTION PROCESSING: It is a

foundation of representing images in various degrees.

6. IMAGE COMPRESSION: It involves developing some functions to perform

this operation. It mainly deals with image size or resolution.

7. MORPHOLOGICAL PROCESSING-It deals with tools for extracting image

components that are useful in the representation & description of shape.

8. SEGMENTATION PROCEDURE-It includes partitioning an image into its

constituent parts or objects. Autonomous segmentation is the most difficult task in
Image Processing.

9. REPRESENTATION & DESCRIPTION: It follows output of segmentation

stage; choosing a representation is only the part of solution for transforming raw
data into processed data.

10. OBJECT DETECTION AND RECOGNITION-It is a process that assigns a

label to an object based on its descriptor.

OVERLAPPING FIELDS WITH IMAGE PROCESSING

17
According to block 1, if input is an image and we get out image as an output, then
it is termed as Digital Image Processing.

According to block 2, if input is an image and we get some kind of information or

description as an output, then it is termed as Computer Vision.

According to block 3, if input is some description or code, and we get an image as

an output, then it is termed as Computer Graphics.

According to block 4, if input is description or some keywords or some code and

we get description or some keywords as an output, then it is termed as Artificial
Intelligence

Advantages of Digital Image Processing:

1. Improved image quality: Digital image processing algorithms can improve

the visual quality of images, making them clearer, sharper, and more
informative.

18
 2. Automated image-based tasks: Digital image processing can automate many
image-based tasks, such as object recognition, pattern detection, and
measurement.
3. Increased efficiency: Digital image processing algorithms can process
images much faster than humans, making it possible to analyze large
amounts of data in a short amount of time.
4. Increased accuracy: Digital image processing algorithms can provide more
accurate results than humans, especially for tasks that require precise
measurements or quantitative analysis.

Disadvantages of Digital Image Processing:

1. High computational cost: Some digital image processing algorithms are

computationally intensive and require significant computational resources.
2. Limited interpretability: Some digital image processing algorithms may
produce results that are difficult for humans to interpret, especially complex
or sophisticated algorithms.
3. Dependence on quality of input: The quality of the output of digital image
processing algorithms is highly dependent on the quality of the input images.
Poor quality input images can result in poor quality output.
4. Limitations of algorithms: Digital image processing algorithms have
limitations, such as the difficulty of recognizing objects in cluttered or
poorly lit scenes, or the inability to recognize objects with significant
deformations or occlusions.
5. Dependence on good training data: The performance of many digital image
processing algorithms is dependent on the quality of the training data used to
develop the algorithms. Poor quality training data can result in poor
performance of the algorithm.

MATLAB IN BIOMETRIC IMAGE/SIGNAL PROCESSING

MATLAB stands for the Matrix Laboratory. It is a high-level programming

environment used for mathematical computation, visualization, and algorithm
development. MATLAB is widely used in:
 Image processing

19
  Signal processing
 Machine learning
 Biometric algorithm development

MATLAB Applications in Biometrics: MATLAB helps to:

 Process biometric images
 Extract features
 Implement recognition algorithms
 Evaluate performance
Examples:
3. Fingerprint ridge extraction
4. Face recognition algorithms
5. Voice signal analysis

DIGITAL IMAGE REPRESENTATION IN MATLAB:

In MATLAB, the start index is from 1 instead of 0. Therefore, f (1,1) = f (0,0).

Henceforth, the two representations of image are identical, except for the shift in
origin.

In MATLAB, matrices are stored in a variable i.e. X, x, input_image , and so on.

The variables must be a letter the same as other programming languages.

20
BIOMETRIC ALGORITHMS AND SYSTEMS
 A biometric algorithm is a mathematical procedure used to extract and
compare biometric features.
 A biometric system is a complete system that captures biometric data,
processes it, and performs identification or authentication.

Face Recognition
Face recognition identifies a person by analyzing facial features such as: Distance
between eyes, Shape of nose, Jawline, Facial texture etc.
Common techniques:
 Eigenfaces
 Fisherfaces
 Deep learning models
Applications:
1. Airport security
2. Smartphone unlocking
3. Surveillance systems

Fingerprint Recognition
Fingerprint recognition analyzes the ridge patterns on the finger. Key features are
called minutiae points:
 Ridge endings
 Ridge bifurcations
Fingerprint recognition is widely used because it is: Accurate, Affordable, Easy to
capture

Iris Recognition
The iris is the colored ring surrounding the pupil. It contains complex patterns
unique to everyone.
Advantages:
 Extremely accurate
 Stable over a lifetime
 Difficult to forge

21
Speech / Voice Recognition
Two types exist:
i. Speech Recognition: Recognizes what is being said.
ii. Speaker Recognition: Recognizes who is speaking.

Voice recognition analyzes:

 Pitch
 Frequency
 Vocal tract characteristics

AUTOMATED BIOMETRIC IDENTIFICATION

Automated Biometric Identification System (ABIS) is a computerized system that
automatically identifies individuals from biometric data.

Identification types:
 Verification (1:1 Matching): User claims identity. Example: Fingerprint →
compared with one stored template.
 Identification (1: N Matching): System searches entire database.
Example:
Fingerprint → compared with all stored templates.

BIOMETRICS MODALITIES

A biometric modality is nothing but a category of a biometric system depending

upon the type of human trait it takes as input.

The biometrics are largely statistical. The more data available from samples, the
more the system is likely to be unique and reliable. It can work on various
modalities pertaining to measurements of individuals' bodies and features, and
behavioral patterns. The modalities are classified based on the person's biological
traits.

22
Types of Biometric Modalities

There are various traits present in humans, which can be used as biometrics
modalities. The biometric modalities fall under three types:

1. Physiological
2. Behavioral
3. Combination of physiological and behavioral modality

The following table collects the points that differentiate these three modalities:

Physiological Modality Behavioral Modality Combination of Both

Modalities
This modality pertains to This modality is related This modality includes
the shape and size of the to change in human both traits, where the
body. behavior over time. traits depend upon
physical as well as
behavioral changes.
For example: For example: For example:

 Fingerprint  Gait (the way one Voice Recognition

Recognition walks)
 Hand Geometry  Rhythm of typing It depends on the health,
Recognition keys size, and shape of vocal
system  Signature cord, nasal cavities,
 Facial Recognition mouth cavity, shape of
System lips, etc., and the
 Iris Recognition emotional status, age,
System illness (behavior) of a
 Hand Geometry person.
Recognition
System
 Retinal Scanning
System
 DNA Recognition
System

23
Physiological Modalities

The physiological modalities are based on the direct measurement of parts of the
human body such as iris, fingerprint, shape, and position of fingers, etc.

There are some physical traits which remain unaltered throughout a person's life.
They can be an excellent resource for identifying an individual.

Fingerprint Recognition System

It is the most known and used biometrics solution to authenticate people on

biometric systems. The reasons for it being so popular are there are ten available
sources of biometric and ease of acquisition.

Every person has a unique fingerprint which is composed of ridges, grooves, and
direction of the lines. There are three basic patterns of ridges: arch, loop, and
whorl. The uniqueness of fingerprint is determined by these features as well as
minutiae features such as bifurcation and spots (ridge endings).

Fingerprint is one of the oldest and most popular recognition techniques.

Fingerprint matching techniques are of three types:

 Minutiae Based Techniques: In these minutiae points are found and then
mapped to their relative position on finger. There are some difficulties such
as if the image is of low quality, then it is difficult to find minutiae points
correctly. Another difficulty is it considers the local position of ridges and
furrows; not global.
 Correlation Based Method: It uses richer gray scale information. It
overcomes problems of minutiae-based methods, by being able to work with
bad quality data. But it has some of its own problems like localization of
points.
 Pattern Based (Image Based) Matching: Pattern based algorithms
compare the basic fingerprint patterns (arch, whorl, and loop) between a
stored template and a candidate fingerprint.

24
Merits of Finger Recognition System

 It is the most contemporary method.

 It is the most economical method.
 It is highly reliable and secure.
 It works on a small template size, which speeds up the verifying process.
 It consumes less memory space.

Demerits of Finger Recognition System

 Scars, cuts, or absence of fingers can hinder the recognition process.

 The systems can be fooled by using artificial fingers made of wax.
 It involves physical contact with the system.
 They leave the pattern of fingers behind at the time of entering the sample.

Applications of Finger Recognition System

 Verification of driver-license authenticity.

 Checking validity of a driving license.
 Border Control/Visa Issuance.
 Access control in organizations.

Facial Recognition System

Facial recognition is based on determining the shape and size of the jaw, chin,
shape and location of the eyes, eyebrows, nose, lips, and cheekbones. 2D facial
scanners start reading face geometry and recording it on the grid. Facial geometry
is transferred to the database in terms of points. The comparison algorithms

25
perform face matching and come up with the results. Facial recognition is
performed in the following ways:

 Facial Metrics: In this type, the distances between pupils or from nose to lip
or chin are measured.
 Eigen faces: It is the process of analyzing the overall face image as a
weighted combination of a number of faces.
 Skin Texture Analysis: The unique lines, patterns, and spots apparent in a
person's skin are located.

Merits of Facial Recognition System

 It offers easy storage of templates in database.

 It reduces the statistic complexities to recognize face image.
 It involves no physical contact with the system.

Demerits of Facial Recognition System

 Facial traits change over time.

 Uniqueness is not guaranteed, for example, in case of identical twins.
 If a candidate face shows different expressions such as light smile, then it
can affect the result.
 It requires adequate lighting to get correct input.

26
Applications of Facial Recognition System

 General Identity Verification.

 Verification for access control.
 Human Computer Interaction.
 Criminal Identification.
 Surveillance.

Iris Recognition System

Iris recognition works based on iris patterns in the human eye. The iris is the
pigmented elastic tissue that has adjustable circular opening in center. It controls
the diameter of the pupil. In adult humans, the texture of iris is stable throughout
their lives. The iris patterns of the left and right eyes are different. The iris patterns
and colors change from person to person.

It involves taking the picture of iris with a capable camera, storing it, and
comparing the same with the candidate eyes using mathematical algorithms.

27
Merits of Iris Recognition System

 It is highly accurate as the chance of matching two irises is 1 in 10 billion

people.
 It is highly scalable as the iris pattern remains same throughout a person's
lifetime.
 The candidates need not remove glasses or contact lenses; they do not
hamper the accuracy of the system.
 It involves no physical contact with the system.
 It provides instant verification (2 to 5 seconds) because of its small template
size.

Demerits of Iris Recognition System

 Iris scanners are expensive.

 High quality images can fool the scanner.
 A person is required to keep his/her head very still for accurate scanning.

Applications of Iris Recognition System

 National security and Identity cards such as Adhaar card in India.

 Google uses iris recognition for accessing their datacenters.

Hand Geometry Recognition System

It includes measuring length and width of palm, surface area, length and position
of fingers, and overall bone structure of the hand. A person's hand is unique and
can be used to identify a person from others. There are two Hand Geometry
systems:

 Contact Based: a hand is placed on a scanned surface. This placement is

positioned by five pins, which guide the candidate in hand to position
correctly for the camera.
 Contact Less: In this approach neither pins nor platform are required for
hand image acquisition.

28
Merits of Hand Geometry Recognition System

 It is sturdy and user friendly.

 The changes in skin moisture or texture do not affect the result.

Demerits of Hand Geometry Recognition System

 Since hand geometry is not unique, it is not very reliable.

 It is effective in the case of adults and not for the growing children.
 If candidates' hand is with jewelry, plaster, or arthritis, it is likely to
introduce a problem.

Applications of Hand Geometry Recognition System

 Nuclear power plants and military use Hand Geometry Recognition for
access control.

Retinal Scanning System

Retina is the lining layer at the back of the eyeball that covers 65% of the eyeballs'
inner surface. It contains photosensitive cells. Each person's retina is unique due to
the complex network of blood vessels that supply blood.

29
It is a reliable biometric as the retina pattern remains unchanged throughout the
person's life, barring the patterns of persons having diabetes, glaucoma, or some
degenerative disorders.

In the retinal scanning process, a person is asked to remove lenses or eyeglasses. A

low-intensity infrared light beam is cast into a person's eye for 10 to 15 seconds.
This infrared light is absorbed by the blood vessels forming a pattern of blood
vessels during the scan. This pattern is then digitized and stored in the database.

Merits of Retinal Scanning System

 It cannot be forged.
 It is highly reliable as the error rate is 1 out of a 10 millions attempts sample
(which is almost 0%).

Demerits of Retinal Scanning System

 It is not very user friendly as the user needs to maintain steadiness that can
cause discomfort.
 It tends to reveal some poor health conditions such as hypertension or
diabetes, which causes privacy issues.
 Accuracy of the results is prone to diseases such as cataracts, glaucoma,
diabetes, etc.

30
Applications of Retinal Scanning System

 It is practiced by some government bodies such as CID, FBI, etc.

 Apart from security applications, it is also used for ophthalmological
diagnostics.

DNA Recognition System

Deoxyribo Neuclic Acid (DNA) is the genetic material found in humans. Every
human barring identical twin is uniquely identifiable by the traits found in their
DNA, which is located in the nucleus of the cell. There are a number of sources
from which DNA patterns can be collected such as blood, saliva, nails, hair, etc.

Within cells, DNA is organized in a long, double helix structure called

chromosomes. There are 23 pairs of chromosomes in humans. Out of the 46 total
chromosomes, the offspring inherits 23 chromosomes from each biological parent.
99.7% of an offsprings DNA is shared with their parents. The remaining 0.3%
DNA contains repetitive coding unique to an individual.

The fundamental steps of DNA profiling are:

1. Separating the DNA from a sample acquired from either blood, saliva, hair,
semen, or tissue.

2. Separating the DNA sample into shorter segments.

3. Organizing the DNA segments according to size.
4. Comparing the DNA segments from various samples.

The more detailed the sample is, the more precise the comparison and in turn the
identification of the individual is.

31
DNA Biometrics differs from all others in the following ways:

 It needs a tangible physical sample instead of an image.

 DNA matching is done on physical samples. There is no feature extraction
or template saving.

Merit of DNA Recognition System

 It provides the highest accuracy.

Demerits of DNA Recognition System

 Length of procedure from sample acquisition to result is large.

 Being more informative, it brings privacy issues.
 It needs more storage space.
 Sampling contamination or degradation of samples may affect the result.

Applications of DNA Recognition System

 It is mainly used to prove guilt or innocence.

 It is used in physical and network security.

Behavioral Modalities

32
Behavioral biometrics pertain to the behavior exhibited by people or the way
people perform tasks such as walking, signing, and typing on the keyboard.

Behavioral biometrics modalities have higher variations as they primarily depend

on the external factors such as fatigue, mood, etc. This causes higher FAR and
FRR as compared to solutions based on physiological biometrics.

Gait Recognition

Gait is the manner of a person's walk. People show different traits while walking
such as body posture, distance between two feet while walking, swaying, etc.,
which help to recognize them uniquely.

A gait recognition based on the analyzing video images of candidates walking. The
sample of candidates' walk cycle is recorded by Video. The sample is then
analyzed for position of joints such as knees and ankles, and the angles made
between them while walking.

A respective mathematical model is created for every candidate person and stored
in the database. At the time of verification, this model is compared with the live
sample of the candidate walk to determine its identity.

Merits of Gait Recognition System

 It is non-invasive.
33
  It does not need the candidate's cooperation as it can be used from a
distance.
 It can be used for determining medical disorders by spotting changes in
walking pattern of a person in case of Parkinsons disease.

Demerits of Gait Recognition System

 For this biometric technique, no model has been developed with complete
accuracy until now.
 It may not be as reliable as other established biometric techniques.

Application of Gait Recognition System

It is well-suited for identifying criminals in the crime scenario.

Signature Recognition System

In this case, more emphasis is given on the behavioral patterns in which the
signature is signed than the way a signature looks in terms of graphics.

The behavioral patterns include the changes in the timing of writing, pauses,
pressure, direction of strokes, and speed during signing. It could be easy to
duplicate the graphical appearance of the signature, but it is not easy to imitate the
signature with the same behavior the person shows while signing.

This technology consists of a pen and a specialized writing tablet, both connected
to a computer for template comparison and verification. A high-quality tablet can
capture behavioral traits such as speed, pressure, and timing while signing.

34
During the enrollment phase, the candidate must sign the writing tablet multiple
times for data acquisition. The signature recognition algorithms then extract the
unique features such as timing, pressure, speed, direction of strokes, important
points on the path of signature, and the size of signature. The algorithm assigns
different values of weights to those points.

At the time of identification, the candidate enters the live sample of the signature,
which is compared with the signatures in the database.

Constraints of Signature Recognition System

 To acquire adequate amount of data, the signature should be small enough to

fit on tablet and big enough to be able to deal with.
 The quality of the writing tablet decides the robustness of signature
recognition enrollment template.
 The candidate must perform the verification processes in the same type of
environment and conditions as they were at the time of enrollment. If there
is a change, then the enrollment template and live sample template may
differ from each other.

Merits of Signature Recognition System

 Signature recognition process has a high resistance to imposters as it is very

difficult to imitate the behavior patterns associated with the signature.
 It works very well in high amounts of business transactions. For example,
Signature recognition could be used to positively verify the business
representatives involved in the transaction before any classified documents
are opened and signed.
 It is a non-invasive tool.
 We all use our signature in some sort of commerce, and thus there are
virtually no privacy rights issues involved.
 Even if the system is hacked and the template is stolen, it is easy to restore
the template.

35
Demerits of Signature Recognition System

 The live sample template is prone to change with respect to the changes in
behavior while signing. For example, signing with a hand held in plaster.
 Users need to get accustomed to signing up for tablets. The error rate is high
until it happens.

Applications of Signature Recognition System

 It is used in document verification and authorization.

 The Chase Manhattan Bank, Chicago is known as the first bank to adopt
Signature Recognition technology.

Keystroke Recognition System

During World War II, a technique known as Fist of the Sender was used by
military intelligence to determine if the Morse code was sent by enemy or ally
based on the rhythm of typing. These days, keystroke dynamics are the easiest
biometric solution to implement in terms of hardware.

This biometric analyzes candidates' typing patterns, the rhythm, and the speed of
typing on a keyboard. The dwell time and flight time measurements are used in
keystroke recognition.

Dwell time: It is the duration of time for which a key is pressed.

Flight time: It is the time elapsed between releasing a key and pressing the
following key.

36
The candidates differ in the way they type on the keyboard as the time they take to
find the right key, the flight time, and the dwelling time. Their speed and rhythm of
typing also vary according to their level of comfort with the keyboard. Keystroke
recognition system monitors the keyboard to input thousands of times per second
in a single attempt to identify users based on their habits of typing.

There are two types of keystroke recognition:

 Static: It is one-time recognition at the start of interaction.

 Continuous: It is throughout the course of interaction.

Application of Keystroke Dynamics

 Keystroke Recognition is used for identification/verification. It is used with

user ID/password as a form of multifactor authentication.
 It is used for surveillance. Some software solutions track keystroke behavior
for each user account without end-users' knowledge. This tracking is used to
analyze if the account was being shared or used by anyone else than the
genuine account owner. It is used to verify if some software licenses are
being shared.

Merits of Keystroke Recognition System

 It needs no special hardware to track this biometric.

 It is a quick and secure way of identification.
 A person typing does not have to worry about being watched.
37
  Users need no training for enrollment or entering their live samples.

Demerits of Keystroke Recognition System

 The candidates' typing rhythm can change between a number of days or

within a day itself because of tiredness, sickness, influence of medicines or
alcohol, change of keyboard, etc.
 There are no known features dedicated solely to carrying out discriminating
information.

Voice Recognition

Voice recognition biometric modality is a combination of both physiological and

behavioral modalities. Voice recognition is nothing but sound recognition. It relies
on features influenced by:

 Physiological Component: Physical shape, size, and health of a person's

vocal cord, and lips, teeth, tongue, and mouth cavity.
 Behavioral Component: Emotional status of the person while speaking,
accents, tone, pitch, pace of talking, mumbling, etc.

Voice Recognition System

Voice Recognition is also called Speaker Recognition. At the time of enrollment,

the user needs to speak a word or phrase into a microphone. This is necessary to
acquire speech sample of a candidate.

The electrical signal from the microphone is converted into digital signals by an
Analog to Digital (ADC) converter. It is recorded into the computer memory as a
digitized sample. The computer then compares and attempts to match the input
voice of the candidate with the stored digitized voice sample and identifies the
candidate.

38
Voice Recognition Modalities

There are two variants of voice recognition: speaker dependent and speaker
independent.

Speaker dependent voice recognition relies on the knowledge of candidate's

particular voice characteristics. This system learns those characteristics through
voice training (or enrollment.

 The system needs to be trained by the users to accustom it to a particular

accent and tone before employing to recognize what was said.
 It is a good option if there is only one user going to use the system.

Speaker independent systems can recognize the speech from different users by
restricting the contexts of the speech such as words and phrases. These systems are
used for automated telephone interfaces.

 They do not require training the system on each individual user.

 They are a good choice to be used by different individuals where it is not
required to recognize each candidate's speech characteristics.

39
Difference between Voice and Speech Recognition

Speaker recognition and Speech recognition are mistakenly taken as same; but they
are different technologies. Let us see, how −

Speaker Recognition (Voice Speech Recognition

Recognition)
The objective of voice recognition is The speech recognition aims at
to recognize WHO is speaking. understanding and comprehending WHAT
was spoken.
It is used to identify a person by It is used in hand-free computing, map, or
analyzing its tone, voice pitch, and menu navigation.
accent.

Merits of Voice Recognition

 It is easy to implement.

Demerits of Voice Recognition

 It is susceptible to the quality of microphones and noise.

 The inability to control the factors affecting the input system can
significantly decrease performance.
 Some speaker verification systems are also susceptible to spoofing attacks
through recorded voice.

Applications of Voice Recognition

 Performing telephone and internet transactions.

 Working with Interactive Voice Response (IRV)-based banking and health
systems.
 Applying audio signatures for digital documents.
 In entertainment and emergency services.
 In online education systems.

40
Multimodal Biometric Systems

As the name depicts, multimodal biometric systems work on accepting information

from two or more biometric inputs. Multimodal biometrics use more than one
biometric trait for identification. Multimodal biometrics provide higher accuracy,
better security, reduced spoofing, etc.
Example:
Face+fingerprint
Iris + voice

A multimodal biometric system increases the scope and variety of input

information the system takes from the users for authentication.

Why is Multimodal Biometrics Required?

The unimodal systems must deal with various challenges such as lack of secrecy,
non-universality of samples, extent of user's comfort and freedom while dealing
with the system, spoofing attacks on stored data, etc.

Some of these challenges can be addressed by employing a multimodal biometric

system.

There are several more reasons for its requirement, such as:

 The availability of multiple traits makes the multimodal system more

reliable.
 A multimodal biometric system increases the security and security of user
data.
 A multimodal biometric system conducts fusion strategies to combine
decisions from each subsystem and then comes up with a conclusion. This
makes a multimodal system more accurate.
 If any of the identifiers fail to work for known or unknown reasons, the
system still can provide security by employing the other identifier.
 Multimodal systems can provide knowledge about liveliness of the sample
being entered by applying liveliness detection techniques. This makes them
capable of detecting and handling spoofing.

41
Working of Multimodal Biometric System

Multimodal biometric system has all the conventional modules a unimodal system
has:

 Capturing module
 Feature extraction module
 Comparison module
 Decision making module

In addition, it has a fusion technique to integrate information from two different

authentication systems. The fusion can be done at any of the following levels −

 During feature extraction.

 During comparison of live samples with stored biometric templates.
 During decision making.

The multimodal biometric systems that integrate or fuse the information at an

initial stage are more effective than the systems that integrate the information at the
later stages. The obvious reason for this is that the early stage contains more
accurate information than the matching scores of the comparison modules.

42
Fusion Scenarios in Multimodal Biometric System

Within a multimodal biometric system, there can be variety in number of traits and
components. They can be as follows:

 Single biometric trait, multiple sensors.

 Single biometric trait, multiple classifiers (say, minutiae-based matcher and
texture-based matcher).
 Single biometric trait, multiple units (say, multiple fingers).
 Multiple biometric traits of an individual (say, iris, fingerprint, etc.).

These traits are then operated upon to confirm users' identity.

Design Issues with Multimodal Biometric Systems

You need to consider several factors while designing a multimodal biometric

system:

 The level of security you need to bring in.

 The number of users who will use the system.
 Types of biometric traits you need to acquire.
 The number of biometric traits from the users.
 The level at which multiple biometric traits need integration.
 The technique to be adopted to integrate the information.
 The trade-off between development cost versus system performance.

Biometric Modality Selection

To be able to select a proper biometric system, you need to compare them in

various aspects. You need to assess the suitability of the systems to your
requirements in terms of convenience, system specifications and performance, and
your budget.

You can select the most suitable biometric system by studying various criteria for
their effectiveness.

43
(We stopped here)Criteria for Effective Biometric System

There are seven basic criteria for measuring effectiveness of a biometric system:

 Uniqueness: It determines how uniquely a biometric system can recognize a

user from a group of users. It is a primary criterion.
 Universality: It indicates the requirement for unique characteristics of each
person in the world, which cannot be reproduced. It is a secondary criterion.
 Permanence: It indicates that a personal trait recorded needs to be constant
in the database for a certain time period.
 Collectability: It is the ease at which a person's trait can be acquired,
measured, or processed further.
 Performance: It is the efficiency of the system in terms of accuracy, speed,
fault handling, and robustness.
 Acceptability: It is user-friendliness, or how good the users accept the
technology such that they are cooperative to let their biometric trait capture
and assess.
 Circumvention: It is the ease with which a trait is possibly imitated using
an artifact or substitute.

BIOMETRIC DATA
Biometric systems store different types of data.
 Raw Data: Original biometric samples captured by the sensor.
Example: Raw fingerprint image, Raw face image
 Template Data: A mathematical representation of biometric features
extracted from raw data. Templates are stored in the database rather than in
the raw image.
Advantages:
Faster matching
Improved security

Data Methods
Methods used to process biometric data include:
Feature extraction

44
 Pattern recognition
Classification algorithms

BIOMETRIC MATCHING BASICS

Biometric matching uses templates to convert an image of a biometric trait, such as
a fingerprint or iris image, into a searchable set of data. This process is known as
the Minutia Extraction process. For a fingerprint image, points of interest such as
where fingerprint ridges end, converge, or split are marked by an algorithm or
human fingerprint examiner. These points are then mapped in relation to the center
of the fingerprint. The resulting map of minutia points is simply a set of
coordinates that computers can instantly search using matching algorithms that
return scores that indicate how closely sets of data match. If the score is above an
established threshold, the fingerprints are determined to be from the same finger.
Biometric systems compare input samples with stored templates.
 Enrollment: The process of registering a user into the biometric system
Steps:
Capture biometric data
Extract features
Create template
Store template in database

 Authentication: The process of verifying a user's identity using biometric

data.
 Correct User: A legitimate user attempting authentication.
 Incorrect User: An impostor trying to access the system.

MATCH THRESHOLD AND MATCHING PERFORMANCE

A match threshold determines whether two biometric samples match.
If similarity score ≥ threshold → Accept
If similarity score < threshold → Reject

Setting Threshold
Threshold affects: System accuracy, Security level

45
Lower threshold → more access but more risk
Higher threshold → stricter security

ERROR RATES IN BIOMETRIC SYSTEMS

Biometric systems are evaluated using error rates.
 False Acceptance Rate (FAR): Probability that an impostor is accepted.
 False Rejection Rate (FRR): Probability that a legitimate user is rejected.
 Equal Error Rate (EER): Point where FAR = FRR
Note: Lower EER indicates better system performance.

Ground Truth: Ground truth refers to accurate reference data used to evaluate
biometric algorithms.

Performance Graphs: Common graphs include:

ROC Curve (Receiver Operating Characteristic)
DET Curve (Detection Error Tradeoff)

BIOMETRIC DATA STORAGE

Biometric data must be securely stored. Storage includes:
Biometric templates
Transaction logs
Quality information

Transactions: A transaction refers to each biometric operation performed by the

system.
Examples:
Enrollment transaction
Authentication transaction

Quality Upgrades
Improving biometric image quality through:
Noise reduction
Image enhancement
Feature refinement

46
DATA SECURITY AND INTEGRITY
Biometric systems must protect stored data. Security measures include Encryption,
Secure databases, Access control

Data Integrity
Data integrity ensures that biometric data is not altered or corrupted. Methods
include:
Hash functions
Digital signatures

PRIVACY ISSUES IN BIOMETRICS

Biometric data is highly sensitive. Privacy concerns include Unauthorized
surveillance, Identity theft, Misuse of biometric databases
Solutions include Data protection policies, Secure storage, User consent
mechanisms

APPLICATIONS OF BIOMETRICS
Biometrics are used in many sectors. Examples:
Government: National identity systems
Security: Airport border control
Banking: Biometric ATM authentication
Mobile Devices: Fingerprint phone unlocking

FUTURE TRENDS
Future developments include AI-based biometric recognition, Behavioral
biometrics, Continuous authentication, Contactless biometrics etc.

CHALLENGING ISSUES IN BIOMETRICS

 Recognition of Accuracy: Environmental conditions may affect accuracy.
Example: Poor lighting, Low-quality fingerprints
 Security Strength: Biometric systems must resist: Spoofing attacks,
Database breaches

47
 Alternatives to Passwords: Biometrics is replacing traditional
authentication methods such as Passwords, PIN codes, Smart cards

48