Elsevier

Image and Vision Computing

Volume 27, Issue 3, 2 February 2009, Pages 305-312
Image and Vision Computing

Biometrics and their use in e-passports

https://doi.org/10.1016/j.imavis.2008.05.008Get rights and content

Abstract

A successful design, deployment and operation of biometric systems depends highly on the results for existing biometrical technologies and components. These existing technologies as well as new solutions need to be evaluated on their performance. However it is often forgotten that the biometric (iris, finger, face e.g.) is only one part of a fully deployed application. As biometric (sub)systems are often not designed with security and or privacy in mind, system integrators will need to address the requirements of the deployed application in this light. The fears and concerns of a significant segment of the user population need to be addressed as early as possible in the design process, to ensure that appropriate mechanisms are in place to reassure such users. These concerns may relate to privacy or to safety issues, which may be addressed in part through legal and regulatory measures.

This article discusses the requirements, design and application scenario’s of biometrical systems in general and the introduction of a new biometrical passport in The Netherlands in particular. On the one hand it is based on one of the authors’ (BS) lecture notes of the Second International Summer School on “Biometrics for Secure Authentication”, Alghero (IT), Summer 2005 (The summer school is co-organized by the BioSecure network of Excellence in Biometrics and supported by the European Biometrics Forum). On the other hand it is based on the other authors’ (BJ) experiences as external advisor of the Ministry of Internal Affairs in The Netherlands – which is responsible for the introduction of the new passport.

Introduction

In our networked society one of the most crucial questions in many transactions or engagements is the identity of the entity (person) with whom the transaction is being conducted. Historically our acquaintances are very much local: personal relationships, face-to-face contract signings, notaries, and third party counsels are used to help establish trust in our communications. As a result of ongoing globalization and the shift to electronic transactions and documents, advanced electronic and secure measures to authenticate before engaging in the exchange of information, goods, and services is required.

Biometrics is a key fundamental security mechanism, which links the identity of an individual to a physical characteristic or action of that individual, using methods which focus upon the individual variations between members of a given population. Possibilities that are being exploited include fingerprints, facial recognition, speaker verification, dynamic signature recognition, iris and retinal scanning, hand geometry and keystroke dynamics. Biometrics can be used as an accurate electronic identifier making it a powerful tool for contemporary authentication processes, offering convenience to the user, not having to remember a password or PIN or carry a passport, although the use of these as supplementary authentication mechanisms or a back-up in case of failure of the biometric is needed in many applications.

The number of biometrical applications [6] is fast growing, with a major part of the biometrical systems being governmental applications seeking for higher accuracy and security in the verification of citizen identity as can be seen from Fig. 1. In 1997 Bill Gates envisaged in PC WEEK Online October 8: “Biometric technologies – those that use human characteristics such as fingerprint, voice and face recognition – will be the most important IT innovations of the next several years.” In fact the introduction of a biometrical passport by the European Union, August 2006, can be regarded as one of the largest IT operations in the Union so far. Possible Achilles heel is the security of the proposed technology and possible misuse of the identity information (privacy).

In this paper we will elaborate on the strengths, weaknesses, opportunities, and threats (SWOT) of a typical biometric application, namely the biometrical passport as introduced by the EU on August 28, 2006. This paper is organized as follows. In Section 2 we will explore the fundamental components of a biometrical system, followed by a more elaborated view on finger and face recognition and multi-modal biometrics in Section 3. Section 4 discusses the choices made by the introduction of a biometric passport in The Netherlands w.r.t. privacy and security, followed by a discussion and conclusions in Section 5.

Section snippets

Biometrical systems

A biometric system consists of several components: sensors to capture the presented biometric, feature extractors to compute salient features from the input signals, a matcher which compares the different features and a decision module, responsible for accepting or rejecting predefined hypotheses, see Fig. 2. A biometric system can be designed to use one of two possible hypotheses [9]: (a) the submitted sample is one of an individual known to the system, or (b) the submitted sample is not known

Biometrics and e-passports

Initiatives to use biometrics in order to combat look-alike fraud have gained impetus form the 9/11 attacks. As a result, the US required that countries that wished to continue to participate in the visa waiver program need to provide their citizens with machine readable travel documents (MRTDs) with digital photographs. The deadline for introduction, used for instance by the European Union (EU), was 28 August 2006. The EU has decided to additionally include finger biometrics in its passports

Privacy, security and biometric passports

Modern passports are hard to forge because of the many protection mechanisms that are embedded. Larger criminal organizations often have many stolen (genuine) passports in stock. When a member needs false identity papers, a close match with an available passport is sought. The resulting fraudulent use is called look-alike fraud, or identity fraud. It may also happen if a valid passport is temporarily given to someone else voluntarily, for instance to obtain entry into a country.

The machine

Conclusion and discussion

Public perception is often confused: The advantages of electronic authentication technologies like biometrics are often overshadowed by limitations for secure and private storage of (identity) data in the consequent applications and are sometimes referred to as “the big brother scenario”. Often heard as main concern is the risk of identity theft, for instance after “bio-phishing”: surreptiously obtaining a persons biometrics in order to pretend to be that person. This may result in debts, false

References (32)

  • T.F. Cootes et al.

    Active shape models – their training and application

    Computer Vision and Image Understanding

    (1995)
  • Bruce A. Draper et al.

    Recognizing faces with PCA and ICA

    Computer Vision and Image Understanding

    (2003)
  • ...
  • ...
  • ...
  • ...
  • ...
  • A. Albrecht, M. Behrens, T. Mansfield, M. McMeechan, M. Rejman-Greene (Ed.), M. Savastano, C. Schmidt, B. Schouten, P....
  • M.S. Bartlett

    Face Image Analysis by Unsupervised Learning

    (2001)
  • S.M. Bellovin, M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks, in:...
  • R.M. Bolle et al.

    Guide to Biometrics

    (2004)
  • BSI, Advanced security mechanisms for machine readable travel documents – extended access control (eac), Technical...
  • BioSecure consortium, M. Tistarelli (Ed.), Report on state of the art face recognition, Deliverable 7.2.2, 2005....
  • I.J. Cox, J. Ghosn, P.N. Yianilos, Feature-based face recognition using mixture-distance, in: Proc. Int. Conf. Comput....
  • O. Fatakusi, J. Kittler, N. Poh, Quality controlled multimodal fusion of biometric experts, in: Progress in Pattern...
  • R. Hes, T. Hooghiemstra, J. Borking, At face value on biometrical identification and privacy, Dutch Data Protection...
  • Cited by (0)

    View full text