biometrics_done_badly
Blog

Biometrics done badly

Almas Team
white-bg-block

Biometrics is big business but not all biometric authentication systems work as well as others. Only last week it was reported by The Quint, that the Unique Identity Authority of India (UIAAI) admitted that biometric authentication for government services through the Aadhaar[1] program had a success rate of only 88%.

In 2015 The Election Commission of Pakistan (ECP) shared the results of its first pilot programme in which it used biometric fingerprint machines to verify the identities of voters. The machinery failed to identify 54% of the voters due to the non-availability of fingerprints, invalid and blocked identify cards and callused fingers which made for inferior quality prints which the system could not recognise. Another more serious failure in biometrics occurred in 2013 during the Kenyan elections, where 75% of the machines failed to work, forcing officials to switch to manual methods. This caused rioting and violence. A similar issue plagued the elections in Ghana, causing delays, confusion and protests.

Accuracy is important

One of the most key factors in the success of a biometric system is its accuracy. This is a measure of how well the system can correctly match the biometric information from the same person and avoid falsely matching biometric information from different people. The measurement of biometric accuracy is usually expressed as a percentage or proportion, with the data coming from simulations, laboratory experiments, or field trials. There are four main measures of biometric accuracy:

 

True Acceptance Rate (TAR) / True Match Rate (TMR): this measure represents the degree that the biometric system can correctly match the biometric information from the same person. Good systems will maximise this measure.

False Acceptance Rate (FAR) / False Match Rate (FMR): this measure represents the degree or frequency where biometric information from one person is falsely reported to match the biometric information from another person. Good systems will minimise this measure.

True Rejection Rate (TRR) / True Non-Match Rate (TNMR): this measure represents the frequency of cases when biometric information from one person is correctly not matched to any records in a database because, in fact, that person is not in the database. Good systems will maximise this measure.

False Rejection Rate (FRR) / False Non-Match Rate (FNMR): this measure represents the frequency of cases when biometric information is not matched against any records in a database when it should have been matched because the person is, in fact, in the database. Good systems will minimise this measure.

The success of a biometric system

The success of a fingerprint biometric system depends on many factors, but with so many types on the market, it isn’t always easy to decide which system will work best. Several different technologies are available to capture fingerprints – from manual methods traditionally used in forensic science to the advanced active capacitive technology used in the sensors from Finger Print Cards, Apple and Synaptics. The unique characteristics of a fingerprint can be read by optical, capacitive, ultrasonic, thermal or piezo-electrical sensors types, each type having its own benefits and drawbacks.

Strengths and weaknesses

If you are thinking of investing in a fingerprint recognition system, it is important to understand the strengths and weaknesses of different systems, as well as considering specifications, convenience, usability, acceptability, effectiveness and budget. Cheap biometric devices may seem like a great idea but are a false economy, being highly likely to have low-quality image capture, high error rates, poor encryption and weak security. Understanding how data is captured, processed and stored is important because of the impact that this has on the usability of the system.

Security is obviously one of the most fundamental factors in biometrics. There is often a trade-off between high security and user convenience. A thorough assessment of how secure a system is does not only encompass how well the uniqueness of the biometric identifier can be read and matched, it also must include possible illegal access to the processing engine – hacking – and if it can be fooled by someone simulating the biometric identifier – spoofing.

There are three main types of biometric data which can be captured:

  • Raw data, consisting of recognisable data such as the image of a face or fingerprint
  • Encrypted data, consisting of data that can be used to generate an image
  • Encrypted partial data, consisting of partial data from an image, which is encrypted and cannot be used to recreate the complete original image

Cheap biometric fingerprint systems often use raw data, which is the least secure type of data. The most secure method, using encrypted partial data, stores a mathematical representation of each fingerprint (a ‘template’). For data to be secure, templates should then be stored within a Trusted Execution Environment (TEE), where the algorithms involved in the authentication process are also run. Processing data in this way enhances security as it keeps the biometric data as well as the processes away from potential hackers and viruses.

Fingerprint recognition does not entirely depend on algorithms, however, as these only make use of what is presented, i.e. the scanned biometric image. Inferior quality fingerprint images make recognition difficult and increase the risk of a high False Rejection Rate (FRR), which in turn can affect the overall performance of a biometric system. So, while algorithms play a role in the performance of a biometric system, quality imaging of biometric features always remains a key factor.

Enrollment and matching

Fingerprint recognition is composed of two phases, the enrolment phase and then matching, while the algorithms applied play a significant part in security, it is a good quality biometric template created initially and then the matching process that combines to give the best results. Inferior quality fingerprint images make recognition difficult and increase the risk of a high False Rejection Rate (FRR), which in turn can affect the overall performance of a biometric system. So, while algorithms play a role in the performance of a biometric system, quality imaging of biometric features always remains a key factor.

High image quality allows for smaller sensors and a lower cost since more details are captured per area unit. The image quality depends on the sensors ability to detect weak signals and filter out undesired noise, preferably without requiring too long and cumbersome “exposure” of the fingerprint. Most biometric systems measure quality using the parameter Failure to Enrol (FTE). Failures can be caused by wet fingers or damaged skin. The best quality images come from ultrasonic and active capacitive sensors which read the dermal skin layer which is more distinct and less from to distortion than the outer epidermal layer. Cheap biometric readers often use optical sensors which are prone to spoofing, bulky, sensitive to contamination and prone to wear with age.

As market leaders, innovators, manufacturers and installers of fingerprint and vein technology systems, Almas Industries are well placed to help businesses with all aspects of biometric control and security. Our systems are effective, highly secure and easy to operate. You can arrange your free, no obligation security survey by calling us on 0333 567 6677. If you prefer, you can always send a confidential email via [email protected]

[1] The Aadhaar digital biometric system is mandatory for vital government and public services but has no data or privacy protection legislation

bg-bigtopography-light