Biometrics and their use in e-passports
Introduction
In our networked society one of the most crucial questions in many transactions or engagements is the identity of the entity (person) with whom the transaction is being conducted. Historically our acquaintances are very much local: personal relationships, face-to-face contract signings, notaries, and third party counsels are used to help establish trust in our communications. As a result of ongoing globalization and the shift to electronic transactions and documents, advanced electronic and secure measures to authenticate before engaging in the exchange of information, goods, and services is required.
Biometrics is a key fundamental security mechanism, which links the identity of an individual to a physical characteristic or action of that individual, using methods which focus upon the individual variations between members of a given population. Possibilities that are being exploited include fingerprints, facial recognition, speaker verification, dynamic signature recognition, iris and retinal scanning, hand geometry and keystroke dynamics. Biometrics can be used as an accurate electronic identifier making it a powerful tool for contemporary authentication processes, offering convenience to the user, not having to remember a password or PIN or carry a passport, although the use of these as supplementary authentication mechanisms or a back-up in case of failure of the biometric is needed in many applications.
The number of biometrical applications [6] is fast growing, with a major part of the biometrical systems being governmental applications seeking for higher accuracy and security in the verification of citizen identity as can be seen from Fig. 1. In 1997 Bill Gates envisaged in PC WEEK Online October 8: “Biometric technologies – those that use human characteristics such as fingerprint, voice and face recognition – will be the most important IT innovations of the next several years.” In fact the introduction of a biometrical passport by the European Union, August 2006, can be regarded as one of the largest IT operations in the Union so far. Possible Achilles heel is the security of the proposed technology and possible misuse of the identity information (privacy).
In this paper we will elaborate on the strengths, weaknesses, opportunities, and threats (SWOT) of a typical biometric application, namely the biometrical passport as introduced by the EU on August 28, 2006. This paper is organized as follows. In Section 2 we will explore the fundamental components of a biometrical system, followed by a more elaborated view on finger and face recognition and multi-modal biometrics in Section 3. Section 4 discusses the choices made by the introduction of a biometric passport in The Netherlands w.r.t. privacy and security, followed by a discussion and conclusions in Section 5.
Section snippets
Biometrical systems
A biometric system consists of several components: sensors to capture the presented biometric, feature extractors to compute salient features from the input signals, a matcher which compares the different features and a decision module, responsible for accepting or rejecting predefined hypotheses, see Fig. 2. A biometric system can be designed to use one of two possible hypotheses [9]: (a) the submitted sample is one of an individual known to the system, or (b) the submitted sample is not known
Biometrics and e-passports
Initiatives to use biometrics in order to combat look-alike fraud have gained impetus form the 9/11 attacks. As a result, the US required that countries that wished to continue to participate in the visa waiver program need to provide their citizens with machine readable travel documents (MRTDs) with digital photographs. The deadline for introduction, used for instance by the European Union (EU), was 28 August 2006. The EU has decided to additionally include finger biometrics in its passports
Privacy, security and biometric passports
Modern passports are hard to forge because of the many protection mechanisms that are embedded. Larger criminal organizations often have many stolen (genuine) passports in stock. When a member needs false identity papers, a close match with an available passport is sought. The resulting fraudulent use is called look-alike fraud, or identity fraud. It may also happen if a valid passport is temporarily given to someone else voluntarily, for instance to obtain entry into a country.
The machine
Conclusion and discussion
Public perception is often confused: The advantages of electronic authentication technologies like biometrics are often overshadowed by limitations for secure and private storage of (identity) data in the consequent applications and are sometimes referred to as “the big brother scenario”. Often heard as main concern is the risk of identity theft, for instance after “bio-phishing”: surreptiously obtaining a persons biometrics in order to pretend to be that person. This may result in debts, false
References (32)
- et al.
Active shape models – their training and application
Computer Vision and Image Understanding
(1995) - et al.
Recognizing faces with PCA and ICA
Computer Vision and Image Understanding
(2003) - ...
- ...
- ...
- ...
- ...
- A. Albrecht, M. Behrens, T. Mansfield, M. McMeechan, M. Rejman-Greene (Ed.), M. Savastano, C. Schmidt, B. Schouten, P....
Face Image Analysis by Unsupervised Learning
(2001)- S.M. Bellovin, M. Merritt, Encrypted key exchange: password-based protocols secure against dictionary attacks, in:...