Nothing to remember
tarix 07.03.2017 ölçüsü 462 b. #10535
Nothing to remember Passive Nothing to type, no devices to carry around Can’t share (usually) Can be fairly unique … if measurements are sufficiently accurate Goal: associate an identity with an event Example: a fingerprint at a crime scene Key question: given a particular biometric reading, does there exist another person who has the same value of this biometric? Goal: verify a claimed identity Example: fingerprint scanner to enter a building Key question: do there exist any two persons who have the same value of this biometric? Biometric passports, fingerprints and DNA on objects… Even random-looking biometrics may not be sufficiently unique for authentication Potentially forgeable Revocation is difficult or impossible “Fraud rate” vs. “insult rate” “Fraud rate” vs. “insult rate” Fraud = system accepts a forgery (false accept) Insult = system rejects valid user (false reject) Increasing acceptance threshold increases fraud rate, decreases insult rate For biometrics, U.K. banks set target fraud rate of 1%, insult rate of 0.01% [Ross Anderson] Common signature recognition systems achieve equal error rates around 1% - not good enough! Face recognition (by a computer algorithm) Face recognition (by a computer algorithm) Error rates up to 20%, given reasonable variations in lighting, viewpoint and expression Fingerprints Traditional method for identification 1911: first US conviction on fingerprint evidence U.K. traditionally requires 16-point match Probability of a false match is 1 in 10 billion No successful challenges until 2000 Fingerprint damage impairs recognition Ross Anderson’s scar crashes FBI scanner Iris scanning Irises are very random, but stable through life 256-byte iris code based on concentric rings between the pupil and the outside of the iris Equal error rate better than 1 in a million Hand geometry Used in nuclear premises entry control, INSPASS (discontinued in 2002) Voice, ear shape, vein pattern , face temperature Criminal gives an inexperienced policeman fingerprints in the wrong order Criminal gives an inexperienced policeman fingerprints in the wrong order Record not found; gets off as a first-time offender Ross Anderson: in countries where fingerprints are used to pay pensions, there are persistent tales of “Granny’s finger in the pickle jar” being the most valuable property she bequeathed to her family Birthday paradox With the false accept rate of 1 in a million, probability of a false match is above 50% with only 1609 samples Clone a biometric without victim’s knowledge or assistance Clone a biometric without victim’s knowledge or assistance Alternative to gelatin Play-Doh fingers fool 90% of fingerprint scanners Suggested perspiration measurement to test “liveness” of the finger Dostları ilə paylaş:
