A collage of iris scans,

showing the many small details

that make these unique to each
individual. Even identical twins
have different iris scans
(as well as fingertips, of course).
(Photo: University of Cambridge)

Ravi Das

I A I C S

An Introduction to Biometrics
Ever since the tragic events of 11
September 2001, security is a topic
that has received much attention.
We keep hearing in the news about
security increasing at airports and
seaports. There are many solutions
to security. However, there is one
solution that utilises a unique technological approach: Biometrics.
Biometrics leverages physiological
characteristics to identify and verify people. This article reviews in
some detail the biometric technologies that are availabie today, and
what is being envisioned for the
future.

a system that requires precise identification

before it can be accessed or used- That system
could be a sliding door with electronic locking
mechanisms, an operating device, or an application where individual users have their own
rights and permissions.
Of course, this is partly what passwords
have done all along. Passwords determine
identity through user knowledge: If you know

the password, you can gain access to the

system. The proDlem is that a password has
nothing to do with your actual identity. Passwords can be stolen, and users can give their
passwords to others (willingly or under constriction), resulting in a system that is far too
open to far too many people. There is simply no
foolproof way to make password-protected
systems completely safe from unauthorised

Before examining the various biometric technologies, it is important to expand upon the definition of biometrics.

Biometrics Defined
While detective novels and cop shows have
long made us aware that our fingerprints are
unique, perhaps less known is the fact that our
bodies are unique in several other measurable
areas as well. Biometrics technology uses
those points of measurable uniqueness to determine our identities, and acts as a front end to

This is how a facial recognition

system builds a template based
on a variety of measurements.
(Photo; Aurora)

20

Military Technology MILTECH 7/2005

An example of a computer
mouse with built-in fingertip
recognition system.
(Photo: Xelios)
The thermographic image of the
human face is also a unique biometric
feature, and could thus be used
for recognition purposes.
(Photo: internet)

Utilising biometrics for personal authentication is becoming convenient and considerably

more accurate than previous methods such as
the utilisation of passwords or PINs. This is
because biometrics links the event to a particular individual (as already commented, a password or token may be used by someone other
than the authorised user), is convenient (nothing to carry or remember}, accurate (it provides,
for positive authentication), can provide an
audit trail and is becoming socially acceptable
and inexpensive-

intrusion. Nor is there any way for passwordbased systems to determine user identity beyond doubt.
Individuals have physiological features that
make them different from everybody else.
These distinct, physiological features can also
be thought of as "unique identifiers". More specifically, the science of biometrics can be
defined as the process of locating and determining these unique identifiers to identify and
verify people. These unique identifiers include
the distinct features of fingerprints, the various
iris patterns, the blood vessel patterns in the
retina, voice inflections in speech, and the
shape and geometry of the hand and face.
Biometrics are automated methods of recognising a person based on a physiological or
behavioural characteristic. Biometric technologies are becoming the foundation of an extensive array of highly secure identification and
personal verification solutions.
The need for biometrics can be found in federal, state and local governments, in the military, and in commercial applications. Enterprise-wide network security infrastructures,
government IDs, secure electronic banking,
investing and other financial transactions, retail
saies, law enforcement, and health and social
services are already benefiting from these technologies. Biometric-based authentication
applications include workstation, network, and
domain access, single sign-on application
logon, data protection, remote access to resources, transaction security and Web security.
Trust of these electronic transactions is essential to the healthy growth of the global economy. Utilised alone or integrated with other technologies such as smart cards, encryption keys
and digital signatures, biometrics ar set to pervade nearly all aspects of the economy and our
daily lives.

Military Technology MILTECH 7/2005

By early 2005, there was an impressive list of

34 countries that already had a national biometric system in place or were developing it
Australia, the Bahamas, Belgium, Bosnia and
Herzegovina, Brazil, Brunei, Bulgaria, China,
Colombia, Denmark, Estonia, Finland, France,
Gernnany. Greece, Hong Kong, Ireland, Italy,
Lebanon, Malaysia, the Netherlands, New
Zealand, Oman, Pakistan, Philippines, Portugal, Qatar, Russia, Slovakia, Spain, Sweden,
Switzerland, the United Kingdom, and the
United States. The industrial implications are
self-evident. According to the International
Biometric Group, totai biometric industry revenues grew from slightly less than $600 million in
2002 to more than $1.2 billion in 2004, and are
projected to attain $4-6 billion in 2008.

How Biometrics Work

Biometric systems consist of both hardware
and software; the hardware captures the salient
human characteristic(s), and the software interprets the resulting data and determines acceptability.
At the most simple level, biometric systems
operate on a three-step process. First, a sensor
takes an observation. The type of sensor and
its observation will vary by biometric type.
Second, the biometric system develops a way
to describe the observation mathematically and
produce a biometric signature. The method will
again vary by biometric type, but also from vendor to vendor. Third, the computer system inputs the biometric signature into a comparison
algorithm and compares it to one or more biometric signatures previously stored in its database. Other system components, or human
operators, then use these result(s) for other
actions such as allowing or denying access,
sounding an afarm, etc.
The crucial step in building an effective biometric system is enrollment. During enrollment
each user, beginning with the administrator
who controls the system, provides samples of
that system's specific biometric characteristic
by interacting with the scanning hardware. The
system then extracts the appropriate features

from the scan and stores the data as a template. You then interact with the biometric device again, and the system verifies that the data
corresponds to the template. It the software
fails to get a match, more tries may be needed,
just as dictation software learns tc recognise
the user's speech patterns over time. Once this
procedure is complete, the system is operational. The next time you try to access the system, you are scanned by whatever device is
being used (you might be asked to supply a
user name as well), and the hardware passes
the data to the software, which checks the user
templates. If there Is a match, you are granted
access; otherwise, a message reports that the
system can't identify the user.
Let's us now examine in detail a real world
example that utilises biometrics. The technology is fingerprint recognition, and the scenario is
that of verification for physical access entry.
Imagine that you are trying to enter a high-

Sharbat Gula, first photographed In 1984

when aged 12 in a refugee camp in
Pakistan by "National Geographic"
photographer Steve Curry, was traced
18 years later to a remote part of
Afghanistan vi/here she was again photographed by Mr. Curry. Prof. John Daugman,
of the University of Cambridge Computer
Laboratory, established that these protraits
show the same person, by running his
iris recognition algorithms on magnified
images of the eye regions in the two
photographs.
(Photo: University of Cambridge)

security area. Before you can enter this area,

you must first be in the database of people who
are authorised tc enter. To be included into this
database, you must first register your fingerprint through the enrollment process. During
enrollment, a number of pictures are taken of
your fingerprints. These pictures are called
samples, and the samples are then combined
to form one typical sample. A mathematical formula called an extraction algorithm then

Ravi Das is the President of HTG Advance Systems.

Mr. Das' original article has been expanded by MT editorial staff with additional material from a variety of
other open sources. The illustrations sourced "lAEE"
originate from the paper. "An Introduction to Biometnc
Recognition" ba Anil K.Jain, Atun Ross and Salil Prabhakar, that appeared in lAEE Transactions on Circuits
and Systems for Video Technology, Special Issue on
Image-and Video-Based Biometrics, Vol. 14, No. 1.

21

Schematic diagram of the working

principle of a generic biometric system.
(Source: internet)

SerEorDats

>

Find and Process

Biometnc
Information

*
Registration or
Enroinent

extracts the unique features from the sample,

which are stored into a file called an enrollment
template.
Now that you have completed the enrollment
process, you are ready for the next step - the
verification process. With verification, we are
attempting to answer the question "Am I really
whom I claim to be?" Imagine yourself once
again trying to access the high security area. In
order to have authorisation to enter, you must
now verify yourself by placing your finger on
top of the sefisor of the fingerprint scanner. The
sensor will take a picture, or a sample, of your
fingerprint. The extraction algorithm will then
extract the unique features of your fingerprint
and store it into a file called a verification template. The verification template is then compared to the enrollment template to determine
how close the two templates match with each
other, via a mathematical formula called a
matching algorithm. Based on this closeness, a

Block diagrams of enrollment,

verification and identification shown
using the four main modules of
a biometric system, i.e. sensor, feature
extraction, matcher, and system database.
(Source: IEEE]

Sensor Data

Create Template

Find and Process

Siometnc
Information

Authentication
Venficationor
idertificabon

Create Templets

Threshold arxJ
Authenticate

Match and
Generate Score

1
YES

i
NO

number called a score is then computed. If this

score is greater than a value called a threshold
(this value is determined and set by the biometric system's administrator), you are then
authorised to enter the high security area. If the
score is less than the threshold, you are denied
authorisation to enter, and the verification process will repeat again. Although a lot does happen in the enrollment and verification process-

template

Quality
checker

Feature
Extractor
System DB

User interface
Enrollment

es, they only take a matter

of seconds to complete.
It is important to appreciate
the
difference
between verification and
identification. With verification, the system is
attempting to answer the
question "His this person
really who they claim to
be?" The previous example demonstrates verification. With identification,
the system is rather trying
to found a person, that is
supposed to be on its
database. To ascertain
identity, the entire database of biometric templates is searched to
determine if there is a
match between your template and all of the other
templates in the database.
In other words, the biometric system is trying to
recognise you. A perfect example of identification is AFIS (Automated Fingerprint Identification Services) that is used by many law enforcement agencies to track known criminals,
A specific application of the identification
process is the watchtist. In the watchlist tasks,
the biometric system determines If an
individual's biometric signature matches the
corresponding signature of someone on a
watchlist. The individual does not make an
Identity claim, and is some cases does not personally interact with the system in any way.
Examples of the watchlist task could be comparing visitors to a public building against a terrorist database, or comparing "John Doe" in a
hospital to a missing persons list. The main difference between standard identification procedures and the watchltst task is that while in the
former case the person is supposed to be in the
database and the system is trying to identify
him/her, in the latter the question is, "Is this
person in the database? If so, who are they?"

claimed identity

Biometric Technologies
Feature
Extractor

Matcher
(1 match)

one
template
System DB

User interface

True/False

Verification

Feature
Extractor

User interface

Identification

22

Matcher
(N matches)

-a

User's identity or
"user non identified"

System DB

The main biometric technologies available

today include fingertip recognition, hand geometry recognition, facial recognition, voice recognition, and iris/retinal recognition. The hand
geometry and the fingerprint recognition devices have been around the longest. There are
also other technologies which are being
explored today, and wiil be briefly discussed.
Fingertip Recognition
Fingerprint recognition looks at the unique
patterns found on fingertips. A greater variety
of fingerprint recognition devices is available
than for any other biometric. Some emulate the
traditional police method of matching minutiae,
i.e. the points on the fingertips where print ridges end or divide; others use straight pattemmatching devices; and still others are a bit
more unique, including things like moire fringe
patterns and ultrasonics. Some verification
approaches can detect when a live finger is
presented, and some cannot.
Military Technology MILTECH 7/2005

The fingerprint scanners shine a light through

a prism that reflects off the finger to a chargecoupled device (CCD), creating an image that
gets processed by an onboard computer. It's
importani to note that the actual fingerprint
image is not recorded. Instead, the devices
perform a reduction of the image to data points
that describe the fingerprint layout, i,e, a template, A 100% match is not required - only one
that's statistically significant. This lets fingerprint ID work when your print is askew and
even if you cut your finger.
Fingerprinting has a head start over other
biometric security schemes, and the system is
already used in law enforcement. Some advantages ot fingerprint identification are;
- High Accuracy. Fingerprint technology is
accurate; however, a fingerprint scanner
might deny access if you place too much or
too little pressure on it.
- Undemanding. Fingerprinting doesn't significantly drain computing resources-unlike face
recognition (q,v,), which relies on full-motion
video,
- Inexpensive. Fingertip scanners can even be
embedded in keyboards and mice,
- Easy Installation. Fingerprint scanners are as
simpletoset upasa new keyboard and require
no training to use.
As the prices of these devices and processing costs fall, using fingerprints for user verification is gaining acceptance - despite the
common criminal stigma. There are many
applications for the fingerprint recognition technology, but the most popular are network
security, physical access entry, and time and
attendance.
Fingerprint verification may be a good choice
for in-house systems, where you can give users
adequate explanation and training, and where
the system operates in a controlled environment. It is not surprising that the workstation

Military Technology

MILTECH

Performance

Acceptability

Circumvention

Facial thermogram
Fingerprint
Gail
Hand geometry
Hand vein
Iris
Keystroke
Odor
Palmprint
Retina
Signature
Voice

Collectability

['dec

Permanence

DNA
Far

Facial Recognition
Recognising the shapes and positioning of
the features of a person's face is a complex
task, and facial recognition software has only

Distinctiveness

Biometric identifier

access application area seems to be based

almost exclusively on fingerprints, due to the
relatively low cost, small size, and ease of integration of fingerprint authentication devices.
On the other hand, fingertip recognition is
rather invasive as literally a hands-on technology. Also, its simplest forms are rather easy to
spoof (for instance, simply breathing on a lowcost PC mouse with built-in fingertrip recognition device may be enough to fool it), and some
security implications should be carefully pondered. For instance, fingerprint recognition
devices are being introduced on luxury cars,
but in April 2005 a band of car hijackers in
Kuala Lumpur simply chopped off a car's
owner finger to get around the vehicle's hi-tech
security system.

Universality

Comparison of various biometric

technologies (High, Medium and Low).
(Source: lAEE}

The relationship between False

Accept Rate (FAR) and the probability
of verification.
(Source: FBI)

H
M
H
H
M
M
M
M
H
L
H
M
H
L
M

H
M
L
H
H
L
M
M
H
L
H
H
H
L
L

H
H
M
L
H
L
M
M
H
L
H
H
M
L
L

L
M
H
H
M
H
H
M
M
M
L
M
I,
H
M

H
M
L
M
H
L
M
M
H
L
L
H
H
L
L

L
H
H
H
M
H
M
M
L
M
M
M
L
H
H

L
M
H
L
M
M
M
L
L
M
L
M
L.
H
H

7/2005

recently begun to accomplish it. First a camera

captures the image of a face, and then the software extracts pattern information it can compare with user templates. Face recognition
uses one of two techniques. The first compares
feature sizes and relationships, such as nose
length and the distance between your eyes.
The second method matches your most significant image data, like the size and shape of
your nose, ears, eyes and mouth with a record
of your face stored in a database.

Tbe minutiae in a fingertips used by a

recognition system to create the template.
(Photo: CNR)
With either method, no one has to share a
potentially grimy finger scanner. Better yet.
face recognition is completely unobtrusive and
requires no special action from the subject: the
system captures your face in moving video,
isolates features, and identifies them on the fly.
And, the system is smart enough to recognise
your face even if you forgot to shave or your
eyes are bloodshotFacial recognition is highly accurate, and furthermore the software provides an audit trail with time, date, and face print - of anyone trying to break into the security system. On the
other hand, the system is rather expensive, it is
complex to set up, and is demanding in terms
of computing power. Facial recognition also
has some shortcomings when trying to identify
individuals in different environmental settings
(such as changes in lighting or/and changes in
the physical facial features of people, such as
new scars). Also, of all of the biometric technologies, facial recognition has to deal the most
with privacy rights issues.
These aspects have slowed down its widespread acceptance. Popular applications for
facial recognition include surveillance at airports, major athletic events, and at gambling
casinos.

23

Iris/Retinal Recognition
The two eye-based systems, iris and retina,
are generally considered to offer the best
security, because of tbe distinctiveness of the
patterns and the quality of tbe capture devices.
Further, the structure of the iris and the retina
rarely change over the lifetime of an individual.
There has been some confusion between iris
and retinal recognition, in tbat tbe two are
apparently similar. However, the two technologies are very much different.
TTie pattern of the iris (the band of tissue that
surrounds tbe pupil of the eye) is complex, with
a variety of characteristics unique in each person. Iris-based biometric involves analysing
features found in the colored ring of tissue that
surrounds tbe pupil. Iris scanning, undoubtedly
the less intrusive of the eye-related biometrics,
uses a fairly conventional camera element and
requires no close contact between the user and
tbe reader. In addition, it has the potential for
higher than average template matching performance. Iris biometrics work with glasses in
place and is one of the few devices that can
work well in identification mode. On the other
hand, ease of use and system integration have
not traditionally been strong points with iris
scanning devices, but you can expect improvements in tbese areas as new products emerge.
Some popular applications for ihs scanning
are verifying employees, and expediting the
immigration process for incoming passengers

at airports. Also, iris recognition has been used

to identify refugees seeking humanitarian aid in
Afghanistan.
Retina recognition is probably the single
most secure of all biometric systems. It works
with the retina, the layer of blood vessels located at the back of the eye near the optic nerve.
This technique involves using a low-intensity
light source through an optical coupler to scan
the unique patterns of the retina. The only thing
that is actually determined is the pattern of the
blood vessels, but since this pattern is unique
in each person, identification can be precise.
Retinal scanning can be quite accurate, but
the retinal image is difficult to capture and during enrollment the user must look into a receptacle and focus on a given point while holding
very still so the camera can perform the capture
properly. This is not particularly convenient if
you wear glasses or are concerned about having close contact with the reading device. For
these reasons, retinai scanning is not warmly
accepted by all users, even though the technology itself can work well.
Retinal recognition is used for high security
physical access entry, such as nuclear and
government installations, where user's acceptance is not a matter for particular concern.

Finger Geometry Recognition

These devices are similar to hand geometry
systems. The user places one or two fingers
beneath a camera that captures the shapes
and lengths of the areas of the finger and the
knuckles. The system constructs a three dimensional image and matches the data against
the stored templates to determine identity.

Hand Geometry Recognition

With the hand geometry system, the user
aligns a hand according to guide marks on a

Palm Recognition
Similar to fingerprint recognition, palm biometrics (not to be confused with hand geome-

hand reader hardware, and the reader captures

a three-dimensional Image of the fingers and
knuckles and stores the data in a template.
Hand geometry has been around for several
years, and it was used for a security system at
the 1996 Olympic Games. It offers a good balance of performance characteristics and is relatively easy to use. Accuracy can be very high
if desired and flexible performance tuning and
configuration can accommodate a wide range
of applications. Further, ease of integration into
otber systems and processes makes hand
geometry an obvious first step for many biometric projects. Hand geometry might be suitable where there are more users or where users
access the system infrequently and are perhaps less disciplined in their approach to the
system. The most popular applications so far
are are time and attendance recording.

Examples of biometric characteristics that are or could be used for biometric systems: a) DNA, b) ear, c) face,
d) facial thermograph, e) hand thermograph, f) hand vein, g) fingerprint, h) gait, i) hand geometry, j) iris, k) palmprint, I) retina, m) signature,
and n) voice.
(Source: lAEE)

24

Military Technology MILTECH 7/2005

try!) focuses on the various textures, such as

ridges and other minutiae, found on the palm.

Top; A fingerprint lock

system.
(Photo: Smarthome)

Voice Recognition
The voice recognttion method captures the
sound of the speaker's voice as well as the linguistic behaviour. Its primary use is in teiephone-based security applications, but its
accuracy can be affected by such things as
extraneous noises and the effects of illness or
fatigue on the voice. One obvious problem with
voice recognition is fraud: The system can be
fooled by a tape of someone's voice. For this
reason, advanced voice systems can extend
the verification process by giving the user longer and more difficult phrases to read aioud, or
requesting a different phrase to be read each
time. This does increase the time needed for
verification, however, and thus cuts into the
system's overall usability.

Middle: IGI Infinite

Group and Ultra-Scan
Corp. have developed
an innovative fingertip
technology based on
ultrasonic scanning.
This is claimed to raise
scanning accuracy
to levels previously
unattainable within
the industry.
(Photo: IGI)

The problem is that our

signatures vary significantly over time and from one
instance to another, so
strong accuracy requires
multiple samples and an
extended verification process.

Voice authenticators use a telephone or

microphone to record a user's voice pattern,
then use that pattern to validate the person.
Since these software systems rely on very lowcost devices, they are generally the least
expensive systems to implement for large numbers of users. The standard caveats learned
from voice dictation systems apply here. These
devices must be able to work with background
noise and the variability of off-the-shelf microphones.
Signature Recognition
Signature verification systems have one
major thing going for them: public acceptance.
On everything from the Declaration of Independence to a credit card slip, people tend to
accept a person's signature as proof of identity.

Schematic organisation of an iris

scan fingertip recognition system.
(Photo: Ouatech}

Actually, signature recognition systems, also

called dynamic signature verification systems,
go far beyond simply looking at the shape of a
signature: They measure both the distinguishing features of the signature as such, and the
distinguishing features of the process of signing. These features include pen pressure,
speed, and the points at which the pen is lifted
from the paper. These behavioural patterns are
captured through a specially designed pen or
tablet (or both) and compared with a template
of process patterns.

Bkxnvtrtc Acc*ss
Control Cofwol*

Keyboard Dynamics
Keyboard dynamics is a
specific biometric technology for computer access
security. It measures the
dwell time (the length of time you hold down
each key) as well as flight time (the time it takes
you to move between keys). Taken over the
course of several login sessions, these two
metrics produce a measurement of rhythm
unique to each user. Once the biometric data is
collected, it is encrypted and stored (locally In
the case of the desktop-only products, or in a
central database for the netvi/ork solutions).
When a user tries to log on, the software compares the incoming biometric data against the
stored data. Biometrics template can also be
stored in a smart card which offers "personal
confidentiality" as the template need not be
stored in a central server (or service providers).
Other Technologies
There are other biometric technologies that
are being examined today, but there are no
commercial applications available yet. Researchers are developing or examining the feasibility of systems based on the analysis of
DNA (currently too slow to be of real use), vein
patterns, thermograms (facial, hand or hand
veins), gait recognition (the way people walk),
earlobe recognition, brain mapping, and even
bodily odours.

Limitations of Biometrics
QuatMh ESE-100O,
8 Port RS-232 Strtal Ovtc

Ethmt

Security ofRct strvtr

and authnticJt0t data

Military Technology

MILTECH

7/2005

The success of a biometric system is measured according to a number of criteria, and

each technology has both strengths and weaknesses. The most important criteria are concerned with accuracy, and involve the concepts of the False Reject Rate (also referred to
as FRR or Type t Errors), and the False Accept
Rate (a,k.a. FAR or Type 2 Errors). The False
Reject Rate can be defined as the probability of
a registered user being improperly denied
authorisation by the biometric system. For
example, in the verification scenario, what are

25

other kinds of security systems, because

they're based on users' actual physical characteristics, not on what they knovi/ (as with passwords) or what they're carrying (such as ID
badges).
Biometrics success is also judged via a number of other factors. Vulnerability to fraud, also
known as barrier to attack, reflects how likely it
is that a person can fraudulently get past the
security (see below). Long-term stability deals
with issues such as whether a system is useful
for very infrequent users, as welt as whether or
not users' characteristics alter over time. Other
effectiveness measures can include factors
that might interfere with the system, its size and
its ease of use.

Vulnerability
The dots represent the main measurement
points for a facial recognition system.
(Photo: Automa)

The Handpunch 2000 hand geometry

recognition system
by Recognition Systems Inc.
(Photo: Recognition Systems)

the chances that a legitimate, registered user

will be denied access to the high security area
by the fingerprint scanner? The False Accept
Rate can be defined as the probability of an
impostor being granted authorisation by the
biometric system. For example, once again
referring to the verification scenario, what are
the chances that an impostor will be granted
access to the high security area by the fingerprint scanner?

separated entities; rather, they are connected

with each other. If we raise the verification
threshold, the FAR decreases, but the probability of correct verification also decreases. If we
lower the verification threshold, the probability
of correct verification increases, but so does
the False Accept Rate.
The False Accept Rate and the False Reject
Rate are two common criteria used in evaluating the performance of biometric systems, and
biometric product vendors often cite them in
their product descriptions. However, they don't
present a complete picture. The fact is,
people's physical traits change over time,
especially with alterations due to accidents or
aging. And even in the short term, problems
can occur because of humidity in the air, dirt
and sweat on the user (especially with finger or
hand systems), and inconsistent ways of interfacing with the system, such as not taking
enough time for the system to make an accurate identification. Further, users of biometric
systems, like the users of all systems, must be
trained to use them most efficiently.

