Types of biometric information security systems. Biometric security systems: description, characteristics, practical application. Template protection methods

Software, hardware and physical protection from unauthorized influences

Technical means of protection

Electronic signature

Digital signature represents a sequence of characters. It depends on the message itself and on the secret key, known only to the signer of this message.

First domestic standard EDS appeared in 1994. The Federal Agency for information technology(FAIT).

Highly qualified specialists are involved in implementing all necessary measures to protect people, premises and data. They form the basis of the relevant departments, are deputy heads of organizations, etc.

There are also technical means of protection.

Technical means of protection are used in various situations; they are part of physical means of protection and software and hardware systems, complexes and access devices, video surveillance, alarms and other types of protection.

In the simplest situations for protection personal computers to prevent unauthorized launch and use of the data on them, it is proposed to install devices that restrict access to them, as well as work with removable hard magnetic and magneto-optical disks, self-booting CDs, flash memory, etc.

To protect objects in order to protect people, buildings, premises, material and technical means and information from unauthorized influences on them, active security systems and measures are widely used. It is generally accepted to use access control systems (ACS) to protect objects. Such systems are usually automated systems and complexes formed on the basis of software and hardware.

In most cases, to protect information and limit unauthorized access to it, to buildings, premises and other objects, it is necessary to simultaneously use software and hardware, systems and devices.

Anti-virus software and hardware

As technical means various electronic keys are used for protection, for example, HASP (Hardware Against Software Piracy), representing a hardware and software system for protecting programs and data from illegal use and pirated replication (Fig. 5.1). Electronic keys Hardlock used to protect programs and data files. The system includes the Hardlock itself, a crypto card for programming keys, and software for creating protection for applications and associated data files.

TO basic software and hardware measures, the use of which allows solving problems of providing IR security, relate:



● user authentication and establishment of his identity;

● database access control;

● maintaining data integrity;

● protection of communications between client and server;

● reflection of threats specific to DBMS, etc.

Maintaining the integrity of data implies the presence of not only software and hardware to support them in working condition, but also measures to protect and archive data, duplicating them, etc. The greatest danger to information resources, especially organizations, comes from unauthorized influence on structured data – databases. In order to protect information in the database, the following aspects are most important: information security(European criteria):

● conditions of access (the ability to obtain some required information service);

● integrity (consistency of information, its protection from destruction and unauthorized changes);

● confidentiality (protection from unauthorized reading).

Under accessibility understand the ability of users authorized in the system to access information in accordance with the adopted technology.

Confidentiality– providing users with access only to data for which they have permission to access (synonyms – secrecy, security).

Integrity– ensuring protection against intentional or unintentional changes to information or its processing processes.

These aspects are fundamental for any software and hardware designed to create conditions for the safe operation of data in computers and computer information networks.

Access control is the process of protecting data and programs from being used by unauthorized entities.

Access Control serves to control the entry/exit of employees and visitors of the organization through automatic checkpoints (turnstiles - Fig. 5.2, arched metal detectors - Fig. 5.3). Their movements are monitored using video surveillance systems. Access control includes devices and/or fencing systems to restrict entry into an area (perimeter security). Visualization methods are also used (presentation of relevant documents to the watchman) and automatic identification of incoming/outgoing workers and visitors.

Arched metal detectors help identify unauthorized entry/removal of metallized objects and marked documents.

Automated access control systems allow employees and visitors, using personal or one-time electronic passes, to pass through the entrance of the organization’s building and enter authorized premises and departments. They use contact or non-contact identification methods.

Measures to ensure the safety of traditional and non-traditional information media and, as a consequence, the information itself include technologies barcoding. This well-known technology is widely used in labeling various goods, including documents, books and magazines.

Organizations use IDs, passes, library cards, etc., including in the form of plastic cards (Fig. 5.4) or laminated cards ( Lamination is a film covering of documents that protects them from light mechanical damage and contamination.), containing user-identifying barcodes.

To check barcodes, scanning devices for reading bar codes – scanners – are used. They convert the read graphic image of strokes into digital code. In addition to convenience, barcodes also have negative qualities: the high cost of the technology used, consumables and special software and hardware; lack of mechanisms to fully protect documents from erasure, loss, etc.

Abroad, instead of barcodes and magnetic stripes, RFID (Radio Frequency Identification) radio identifiers are used.

In order to enable people to enter relevant buildings and premises, as well as use information, contact and non-contact plastic and other magnetic and electronic memory cards, as well as biometric systems, are used.

First in the world plastic cards with microcircuits built into them appeared in 1976. They represent a personal means of authentication and data storage, hardware support for working with digital technologies, including electronic digital signature. The standard card size is 84x54 mm. It is possible to integrate a magnetic stripe, a microcircuit (chip), a barcode, or a hologram, which are necessary to automate the processes of identifying users and controlling their access to facilities.

Plastic cards are used as badges, passes (Fig. 5.4), certificates, club, bank, discount, telephone cards, business cards, calendars, souvenir, presentation cards, etc. You can put a photograph, text, drawing, brand name (logo), stamp, barcode, diagram (for example, location of an organization), number and other data on them.

