Transcript

1 Ministry of Education of the Republic of Belarus Educational Institution “Belarusian State University of Informatics and Radioelectronics” Department of Information Security A. M. Prudnik, G. A. Vlasova, Ya. educational and methodological manual for the specialty “Information Security in Telecommunications” Minsk BSUIR 2014

2 UDC: (076) BBK 5ya ya73 P85 REVIEWERS: Department of Automated Troop Control Systems of the Educational Institution “Military Academy of the Republic of Belarus” (protocol 11 from); Dean of the Faculty of Telecommunications of the Educational Institution "Higher State College of Communications", Candidate of Technical Sciences, Associate Professor S. M. Dzherzhinsky Prudnik, A. M. P85 Biometric methods of information security: educational method. allowance / A. M. Prudnik, G. A. Vlasova, Ya. V. Roshchupkin. Minsk: BSUIR, p. : ill. ISBN The issues of ensuring access control and information protection using biometric methods and means, general concepts and definitions of biometrics are considered. A classification is provided, as well as a comparative analysis of the main (fingerprints, hand geometry, iris, facial image, signature, voice) and additional biometric parameters (DNA, retina, etc.), their information signs, and comparison stages. The types of errors in authentication systems are considered. The principles of choosing biometric parameters for access control systems, as well as types of attacks on biometric systems, are analyzed. The presented educational and methodological manual will be very useful for students of telecommunications specialties and specialists in the field of access control and information security. UDC: (076) BBK 5ya ya73 ISBN Prudnik A. M., Vlasova G. A., Roshchupkin Y. V., 2014 EE "Belarusian State University of Informatics and Radio Electronics", 2014

3 CONTENTS 1. AUTHENTICATION AND BIOMETRIC PARAMETERS General concepts about authentication and biometric parameters Authentication protocols Features of authentication methods Hybrid authentication methods Requirements for biometric authentication BASIC BIOMETRIC PARAMETERS Fingerprint recognition Iris recognition Geometry recognition hands Face recognition Person recognition by voice Signature verification ADDITIONAL BIOMETRIC PARAMETERS Identification by DNA Recognition by retina Recognition by thermograms Recognition by gait Recognition by keyboard handwriting Recognition of ear shapes Recognition by skin reflections Recognition by lip movements Identification by body odor MAIN ERRORS OF BIOMETRIC AUTHENTICATION SYSTEMS Comparison Slave Other characteristics of the receiving device (RHPU) Error conditions , specific to biometrics Negative authentication Trade-offs ATTACKS ON BIOMETRIC SYSTEMS Pattern recognition model Attacks on biometric identifiers

4 5.3. Frontal Attacks Deception Internal Attacks Other Attacks Combination of Smart Cards and Challenge-Response Biometrics Abbreviated Biometrics BIOMETRIC PARAMETER SELECTION Biometric Properties Application Properties Evaluation Methods Availability and Price Advantages and Disadvantages of Biometrics Biometric Myths and Misconceptions CONCLUSION LITERATURE

5 1. AUTHENTICATION AND BIOMETRIC PARAMETERS Reliable authentication, i.e. determining the identity of the accessing party, is becoming a necessary attribute of everyday life. Today, people use it when performing the most common actions: when boarding a plane, conducting financial transactions, etc. There are three traditional methods of authentication (and/or authorization, i.e. allowing access to a resource): 1) by ownership of physical objects , such as keys, passport and smart cards; 2) by knowledge of information that must be kept secret and that only a certain person can know, such as a password or passphrase. Knowledge may be relatively sensitive information that may not be secret, such as mother's maiden name or favorite color; 3) according to biometric parameters, physiological or behavioral characteristics, by which people can be distinguished from each other. The three authentication methods can be used in combination, especially with automatic authentication. For example, a bank card as property requires knowledge (password) to carry out transactions; a passport is property with a face image and a signature that refers to biometric parameters. Because items can be lost or tampered with, and knowledge can be forgotten or transferred to another person, methods for determining identity and accessing resources based on knowledge and ownership are unreliable. For reliable identity authentication and secure exchange of information between parties, biometric parameters should be used. A person cannot falsify biometric parameters, lose them, steal them, or transfer them for use to another person without causing injury. Currently, biometric technologies provide the greatest guarantee of identity determination and form the basis of security where accurate authentication and protection from unauthorized access to objects or data are of utmost importance General concepts about authentication and biometric parameters Biometric authentication, or biometrics, is the science of authenticating an individual based on physiological or behavioral distinctive characteristics. Physiological biometrics, such as fingerprints or hand geometry, are physical characteristics that are typically measured at a specific point in time. Behavioral biometrics, such as signature or voice, represent a sequence of actions and last for a certain period of time. 6

6 Physiological biometric parameters are quite diverse and one sample is usually sufficient for comparison. As for behavioral biometrics, a single sample may not provide sufficient information to identify an individual, but the temporary change in the signal itself (under the influence of behavior) contains the necessary information. Physiological (static) and behavioral (dynamic) biometric parameters complement each other. The main advantage of static biometrics is the relative independence from the psychological state of users, the low cost of their efforts and, therefore, the ability to organize biometric identification of large flows of people. Today, six biometric parameters are most often used in automatic authentication systems (Table 1.1). Basic biometric parameters Physiological Fingerprints Iris Hand geometry Face Signature Voice Behavioral Table 1.1 Work is also underway on the use of additional biometric parameters (Table 1.2). Additional biometric parameters Physiological DNA Ear shape Odor Retina Skin reflection Thermogram Gait Behavioral Keyboard handwriting Table 1.2 Biometric parameters have properties that allow them to be used in practice: 1) universality: every person has biometric characteristics; 2) uniqueness: for biometrics, no two people have the same biometric characteristics; 3) constancy: biometric characteristics must be stable over time; 4) measurability: biometric characteristics must be measurable by some physical reading device; 7

7 5) Acceptability: The user population and society as a whole should not object to the measurement/collection of biometric parameters. The combination of these properties determines the effectiveness of using biometrics for information security purposes. However, there are no biometric parameters that absolutely satisfy any of these properties, nor parameters that would combine all of these properties at the same time, especially if we take into account the fifth property of acceptability. This means that there is no universal biometric parameter, and the use of any biometric security method is determined by the purpose and required characteristics of the information system. An information security system based on biometric authentication must satisfy requirements that are often incompatible with each other. On the one hand, it must guarantee security, which implies high authentication accuracy and a low error rate. On the other hand, the system must be user-friendly and provide the necessary computing speed. At the same time, confidentiality requirements must be met. At the same time, the cost of the system must allow for the possibility of its use in practice. Challenges that arise in the development and use of biometric systems also include legal aspects of using biometrics, as well as problems of physical security and data protection, access rights management and system recovery in case of failure. Therefore, any biometric authentication method is the result of many compromises. In all biometric authentication systems, two subsystems can be distinguished (Fig. 1.1): 1) object registration (using several measurements from a reading device, a digital model of a biometric characteristic (biometric template) is formed); 2) object recognition (measurements taken during an authentication attempt are converted into digital form, which is then compared with the form obtained during registration). There are two biometric comparison methods: 1) verification, comparison with a single template selected on the basis of a certain unique identifier that identifies a specific person (for example, an identification number or code), i.e., a one-to-one (1:1) comparison of two biometric templates; 2) identification, comparison of measured parameters (biometric template of a person) with all records from the database of registered users, and not with one of them selected on the basis of some identifier, i.e. That is, unlike verification, identification is a one-to-many comparison (1: m). 8

8 Fig Biometric authentication system Biometric registration (Fig. 1.2) is the process of registering objects in a biometric database. During registration, the biometric parameters of the object are recorded, significant information is collected by the property extractor and stored in the database. Using a specific identification number (a unique combination of numbers), the machine's representation of a biometric parameter is associated with other data, such as a person's name. This piece of information can be placed on an item, such as a bank card. Fig Biometric registration Positive registration registration for verification and positive identification. The purpose of such registration is to create a database of legitimate objects. When registering, an object is given an identifier. Negative registration Negative identification registration is the collection of data about objects that are not allowed in any application. Databases are centralized. Biometric - 9

9 Samples and other identification data are stored in a negative identification database. This can be done forcibly or secretly, without the cooperation of the target himself or his consent. Registration is based on user information in the form of “hard data,” that is, from official documents or other reliable sources such as birth certificates, passports, pre-existing databases, and government criminal databases. Establishing similarities is done by humans, which is a potential source of error. The task of the authentication module is to recognize the object at a later stage and identify one person among many others, or verify the identity by determining the coincidence of its biometric parameters with the specified ones. For identification, the system receives a biometric sample from the object, extracts significant information from it and searches the database for records matching it. For biometric identification, only biometric characteristics are used. In Fig. Figure 1.3 shows the main blocks that make up a biometric identification system. The patterns from the database are compared with the submitted sample one by one. At the end of the procedure, the system produces a list of identifiers that are similar to the entered biometric parameter. Fig. Biometric identification The identification system can operate in two different modes: 1) positive identification (the system determines whether a given person is registered in the database. In this case, errors of false access or false access denial may be made. Similar to verification); 2) negative identification (the system checks the absence of an object in some negative database. This could be, for example, a database of wanted criminals. Similarity omission errors (false denial) and similarity errors (false confession) may occur. Biometric verification differs from identification in that the submitted biometric samples are compared with one registered 10

10 entry in the database. The user provides some property that points to one biometric template from the database. Fig. Biometric verification For verification, the object represents some identifier (identification number, bank card) and biometric parameters. The system reads biometric indicators, highlights certain parameters, compares them with the parameters registered in the database under the user’s number. The system then determines whether the user is who he claims to be or not. Presentation of the unique identifier in Fig. 1.1 is shown with a dotted arrow. There are centralized and distributed databases. A centralized database stores biometric information of all registered objects. A distributed database stores biometric information in a distributed form (for example, on smart cards). The object provides the system with one biometric template recorded on some medium, for example on a smart card. The biometric system compares this template with the biometric template provided by the person. In practice, many systems use both types of databases - distributed for daily offline verification and centralized for online verification or for re-issuing cards in case of loss without re-measuring biometric parameters. The vast majority of people believe that the database stores samples of a person's fingerprint, voice, or picture of the iris of his eye. But in fact, in most modern systems this is not the case. A special database stores a digital code that is associated with a specific person who has access rights. A scanner or any other device used in the system reads a certain biological parameter of a person. Next, it processes the resulting image or sound, converting it into digital code. It is this key that is compared with the contents of a special database for personal identification. eleven

11 Thus, the basis of any biometric system is sensing (unique information is taken from a physical and/or behavioral sample and a biometric sample is compiled), matching (the submitted sample is compared with a stored sample from the database) and decision making (the system determines whether the biometrics match samples and makes a decision on repeating, ending or changing the authentication process) Authentication protocols The operation of any authentication system is implemented according to a specific protocol. A protocol is a specific sequence of steps of two or more parties who are going to solve a problem. The order of the steps is very important, so the protocol governs the behavior of both parties. All parties agree to the protocol, or at least understand it. Let's take a telephone conversation as an example. After dialing the number, the caller hears a beep followed by a click when the other end picks up the phone. According to protocol, the person answering the call must speak first, saying “Hello!” or somehow calling yourself. After this, the initiator calls himself. Only after completing all the actions in this sequence can you start a conversation. If you just pick up the phone and don’t answer anything, the conversation may not take place at all, since the generally accepted procedure will be violated. Even if the caller hears a click, without verbal confirmation of the connection, he cannot start the conversation first. The standard beginning of a telephone conversation is an example of protocol. An authentication protocol is the (automated) process of deciding whether an entity's credentials are sufficient to prove its identity to allow it access based on those credentials or other tokens. Any authentication protocol that uses different methods (and different biometric identifiers) can be defined and executed based on the presented credentials. The authentication protocol must be: established in advance (the protocol is fully defined and developed before its use. The sequence of the protocol and the rules governing the work must be determined. The criteria by which the match of authentication credentials will be determined must also be specified); mutually agreed upon (all parties involved must agree to the protocol and follow the established procedure); unambiguous (neither party can violate the sequence of steps due to misunderstanding); detailed (for any situation, a procedure must be determined. This means, for example, that the protocol is designed to handle exceptional cases).

12 In the modern world, computers and communications are used as a means of gaining access to services, privileges and various applications. Operators of such systems are usually unfamiliar with the users, and the decision to grant or deny access must largely be determined without human intervention. The user cannot trust operators and other users of the system due to the anonymity of registration and remoteness, therefore protocols are needed through which two parties who do not trust each other can interact. These protocols will essentially regulate behavior. Authentication will then be carried out according to the protocol between the user and the system, the user will be able to log in and gain access to the application. The protocol itself does not guarantee security. For example, an organization's access control protocol may dictate operating hours but will not improve security. Cryptosystems can be used to securely authenticate and ensure the protection of information exchange based on agreements between two parties. Features of authentication methods Traditional authentication methods (by property, by knowledge and by biometric parameters) were used long before automatic electronic authentication was required. These techniques evolved as printing, photography, and automation technologies improved. P by property. Anyone with a specific item, such as a key or magnetic stripe card, can access the application (i.e., be authorized). For example, anyone who has the keys to a car can drive it. K in knowledge. People with certain knowledge have the right to gain access. Authentication here is based on secret knowledge, such as a password, lock code and answers to questions. The important word in this definition is “secret”: knowledge must be kept secret to ensure security of authentication. You can highlight unclassified information that is important for authentication. A computer user identification number or bank account is often requested for authentication, and since it is not secret, this does not prevent attempts to impersonate its owner to gain access. B by biometric parameter. It is a characteristic feature of a person that can be somehow measured (or sampled) in the form of a biometric identifier and that distinguishes a person from all other people. It is difficult to exchange, it is difficult to steal or counterfeit, unlike property and knowledge, it cannot be changed. Property and knowledge in the form (account number, password) = (property, knowledge) = (P, K) are the most common authentication method (protocol). This method is used to control access to a computer, the Internet, a local network, email and voice mail, etc. When used 13

13 authentication methods P and K, information is compared without the user (a real person) being associated with a more or less established “identity”. But the identity determined by the ownership of property P is associated with the anonymous password K, and not with the actual registered person. Biometric Authentication Method B provides additional security because biometrics cannot be replaced, so this method of authenticating users is more secure. In table Figure 1.3 shows four user authentication methods that are widely used today. Since biometric parameters are inherent properties of a person, it is very difficult to fake them without his knowledge, and even more so it is impossible to exchange them; in addition, a person's biometric characteristics can only change in the event of serious injury, certain diseases, or tissue destruction. Therefore, biometric identifiers can confirm a user's identity in an authentication protocol that other authentication methods that rely on property and knowledge cannot do. When combining the last method (B) in table. 1.3 with method P and/or K we will get additional biometric methods such as (P, B) (for example, passport, smart card and biometric template); for credit cards the combination is often used: P, K, B P credit card, K mother's maiden name, B signature. Existing authentication methods and their properties Table 1.3 Method Examples Properties Can be exchanged, Credit cards, badges, duplicate, What we have (P) keys can be stolen or lost What we know (K) Password, PIN, Most passwords it’s not difficult to guess the mother’s maiden name, they can be passed on personal information to others and forgotten Can be passed on to others, What we have and what Credit card and PIN PIN can be found out (we often know it (P and K) are written on the card) Fingerprints fingers, Cannot be transferred to others, Unique characteristics of the face, relinquishment is unlikely, user (B) iris, very difficult to counterfeit, voice recording cannot be lost or stolen Boundaries between property and knowledge may be blurred. For example, identifying parts of an item (property) can be digitized and stored in a compressed form, like a sequence of notches on a key. This, in a sense, transforms property into knowledge. 14

14 However, this method of identification is considered physical because authentication is accomplished through a physical object rather than information itself, even if instantiation occurs based on the information. A credit card number (which can be used both online and over the phone) is knowledge, but a credit card (which is used at an ATM) is property. In addition, secret knowledge can also be classified as biometrics, since it is measurable and is a unique property of a person. A signature as a biometric (and to a lesser extent voice) involves knowledge. This means that the signature can be changed at will, but it will also be easier to forge. This encourages researchers working on automatic signature recognition to study examples of attacks by attackers using forgeries. The fundamental difference between biometric authentication and other authentication methods is the concept of degree of similarity, the basis of comparison technology. An authentication protocol that uses a password always produces an accurate result: if the password is correct, the system allows access, if not, it denies it. Thus, there is no concept of probability of similarity here. Consequently, there is no problem of accurately determining the similarity. Biometric technologies are always probabilistic and use statistical methods to analyze the likelihood of similarities. There is always a small, sometimes extremely small chance that two people may have the same biometric samples being compared. This is expressed in terms of error rates (false access and false access denial rates) and internal error rates (the minimum achievable error rate for a given biometric parameter) that are associated with the biometric authentication system and biometric identifiers. The advantage of passwords over biometrics is the ability to change them. If your password is stolen or lost, you can cancel it and replace it with a new version. This becomes impossible with some biometric options. If the parameters of someone's face have been stolen from the database, then they cannot be canceled or new ones can be issued. Several cancelable biometrics methods have been developed. Canceled biometrics is the distortion of a biometric image or properties before they are agreed upon. One of the private solutions may be, for example, not using all biometric parameters. For example, for identification, the pattern of papillary lines of only two fingers (for example, the thumbs of the right and left hands) is used. If necessary (for example, if the pads of two “key” fingers are burned), the data in the system can be adjusted so that from a certain moment the valid combination will be the index finger of the left hand and the little finger of the right hand (the data of which was not previously recorded in the system and could not be compromised). 15

15 Hybrid Authentication Methods One of the important issues in biometric authentication is the ability to compare different parameters, such as passwords and knowledge, and biometric identifiers. For authentication using a hybrid method, one or more methods or characteristics are used T = (P (by property), K (by knowledge), B (by biometric parameters)). For personal authentication, each token provided by the user must be compared with the token stored during registration. To make a decision about the similarity of these features, it is necessary to integrate the results of comparison of different comparison devices that verify the features. Comparison of property or simple knowledge such as a password is made by exact comparison. There are two issues to consider: 1) combining credentials (the best option would be to combine two or more authentication methods. Correlating property P or knowledge K with biometric parameters B reduces the task of biometric identification to biometric verification, i.e., reduces it to mapping 1: 1 instead of matching 1:t); 2) combining biometric parameters (the requested identification data may include different biometric parameters, i.e. (B1, B2), where B1 is a finger and B2 is a face. The possibility of combining several biometric parameters is the object of increased attention of researchers and designers). Thus, using any of the listed methods P, K or B means that it must be possible to match through ownership and knowledge verification and biometric comparison. Signs of ownership and knowledge require an exact match. Biometric matching can be approximate to a certain extent. Requirements for Biometric Authentication Biometric identity authentication becomes a difficult task when high accuracy, i.e. low probability of errors, is required. In addition, the user should not be able to subsequently deny the operation he performed and at the same time experience as little inconvenience as possible when going through the authentication procedure (the possibility of contactless reading, user-friendliness of the interface, the size of the template file (the larger the image size, the slower the recognition), etc. d.). At the same time, the authentication system must also meet confidentiality requirements and be resistant to forgery (unauthorized access). The environmental stability of biometric authentication systems should also be taken into account (performance may become unstable depending on environmental conditions).

16 Thus, the main requirements for biometric systems are the following: 1) accuracy (does the system always make the right decision about the object); 2) calculation speed and the ability to scale databases; 3) processing exceptional cases when the biometric parameters of an object cannot be registered (for example, as a result of illness or injury); 4) cost (including costs for training users and personnel); 5) confidentiality (ensuring anonymity; data obtained during biometric registration should not be used for purposes for which the registered individual has not given consent); 6) security (protecting the system from threats and attacks). It is known that the weakest point of biometric technologies is the existing possibility of deceiving the authentication system through imitation. The security of a biometric authentication system depends on the strength of the connections between registered entities and more precise “verified data” such as a passport. It also depends on the quality of the verified data itself. For authentication, you need to use biometric parameters that will not create new vulnerabilities and security loopholes. If a biometric authentication system is to provide a high level of security, the choice of biometric parameter must be taken seriously. Biometric authentication should be part of a comprehensive security system, which also includes security measures for the biometric system. System security is ensured by eliminating vulnerabilities at points of attack, i.e., protecting the “valuable assets” of the application, for example, by preventing the interception of information. 17

17 2. BASIC BIOMETRIC PARAMETERS There are six most commonly used (basic) biometric parameters. These include: fingers, face, voice (speaker recognition), hand geometry, iris, signature Fingerprint recognition Fingerprinting is the identification of a person by fingerprints, or more precisely, by the so-called papillary pattern. Fingerprinting is based on the fact that, firstly, a fingerprint is unique (in the entire history of fingerprinting, no two matching fingerprints belonging to different individuals have been discovered), and secondly, the papillary pattern does not change throughout a person’s life. The skin of the fingers has a complex relief pattern (papillary pattern), formed by alternating ridges (0.1-0.4 mm in height and 0.2-0.7 mm in width) and grooves-indentations (0.1-0.3 mm in width). The papillary pattern is fully formed in the seventh month of fetal development. Moreover, as a result of the studies, it was found that fingerprints are different even among identical twins, although their DNA indicators are identical. In addition, the papillary pattern cannot be modified; neither cuts, nor burns, nor other mechanical damage to the skin are of fundamental importance, because the stability of the papillary pattern is ensured by the regenerative ability of the main layer of the epidermis of the skin. Therefore, it can be argued that today fingerprinting is the most reliable way of identifying a person. Methods for comparing fingerprints Despite the diversity of the structure of papillary patterns, they lend themselves to a clear classification that ensures the process of their individualization and identification. In each fingerprint, two types of features can be defined: global and local. Global signs are those that can be seen with the naked eye. Another type of signs are local. They are called minutiae, unique features for each print that determine the points of change in the structure of the papillary lines (ending, bifurcation, break, etc.), the orientation of the papillary lines and the coordinates at these points. Practice shows that fingerprints of different people can have the same global characteristics, but it is absolutely impossible to have the same micropatterns of minutiae. Therefore, global attributes are used to divide the database into classes and at the authentication stage. At the second stage of recognition, local features are used. 18

18 Principles of comparing fingerprints based on local characteristics Stages of comparing two fingerprints: Stage 1. Improving the quality of the original fingerprint image. The sharpness of the boundaries of papillary lines increases. Stage 2. Calculation of the orientation field of the papillary lines of the print. The image is divided into square blocks with a side larger than 4 px and the angle t of the line orientation for the print fragment is calculated using brightness gradients. Stage 3. Binarization of the fingerprint image. Reduction to a black and white image (1 bit) by thresholding. Stage 4. Thinning the lines of the print image. Thinning is done until the lines are 1 px wide (Fig. 2.1). Fig. Thinning the lines of the print image. Stage 5. Highlighting the minutiae (Fig. 2.2). The image is divided into blocks of 9 9 pixels. After this, the number of black (non-zero) pixels located around the center is counted. A pixel in the center is considered a minutiae if it itself is non-zero and there are one neighboring non-zero pixels (the “end” minutia) or two (the “split” minutia). Fig Isolation of minutiae The coordinates of the detected minutiae and their orientation angles are written into the vector: W(p) = [(x 1, y 1, t 1), (x 2, y 2, t 2) (x p, y p, t p)], where p is the number of minutes. 19

19 When registering users, this vector is considered a standard and is recorded in the database. During recognition, the vector determines the current fingerprint (which is quite logical). Stage 6. Comparison of minutes. Two fingerprints of the same finger will differ from each other in rotation, translation, scaling and/or contact area depending on how the user places the finger on the scanner. Therefore, it is impossible to say whether a fingerprint belongs to a person or not based on a simple comparison of them (vectors of the standard and the current fingerprint may differ in length, contain inappropriate minutes, etc.). Because of this, the matching process must be implemented for each minute separately. Comparison stages: data registration; search for pairs of corresponding minutes; fingerprint matching assessment. During registration, the parameters of affine transformations (rotation angle, scale and shift) are determined, at which some minute from one vector corresponds to some minute from the second. When searching for each minute, you need to go through up to 30 rotation values ​​(from 15 to +15), 500 shift values ​​(for example, from 250 px to +250 px) and 10 scale values ​​(from 0.5 to 1.5 in increments of 0, 1). Total up to steps for each of the 70 possible minutes. (In practice, all possible options are not sorted out after selecting the required values ​​for one minute; they try to substitute them for other minutes, otherwise it would be possible to compare almost any fingerprints with each other). Fingerprint matching is assessed using the formula K = (D D 100%) / (p q), where D is the number of matching minutes, p is the number of standard minutes, q is the number of minutes of the identified fingerprint. If the result exceeds 65%, the prints are considered identical (the threshold can be lowered by setting a different vigilance level). If authentication was performed, then that's where it ends. For identification, this process must be repeated for all fingerprints in the database. Then the user with the highest level of matching is selected (of course, his result must be above the 65% threshold). Other approaches to fingerprint comparison Despite the fact that the principle of fingerprint comparison described above provides a high level of reliability, the search continues for more advanced and speedy comparison methods, such as for example, the AFIS system (Automated fingerprint identification systems). In the Republic of Belarus, AFIS (automatic fingerprint identification system). The principle of operation of the system: a fingerprint card, personal information, fingerprints and palm prints are “filled” using the form. Integral characteristics are set (you also have to manually edit bad ones).