It is important to appreciate that the FRR and

FAR are dependent not only on the technology
being used and the characteristics and performance of the specific systems, but also and
indeed critically on the threshold level as established by the administrator. Ideally, we vi/ould of
course like to be able to set our threshold so
that the probability of verification is 100% and
both the FRR and FAR are 0%. Unfortunately,
that is not possible, so we must compromise.
This compromise is a bit difficult, because the
probability of verification and the FAR are not

Denomination of the main points in the iris

that are useful for recognition purposes.
(Photo: University of Cambridge)

The ease by which a biometric system can

be defeated or spoofed determines its vulnerability. This encompasses a number of different
considerations, including:
- Liveness. Examples include spoofing a face
recognition device using a picture of an
authorised person, or a tape recording of an
authorised person's voice on a speaker recognition system;
- Deception. Exampfes include an imposter
attempting numerous hand geometry pin
numbers until he finds one for which his hand
is a sufficient match, or a latex glove with the
fingerprints of an authorised person molded
into it;
- Data Security. The template information of
some netvi/orked biometric sensors is trans-

These and other issues limit the accuracy of

biometric devices. Still, there's little doubt that
biometric systems are more accurate than

crypts

radial furrowi

pigment frill

pupilary area
ciliary area

collarette
26

An hand geometry recognition machine

at the Ben Gurion Airport in Tel Aviv.
(Photo: Recognition Systems)
Military Technology

MILTECH

7/2005

Retina recognition
systems are arguably
the most secure
of all biometrics.
However, they are not
immune from user's
acceptance problems.
(Photo: biometricwatch)

mitted to a processor for analysis. Data security in this context refers to the interception and
subsequent misuse of this data to circurTivent
the system;
- Physical. The manner in which an unattended
device is installed may render it vulnerable to a
physical attack in an effort to defeat it. Some
devices used in access control applications
have built-in relays that unlock portals, so
opening the device and shorting these contacts vi/ouid be one way to defeat the system.

Position and structure

of the retina.
(Photo: biometricwatch)

Muitimodal Biometric Systems

Some of the limitations inherent with unimodal biometric systems can be overcome by
using multiple biometric technologies or/and
modalities (such as face and fingerprint of a
person, or multiple fingers of a person). Such
systems, known as multimodal biometric sys-

A facial recognition system running

an identification procedure.
(Photo: intemet)
Control Databast

tems, are expected to be more reliable due to

the presence of multiple, independent pieces of
evidence. These systems are also able to meet
the stringent performance requirements imposed by various applications. Further, multimodal biometric systems provide anti-spoofing
measures by making it difficult for an intruder to
simultaneously spoof the multiple biometric
traits of a legitimate user. By asking the user to
present a random subset of biometric traits

The Retina

Vnw

optic Nerve Head

5AFAEL^> Muiti Biometric Login

Identification

I Input data

#11
I

Military Technology MILTECH 7/2005

(e,g., right index and right middle fingers, in that

order), the system ensures that a "live" user is
indeed present at the point of data acquisition.
Thus, a challenge-response type of authentication can be facilitated using multimodal biometric systems,
A multimodat biometric system can operate
in one of three different modes: serial mode,
parallel mode, or hierarchical mode. In the serial mode of operation, the output of one biometric trait is typically used to narrow down the
number of possible identities before the next
trait is used. This serves as an indexing scheme
in an identification system. For example, a multimodal biometric system using face and fingerprints could first employ face information to
retrieve the top few matches, and then use fingerprint information to converge onto a single
identity. This is in contrast to a parallel mode of
operation where information from multiple traits
is used simultaneously to perform recognition.
This difference is crucial. In the cascade operational mode, the various biometric characteristics do not have to be acquired simultaneously. Further, a decision could be arrived at without acquiring all the traits, which reduces the
overall recognition time. In the hierarchical
scheme, individual classifiers are combined in a
tree-like structure.

Rafael was contracted by the Israeli MoD

to evaluate face recognition technologies
and determine whether these can be
used in the war against terrorism.
The outcome of the study suggested
multimodal biometrics, involving both
face and fingerprint recognition technologies as the most effective solution.
(Photo: Rafael)