To work with them, special devices are used that allow reliable identification - smart card readers. Readers provide verification of the identification code and its transmission to the controller. They can record the time of passage or opening of doors, etc.

Small-sized remote keys of the Touch Memory type are widely used as identifiers. These simplest contact devices are highly reliable.

Devices Touch Memory– special small-sized (the size of a tablet battery) electronic card in a stainless steel case. Inside it there is a chip with electronic memory for establishing a unique number of 48 bits in length, as well as storing full name. user and other additional information. Such a card can be carried on a key fob (Fig. 5.5) or placed on an employee’s plastic card. Similar devices are used in intercoms to allow unimpeded opening of an entrance or room door. “Proximity” devices are used as contactless identifiers.

Personal identification means that use biometric systems provide the most clear protection. Concept “ biometrics” defines the branch of biology that deals with quantitative biological experiments using methods of mathematical statistics. This scientific direction appeared at the end of the 19th century.

Biometric systems make it possible to identify a person by his specific characteristics, that is, by his static (fingerprints, cornea, shape of hand and face, genetic code, smell, etc.) and dynamic (voice, handwriting, behavior, etc.) characteristics. Unique biological, physiological and behavioral characteristics, individual for each person. They're called human biological code.

The first biometric systems used fingerprint. Approximately one thousand years BC. in China and Babylon they knew about the uniqueness of fingerprints. They were placed under legal documents. However, fingerprinting began to be used in England in 1897, and in the USA in 1903. An example of a modern fingerprint reader is shown in Fig. 5.6.

The advantage of biological identification systems, compared to traditional ones (for example, PIN codes, password access), is the identification not of external objects belonging to a person, but of the person himself. The analyzed characteristics of a person cannot be lost, transferred, forgotten and extremely difficult to fake. They are practically not subject to wear and do not require replacement or restoration. Therefore, in various countries (including Russia) they include biometric characteristics in international passports and other personal identifying documents.

With the help of biometric systems, the following is carried out:

1) restricting access to information and ensuring personal responsibility for its safety;

2) ensuring access to certified specialists;

3) preventing intruders from entering protected areas and premises due to forgery and (or) theft of documents (cards, passwords);

4) organization of recording of access and attendance of employees, and also solves a number of other problems.

One of the most reliable ways counts human eye identification(Fig. 5.7): identification of the iris pattern or scanning of the fundus (retina). This is due to the excellent balance between identification accuracy and ease of use of the equipment. The iris image is digitized and stored in the system as a code. The code obtained as a result of reading a person’s biometric parameters is compared with the one registered in the system. If they match, the system removes the access block. Scanning time does not exceed two seconds.

New biometric technologies include three-dimensional personal identification , using three-dimensional personal identification scanners with a parallax method for registering images of objects and television image registration systems with an ultra-large angular field of view. It is assumed that similar systems will be used to identify individuals, whose three-dimensional images will be included in identity cards and other documents.

The presentation for this lecture can be downloaded.

Simple personal identification. Combination of facial, voice and gesture parameters for more accurate identification. Integration of the capabilities of Intel Perceptual Computing SDK modules to implement a multi-level information security system based on biometric information.

This lecture provides an introduction to the subject of biometric information security systems, discusses the principle of operation, methods and application in practice. Review of ready-made solutions and their comparison. The main algorithms for personal identification are considered. SDK capabilities for creating biometric information security methods.

4.1. Description of the subject area

There are a wide variety of identification methods and many of them have received widespread commercial use. Today, the most common verification and identification technologies are based on the use of passwords and personal identifiers (personal identification number - PIN) or documents such as a passport or driver's license. However, such systems are too vulnerable and can easily suffer from counterfeiting, theft and other factors. Therefore, biometric identification methods are of increasing interest, making it possible to determine a person’s identity based on his physiological characteristics by recognizing them using previously stored samples.

The range of problems that can be solved using new technologies is extremely wide:

  • prevent intruders from entering protected areas and premises through forgery and theft of documents, cards, passwords;
  • limit access to information and ensure personal responsibility for its safety;
  • ensure that only certified specialists are allowed access to critical facilities;
  • the recognition process, thanks to the intuitiveness of the software and hardware interface, is understandable and accessible to people of any age and does not know language barriers;
  • avoid overhead costs associated with the operation of access control systems (cards, keys);
  • eliminate the inconvenience associated with loss, damage or simple forgetting of keys, cards, passwords;
  • organize records of employee access and attendance.

In addition, an important reliability factor is that it is absolutely independent of the user. When using password protection, a person can use a short keyword or keep a piece of paper with a hint under your computer keyboard. When using hardware keys, an unscrupulous user will not strictly monitor his token, as a result of which the device may fall into the hands of an attacker. In biometric systems, nothing depends on the person. Another factor that positively influences the reliability of biometric systems is the ease of identification for the user. The fact is that, for example, scanning a fingerprint requires less work from a person than entering a password. Therefore, this procedure can be carried out not only before starting work, but also during its execution, which, naturally, increases the reliability of protection. Particularly important in this case is the use of scanners combined with computer devices. For example, there are mice in which the user's thumb always rests on the scanner. Therefore, the system can constantly carry out identification, and the person will not only not pause the work, but will not notice anything at all. IN modern world Unfortunately, almost everything is for sale, including access to confidential information. Moreover, the person who transferred identification data to the attacker risks practically nothing. About the password, you can say that it was picked, and about the smart card, that it was pulled out of your pocket. If you use biometric protection, this situation will no longer happen.

The choice of industries that are most promising for the introduction of biometrics, from the point of view of analysts, depends, first of all, on a combination of two parameters: safety (or security) and the feasibility of using this particular means of control or protection. The main place in compliance with these parameters is undoubtedly occupied by the financial and industrial spheres, government and military institutions, the medical and aviation industries, and closed strategic facilities. For this group of consumers of biometric security systems, it is first of all important to prevent an unauthorized user from among their employees from performing an operation that is not authorized for him, and it is also important to constantly confirm the authorship of each operation. A modern security system can no longer do without not only the usual means that guarantee the security of an object, but also without biometrics. Biometric technologies are also used to control access in computer, network systems, various information repositories, data banks, etc.

Biometric methods of information security become more relevant every year. With the development of technology: scanners, photos and video cameras, the range of problems solved using biometrics is expanding, and the use of biometric methods is becoming more popular. For example, banks, credit and other financial organizations serve as a symbol of reliability and trust for their clients. To meet these expectations, financial institutions are increasingly paying attention to the identification of users and personnel, actively using biometric technologies. Some options for using biometric methods:

  • reliable identification of users of various financial services, incl. online and mobile (identification by fingerprints predominates, recognition technologies based on the pattern of veins on the palm and finger and identification by voice of clients contacting call centers are actively developing);
  • prevention of fraud and fraud with credit and debit cards and other payment instruments (replacing the PIN code with the recognition of biometric parameters that cannot be stolen, spied on, or cloned);
  • improving the quality of service and its comfort (biometric ATMs);
  • control of physical access to bank buildings and premises, as well as to depository boxes, safes, vaults (with the possibility of biometric identification of both a bank employee and a client-user of the box);
  • protection of information systems and resources of banking and other credit organizations.

4.2. Biometric information security systems

Biometric information security systems are access control systems based on the identification and authentication of a person based on biological characteristics, such as DNA structure, iris pattern, retina, facial geometry and temperature map, fingerprint, palm geometry. Also, these methods of human authentication are called statistical methods, since they are based on the physiological characteristics of a person that are present from birth to death, are with him throughout his entire life, and which cannot be lost or stolen. Unique dynamic biometric authentication methods are also often used - signature, keyboard handwriting, voice and gait, which are based on the behavioral characteristics of people.

The concept of "biometrics" appeared at the end of the nineteenth century. The development of technologies for image recognition based on various biometric characteristics began quite a long time ago; it began in the 60s of the last century. Significant progress in development theoretical foundations Our compatriots have achieved these technologies. However, practical results were obtained mainly in the West and very recently. At the end of the twentieth century, interest in biometrics grew significantly due to the power modern computers and improved algorithms have made it possible to create products that, in terms of their characteristics and relationships, have become accessible and interesting to a wide range of users. The branch of science has found its application in the development of new security technologies. For example, a biometric system can control access to information and storage facilities in banks; it can be used in enterprises that process valuable information, to protect computers, communications, etc.

The essence of biometric systems comes down to the use of computer personality recognition systems based on a person’s unique genetic code. Biometric security systems allow you to automatically recognize a person based on his physiological or behavioral characteristics.


Rice. 4.1.

Description of the operation of biometric systems:

All biometric systems work according to the same scheme. First, a recording process occurs, as a result of which the system remembers a sample of the biometric characteristic. Some biometric systems take multiple samples to capture a biometric characteristic in more detail. The received information is processed and converted into mathematical code. Biometric information security systems use biometric methods for identifying and authenticating users. Identification using a biometric system takes place in four stages:

  • Identifier registration - information about a physiological or behavioral characteristic is converted into a form accessible to computer technology and entered into the memory of the biometric system;
  • Selection - unique features are extracted from the newly presented identifier and analyzed by the system;
  • Comparison - information about the newly presented and previously registered identifier is compared;
  • Decision - a conclusion is made about whether the newly presented identifier matches or does not match.

The conclusion about the match/mismatch of identifiers can then be broadcast to other systems (access control, information security, etc.), which then act on the basis of the received information.

One of the most important characteristics of information security systems based on biometric technologies is high reliability, that is, the ability of the system to reliably distinguish between biometric characteristics belonging to different people and reliably find matches. In biometrics, these parameters are called the first type error (False Reject Rate, FRR) and the second type error (False Accept Rate, FAR). The first number characterizes the probability of denying access to a person who has access, the second - the probability of a false match of the biometric characteristics of two people. It is very difficult to fake the papillary pattern of a human finger or the iris of an eye. So the occurrence of “errors of the second type” (that is, granting access to a person who does not have the right to do so) is practically excluded. However, under the influence of certain factors, the biological characteristics by which a person is identified may change. For example, a person may catch a cold, as a result of which his voice will change beyond recognition. Therefore, the frequency of “type I errors” (denial of access to a person who has the right to do so) in biometric systems is quite high. The lower the FRR value for the same FAR values, the better the system. Sometimes the comparative characteristic EER (Equal Error Rate) is used, which determines the point at which the FRR and FAR graphs intersect. But it is not always representative. When using biometric systems, especially facial recognition systems, even when correct biometric characteristics are entered, the authentication decision is not always correct. This is due to a number of features and, first of all, due to the fact that many biometric characteristics can change. There is a certain degree of possibility of system error. Moreover, when using different technologies, the error can vary significantly. For access control systems when using biometric technologies, it is necessary to determine what is more important not to let in “strangers” or to let in all “insiders”.


Rice. 4.2.

Not only FAR and FRR determine the quality of a biometric system. If this were the only way, then the leading technology would be DNA recognition, for which FAR and FRR tend to zero. But it is obvious that this technology is not applicable at the current stage of human development. That's why important characteristic is resistance to dummy, speed and cost of the system. We should not forget that a person’s biometric characteristic can change over time, so if it is unstable, this is a significant disadvantage. Ease of use is also an important factor for users of biometric technology in security systems. The person whose characteristics are being scanned should not experience any inconvenience. In this regard, the most interesting method is, of course, facial recognition technology. True, in this case other problems arise, primarily related to the accuracy of the system.

Typically, a biometric system consists of two modules: a registration module and an identification module.

Registration module“trains” the system to identify a specific person. At the registration stage, a video camera or other sensors scan a person in order to create a digital representation of his appearance. As a result of scanning, several images are formed. Ideally, these images will have slightly different angles and facial expressions, allowing for more accurate data. A special software module processes this representation and determines the characteristic features of the individual, then creates a template. There are some parts of the face that remain virtually unchanged over time, such as the upper contours of the eye sockets, the areas surrounding the cheekbones, and the edges of the mouth. Most algorithms developed for biometric technologies can take into account possible changes in a person's hairstyle, since they do not analyze the area of ​​the face above the hairline. Each user's image template is stored in the biometric system's database.

Identification module receives an image of a person from a video camera and converts it into the same digital format in which the template is stored. The resulting data is compared with a template stored in a database to determine whether the images match each other. The degree of similarity required for verification is a certain threshold that can be adjusted for different types of personnel, PC power, time of day and a number of other factors.

Identification can take the form of verification, authentication or recognition. During verification, the identity of the received data and the template stored in the database is confirmed. Authentication - confirms that the image received from the video camera matches one of the templates stored in the database. During recognition, if the received characteristics and one of the stored templates are the same, then the system identifies the person with the corresponding template.

4.3. Review of ready-made solutions

4.3.1. ICAR Lab: a complex of forensic research of speech phonograms

The ICAR Lab hardware and software complex is designed to solve a wide range of problems of audio information analysis, which is in demand in specialized departments of law enforcement agencies, laboratories and forensic centers, flight accident investigation services, research and training centers. The first version of the product was released in 1993 and was the result of collaboration between leading audio experts and developers software. The specialized software included in the complex provides high quality visual representation of speech phonograms. Modern voice biometric algorithms and powerful automation tools for all types of speech phonogram research allow experts to significantly increase the reliability and efficiency of examinations. The SIS II program included in the complex has unique tools for identification research: a comparative study of the speaker, whose voice and speech recordings were provided for examination, and samples of the suspect’s voice and speech. Identification phonoscopic examination is based on the theory of the uniqueness of each person's voice and speech. Anatomical factors: the structure of the organs of articulation, the shape of the vocal tract and oral cavity, as well as external factors: speech skills, regional characteristics, defects, etc.

Biometric algorithms and expert modules make it possible to automate and formalize many processes of phonoscopic identification research, such as searching for identical words, searching for identical sounds, selecting compared sound and melodic fragments, comparing speakers by formants and pitch, auditory and linguistic types of analysis. The results for each research method are presented in the form of numerical indicators of the overall identification solution.

The program consists of a number of modules, with the help of which a comparison is made in a one-to-one mode. The Formant Comparisons module is based on a phonetics term - formant, which denotes the acoustic characteristic of speech sounds (primarily vowels), associated with the frequency level of the vocal tone and forming the timbre of the sound. The identification process using the Formant Comparisons module can be divided into two stages: first, the expert searches and selects reference sound fragments, and after the reference fragments for known and unknown speakers have been collected, the expert can begin the comparison. The module automatically calculates intra- and inter-speaker variability of formant trajectories for selected sounds and makes a decision on positive/negative identification or an indeterminate result. The module also allows you to visually compare the distribution of selected sounds on a scattergram.

The Pitch Comparison module allows you to automate the speaker identification process using the melodic contour analysis method. The method is intended for comparison of speech samples based on the parameters of the implementation of similar elements of the melodic contour structure. For analysis, there are 18 types of contour fragments and 15 parameters for their description, including the values ​​of minimum, average, maximum, rate of tone change, kurtosis, bevel, etc. The module returns the comparison results in the form of a percentage match for each parameter and makes a decision on positive/negative identification or uncertain result. All data can be exported to a text report.

The automatic identification module allows for one-to-one comparison using the following algorithms:

  • Spectral-format;
  • Pitch statistics;
  • Mixture of Gaussian distributions;

The probabilities of coincidence and differences between speakers are calculated not only for each of the methods, but also for their totality. All results of comparing speech signals in two files, obtained in the automatic identification module, are based on identifying identificationally significant features in them and calculating the measure of proximity between the resulting sets of features and calculating the measure of proximity of the resulting sets of features to each other. For each value of this proximity measure, during the training period of the automatic comparison module, the probabilities of agreement and difference of speakers whose speech was contained in the compared files were obtained. These probabilities were obtained by the developers from a large training sample of phonograms: tens of thousands of speakers, various sound recording channels, many sound recording sessions, various types of speech material. The application of statistical data to a single case of file-to-file comparison requires taking into account the possible spread of the obtained values ​​of the measure of proximity of two files and the corresponding probability of coincidence/difference of speakers depending on various details of the speech utterance situation. For such quantities in mathematical statistics it is proposed to use the concept of a confidence interval. The automatic comparison module displays numerical results taking into account confidence intervals of various levels, which allows the user to see not only the average reliability of the method, but also the worst result obtained on the training base. The high reliability of the biometric engine developed by TsRT was confirmed by NIST (National Institute of Standards and Technology) tests.

  • Some comparison methods are semi-automatic (linguistic and auditive analyses)

    • The topic of our scientific and practical work is “Biometric methods of information security.”

    The problem of information security, ranging from an individual to a state, is currently very relevant.

    Information protection should be considered as a set of measures, including organizational, technical, legal, programmatic, operational, insurance and even moral and ethical measures.

    In this work, we examined the modern developing direction of information security - biometric methods and security systems used on their basis.

    Tasks.

    During the study, we had to solve the following problems:

    • theoretically study biometric methods of information security;
    • explore them practical use.

    The subject of our research was modern systems access control and management, various biometric personal identification systems.

    The object of the study was literary sources, Internet sources, conversations with experts

    The result of our work is proposals for the use of modern personal identification technologies. They will generally strengthen the information security system of offices, companies, and organizations.

    Biometric identification technologies make it possible to identify the physiological characteristics of a person, rather than a key or card.

    Biometric identification is a method of identifying a person using certain specific biometric characteristics inherent in a particular person.

    This problem is given much attention at international forums held both in our country and abroad.

    In Moscow, at the specialized forum “Security Technologies” on February 14, 2012 at the International Exhibition Center, the most popular and new equipment for access control and time tracking, recognition by fingerprint, facial geometry and RFID, biometric locks and much more were demonstrated.

    We researched a large number of methods; their abundance simply amazed us.

    We included the following main statistical methods:

    identification by capillary pattern on the fingers, iris, facial geometry, retina of the human eye, pattern of the veins of the hand. We also identified a number of dynamic methods: identification by voice, heart rate, gait.

    Fingerprints

    Each person has a unique papillary fingerprint pattern. The features of each person’s papillary pattern are converted into a unique code, “Fingerprint Codes” are stored in a database.

    Advantages of the method

    High reliability

    Low cost devices

    Enough simple procedure fingerprint scanning.

    Disadvantages of the method

    The papillary pattern of a fingerprint is very easily damaged by small scratches and cuts;

    Iris

    The iris pattern is finally formed at the age of about two years and practically does not change throughout life, except for severe injuries.

    Advantages of the method:

    Statistical reliability of the method;

    Images of the iris can be captured at distances ranging from a few centimeters to several meters.

    The iris is protected from damage by the cornea

    A large number of methods to combat counterfeiting.

    Disadvantages of the method:

    The price of such a system is higher than the cost of a fingerprint scanner.

    Facial geometry

    These methods are based on the fact that the facial features and shape of the skull of each person are individual. This area is divided into two directions: 2D recognition and 3D recognition.

    2D facial recognition is one of the most ineffective biometric methods. It appeared quite a long time ago and was used mainly in forensics. Subsequently, 3D computer versions of the method appeared.

    Advantages of the method

    2D recognition does not require expensive equipment;

    Recognition at significant distances from the camera.

    Disadvantages of the method

    Low statistical significance;

    There are lighting requirements (for example, it is not possible to register the faces of people entering from the street on a sunny day);

    Frontal image of the face is required

    Facial expression should be neutral.

    Venous drawing of the hand

    This new technology in the field of biometrics. An infrared camera takes pictures of the outside or inside of the hand. The pattern of veins is formed due to the fact that hemoglobin in the blood absorbs infrared radiation. As a result, the veins are visible on the camera as black lines.

    Advantages of the method

    No need to contact the scanning device;

    High reliability

    Disadvantages of the method

    The scanner should not be exposed to sunlight

    The method is less studied.

    Retina

    Until recently, the method based on scanning the retina was considered the most reliable method of biometric identification.

    Advantages of the method:

    High level of statistical reliability;

    The likelihood of developing a way to “deceive” them is low;

    Non-contact method of data collection.

    Disadvantages of the method:

    Difficult to use system;

    High cost of the system;

    The method is not well developed.

    Technologies for the practical application of biometrics

    While researching this topic, we collected enough information about biometric security. We have concluded that modern biometric solutions are accompanied by stable growth. The market is witnessing a merger of biometric companies owning different technologies. Therefore, the appearance of combined devices is a matter of time.

    A big step to improve the reliability of biometric identification systems is read consolidation various types biometric identifiers in one device.

    Several IDs are already scanned when issuing visas to travel to the United States.

    There are different forecasts for the development of the biometric market in the future, but in general we can say about its further growth. Thus, fingerprint identification will still account for more than half of the market in the coming years. This is followed by recognition based on facial geometry and iris. They are followed by other recognition methods: hand geometry, vein pattern, voice, signature.

    This is not to say that biometric security systems are new. However, it must be admitted that Lately These technologies have come a long way, making them a promising direction not only in ensuring information security, but also an important factor in the successful operation of security services.

    The solutions we have studied can be used as an additional identification factor, and this is especially important for comprehensive information protection.

    Biometrics, on the contrary, is a technique for recognizing and identifying people based on their individual psychological or physiological characteristics: fingerprint, hand geometry, iris pattern, DNA structure, etc. Biometric protection based on the presentation of fingerprints This is the most common static method of biometric identification, which is based on uniqueness for each person of the pattern of papillary patterns on the fingers. For...


    Share your work on social networks

    If this work does not suit you, at the bottom of the page there is a list of similar works. You can also use the search button


    Other similar works that may interest you.vshm>
    17657. ACCESS CONTROL SYSTEM 611.85 KB
    Currently, one of the most effective and modern approaches to solving the problem of comprehensive security of objects of various forms of ownership is the use of access control and access control systems. Proper use of access control systems allows you to block unauthorized access to certain floors and rooms of the building. The economic effect of implementing ACS can be assessed as a reduction in the cost of maintaining security personnel minus the cost of equipment...
    13184. Modernization of software protection of JSC Alfaproekt for access control 787.27 KB
    Analysis of compliance with information protection requirements and choice of method to improve its security. Modernization software protection JSC Alfaproekt for access control. Characteristics of the developed program for assigning access rights. operating system OS is a complex of interrelated programs designed to manage the resources of a computing device and organize user interaction. According to the production document flow diagram, the customer submits a list of documents required for the project...
    12068. A method for producing an anti-fouling coating to protect the underwater part of ships and ships from marine corrosion and fouling 18.66 KB
    The fight against corrosion and fouling of ships is of great importance for successful navigation. A ban has been introduced on the use of toxic compounds of heavy metals in coatings to protect against corrosion and fouling of the underwater part of ships. As a result, a technology has been developed for obtaining, including in industrial conditions, the anti-fouling coating Skat according to TU231319456271024 to protect marine equipment from marine corrosion and fouling for a period of at least 45 years in tropical seas and 56 years for seas of the temperate climate zone.
    20199. Basic methods of information protection 96.33 KB
    Legal basis of information security. Basic methods of information protection. Ensuring the reliability and safety of information in automated systems. Ensuring information confidentiality. Information security control.
    9929. Algorithmic methods of information protection 38.36 KB
    For these systems to function properly and safely, their security and integrity must be maintained. What is cryptography Cryptography is the science of ciphers was classified for a long time as it was used mainly to protect state and military secrets. Currently, cryptography methods and means are used to ensure information security not only of the state but also of private individuals in organizations. While cryptographic algorithms for the average consumer are a closely guarded secret, although many already...
    1825. Methods and means of information protection 45.91 KB
    Create a concept for ensuring information security for a tire plant that has a design bureau and an accounting department using the “Bank-Client” system. During the production process, an anti-virus security system is used. The company has remote branches.
    4642. Software tools for protecting information in networks 1.12 MB
    Various ways Information security has been used by people for thousands of years. But it is precisely over the past few decades that cryptography - the science of information security - has experienced unprecedented progress due to
    17819. Development of an office information security system 598.9 KB
    A leak of any information can affect the activities of the organization. Confidential information plays a special role; loss of information can lead to major changes in the organization itself and material losses. Therefore, measures to protect information in given time very relevant and important.
    13721. METHODS AND MEANS OF PROTECTING COMPUTER INFORMATION 203.13 KB
    Information security objectives: ensuring the integrity and safety of information; restricting access to important or secret information; ensuring the operability of information systems in adverse conditions. The best option is both backup and copying Threat of disclosure Important or secret information falls into hands that do not have access to it. Threat of service failure discrepancy between the actual load and the maximum permissible load information system; random sharp increase in the number of requests to...
    18765. Problems of information security on the Internet. Internet threats 28.1 KB
    In other words: in the archives of free access to the Internet you can find any information on all aspects of human activity, from scientific discoveries to television programs. The virus finds and has a depressing effect on programs and also performs some malicious actions. Thus, outwardly, the operation of the infected program looks the same as that of an uninfected one. The actions that the virus performs can be performed at high speed and without any messages, which is why the user cannot notice incorrect operation computer or program.

    Identity theft is a growing public concern—millions become victims of identity theft every year, according to the Federal Trade Commission, and “identity theft” has become the most common consumer complaint. In the digital age, traditional authentication methods - passwords and IDs - are no longer sufficient to combat identity theft and ensure security. “Surrogate representations” of personality are easy to forget somewhere, lose, guess, steal or transfer.

    Biometric systems recognize people based on their anatomical features (fingerprints, facial image, palm line pattern, iris, voice) or behavioral traits (signature, gait). Because these traits are physically associated with the user, biometric recognition is reliable as a mechanism to ensure that only those with the necessary credentials can enter a building, access a computer system, or cross a national border. Biometric systems also have unique advantages - they do not allow one to renounce a completed transaction and make it possible to determine when an individual uses several documents (for example, passports) under different names. Thus, when properly implemented in appropriate applications, biometric systems provide a high level of security.

    Law enforcement agencies have relied on biometric fingerprint authentication in their investigations for over a century, and recent decades have seen rapid growth in the adoption of biometric recognition systems in government and commercial organizations around the world. In Fig. 1 shows some examples. While many of these implementations have been highly successful, there are concerns about the insecurity of biometric systems and potential privacy violations due to the unauthorized publication of users' stored biometric data. Like any other authentication mechanism, a biometric system can be bypassed by an experienced fraudster with sufficient time and resources. It is important to allay these concerns to gain public trust in biometric technologies.

    Operating principle of the biometric system

    At the registration stage, the biometric system records a sample of the user's biometric trait using a sensor - for example, films the face on camera. Individual features - such as minutiae (fine details of the lines of a finger) - are then extracted from the biometric sample using a feature extractor software algorithm. The system stores the extracted traits as a template in a database along with other identifiers such as name or ID number. For authentication, the user presents another biometric sample to the sensor. The traits extracted from it constitute a query that the system compares to a template of the claimed personality using a matching algorithm. It returns a match score that reflects the degree of similarity between the template and the query. The system only accepts an application if the compliance rating exceeds a predefined threshold.

    Vulnerabilities of biometric systems

    The biometric system is vulnerable to two types of errors (Fig. 2). When the system does not recognize a legitimate user, a denial of service occurs, and when an impostor is incorrectly identified as an authorized user, an intrusion is said to occur. For such failures there are many possible reasons, they can be divided into natural restrictions and malicious attacks.

    Natural restrictions

    Unlike password authentication systems, which require an exact match of two alphanumeric strings, a biometric authentication system relies on the degree of similarity of two biometric samples, and since individual biometric samples obtained during registration and authentication are rarely identical, as shown in rice. 3, the biometric system can make two kinds of authentication errors. A false match occurs when two samples from the same individual have low similarity and the system cannot match them. A false match occurs when two samples from different individuals have high similarity and the system incorrectly declares them a match. A false match leads to denial of service to a legitimate user, while a false match can lead to an impostor intrusion. Since he does not need to use any special measures to deceive the system, such an intrusion is called a zero-effort attack. Much of the research in biometrics over the past fifty years has focused on improving authentication accuracy—minimizing false nonmatches and matches.

    Malicious attacks

    The biometric system can also fail as a result of malicious manipulation, which can be carried out through insiders, such as system administrators, or through a direct attack on the system infrastructure. An attacker can bypass the biometric system by colluding with (or coercing) insiders, or taking advantage of their negligence (for example, not logging out after completing a transaction), or by fraudulently manipulating the registration and exception handling procedures that were originally designed to help authorized users. External attackers can also cause a biometric system failure through direct attacks on user interface(sensor), feature extraction or matching modules, or connections between modules or template database.

    Examples of attacks targeting system modules and their interconnections include Trojan horses, man-in-the-middle attacks, and replay attacks. Since most of these attacks also apply to password authentication systems, there are a number of countermeasures such as cryptography, timestamping, and mutual authentication that can prevent or minimize the effect of such attacks.

    Two serious vulnerabilities that deserve special attention in the context of biometric authentication are UI spoofing attacks and template database leaks. These two attacks have serious Negative influence on the security of the biometric system.

    A spoofing attack consists of providing a fake biometric trait that is not derived from a living person: a plasticine finger, a snapshot or mask of a face, a real severed finger of a legitimate user.

    The fundamental principle of biometric authentication is that although the biometric features themselves are not secret (a photo of a person's face or a fingerprint can be secretly obtained from an object or surface), the system is nonetheless secure because the feature is physically tied to a living user. Successful spoofing attacks violate this basic assumption, thereby seriously compromising the security of the system.

    Researchers have proposed many methods for determining the living state. For example, by verifying the physiological characteristics of the fingers or observing involuntary factors such as blinking, it is possible to ensure that the biometric feature recorded by the sensor actually belongs to a living person.

    A template database leak is a situation when information about a legitimate user's template becomes available to an attacker. This increases the risk of forgery, since it becomes easier for an attacker to restore the biometric pattern by simply reverse engineering the template (Fig. 4). Unlike passwords and physical IDs, a stolen template cannot simply be replaced with a new one, since biometric features exist in a single copy. Stolen biometric templates can also be used for unrelated purposes - for example, to secretly spy on a person in various systems or to obtain private information about his health.

    Biometric template security

    The most important factor in minimizing the security and privacy risks associated with biometric systems is protecting the biometric templates stored in the system's database. While these risks can be mitigated to some extent by decentralized template storage, such as on a smart card carried by the user, such solutions are not practical in systems like US-VISIT and Aadhaar, which require deduplication capabilities.

    Today, there are many methods for protecting passwords (including encryption, hashing and key generation), but they are based on the assumption that the passwords that the user enters during registration and authentication are identical.

    Template security requirements

    The main difficulty in developing biometric template security schemes is to achieve an acceptable compromise between the three requirements.

    Irreversibility. It must be computationally difficult for an attacker to recover biometric traits from a stored template or to create physical forgeries of a biometric trait.

    Distinguishability. The template protection scheme must not degrade the authentication accuracy of the biometric system.

    Cancellability. It should be possible to create multiple secure templates from the same biometric data that cannot be linked to that data. This property not only allows the biometric system to revoke and issue new biometric templates if the database is compromised, but also prevents cross-matching between databases, thereby maintaining the privacy of user data.

    Template protection methods

    There are two general principles for protecting biometric templates: biometric trait transformation and biometric cryptosystems.

    When transformation of biometric traits(Fig. 5, A) the protected template is obtained by applying an irreversible transformation function to the original template. This transformation is usually based on the individual characteristics of the user. During the authentication process, the system applies the same transformation function to the request, and the comparison occurs for the transformed sample.

    Biometric cryptosystems(Fig. 5, b) store only part of the information obtained from the biometric template - this part is called a secure sketch. Although it is not sufficient by itself to restore the original template, it still contains the necessary amount of data to restore the template if there is another biometric sample similar to the one obtained during registration.

    A secure sketch is typically obtained by associating a biometric template with a cryptographic key, however a secure sketch is not the same as a biometric template encrypted using standard methods. In conventional cryptography, the encrypted pattern and the decryption key are two different units, and the template is protected only if the key is also protected. In a secure template, both the biometric template and the cryptographic key are encapsulated. Neither the key nor the template can be recovered with only a protected sketch. When the system is presented with a biometric request that is sufficiently similar to the template, it can recover both the original template and the cryptokey using standard error detection techniques.

    Researchers have proposed two main methods for generating a secure sketch: fuzzy commitment and fuzzy vault. The first can be used to protect biometric templates represented as fixed-length binary strings. The second is useful for protecting patterns represented as sets of points.

    Pros and cons

    Biometric trait transformation and biometric cryptosystems have their pros and cons.

    The mapping to feature transformation in a schema often occurs directly, and it is even possible to develop transformation functions that do not change the characteristics of the original feature space. However, it can be difficult to create a successful transformation function that is irreversible and tolerant of the inevitable change in a user's biometric traits over time.

    Although there are techniques for generating a secure sketch based on information theory principles for biometric systems, the challenge is to represent these biometric features in standardized data formats such as binary strings and point sets. Therefore, one of the current research topics is the development of algorithms that convert the original biometric template into such formats without loss of meaningful information.

    The fuzzy commitment and fuzzy vault methods have other limitations, including the inability to generate many unrelated patterns from the same set of biometric data. One of possible ways A way to overcome this problem is to apply the trait transformation function to the biometric template before it is protected by the biometric cryptosystem. Biometric cryptosystems that combine transformation with the generation of a secure sketch are called hybrid.

    Privacy puzzle

    The inextricable connection between users and their biometric traits gives rise to legitimate concerns about the possibility of disclosure of personal data. In particular, knowledge of information about biometric templates stored in the database can be used to compromise private information about the user. Template protection schemes can mitigate this threat to some extent, but many complex privacy issues lie beyond the scope of biometric technologies. Who owns the data - the individual or the service providers? Is the use of biometrics consistent with the security needs of each specific case? For example, should a fingerprint be required when purchasing a hamburger at a fast food restaurant or when accessing a commercial Web site? What is the optimal tradeoff between application security and privacy? For example, should governments, businesses, and others be allowed to use surveillance cameras in public places to secretly monitor users' legitimate activities?

    Today there are no successful practical solutions for such issues.

    Biometric recognition provides stronger user authentication than passwords and ID documents and is the only way detecting impostors. Although biometric systems are not completely secure, researchers have made significant strides towards identifying vulnerabilities and developing countermeasures. New algorithms for protecting biometric templates address some of the concerns about system security and user privacy, but more improvements will be needed before such methods are ready for use in the real world.

    Anil Jain([email protected]) - Professor in the Department of Computer Science and Engineering at the University of Michigan, Karthik Nandakumar([email protected]) is a research fellow at the Singapore Institute of Infocommunications Research.

    Anil K. Jain, Kathik Nandakumar, Biometric Authentication: System Security and User Privacy. IEEE Computer, November 2012, IEEE Computer Society. All rights reserved. Reprinted with permission.