20 signets, the system places good ones itself), a “skeleton” is drawn, i.e. the system, as it were, outlines the papillary lines, which allows it to determine the signs very accurately in the future. The fingerprint card goes to the server, where it will be stored all the time. "Trace" and "trace". A “trace” is a fingerprint taken from the crime scene. "Sledoteka" database of traces. Like fingerprint cards, traces are sent to the server, and it is automatically compared with fingerprint cards, both existing and newly introduced. The trail is being searched until a suitable fingerprint card is found. Method based on global features. Detection of global features (loop head, delta) is performed. The number of these features and their relative position allows us to classify the type of pattern. The final recognition is performed based on local features (the number of comparisons is several orders of magnitude lower for a large database). It is believed that the type of pattern can determine a person's character, temperament and abilities, so this method can be used for purposes other than identification/authentication. Graph-based method. The original image (Fig. 2.3) of the print (1) is converted into an image of the papillary line orientation field (2). Areas with the same line orientation are visible on the field, so boundaries can be drawn between these areas (3). Then the centers of these areas are determined and graph (4) is obtained. The dashed arrow d indicates a record in the database during user registration. Determination of fingerprint similarity is implemented in square (5). Further actions are similar to the previous method: comparison based on local characteristics Fingerprint scanners Fig Method of comparing fingerprints based on graphs Types and principle of operation Fingerprint reading devices are currently widely used. They are installed on laptops, mice, keyboards, flash drives, and are also used in the form of separate external devices and terminals sold complete with AFIS systems. 21

21 Despite external differences, all scanners can be divided into several types: 1. Optical: FTIR scanners; fiber; optical broach; roller; contactless. 2. Semiconductor (semiconductors change properties at the points of contact): capacitive; pressure sensitive; thermal scanners; radio frequency; continuous thermal scanners; capacitive lingering; radio frequency lingering. 3. Ultrasonic (ultrasound returns at various intervals, reflecting from grooves or lines). The principle of operation of a fingerprint scanner, like any other biometric verification device, is quite simple and includes four basic stages: recording (scanning) biometric characteristics (in this case, fingers); highlighting the details of the papillary pattern at several points; converting the recorded characteristics into the appropriate form; comparison of recorded biometric characteristics with a template; making a decision on whether the recorded biometric sample matches or does not match the template. Capacitive sensors (Fig. 2.4) consist of an array of capacitors, each of which consists of two connected plates. The capacitance of the capacitor depends on the applied voltage and the dielectric constant of the medium. When a finger is placed near such an array of capacitors, both the dielectric constant of the medium and the capacitance of each capacitor depend on the configuration of the papillary pattern at a local point. Thus, based on the capacitance of each capacitor in the array, the papillary pattern can be uniquely identified. The operating principle of optical sensors (Fig. 2.5) is similar to that used in household scanners. Such sensors consist of LEDs and CCD sensors: LEDs illuminate the surface being scanned, and the light is reflected and focused on the CCD sensors. Since the reflectance of light depends on the structure of the papillary pattern at a specific point, optical sensors make it possible to record a fingerprint image. 22

22 Fig. Structure of a capacitive sensor Fig. Structure of an optical sensor Thermal sensors (Fig. 2.6) are an array of pyroelectrics; this is a type of dielectric, on the surface of which, when temperature changes, electric charges arise due to changes in spontaneous polarization. The temperature in the interpapillary depressions is lower than on the surface of the papillary line roller, as a result of which the array of pyroelectrics makes it possible to accurately reproduce the papillary pattern. Electromagnetic field sensors (Fig. 2.7) contain radio frequency alternating electric field generators and an array of receiving antennas. When a finger is brought to the sensor, the lines of force of the generated electromagnetic field exactly follow the contour of the papillary lines, which allows the array of receiving antennas to record the structure of the fingerprint. Let's take a closer look at the operating principle of the most popular continuous thermal scanners in our time. They implement a thermal method for reading fingerprints, based on the property of pyroelectric materials to convert temperature differences into voltage. The temperature difference is created between the cells of the sensing element under the papillary ridges and grooves. The grooves do not contact the sensing element, so the temperature of the sensing element under the grooves remains equal to the ambient temperature. A special feature of the temperature method is that after some time (about 0.1 s) the image disappears as the finger and sensor come into temperature equilibrium. 23

23 Fig. Structure of electromagnetic field sensors The rapid disappearance of the temperature pattern is one of the reasons for using scanning technology. To get a fingerprint, you need to slide your finger across a rectangular sensing element (0.4-14 mm or 0.4-11.6 mm). When moving your finger, the scanning speed should exceed 500 fps (set by the clock frequency). The result is a sequence of frames, each of which contains part of the overall picture. Next, the fingerprint is reconstructed using software: several lines of pixels are selected in each frame and identical lines are searched for in other frames; a complete image of the fingerprint is obtained by combining frames based on these lines (Fig. 2.8). Fig. Frame-by-frame reading of a fingerprint pattern and its reconstruction. The frame-by-frame reading method does not require calculating the speed of finger movement on the reader and makes it possible to reduce the area of ​​the silicon matrix substrate by more than 5 times, which reduces its cost by the same factor. The resulting image nevertheless has high resolution. An additional benefit of scanning is that the reading window is self-cleaning and there are no fingerprints left behind after reading. Typically the reconstructed image has dimensions of mm, which corresponds to points. At eight bits per point, bmp format storage requires 140 KB of memory per image. For security reasons, as well as to reduce the memory footprint, the recognition system does not store a fingerprint image, but a standard, which is obtained from the fingerprint by isolating characteristic details. Identification algorithms are based on comparison of presented samples with standards. During the initial registration of the user, the fingerprint is read and a standard is allocated, which is stored in the system memory (multiple standards can be stored). In the future, when identifying from the read 24

24 fingerprints also extract sets of details, which in this case are called samples. The samples are compared to a variety of stored references, and if a match is found, the person is considered identified. If a sample is compared to a single reference, for example to confirm the identity of the owner of a smart card, the process is called authentication, or verification. The process of comparing a sample and a standard (identification, or authentication) is performed programmatically and does not depend on the technology with which the fingerprint image was obtained. The fingerprint reconstruction software is supplied in a sequence of frames (Fig. 2.9). Standard selection, verification and identification are carried out using software from third parties or using independently developed programs. Thermal reading technique ensures high quality fingerprint images under different conditions of the finger surface: it does not matter whether it is dry, worn, with a small difference in levels between ridges and grooves, etc. The FingerChip reader operates successfully in harsh conditions, with large temperature fluctuations, high humidity , for various contaminants (including oil). In operating mode, the sensor is completely passive. If the temperature difference between the finger and the sensor becomes insignificant (less than one degree), a temperature stabilization circuit is activated, which changes the temperature of the reader and restores temperature contrast. Fig FingerChip software Another advantage of the thermal technique compared to other methods, especially capacitive ones, is that there is no need for close contact between the finger and the reader, which made it possible to use a special coating that provides protection from shock, abrasion, moisture and other environmental factors. Fingerprint standards fingers Currently, ANSI and US FBI standards are mainly used. They define the following requirements for the fingerprint image: each image is presented in uncompressed TIF format; the image must have a resolution of at least 500 dpi; the image must be halftone with 256 brightness levels; the maximum angle of rotation of the print from the vertical is no more than 15; The main types of minutiae are endings and bifurcations. 25

25 Typically, more than one image is stored in the database, which improves the quality of recognition. Images may differ from each other by shifting and rotating. The scale does not change, since all prints are received from one device. Recognition by the iris of the eye. What is the iris? The iris is shaped like a circle with a hole inside (the pupil). The iris consists of muscles that, when contracted and relaxed, change the size of the pupil. It enters the choroid of the eye (Fig. 2.10). The iris is responsible for the color of the eyes (if it is blue, it means there are few pigment cells in it, if there are many brown ones). Performs the same function as the aperture in a camera, regulating the light flow. The iris is part of the eye. It is located behind the cornea and the aqueous humor of the anterior chamber. The unique structures of the iris are due to the radial trabecular meshwork; its composition: depressions (crypts, lacunae), comb ties, grooves, rings, wrinkles, freckles, crowns, sometimes spots, vessels and other features. The pattern of the iris is highly random, and the greater the degree of randomness, the more likely it is that a particular pattern will be unique. Mathematically, randomness is described by degrees of freedom. Research has shown that iris texture has a degree of freedom of 250, which is much greater than the degree of freedom of fingerprints (35) and facial images (20). Average dimensions of the iris: horizontally R 6.25 mm, vertically R 5.9 mm; the pupil size is 0.2 0.7R. The internal radius of the iris depends on age, health, lighting, etc. It changes quickly. Its shape can be quite different from a circle. The center of the pupil, as a rule, is shifted relative to the center of the iris towards the tip of the nose. The iris as a biometric parameter. Fig. Structure of the human eye. Firstly, the shell has a very complex pattern, it contains many different elements. Therefore, even a low-quality photograph of her allows one to accurately determine a person’s identity. 26

26 Secondly, the iris is an object of a fairly simple shape (almost a flat circle). So during identification it is very easy to take into account all possible image distortions that arise due to different shooting conditions. Thirdly, the iris of a person’s eye does not change throughout his life from birth. More precisely, its shape remains unchanged (with the exception of injuries and some serious eye diseases), but the color may change over time. This gives iris identification an added advantage over many biometric technologies that rely on relatively short-lived parameters such as facial or hand geometry. The iris begins to form in the 3rd month of intrauterine development. By the 8th month it is a practically formed structure. In addition, it is formed randomly even in identical twins and human genes do not affect its structure. The iris is stable after the 1st year of life; the iris is finally formed and practically does not change until death, if there are no injuries or pathologies of the eye. The iris as an identifier. Properties of the iris as an identifier: isolation and protection from the external environment; impossibility of change without visual impairment; reaction to light and pulsation of the pupil is used to protect against counterfeits; an unobtrusive, non-contact and secretive method of obtaining images is possible; high density of unique structures 3.2 bits/mm 2 or about 250 independent characteristics (other methods have about 50), 30% of the parameters are enough to make a decision about a match with a probability of no more Advantages and disadvantages of the technology Personal identification by the iris of the eye has another major advantage. The fact is that some biometric technologies suffer from the following drawback. When setting the identification system settings to a high degree of protection against errors of the first type (probability of false admission FAR), the probability of errors of the second type (false rejection to the FRR system) increases to unacceptably high values ​​of several tens of percent, while identification by the iris of the eye is completely lacks this shortcoming. Its ratio of errors of the first and second types is one of the best today. As an example, here are a few numbers. Research has shown that while the probability of a Type I error is 0.001% (an excellent level of reliability), the probability of a Type II error is only 1%. 27

D. V. Sokolov THE CONCEPT OF “BIOMETRICS”. BIOMETRIC AUTHENTICATION PROTOCOLS Biometrics is a complex of constantly evolving technologies that have given rise to a new promising science. Same source

UDC 681.3.016: 681.325.5-181.48 A.O. Pyavchenko, E.A. Vakulenko, E.S. Kachanova DISTRIBUTED IDENTIFICATION AND ACCESS CONTROL SYSTEM Biometrics at the present stage can solve problems associated with restrictions

Passwords are used to protect against unauthorized access to programs and data stored on the computer. The computer allows access to its resources only to those users who are registered

Biometric information security systems Author: teacher of computer science and mathematics Milkhina O.V. Biometrics: how it's done Biometric systems consist of two parts: hardware and specialized

Biometric Readers Application of Biometric Readers Unlike passwords or identification cards, biometric characteristics uniquely identify a specific person, in addition,

ZKTECO Fundamental Concepts of Fingerprint Recognition Technology What is Fingerprint? Fingerprints are the tiny ridges, whorls and depressions on the tip of each finger. They are forming

N.N. Alekseeva, A.S. Irgit, A.A. Kurtova, Sh.Sh. Mongush Application of image processing methods to the problem of recognizing the vascular pattern of the palm The requirements for security systems are increasing every year.

Bulletin of RAU. Series of physical, mathematical and natural sciences 2 2006 85-91 85 UDC 517. 8 SYSTEM FOR COMPARISON OF FINGERPRINTS BY LOCAL CHARACTERISTICS A.V. Gasparyan A.A. Kirakosyan Russian-Armenian (Slavic)

Contents: Biometrics: Current Technologies Problems of Classical Biometrics Behavioral Biometrics Advantages of Behavioral Biometrics Applications of Behavioral Biometrics New Security Reality

Kashkin Evgeniy Vladimirovich Ph.D. tech. Sciences, associate professor Merkulov Alexey Andreevich graduate student Vasiliev Dmitry Olegovich master's student FSBEI HE "Moscow Technological University" Moscow IDENTIFICATION FEATURES

ZKTECO BASIC CONCEPTS OF FINGER VEIN RECOGNITION What are finger veins? Veins are vessels that are present throughout the body and carry blood back to the heart. As the name suggests, veins

106 UDC 519.68: 681.513.7 S. A. Puchinin, graduate student of the department of “Applied Mathematics and Informatics” Izhevsk State Technical University 1 REVIEW OF MATHEMATICAL METHODS OF IMAGE RECOGNITION

September 27, 2018 Attribute Management System Requirements Relying Party Assessed Risk Levels Identity Management Identity Policy Verifier Identification

Secure Authentication Network security is a key issue facing IT services. The solution is formed from a complex of elements, one of them is secure authentication. An important issue is ensuring

Fujitsu World Tour 15 1. IR image of the palm 2. Blood hemoglobin in the veins absorbs more radiation 3. Veins are darker in the image Comparative characteristics of biometric technologies: Having carried out a serious comparative

EDUCATIONAL ENVIRONMENT OF A HIGHER EDUCATIONAL INSTITUTION Usatov Alexey Gennadievich Student Gosudarev Ilya Borisovich Ph.D. ped. Sciences, Associate Professor, Russian State Pedagogical University named after.

O ъ (D2(q(z)q(z))q\z)) + D ^q"(z)]. The resulting equations make it possible to synthesize quasi-optimal non-stationary receivers of PEMI signals to assess the potential security of computer equipment

Identification and authentication. Review of existing methods. Asmandiyarova Z.Z. Bashkir State University Ufa, Russia Identification and authentication. Review of existing authentication methods.

Biometric work time recording Kairos LLC Integrated security systems from Kairos LLC When you implement the system, you get an increase in the efficiency of the company's activities; Strengthening labor

Biometric readers Biometric identification The most convenient and reliable technology: the identifier is always with you - you cannot forget, lose or transfer it to another: unambiguous identification of a specific

Using a graphical password in Windows 8 For a long time now, Windows password protection has been causing more and more criticism. What should I do? In Windows 8, especially considering that this OS will be installed on tablets

What is biometrics? More recently, this term had a broad meaning and was used mainly when it came to methods of mathematical statistics applicable to any biological phenomena. Now

Module for protecting information from unauthorized access “IRTech Security” Guide to information protection system 2 ABSTRACT This document is a guide to a set of built-in information security tools (ISPS)

264 Section 4. DOCUMENT SUPPORT OF MANAGEMENT Bobyleva M. P. Effective document flow: from traditional to electronic. M.: MPEI, 2009. 172 p. Information and analytical system “BARS. Monitoring-Education"

April 12, 2018 GOST R ХХХ.ХХ-2018 Identification and authentication. General Identity Attribute Management System Requirements Relying Party Assessed Risk Levels Management

Properties of information Confidentiality Integrity Availability Classification of vulnerabilities Design vulnerability Implementation vulnerability Exploitation vulnerability Classification of attacks Local Remote Malicious

FEDERAL STATE UNITARY ENTERPRISE “RESEARCH INSTITUTE “VOSKHOD”” On the verge of introducing a citizen’s identity card: a balance between opportunity and security Speaker:

Annual international scientific and practical conference "RusCrypto 2019" Methods for assessing confidence in the results of primary identification Alexey Sabanov, Ph.D., Associate Professor at Moscow State Technical University. N.E. Bauman, Deputy General

Biometric identification systems Speaker: Kleshchev Maxim Viktorovich Biometric identification technologies Fingerprint Iris Facial geometry Hand geometry Saphenous veins Structure

Ministry of Education and Science of the Russian Federation FEDERAL STATE BUDGET EDUCATIONAL INSTITUTION OF HIGHER EDUCATION “SARATOV NATIONAL RESEARCH STATE UNIVERSITY”

Tatarchenko Nikolay Valentinovich Timoshenko Svetlana Vyacheslavovna BIOMETRIC IDENTIFICATION IN INTEGRATED SECURITY SYSTEMS Everyone is well aware of scenes from science fiction films: the hero approaches

113 UDC 004.93 D.I. Trifonov Personal identification by the fractal dimension of fingerprints and access control and management systems The presented article is devoted to a new method of personality recognition,

UDC 57.087.1 APPLICATION OF BIOMETRIC IDENTIFICATION IN FITNESS CENTERS Erturk Y., Medvedeva M.V. FSBEI HPE "REU im. G.V. Plekhanov" E-mail: [email protected] This article describes how to use

UDC 59.6 D. A. Monkin ASSESSMENT OF PARAMETERS OF QUASI-HARMONIC PROCESSES IN BIOMETRIC SYSTEMS Wave processes are often encountered in technology. A significant part of mechanical movements, movement periodically

Laboratory work 8 Comparative analysis of universal and specialized computers Topic of the program: Classification by level of specialization. Purpose of the work: to analyze universal and specialized

Biometric technologies in Pochta Bank Gurin P.A. Advisor to the President-Chairman of the Management Board 1. MAIN TYPES OF BIOMETRICS International classification of methods for identifying a person: Fingerprints

Shutte rst ock Usually we recognize people we know by their faces, sometimes by their voice or handwriting, or by the way they move. In the past, the only way to establish the identity of travelers moving

Personal Data Protection Policy This Personal Data Protection Policy (hereinafter referred to as the “Policy”) applies to information obtained through this site, other sites and other interactive

FAL/12-WP/39 20/11/03 TWELFTH DIVISIONAL MEETING ON FACILITATION (FAL) Cairo (Egypt), 22 March 2 April 2004 Agenda item 2. Simplification of formalities, protection of travel cards

Rules for ensuring information security in the workplace 1. Introduction These rules are intended for mandatory review by the employee assigned to the organization who is responsible for information security.

PROSPECTS FOR SECURE INTEGRATION OF RESOURCES IN THE DIGITAL SPACE In my speech, I would like to consider the problem of the authorized use of electronic digital resources in the process of their integration

Biometric technologies: a new level of protection for banking applications Rushkevich Arkady Product Manager ABOUT THE COMPANY More than 20 years of history Cooperation with major companies and law enforcement agencies

Regulations on accounting, storage and use of key information media, cryptographic means and electronic signatures 1. Regulatory documents Federal Law of April 6, 2011 N 63-FZ “On

UDC 004.932 Fingerprint classification algorithm Lomov D.S., student Russia, 105005, Moscow, MSTU. N.E. Bauman, Department of Computer Software and Information Technologies Scientific supervisor:

Estimation of parameters 30 5. ASSESSMENT OF GENERAL PARAMETERS 5.. Introduction The material contained in the previous chapters can be considered as a minimum set of information necessary for using the basic

57 E.E. KANUNOVA, A.YU. NAUMOVA Review of digital image processing methods for the purpose of identifying and eliminating defects in archival documents UDC 004.92.4:004.65 Murom Institute (branch) of the Federal State Budgetary Educational Institution of Higher Education "Vladimirsky"

UDC 004.932+57.087.1 Shvets V.A., Ph.D., Associate Professor, Vasyanovich V.V., postgraduate student (National Aviation University, Kiev, Ukraine) Elimination of the shortcoming of false identity recognition of monitoring and control systems

How secure are ekey's fingerprint access solutions? Answers to frequently asked questions SECURITY of ekey fingerprint access solutions ekey products guarantee a very high level

Purpose The Intellect software subsystem implements the functions of identifying a face in a received video image, processing images to identify biometric characteristics of a face, storing and comparing

Laboratory work 2. Remote authentication protocols 1. The concept of authentication Authentication is the process of verifying the authenticity of an identifier presented by the user. Considering the degree of trust and

September 2 0 1 7 REVIEW OF ECONOMIC REFORM IN AZERBAIJAN The procedure for issuing electronic signature certificates to non-residents through diplomatic missions and consulates of the Republic of Azerbaijan

Authentication methods STUDENT OF BIB1101 GROUP PONOMAREVA YULIA A little about the role of IP in modern life Basic concepts Information system The subject has an Identifier Provides an identifier Provides

Personal Data Protection Policy This Personal Data Protection Policy (hereinafter referred to as the “Policy”) applies to information obtained through this site, other sites and other interactive

Guiding document Computer facilities Protection against unauthorized access to information Indicators of security against unauthorized access to information Approved by the decision of the chairman

APPROVED BY PFNA.501410.003 34-LU TRUSTED LOAD TOOL Dallas Lock Operator (User) Manual PFNA.501410.003 34 Sheets 12 2016 Contents INTRODUCTION... 3 1 PURPOSE OF SDZ DALLAS LOCK...

As an analysis of the modern Russian market for security equipment shows, a new stage has emerged in the development of the security industry. Against the general background of a stabilized market, modern systems for personal identification and information security continue to develop most dynamically. Attracts special attention biometric information security tools(BSZI), which is determined by their high identification reliability and a significant breakthrough in reducing their cost.

Currently, domestic industry and a number of foreign companies offer a fairly wide range of different means of controlling access to information, as a result of which the choice of their optimal combination for use in each specific case grows into an independent problem. Based on their origin, both domestic and imported BSPIs are currently represented on the Russian market, although there are also jointly developed products. Based on design features, we can note systems made in the form of a monoblock, several blocks and in the form of consoles for computers. A possible classification of biometric information security tools presented on the Russian market according to biometric characteristics, principles of operation and implementation technology is shown in Fig. 2.

Rice. 2. Classification of modern biometric information security tools

Currently, biometric information access control systems are gaining increasing popularity in banks, companies involved in ensuring security in telecommunication networks, in information departments of companies, etc. The expanding use of systems of this type can be explained by both a decrease in their cost and an increase in security level requirements. Similar systems appeared on the Russian market thanks to the companies “Identix”, “SAC Technologies”, “Eyedentify”, “Biometric Identification Inc.”, “Recognition Systems”, “Trans-Ameritech”, “BioLink”, “Sonda”, “Elsys” , “Advance”, “AAM Systems”, “Polmi Group”, “Mascom”, “Biometric Systems”, etc.

Modern biometric systems for controlling access to information include verification systems based on voice, hand shape, finger skin pattern, retina or iris, facial photograph, facial thermogram, signature dynamics, genetic code fragments, etc. (Fig. 3).

Rice. 3. Basic modern biosignatures of personal identification

All biometric systems are characterized by a high level of security, primarily because the data used in them cannot be lost by the user, stolen or copied. Due to their operating principle, many biometric systems are still characterized by relatively low speed and low throughput. However, they represent the only solution to the problem of access control in critical sites with few personnel. For example, a biometric system can control access to information and storage facilities in banks; it can be used in enterprises that process valuable information, to protect computers, communications, etc. According to experts, more than 85% of biometric access control systems installed in the United States were intended to protect computer rooms, valuable information storage facilities, research centers, military installations and institutions.

Currently, there are a large number of algorithms and methods for biometric identification, differing in accuracy, cost of implementation, ease of use, etc. However, all biometric technologies have common approaches to solving the problem of user identification. A generalized biometric identification algorithm, characteristic of all known BISIs, is shown in Fig. 4.

Rice. 4. Generalized biometric identification algorithm

As can be seen from the presented algorithm, the biometric recognition system establishes the correspondence of specific behavioral or physiological characteristics of the user to some predetermined template. As a rule, a biometric system that implements this generalized algorithm consists of three main blocks and a database (Fig. 5).

Rice. 5. Block diagram of a typical biometric information security system

Biometric information security systems that use personal identification by fingerprint. In particular, information access control systems “ TouchLock"(“TouchClock”) from Identix USA are based on the registration of such an individual characteristic of a person as a fingerprint. This feature is used as a control image. Recorded as a control image, the 3D fingerprint is scanned by an optical system, analyzed, digitized, stored in the terminal memory or control computer memory, and used to verify anyone impersonating an authorized user. At the same time, the device’s memory does not contain real fingerprints, which prevents them from being stolen by an intruder. The typical time for storing one control fingerprint is up to 30 seconds. Each authorized user entered into the terminal’s memory enters a pin code on the “TouchLock” terminal’s keyboard and goes through the identity verification stage, which takes approximately 0.5 - 2 s. One pin code usually stores a sample of one fingerprint, but in some cases authentication using three fingerprints is possible. If the presented and control fingerprints match, the terminal sends a signal to the actuator: electric lock, gateway, etc.

Terminal “ TouchSafe" TS-600 is designed to provide access to servers, computers, etc. It consists of a sensor module and a board that is inserted into a slot (ISA 16-bit) of the computer. To organize a network version of work, the terminal “ TouchNet" providing information transfer speeds of up to 230.4 Kbaud with a line length of up to 1200 m. To organize network work, Identix has developed special software (system “ Fingerlan III").

To protect computer information, the Russian market offers a simpler and cheaper system of biometric access control to computer information “ SACcat". The SACcat system, manufactured by SAC Technologies, consists of a reader, a conversion device and software.

The reading device is an external compact scanner based on an optoelectronic converter with automatic backlighting, which has light indicators for readiness and scanning progress. The scanner is connected to the conversion device using two cables (Video and RJ45), which are designed to transmit the video signal and for control, respectively.

The conversion device converts the video signal and inputs it into the computer, as well as controls the reading device. Structurally, the “SACcat” system can be connected either internally - via an ISA card, or externally - via a parallel EPP or USB port.

The “SACcat” system and SACLogon software control access to Windows NT workstations and/or servers, as well as related resources protected by the Windows NT password system. At the same time, the system administrator still has the opportunity to use his regular (not biokey) password registered in Windows NT. The system is capable of providing effective protection against unauthorized access for networks of financial organizations, insurance companies, medical institutions, networks of various commercial structures, and individual workstations.

It should be noted that at present, means of automatic personal identification based on finger skin patterns have been most developed and are offered by many foreign companies for use in BISI (especially for use in computer systems). Among them, in addition to those discussed above, we can note an identification device SecureTouch Biometric Access Corp., device BioMouse American Biometric Corp., Sony identification unit, device Secure Keyboard Scanner National Registry Inc. and others. These tools connect directly to the computer. Their main feature is high reliability at a relatively low cost. Some comparative characteristics of biometric means of protecting computer information based on finger skin patterns are given in Table. 1.

Table 1. Comparative characteristics of biometric means of protecting computer information

Characteristic	TouchSAFE Personal (Identix)	U.are.U (Digital Persona)	FIU (SONY, I/O Software)	BioMouse (ABC)	TouchNet III (Identix)
Type I error,%				-
Error of the second type,%	0,001	0,01	0,1	0,2	0,001
Registration time, s		-
Identification time, s			0,3
Encryption	There is	There is	There is	There is	There is
Data storage	There is	No	There is	No	There is
Power supply	external 6VDC	USB	external	external	external 12VDC
Connection	RS-232	USB	RS-232	RS-485	RS-232
Price, $
Smart card reader	There is	No	No	No	No

The company “Eyedentify” (USA) offers biometric control systems for the Russian market that use retinal pattern. During operation, the eyeball of the person being tested is scanned by an optical system and the angular distribution of blood vessels is measured. To register a control sample, approximately 40 bytes are required. The information obtained in this way is stored in the system memory and used for comparison. Typical authorization time is less than 60 seconds.

Currently, three implementations of the considered method are offered on the Russian market. Device " EyeDentification System 7.5” allows for incoming control with regulation of time zones, printing of messages in real time, maintaining logs of passages, etc. This device has two operating modes: verification and recognition. In verification mode, after entering the PIN code, the image stored in the controller’s memory is compared with the one presented. The verification time is no more than 1.5 s. In the recognition mode, the presented sample is compared with all those in memory. Search and comparison takes less than 3 seconds with a total number of samples of 250. Upon successful authorization, the relay is automatically activated and a signal is sent to the actuator directly or through the control computer. The sound generator indicates the status of the device. The device is equipped with an 8-character LCD display and a 12-button keyboard. Non-volatile memory capacity up to 1200 samples.

The second implementation of the considered method is the system “ Ibex 10", which, unlike the “EyeDentification System 7.5” device, is characterized by the design of the optical unit in the form of a mobile camera. The electronic unit is installed on the wall. All other characteristics are the same.

The third implementation of the identification method by the pattern of the retina is the development of the company “Eyedentify” - a device ICAM 2001. This device uses a camera with an electromechanical sensor that measures the natural reflective and absorptive characteristics of the retina from a short distance (less than 3 cm). The user only looks with one eye at the green circle inside the device. To record a picture of the retina, radiation from a 7 mW light bulb with a wavelength of 890 cm is used, generating radiation in the spectral region close to infrared. Identification of the retina is made by analyzing the reflected signal data. A person can be identified with absolute accuracy from 1,500 others in less than 5 seconds. One ICAM 2001 device, if installed autonomously, has a memory capacity for 3000 people and 3300 completed actions. When used as part of a network, there are no restrictions for working in the information saving and reporting mode. All three considered implementations can work both autonomously and as part of network configurations.

Despite the great advantages of this method (high reliability, impossibility of counterfeiting), it has a number of disadvantages that limit the scope of its application (relatively long analysis time, high cost, large dimensions, identification procedure is not very pleasant).

The device, which is quite widely represented on the Russian market, is devoid of these disadvantages “ HandKey”(handkey), using as an identification feature palm parameters. This device is a structure (slightly larger than a telephone) with a niche where the person being tested puts his hand. In addition, the device has a mini-keyboard and an LCD screen that displays identification data. The authenticity of a person is determined by a photograph of the palm (digitally), while the photograph of the hand is compared with the standard (previous data). When registering for the first time, a personal code is entered and entered into the database.

The hand inside the handkey is photographed in ultraviolet light in three projections. The resulting electronic image is processed by a built-in processor, the information is compressed to nine bytes, which can be stored in a database and transmitted via communications systems. The total procedure time ranges from 10 seconds to 1 minute, although the identification itself occurs in 1...2 seconds. During this time, the handkey compares the characteristics of the hand with previously determined data, and also checks the restrictions for this user, if any. With each check, the stored information is automatically updated, so that all changes to the person being checked are permanently recorded.

Handkey can work in offline mode, in which it is able to remember 20,000 different hand images. Its memory can store a calendar plan for a year, in which it can be specified down to the minute when a particular client is allowed access. The designers of the device also provided the ability for it to work with a computer, connect a lock control circuit, configure it to emulate standard credit card reading devices, and connect a printer to keep a log of the operation. In network mode, up to 31 devices with a total line length (twisted pair) of up to 1.5 km can be connected to the handkey. It is impossible not to note such a feature of the device as the ability to integrate it into an existing access control system. The main manufacturer of handkeys is Escape. The analysis shows that in the Russian market, an identification device based on the image of the palm of the hand (handkey) has good prospects, given its ease of operation, fairly high reliability characteristics and low price.

Depending on specific conditions, they are often used combined systems access control, for example, contactless card readers at the entrance and exit of the building in combination with a voice access control system in sensitive information processing areas. The best choice of the required system or combination of systems can only be made on the basis of a clear definition of the current and future needs of the company. For example, to improve the operational and technical characteristics of the Rubezh information security system, a combination of identification methods is used based on signature dynamics, speech spectrum and personal code recorded in an electronic key of the “Touch memory” type.

The main means of biometric access control to information provided by the Russian security market are given in Table. 2.

Table 2. Modern technical means of biometric access control to information

Name	Manufacturer	Supplier on the Russian market	Biosign	Note
SACcat	SAC Technologies, USA	Trans-Ameritech, Mascom	Finger skin pattern	Computer attachment
TouchLock	Identix, USA	Trans-Ameritech, Mascom	Finger skin pattern	ACS of the object
Touch Safe	Identix, USA	Trans-Ameritech, Mascom	Finger skin pattern	computer access control system
TouchNet	Identix, USA	Trans-Ameritech, Mascom	Finger skin pattern	ACS network
Eye Dentification System 7.5	Eyedentify, USA	Divekon, Raider	Retina drawing	Object access control system (monoblock)
Ibex 10	Eyedentify,USA	Divekon, Raider	Retina drawing	Object access control system (portable camera)
Veriprint 2000	Biometric Identification,USA	AAM Systems	Finger skin pattern	SKD station wagon
ID3D-R Handkey	Recognition Systems, USA	AAM Systems, Mascom	Hand palm drawing	SKD station wagon
HandKey	Escape, USA	Divekon	Hand palm drawing	SKD station wagon
ICAM 2001	Eyedentify, USA	Eyeidentify	Retina drawing	SKD station wagon
Secure Touch	Biometric Access Corp.	Biometric Access Corp.	Finger skin pattern	Computer attachment
BioMouse	American Biometric Corp.	American Biometric Corp.	Finger skin pattern	Computer attachment
Fingerprint Identification Unit	Sony	Informzashita	Finger skin pattern	Computer attachment
Secure Keyboard Scanner	National Registry Inc.	National Registry Inc.	Finger skin pattern	Computer attachment
Frontier	NPF “Crystal” (Russia)	Musk	Signature dynamics, voice parameters	Computer attachment
Delsy touch chip	Elsis, NPP Electron (Russia), Opak (Belarus), P&P (Germany)	Elsis	Finger skin pattern	Set-top box for a computer (including for working via a radio channel)
BioLink U-Match Mouse	BioLink Technologies (USA)	CompuLink	Finger skin pattern	Standard mouse with built-in fingerprint scanner
Bogo-2000 Bogo-2001 Bogo-1999	Bogotech (South Korea)	Biometric systems	Finger skin pattern	Memory – 640 prints. Memory – 1920 dep.
SFI-3000 HFI-2000 HFI-2000V (with videophone)	SecuOne (South Korea)	Biometric systems	Finger skin pattern	Memory – 30 prints. Memory – 640 prints.
VeriFlex VeriPass VeriProx VeriSmart	BIOSCRYPT (USA)	BIOSCRYPT	Finger skin pattern	Combination of fingerprint scanner and contactless smart card reader
BM-ET500 BM-ET100	Panasonic (Japan)	JSC “Panasonic CIS”	Drawing of the iris	For collective and individual use
Senesys Light	State Unitary Enterprise SPC “ELVIS” (Russia)	State Unitary Enterprise SPC “ELVIS”	Finger skin pattern	Network version (fingerprint reader and computer with software)

As can be seen from the table, biometric access control tools are currently being quite actively introduced into the Russian security market. In addition to the technical means indicated in the table, which have taken a strong position in the analyzed segment of the Russian market, some foreign companies also offer biometric access control means based on other biosignatures, the reliability of identification of which has not yet been fully confirmed. Therefore, the optimal choice of BSZI from the products available on the market is a rather difficult task, for the solution of which the following main technical characteristics are currently used, as a rule:

Probability of unauthorized access;
- probability of false alarm;
- throughput (identification time).

Considering the probabilistic nature of the main characteristics, the sample size (statistics) at which the measurements were made is of great importance. Unfortunately, this characteristic is usually not indicated by manufacturers in accompanying and advertising documents, which makes the task of choice even more difficult. In table Table 3 shows the average statistical values ​​of the main technical characteristics of the BSSI, which differ in their operating principle.

Table 3. Main technical characteristics of BSZI

Model (company)	Biosign	Probability of unauthorized access, %	Probability of false alarm, %	Identification time (throughput), s
Eyedentify ICAM 2001 (Eyedentify)	Retinal parameters	0,0001	0,4	1,5...4
Iriscan (Iriscan)	Iris parameters	0,00078	0,00066
FingerScan (Identix)	Fingerprint	0,0001	1,0	0,5
TouchSafe (Identix)	Fingerprint	0,001	2,0
TouchNet (Identix)	Fingerprint	0,001	1,0
Startek	Fingerprint	0,0001	1,0
ID3D-R HANDKEY (Recognition Systems)	Hand geometry	0,1	0,1
U.are.U (Digital Persona)	Fingerprint	0,01	3,0
FIU(Sony, I/O Software)	Fingerprint	0,1	1,0	0,3
BioMause (ABC)	Fingerprint	0,2	-
Cordon (Russia)	Fingerprint	0,0001	1,0
DS-100 (Russia)	Fingerprint	0,001	-	1,3
BioMet	Hand geometry	0,1	0,1
Veriprint 2100 (Biometric ID)	Fingerprint	0,001	0,01

An analysis of the Russian BSZI market has shown that it currently offers a very wide range of identification devices based on biometric characteristics, differing from each other in reliability, cost, and speed. The fundamental trend in the development of biometric identification tools is the constant reduction of their cost while simultaneously improving their technical and operational characteristics.

Related information.

Software, hardware and physical protection from unauthorized influences

Technical means of protection

Electronic signature

Digital signature represents a sequence of characters. It depends on the message itself and on the secret key, known only to the signer of this message.

The first domestic digital signature standard appeared in 1994. The Federal Agency for Information Technologies (FAIT) deals with the use of digital signatures in Russia.

Highly qualified specialists are involved in implementing all necessary measures to protect people, premises and data. They form the basis of the relevant departments, are deputy heads of organizations, etc.

There are also technical means of protection.

Technical means of protection are used in various situations; they are part of physical means of protection and software and hardware systems, complexes and access devices, video surveillance, alarms and other types of protection.

In the simplest situations, to protect personal computers from unauthorized startup and use of the data on them, it is proposed to install devices that restrict access to them, as well as work with removable hard magnetic and magneto-optical disks, self-booting CDs, flash memory, etc.

To protect objects in order to protect people, buildings, premises, material and technical means and information from unauthorized influences on them, active security systems and measures are widely used. It is generally accepted to use access control systems (ACS) to protect objects. Such systems are usually automated systems and complexes formed on the basis of software and hardware.

In most cases, to protect information and limit unauthorized access to it, to buildings, premises and other objects, it is necessary to simultaneously use software and hardware, systems and devices.

Anti-virus software and hardware

Various electronic keys are used as a technical means of protection, for example, HASP (Hardware Against Software Piracy), representing a hardware and software system for protecting programs and data from illegal use and pirated replication (Fig. 5.1). Electronic keys Hardlock used to protect programs and data files. The system includes the Hardlock itself, a crypto card for programming keys, and software for creating protection for applications and associated data files.

TO basic software and hardware measures, the use of which allows solving problems of providing IR security, relate:

● user authentication and establishment of his identity;

● database access control;

● maintaining data integrity;

● protection of communications between client and server;

● reflection of threats specific to DBMS, etc.

Maintaining the integrity of data implies the presence of not only software and hardware to support them in working condition, but also measures to protect and archive data, duplicating them, etc. The greatest danger to information resources, especially organizations, comes from unauthorized influence on structured data – databases. In order to protect information in the database, the following aspects of information security are the most important (European criteria):

● conditions of access (the ability to obtain some required information service);

● integrity (consistency of information, its protection from destruction and unauthorized changes);

● confidentiality (protection from unauthorized reading).

Under accessibility understand the ability of users authorized in the system to access information in accordance with the adopted technology.

Confidentiality– providing users with access only to data for which they have permission to access (synonyms – secrecy, security).

Integrity– ensuring protection against intentional or unintentional changes to information or its processing processes.

These aspects are fundamental for any software and hardware designed to create conditions for the safe operation of data in computers and computer information networks.

Access control is the process of protecting data and programs from being used by unauthorized entities.

Access Control serves to control the entry/exit of employees and visitors of the organization through automatic checkpoints (turnstiles - Fig. 5.2, arched metal detectors - Fig. 5.3). Their movements are monitored using video surveillance systems. Access control includes devices and/or fencing systems to restrict entry into an area (perimeter security). Visualization methods are also used (presentation of relevant documents to the watchman) and automatic identification of incoming/outgoing workers and visitors.

Arched metal detectors help identify unauthorized entry/removal of metallized objects and marked documents.

Automated access control systems allow employees and visitors, using personal or one-time electronic passes, to pass through the entrance of the organization’s building and enter authorized premises and departments. They use contact or non-contact identification methods.

Measures to ensure the safety of traditional and non-traditional information media and, as a consequence, the information itself include technologies barcoding. This well-known technology is widely used in labeling various goods, including documents, books and magazines.

Organizations use IDs, passes, library cards, etc., including in the form of plastic cards (Fig. 5.4) or laminated cards ( Lamination- this is a film coating of documents that protects them from light mechanical damage and contamination.) containing barcodes identifying users.

To check barcodes, scanning devices for reading bar codes – scanners – are used. They convert the read graphic image of the strokes into a digital code. In addition to convenience, barcodes also have negative qualities: the high cost of the technology used, consumables and special software and hardware; lack of mechanisms to fully protect documents from erasure, loss, etc.

Abroad, instead of barcodes and magnetic stripes, RFID (Radio Frequency Identification) radio identifiers are used.

In order to enable people to enter relevant buildings and premises, as well as use information, contact and non-contact plastic and other magnetic and electronic memory cards, as well as biometric systems, are used.

First in the world plastic cards with microcircuits built into them appeared in 1976. They represent a personal means of authentication and data storage, and have hardware support for working with digital technologies, including electronic digital signatures. The standard card size is 84x54 mm. It is possible to integrate a magnetic stripe, a microcircuit (chip), a barcode, or a hologram, which are necessary to automate the processes of identifying users and controlling their access to facilities.

Plastic cards are used as badges, passes (Fig. 5.4), identification cards, club, bank, discount, telephone cards, business cards, calendars, souvenir, presentation cards, etc. You can put a photograph, text, drawing, brand name (logo) on them. , stamp, barcode, diagram (for example, organization location), number and other data.

To work with them, special devices are used that allow reliable identification - smart card readers. Readers provide verification of the identification code and its transmission to the controller. They can record the time of passage or opening of doors, etc.

Small-sized remote keys of the Touch Memory type are widely used as identifiers. These simplest contact devices are highly reliable.

Devices Touch Memory– a special small-sized (the size of a tablet battery) electronic card in a stainless steel case. Inside it there is a chip with electronic memory for establishing a unique number of 48 bits in length, as well as storing full name. user and other additional information. Such a card can be carried on a key fob (Fig. 5.5) or placed on an employee’s plastic card. Similar devices are used in intercoms to allow unimpeded opening of an entrance or room door. “Proximity” devices are used as contactless identifiers.

Personal identification tools that use biometric systems provide the most clear protection. Concept “ biometrics” defines the branch of biology that deals with quantitative biological experiments using methods of mathematical statistics. This scientific direction appeared at the end of the 19th century.

Biometric systems make it possible to identify a person by his specific characteristics, that is, by his static (fingerprints, cornea, shape of hand and face, genetic code, smell, etc.) and dynamic (voice, handwriting, behavior, etc.) characteristics. Unique biological, physiological and behavioral characteristics, individual for each person. They're called human biological code.

The first biometric systems used fingerprint. Approximately one thousand years BC. in China and Babylon they knew about the uniqueness of fingerprints. They were placed under legal documents. However, fingerprinting began to be used in England in 1897, and in the USA in 1903. An example of a modern fingerprint reader is shown in Fig. 5.6.

The advantage of biological identification systems, compared to traditional ones (for example, PIN codes, password access), is the identification not of external objects belonging to a person, but of the person himself. The analyzed characteristics of a person cannot be lost, transferred, forgotten and extremely difficult to fake. They are practically not subject to wear and do not require replacement or restoration. Therefore, in various countries (including Russia) they include biometric characteristics in international passports and other personal identifying documents.

With the help of biometric systems, the following is carried out:

1) restricting access to information and ensuring personal responsibility for its safety;

2) ensuring access to certified specialists;

3) preventing intruders from entering protected areas and premises due to forgery and (or) theft of documents (cards, passwords);

4) organization of recording of access and attendance of employees, and also solves a number of other problems.

One of the most reliable methods is considered human eye identification(Fig. 5.7): identification of the iris pattern or scanning of the fundus (retina). This is due to the excellent balance between identification accuracy and ease of use of the equipment. The iris image is digitized and stored in the system as a code. The code obtained as a result of reading a person’s biometric parameters is compared with the one registered in the system. If they match, the system removes the access block. Scanning time does not exceed two seconds.

New biometric technologies include three-dimensional personal identification , using three-dimensional personal identification scanners with a parallax method for registering images of objects and television image registration systems with an ultra-large angular field of view. It is expected that such systems will be used to identify individuals, whose three-dimensional images will be included in identity cards and other documents.

xxxxxxxxxxxxxxxxxxx
xx

Essay

On the topic of:

"Biometric methods of information security
in information systems"

Completed: xxxxxxxxxxxxxxxxxxxxxx

Checked:
xxxxxxxxxxxxxxxxxxxxxxxxx

Xxxxxxxxxxxxxxxx
2011

Introduction ……………………………………………………… ………………………. 3
Basic information………………………………………………………… …………. 4
A little history…………………………………………………………… ………… 5
Advantages and disadvantages………………………………………………………………………………... 6
Parameters of biometric systems……………………………………………. 7
Scheme of work……………………………………………………………… ……………. 8
Practical application………………………………………………………………………………... 9
Technologies……………………………………………………………………………….. 10

Fingerprint authentication…………………………………. 10

Retinal authentication…………… ………………………….. 10

Iris authentication …………………………… 11

Authentication by hand geometry……………………………………….. 12

Authentication by facial geometry……………………………………….. 12

Authentication using facial thermogram…………………………………… 13

Voice authentication……………………………………………………. 13

Handwriting authentication……………………………………………………………………. . 14

Combined biometric authentication system…………. 14

Vulnerability of biometric systems……………………………………………. 15
Methods to counter spoofing attacks……………………………………… 16

Introduction

Various controlled access systems can be divided into three groups according to what a person intends to present to the system:

Password protection. The user provides secret data (for example, a PIN code or password).
Using keys. The user presents his personal identifier, which is the physical carrier of the secret key. Typically, plastic cards with a magnetic stripe and other devices are used.
Biometrics. The user presents a parameter that is part of himself. The biometric class is different in that the person’s personality is identified - his individual characteristics (papillary pattern, iris, fingerprints, facial thermogram, etc.).

Biometric access systems are very user-friendly. Unlike passwords and storage media, which can be lost, stolen, copied. Biometric access systems are based on human parameters, which are always with them, and the problem of their safety does not arise. Losing them is almost harder. It is also impossible to transfer the identifier to third parties

Basic information

Biometrics is the identification of a person by unique biological characteristics inherent only to him. Access and information security systems based on such technologies are not only the most reliable, but also the most user-friendly today. Indeed, there is no need to remember complex passwords or constantly carry hardware keys or smart cards with you. You just need to put your finger or hand on the scanner, put your eyes to scan or say something to enter the room or gain access to information.
Various biological characteristics can be used to identify a person. All of them are divided into two large groups. Static features include fingerprints, the iris and retina of the eye, the shape of the face, the shape of the palm, the location of the veins on the hand, etc. That is, what is listed here is something that practically does not change over time, starting from the birth of a person. Dynamic characteristics are voice, handwriting, keyboard handwriting, personal signature, etc. In general, this group includes the so-called behavioral characteristics, that is, those that are built on features characteristic of subconscious movements in the process of reproducing any action . Dynamic signs can change over time, but not abruptly, abruptly, but gradually. Identification of a person using static features is more reliable. Agree, you cannot find two people with the same fingerprints or iris. But, unfortunately, all these methods require special devices, that is, additional costs. Identification based on dynamic features is less reliable. In addition, when using these methods, the likelihood of “type I errors” occurring is quite high. For example, during a cold a person's voice may change. And the keyboard handwriting may change during times of stress experienced by the user. But to use these features you do not need additional equipment. A keyboard, microphone or webcam connected to a computer, and special software are all that is needed to build a simple biometric information security system.
Biometric technologies are based on biometrics, the measurement of the unique characteristics of an individual person. These can be unique characteristics received from birth, for example: DNA, fingerprints, iris; as well as characteristics acquired over time or that can change with age or external influences. For example: handwriting, voice or behavior.
The recent increase in interest in this topic in the world is usually associated with the threats of intensified international terrorism. Many states are planning to introduce passports with biometric data into circulation in the near future.

A little history

The origins of biometric technology are much older than their futuristic image might suggest. Even the creators of the Great Pyramids in Ancient Egypt recognized the advantages of identifying workers by pre-recorded bodily characteristics. The Egyptians were clearly ahead of their time, as practically nothing new happened in this area for the next four thousand years. It was only in the late 19th century that systems using fingerprints and other physical characteristics to identify people began to emerge. For example, in 1880, Henry Faulds, a Scottish physician living in Japan, published his thoughts on the diversity and uniqueness of fingerprints, and suggested that they could be used to identify criminals. In 1900, such a significant work as the Galton-Henry fingerprint classification system was published.
With the exception of a few scattered works on the uniqueness of the iris (the first working technology based on which was presented in 1985), biometric technology practically did not develop until the 1960s, when the Miller brothers in New Jersey (USA) began to the introduction of a device that automatically measured the length of a person’s fingers. Voice and signature identification technologies were also developed in the late 1960s and 70s.
Until recently, before September 11, 2001 to be exact, biometric security systems were used only to protect military secrets and sensitive business information. Well, after the terrorist attack that shocked the whole world, the situation changed dramatically. At first, airports, large shopping centers and other crowded places were equipped with biometric access systems. Increased demand provoked research in this area, which, in turn, led to the emergence of new devices and entire technologies. Naturally, the increase in the market for biometric devices has led to an increase in the number of companies dealing with them, and the resulting competition has caused a very significant reduction in the price of biometric information security systems. Therefore, today, for example, a fingerprint scanner is quite accessible to the home user. This means that a second wave of boom in biometric devices, associated specifically with ordinary people and small firms, is possible soon.

Advantages and disadvantages

The most important advantage of information security systems based on biometric technologies is high reliability. Indeed, it is almost impossible to fake the papillary pattern of a person’s finger or the iris of an eye. So the occurrence of “errors of the second type” (that is, granting access to a person who does not have the right to do so) is practically excluded. True, there is one “but” here. The fact is that under the influence of certain factors, the biological characteristics by which a person is identified can change. Well, for example, a person may catch a cold, as a result of which his voice will change beyond recognition. Therefore, the frequency of “type I errors” (denial of access to a person who has the right to do so) in biometric systems is quite high. In addition, an important reliability factor is that it is absolutely independent of the user. Indeed, when using password protection, a person can use a short keyword or keep a piece of paper with a hint under the computer keyboard. When using hardware keys, an unscrupulous user will not strictly monitor his token, as a result of which the device may fall into the hands of an attacker. In biometric systems, nothing depends on the person. And this is a big plus. The third factor that positively affects the reliability of biometric systems is the ease of identification for the user. The fact is that, for example, scanning a fingerprint requires less work from a person than entering a password. Therefore, this procedure can be carried out not only before starting work, but also during its execution, which, naturally, increases the reliability of protection. Particularly important in this case is the use of scanners combined with computer devices. For example, there are mice in which the user's thumb always rests on the scanner. Therefore, the system can constantly carry out identification, and the person will not only not pause the work, but will not notice anything at all. The last advantage of biometric systems over other methods of ensuring information security is the inability of the user to transfer his identification data to third parties. And this is also a serious plus. In the modern world, unfortunately, almost everything is for sale, including access to confidential information. Moreover, the person who transferred identification data to the attacker risks practically nothing. About the password, we can say that it was picked, and the smart card, that they were pulled out of their pocket. If biometric protection is used, such a “trick” will no longer work.
The biggest disadvantage of biometric information security systems is the price. This is despite the fact that the cost of various scanners has dropped significantly over the past two years. True, competition in the market of biometric devices is becoming increasingly tough. Therefore, we should expect further price reductions. Another disadvantage of biometrics is the very large size of some scanners. Naturally, this does not apply to identifying a person using a fingerprint and some other parameters. Moreover, in some cases special devices are not needed at all. It is enough to equip your computer with a microphone or webcam.

Biometric system parameters

The likelihood of FAR/FRR errors occurring, that is, false acceptance rates (False Acceptance Rate - the system grants access to an unregistered user) and false access denial rates (False Rejection Rate - access is denied to a person registered in the system). It is necessary to take into account the relationship of these indicators: by artificially reducing the level of “demandingness” of the system (FAR), we, as a rule, reduce the percentage of FRR errors, and vice versa. Today, all biometric technologies are probabilistic; none of them can guarantee the complete absence of FAR/FRR errors, and this circumstance often serves as the basis for not very correct criticism of biometrics.

Unlike user authentication using passwords or unique digital keys, biometric technologies are always probabilistic, since there is always a small, sometimes extremely small chance that two people may have the same biological characteristics. Because of this, biometrics defines a number of important terms:

FAR (False Acceptance Rate) is a percentage threshold that determines the likelihood that one person can be mistaken for another (false acceptance rate) (also called “type 2 error”). Value 1? FAR is called specificity.
FRR (False Rejection Rate) - the probability that a person may not be recognized by the system (false access denial rate) (also called “type 1 error”). Value 1? FRR is called sensitivity.
Verification - comparison of two biometric templates, one to one. See also: biometric template
Identification - identification of a person’s biometric template using a certain selection of other templates. That is, identification is always a one-to-many comparison.
Biometric template - biometric template. A set of data, usually in a proprietary, binary format, prepared by a biometric system based on the characteristic being analyzed. There is a CBEFF standard for the structural framing of a biometric template, which is also used in BioAPI

Scheme of work

All biometric systems work in almost the same way. First, the system remembers a sample of the biometric characteristic (this is called the recording process). During recording, some biometric systems may ask for multiple samples to be taken in order to create the most accurate image of the biometric characteristic. The received information is then processed and converted into mathematical code. In addition, the system may ask you to perform some more actions in order to “assign” the biometric sample to a specific person. For example, a personal identification number (PIN) is attached to a specific sample, or a smart card containing the sample is inserted into a reader. In this case, a sample of the biometric characteristic is again taken and compared with the submitted sample. Identification using any biometric system goes through four stages:
Recording - a physical or behavioral pattern is remembered by the system;
Extraction - unique information is removed from the sample and a biometric sample is compiled;
Comparison - the saved sample is compared with the presented one;
Match/mismatch - the system decides whether the biometric samples match and makes a decision.
The vast majority of people believe that a computer's memory stores a sample of a person's fingerprint, voice, or picture of the iris of his eye. But in fact, in most modern systems this is not the case. A special database stores a digital code up to 1000 bits long, which is associated with a specific person who has access rights. A scanner or any other device used in the system reads a certain biological parameter of a person. Next, it processes the resulting image or sound, converting it into digital code. It is this key that is compared with the contents of a special database for personal identification.

Practical use

Biometric technologies are actively used in many areas related to ensuring the security of access to information and material objects, as well as in tasks of unique personal identification.
The applications of biometric technologies are diverse: access to workplaces and network resources, information protection, ensuring access to certain resources and security. Conducting electronic business and electronic government affairs is possible only after following certain procedures for personal identification. Biometric technologies are used in the security of banking, investing and other financial movements, as well as retail trade, law enforcement, health issues, and social services. Biometric technologies will soon play a major role in matters of personal identification in many areas. Used alone or used in conjunction with smart cards, keys and signatures, biometrics will soon be used in all areas of the economy and private life.
Biometric information security systems are developing very actively today. Moreover, their prices are constantly decreasing. And this may well lead to the fact that biometric systems will soon begin to crowd out other methods of information security from the market.

Technologies

Fingerprint authentication

Fingerprint identification is the most common, reliable and effective biometric technology. Due to the versatility of this technology, it can be used in almost any area and to solve any problem where reliable user identification is required. The method is based on the unique design of capillary patterns on the fingers. The fingerprint obtained using a special scanner, probe or sensor is converted into a digital code and compared with a previously entered standard.
All fingerprints of each person are unique in their papillary line pattern and are different even between twins. Fingerprints do not change throughout the life of an adult; they are easily and simply presented for identification.
If one of the fingers is damaged, you can use the “backup” fingerprint(s) for identification, information about which, as a rule, is also entered into the biometric system when registering the user.
Specialized scanners are used to obtain information about fingerprints. There are three main types of fingerprint scanners: capacitive, rolling, optical.
The most advanced fingerprint identification technology is implemented by optical scanners.

Retinal authentication

The retinal authentication method came into practical use around the mid-50s of the last century. It was then that the uniqueness of the pattern of the blood vessels of the fundus was established (even in twins these patterns do not match). The retinal scan uses low-intensity infrared light directed through the pupil to the blood vessels at the back of the eye. Several hundred special points are selected from the received signal, information about which is stored in the template. The disadvantages of such systems include, first of all, the psychological factor: not every person likes to look into an incomprehensible dark hole where something is shining into the eye. In addition, such systems require a clear image and, as a rule, are sensitive to incorrect retinal orientation. Therefore, you need to look very carefully, and the presence of certain diseases (for example, cataracts) may prevent the use of this method. Retinal scanners are widely used for accessing top-secret objects because they provide one of the lowest probabilities of type I error (denial of access for a registered user) and almost zero percentage of type II errors. Recently, this recognition method has not been used, since in addition to the biometric sign it carries information about human health.

Iris authentication

Iris recognition technology was developed to eliminate the intrusiveness of retinal scans that use infrared rays or bright light. Scientists have also conducted a number of studies that have shown that the human retina can change over time, while the iris remains unchanged. And most importantly, it is impossible to find two absolutely identical iris patterns, even in twins. To obtain an individual recording of the iris, the black and white camera makes 30 recordings per second. A subtle light illuminates the iris, allowing the video camera to focus on the iris. One of the records is then digitized and stored in a database of registered users. The entire procedure takes a few seconds and can be fully computerized using voice guidance and autofocus.
At airports, for example, the passenger's name and flight number are matched to an iris image; no other data is required. The size of the created file, 512 bytes with a resolution of 640 x 480, allows you to save a large number of such files on your computer’s hard drive.
Glasses and contact lenses, even colored ones, will not affect the image acquisition process. It should also be noted that eye surgery, cataract removal or corneal implantation do not change the characteristics of the iris; it cannot be changed or modified. A blind person can also be identified using the iris of the eye. As long as the eye has an iris, its owner can be identified.
The camera can be installed at a distance of 10 cm to 1 meter, depending on the scanning equipment. The term "scanning" can be misleading, since the process of obtaining an image does not involve scanning, but simply photographing.
The iris has a net-like texture with many surrounding circles and patterns that can be measured by a computer. The iris scanning program uses approximately 260 anchor points to create a sample. By comparison, the best fingerprint identification systems use 60-70 points.
Cost has always been the biggest deterrent to adopting the technology, but now iris identification systems are becoming more affordable for a variety of companies. Proponents of the technology claim that iris recognition will very soon become a common identification technology in various fields.

Hand geometry authentication

This biometric method uses the shape of the hand to authenticate an individual. Due to the fact that individual hand shape parameters are not unique, it is necessary to use several characteristics. Hand parameters such as finger curves, length and thickness, width and thickness of the back of the hand, distance between joints and bone structure are scanned. Also, the geometry of the hand includes small details (for example, wrinkles on the skin). Although the structure of the joints and bones are relatively permanent features, swelling of the tissues or bruises of the hand can distort the original structure. Technology problem: Even without considering the possibility of amputation, a disease called arthritis can greatly interfere with the use of scanners.
Using a scanner, which consists of a camera and illuminating diodes (when scanning a hand, the diodes turn on in turn, this allows you to obtain different projections of the hand), then a three-dimensional image of the hand is built. The reliability of hand geometry authentication is comparable to fingerprint authentication.
Hand geometry authentication systems are widely used, which is proof of their convenience for users. Using this option is attractive for a number of reasons. All working people have hands. The procedure for obtaining a sample is quite simple and does not place high demands on the image. The size of the resulting template is very small, a few bytes. The authentication process is not affected by temperature, humidity or dirt. The calculations made when comparing with the standard are very simple and can be easily automated.
Authentication systems based on hand geometry began to be used around the world in the early 70s.

Facial geometry authentication

Biometric authentication of a person based on facial geometry is a fairly common method of identification and authentication. The technical implementation is a complex mathematical problem. The extensive use of multimedia technologies, with the help of which one can see a sufficient number of video cameras at train stations, airports, squares, streets, roads and other crowded places, has become decisive in the development of this direction. To build a three-dimensional model of a human face, the contours of the eyes, eyebrows, lips, nose, and other various elements of the face are isolated, then the distance between them is calculated, and a three-dimensional model is built using it. To determine a unique pattern corresponding to a specific person, 12 to 40 characteristic elements are required. The template must take into account many variations of the image in cases of turning the face, tilting, changing lighting, changing expression. The range of such options varies depending on the purpose of using this method (for identification, authentication, remote search over large areas, etc.). Some algorithms allow you to compensate for a person’s glasses, hat, mustache and beard.

Authentication using facial thermogram

The method is based on studies that have shown that a thermogram (image in infrared rays showing the distribution of temperature fields) of the face is unique for each person. The thermogram is obtained using infrared cameras. Unlike facial geometry authentication, this method distinguishes between twins. The use of special masks, plastic surgery, aging of the human body, body temperature, cooling the facial skin in frosty weather do not affect the accuracy of the thermogram. Due to the low quality of authentication, the method is not widely used at the moment.

Voice authentication

The biometric voice authentication method is characterized by ease of use. This method does not require expensive equipment; a microphone and a sound card are enough. Currently, this technology is developing rapidly, as this authentication method is widely used in modern business centers. There are quite a few ways to build a voice template. Usually, these are different combinations of frequency and statistical characteristics of the voice. Parameters such as modulation, intonation, pitch, etc. can be considered.
The main and defining disadvantage of the voice authentication method is the low accuracy of the method. For example, the system may not recognize a person with a cold. An important problem is the variety of manifestations of one person’s voice: the voice can change depending on the state of health, age, mood, etc. This diversity presents serious difficulties in identifying the distinctive properties of a person’s voice. In addition, taking into account the noise component is another important and unsolved problem in the practical use of voice authentication. Since the probability of type II errors when using this method is high (on the order of one percent), voice authentication is used to control access in medium-security premises, such as computer labs, laboratories of manufacturing companies, etc.

Handwriting authentication

There are usually two ways to process signature data:

Analysis of the painting itself, that is, simply the degree of coincidence of the two pictures is used.
Analysis of the dynamic characteristics of writing, that is, for authentication, a convolution is built, which includes information on the signature, temporal and statistical characteristics of writing the signature.

Classical verification (identification) of a person by handwriting involves comparing the analyzed image with the original. This is exactly the procedure that a bank operator, for example, performs when preparing documents. Obviously, the accuracy of such a procedure, from the point of view of the likelihood of making an incorrect decision (see FAR & FRR), is low. In addition, the subjective factor also influences the spread of the probability of making the right decision. Fundamentally new possibilities for handwriting verification open up when using automatic methods for handwriting analysis and decision making. These methods eliminate the subjective factor and significantly reduce the likelihood of errors in decision making (FAR & FRR). The handwriting biometric authentication method is based on the specific movement of the human hand when signing documents. To preserve the signature, special pens or pressure-sensitive surfaces are used. This type of person authentication uses his signature. The template is created depending on the required level of protection. Automatic identification methods allow you to make a decision not only by comparing the image of the verified and control sample, but also by analyzing the trajectory and dynamics of the signature or any other keyword.

Combined biometric authentication system

A combined (multimodal) biometric authentication system uses various additions to use several types of biometric characteristics, which makes it possible to combine several types of biometric technologies in authentication systems in one. This allows you to meet the most stringent requirements for the effectiveness of the authentication system. For example, fingerprint authentication can easily be combined with hand scanning. Such a structure can use all types of human biometric data and can be used where it is necessary to force the limitations of one biometric characteristic. Combined systems are more reliable in terms of the ability to imitate human biometric data, since it is more difficult to falsify a whole range of characteristics than to falsify one biometric feature.

Vulnerability of biometric systems

Biometric systems are widely used in information security systems, e-commerce, crime detection and prevention, forensics, border control, telemedicine, etc. But they are vulnerable to attacks at various stages of information processing. These attacks are possible at the sensor level, where an image or signal is received from an individual, replay attacks on communication lines, attacks on the database where biometric templates are stored, attacks on comparison and decision-making modules.
The main potential threat at the sensor level is spoofing attacks. Spoofing is the deception of biometric systems by providing the biometric sensor with copies, dummies, photographs, severed fingers, pre-recorded sounds, etc.
The purpose of a spoofing attack during verification is to present an illegal user in the system as legitimate, and during identification, to achieve undetectability of the individual contained in the database. Countering spoofing attacks is more difficult because the attacker has direct contact with the sensor and it is impossible to use cryptographic and other security methods.
Articles about successful spoofing attacks on biometric devices appeared
etc.................

The presentation for this lecture can be downloaded.

Simple personal identification. Combination of facial, voice and gesture parameters for more accurate identification. Integration of the capabilities of Intel Perceptual Computing SDK modules to implement a multi-level information security system based on biometric information.

This lecture provides an introduction to the subject of biometric information security systems, discusses the principle of operation, methods and application in practice. Review of ready-made solutions and their comparison. The main algorithms for personal identification are considered. SDK capabilities for creating biometric information security methods.

4.1. Description of the subject area

There are a wide variety of identification methods and many of them have received widespread commercial use. Today, the most common verification and identification technologies are based on the use of passwords and personal identifiers (personal identification number - PIN) or documents such as a passport or driver's license. However, such systems are too vulnerable and can easily suffer from counterfeiting, theft and other factors. Therefore, biometric identification methods are of increasing interest, making it possible to determine a person’s identity based on his physiological characteristics by recognizing them using previously stored samples.

The range of problems that can be solved using new technologies is extremely wide:

• prevent intruders from entering protected areas and premises through forgery and theft of documents, cards, passwords;
• limit access to information and ensure personal responsibility for its safety;
• ensure that only certified specialists are allowed access to critical facilities;
• the recognition process, thanks to the intuitiveness of the software and hardware interface, is understandable and accessible to people of any age and does not know language barriers;
• avoid overhead costs associated with the operation of access control systems (cards, keys);
• eliminate the inconvenience associated with loss, damage or simple forgetting of keys, cards, passwords;
• organize records of employee access and attendance.

In addition, an important reliability factor is that it is absolutely independent of the user. When using password protection, a person can use a short keyword or keep a piece of paper with a hint under the computer keyboard. When using hardware keys, an unscrupulous user will not strictly monitor his token, as a result of which the device may fall into the hands of an attacker. In biometric systems, nothing depends on the person. Another factor that positively influences the reliability of biometric systems is the ease of identification for the user. The fact is that, for example, scanning a fingerprint requires less work from a person than entering a password. Therefore, this procedure can be carried out not only before starting work, but also during its execution, which, naturally, increases the reliability of protection. Particularly important in this case is the use of scanners combined with computer devices. For example, there are mice in which the user's thumb always rests on the scanner. Therefore, the system can constantly carry out identification, and the person will not only not pause the work, but will not notice anything at all. In the modern world, unfortunately, almost everything is for sale, including access to confidential information. Moreover, the person who transferred identification data to the attacker risks practically nothing. About the password, you can say that it was picked, and about the smart card, that it was pulled out of your pocket. If you use biometric protection, this situation will no longer happen.

The choice of industries that are most promising for the introduction of biometrics, from the point of view of analysts, depends, first of all, on a combination of two parameters: safety (or security) and the feasibility of using this particular means of control or protection. The main place in compliance with these parameters is undoubtedly occupied by the financial and industrial spheres, government and military institutions, the medical and aviation industries, and closed strategic facilities. For this group of consumers of biometric security systems, it is first of all important to prevent an unauthorized user from among their employees from performing an operation that is not authorized for him, and it is also important to constantly confirm the authorship of each operation. A modern security system can no longer do without not only the usual means that guarantee the security of an object, but also without biometrics. Biometric technologies are also used to control access in computer and network systems, various information storages, data banks, etc.

Biometric methods of information security become more relevant every year. With the development of technology: scanners, photos and video cameras, the range of problems solved using biometrics is expanding, and the use of biometric methods is becoming more popular. For example, banks, credit and other financial organizations serve as a symbol of reliability and trust for their clients. To meet these expectations, financial institutions are increasingly paying attention to the identification of users and personnel, actively using biometric technologies. Some options for using biometric methods:

• reliable identification of users of various financial services, incl. online and mobile (identification by fingerprints predominates, recognition technologies based on the pattern of veins on the palm and finger and identification by voice of clients contacting call centers are actively developing);
• prevention of fraud and fraud with credit and debit cards and other payment instruments (replacing the PIN code with the recognition of biometric parameters that cannot be stolen, spied on, or cloned);
• improving the quality of service and its comfort (biometric ATMs);
• control of physical access to bank buildings and premises, as well as to depository boxes, safes, vaults (with the possibility of biometric identification of both a bank employee and a client-user of the box);
• protection of information systems and resources of banking and other credit organizations.

4.2. Biometric information security systems

Biometric information security systems are access control systems based on the identification and authentication of a person based on biological characteristics, such as DNA structure, iris pattern, retina, facial geometry and temperature map, fingerprint, palm geometry. Also, these methods of human authentication are called statistical methods, since they are based on the physiological characteristics of a person that are present from birth to death, are with him throughout his life, and which cannot be lost or stolen. Unique dynamic biometric authentication methods are also often used - signature, keyboard handwriting, voice and gait, which are based on the behavioral characteristics of people.

The concept of "biometrics" appeared at the end of the nineteenth century. The development of technologies for image recognition based on various biometric characteristics began quite a long time ago; it began in the 60s of the last century. Our compatriots have achieved significant success in developing the theoretical foundations of these technologies. However, practical results were obtained mainly in the West and very recently. At the end of the twentieth century, interest in biometrics grew significantly due to the fact that the power of modern computers and improved algorithms made it possible to create products that, in terms of their characteristics and relationships, became accessible and interesting to a wide range of users. The branch of science has found its application in the development of new security technologies. For example, a biometric system can control access to information and storage facilities in banks; it can be used in enterprises that process valuable information, to protect computers, communications, etc.

The essence of biometric systems comes down to the use of computer personality recognition systems based on a person’s unique genetic code. Biometric security systems allow you to automatically recognize a person based on his physiological or behavioral characteristics.

Rice. 4.1.

Description of the operation of biometric systems:

All biometric systems work according to the same scheme. First, a recording process occurs, as a result of which the system remembers a sample of the biometric characteristic. Some biometric systems take multiple samples to capture a biometric characteristic in more detail. The received information is processed and converted into mathematical code. Biometric information security systems use biometric methods for identifying and authenticating users. Identification using a biometric system takes place in four stages:

• Identifier registration - information about a physiological or behavioral characteristic is converted into a form accessible to computer technology and entered into the memory of the biometric system;
• Selection - unique features are extracted from the newly presented identifier and analyzed by the system;
• Comparison - information about the newly presented and previously registered identifier is compared;
• Decision - a conclusion is made about whether the newly presented identifier matches or does not match.

The conclusion about the match/mismatch of identifiers can then be broadcast to other systems (access control, information security, etc.), which then act on the basis of the received information.

One of the most important characteristics of information security systems based on biometric technologies is high reliability, that is, the ability of the system to reliably distinguish between biometric characteristics belonging to different people and reliably find matches. In biometrics, these parameters are called the first type error (False Reject Rate, FRR) and the second type error (False Accept Rate, FAR). The first number characterizes the probability of denying access to a person who has access, the second - the probability of a false match of the biometric characteristics of two people. It is very difficult to fake the papillary pattern of a human finger or the iris of an eye. So the occurrence of “errors of the second type” (that is, granting access to a person who does not have the right to do so) is practically excluded. However, under the influence of certain factors, the biological characteristics by which a person is identified may change. For example, a person may catch a cold, as a result of which his voice will change beyond recognition. Therefore, the frequency of “type I errors” (denial of access to a person who has the right to do so) in biometric systems is quite high. The lower the FRR value for the same FAR values, the better the system. Sometimes the comparative characteristic EER (Equal Error Rate) is used, which determines the point at which the FRR and FAR graphs intersect. But it is not always representative. When using biometric systems, especially facial recognition systems, even when correct biometric characteristics are entered, the authentication decision is not always correct. This is due to a number of features and, first of all, due to the fact that many biometric characteristics can change. There is a certain degree of possibility of system error. Moreover, when using different technologies, the error can vary significantly. For access control systems when using biometric technologies, it is necessary to determine what is more important not to let in “strangers” or to let in all “insiders”.

Rice. 4.2.

Not only FAR and FRR determine the quality of a biometric system. If this were the only way, then the leading technology would be DNA recognition, for which FAR and FRR tend to zero. But it is obvious that this technology is not applicable at the current stage of human development. Therefore, important characteristics are resistance to dummy, speed and cost of the system. We should not forget that a person’s biometric characteristic can change over time, so if it is unstable, this is a significant disadvantage. Ease of use is also an important factor for users of biometric technology in security systems. The person whose characteristics are being scanned should not experience any inconvenience. In this regard, the most interesting method is, of course, facial recognition technology. True, in this case other problems arise, primarily related to the accuracy of the system.

Typically, a biometric system consists of two modules: a registration module and an identification module.

Registration module“trains” the system to identify a specific person. At the registration stage, a video camera or other sensors scan a person in order to create a digital representation of his appearance. As a result of scanning, several images are formed. Ideally, these images will have slightly different angles and facial expressions, allowing for more accurate data. A special software module processes this representation and determines the characteristic features of the individual, then creates a template. There are some parts of the face that remain virtually unchanged over time, such as the upper contours of the eye sockets, the areas surrounding the cheekbones, and the edges of the mouth. Most algorithms developed for biometric technologies can take into account possible changes in a person's hairstyle, since they do not analyze the area of ​​the face above the hairline. Each user's image template is stored in the biometric system's database.

Identification module receives an image of a person from a video camera and converts it into the same digital format in which the template is stored. The resulting data is compared with a template stored in a database to determine whether the images match each other. The degree of similarity required for verification is a certain threshold that can be adjusted for different types of personnel, PC power, time of day and a number of other factors.

Identification can take the form of verification, authentication or recognition. During verification, the identity of the received data and the template stored in the database is confirmed. Authentication - confirms that the image received from the video camera matches one of the templates stored in the database. During recognition, if the received characteristics and one of the stored templates are the same, then the system identifies the person with the corresponding template.

4.3. Review of ready-made solutions

4.3.1. ICAR Lab: a complex of forensic research of speech phonograms

The ICAR Lab hardware and software complex is designed to solve a wide range of problems of audio information analysis, which is in demand in specialized departments of law enforcement agencies, laboratories and forensic centers, flight accident investigation services, research and training centers. The first version of the product was released in 1993 and was the result of collaboration between leading audio experts and software developers. The specialized software included in the complex ensures high quality visual representation of speech phonograms. Modern voice biometric algorithms and powerful automation tools for all types of speech phonogram research allow experts to significantly increase the reliability and efficiency of examinations. The SIS II program included in the complex has unique tools for identification research: a comparative study of the speaker, whose voice and speech recordings were provided for examination, and samples of the suspect’s voice and speech. Identification phonoscopic examination is based on the theory of the uniqueness of each person's voice and speech. Anatomical factors: the structure of the organs of articulation, the shape of the vocal tract and oral cavity, as well as external factors: speech skills, regional characteristics, defects, etc.

Biometric algorithms and expert modules make it possible to automate and formalize many processes of phonoscopic identification research, such as searching for identical words, searching for identical sounds, selecting comparable sound and melodic fragments, comparing speakers by formants and pitch, auditory and linguistic types of analysis. The results for each research method are presented in the form of numerical indicators of the overall identification solution.

The program consists of a number of modules, with the help of which a comparison is made in a one-to-one mode. The Formant Comparisons module is based on the phonetics term - formant, which denotes the acoustic characteristic of speech sounds (primarily vowels), associated with the frequency level of the vocal tone and forming the timbre of the sound. The identification process using the Formant Comparisons module can be divided into two stages: first, the expert searches and selects reference sound fragments, and after the reference fragments for known and unknown speakers have been collected, the expert can begin the comparison. The module automatically calculates intra- and inter-speaker variability of formant trajectories for selected sounds and makes a decision on positive/negative identification or an indeterminate result. The module also allows you to visually compare the distribution of selected sounds on a scattergram.

The Pitch Comparison module allows you to automate the speaker identification process using the melodic contour analysis method. The method is intended for comparison of speech samples based on the parameters of the implementation of similar elements of the melodic contour structure. For analysis, there are 18 types of contour fragments and 15 parameters for their description, including the values ​​of minimum, average, maximum, rate of tone change, kurtosis, bevel, etc. The module returns the comparison results in the form of a percentage match for each parameter and makes a decision on positive/negative identification or uncertain result. All data can be exported to a text report.

The automatic identification module allows for one-to-one comparison using the following algorithms:

• Spectral-format;
• Pitch statistics;
• Mixture of Gaussian distributions;

The probabilities of coincidence and differences between speakers are calculated not only for each of the methods, but also for their totality. All results of comparing speech signals in two files, obtained in the automatic identification module, are based on identifying identificationally significant features in them and calculating the measure of proximity between the resulting sets of features and calculating the measure of proximity of the resulting sets of features to each other. For each value of this proximity measure, during the training period of the automatic comparison module, the probabilities of agreement and difference of speakers whose speech was contained in the compared files were obtained. These probabilities were obtained by the developers from a large training sample of phonograms: tens of thousands of speakers, various sound recording channels, many sound recording sessions, various types of speech material. The application of statistical data to a single case of file-to-file comparison requires taking into account the possible spread of the obtained values ​​of the measure of proximity of two files and the corresponding probability of coincidence/difference of speakers depending on various details of the speech utterance situation. For such quantities in mathematical statistics it is proposed to use the concept of a confidence interval. The automatic comparison module displays numerical results taking into account confidence intervals of various levels, which allows the user to see not only the average reliability of the method, but also the worst result obtained on the training base. The high reliability of the biometric engine developed by TsRT was confirmed by NIST (National Institute of Standards and Technology) tests.

Some comparison methods are semi-automatic (linguistic and auditive analyses)