Nothing to remember



Yüklə 462 b.
tarix07.03.2017
ölçüsü462 b.
#10535



Nothing to remember

  • Nothing to remember

  • Passive

    • Nothing to type, no devices to carry around
  • Can’t share (usually)

  • Can be fairly unique

    • … if measurements are sufficiently accurate


Goal: associate an identity with an event

  • Goal: associate an identity with an event

    • Example: a fingerprint at a crime scene
    • Key question: given a particular biometric reading, does there exist another person who has the same value of this biometric?
  • Goal: verify a claimed identity

    • Example: fingerprint scanner to enter a building
    • Key question: do there exist any two persons who have the same value of this biometric?
      • Birthday paradox!


Private, but not secret

  • Private, but not secret

    • Biometric passports, fingerprints and DNA on objects…
  • Even random-looking biometrics may not be sufficiently unique for authentication

    • Birthday paradox!
  • Potentially forgeable

  • Revocation is difficult or impossible





“Fraud rate” vs. “insult rate”

  • “Fraud rate” vs. “insult rate”

    • Fraud = system accepts a forgery (false accept)
    • Insult = system rejects valid user (false reject)
  • Increasing acceptance threshold increases fraud rate, decreases insult rate

  • For biometrics, U.K. banks set target fraud rate of 1%, insult rate of 0.01% [Ross Anderson]

    • Common signature recognition systems achieve equal error rates around 1% - not good enough!


Face recognition (by a computer algorithm)

  • Face recognition (by a computer algorithm)

    • Error rates up to 20%, given reasonable variations in lighting, viewpoint and expression
  • Fingerprints

    • Traditional method for identification
    • 1911: first US conviction on fingerprint evidence
    • U.K. traditionally requires 16-point match
      • Probability of a false match is 1 in 10 billion
      • No successful challenges until 2000
    • Fingerprint damage impairs recognition
      • Ross Anderson’s scar crashes FBI scanner


Iris scanning

  • Iris scanning

    • Irises are very random, but stable through life
    • 256-byte iris code based on concentric rings between the pupil and the outside of the iris
    • Equal error rate better than 1 in a million
  • Hand geometry

    • Used in nuclear premises entry control, INSPASS (discontinued in 2002)
  • Voice, ear shape, vein pattern, face temperature









Criminal gives an inexperienced policeman fingerprints in the wrong order

  • Criminal gives an inexperienced policeman fingerprints in the wrong order

    • Record not found; gets off as a first-time offender
  • Can be cloned or separated from the person

    • Ross Anderson: in countries where fingerprints are used to pay pensions, there are persistent tales of “Granny’s finger in the pickle jar” being the most valuable property she bequeathed to her family
  • Birthday paradox

    • With the false accept rate of 1 in a million, probability of a false match is above 50% with only 1609 samples






Clone a biometric without victim’s knowledge or assistance

  • Clone a biometric without victim’s knowledge or assistance















Alternative to gelatin

  • Alternative to gelatin

  • Play-Doh fingers fool 90% of fingerprint scanners

  • Suggested perspiration measurement to test “liveness” of the finger



Yüklə 462 b.

Dostları ilə paylaş:




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin