Wednesday, January 4, 2012

Biometrics

As you know from the Hackers post, interlopers are out there and they are trying to get your data! My personal opinion is that better kinds of security are needed. Particularly when a 4-digit password can sometimes be guessed just by looking at the smudges on the screen. And good passwords can be hard to remember, while easy-to-remember passwords can be easily cracked by simple perl scripts and a datafile. So what can we do? Well, technology is coming to the rescue because the science of biometrics can be used to make sure you are you. And since you are you, you won't have to remember any passwords.

Biometrics are on the tips of your fingers, the flecks of color in your eyes, the backs of your eyeballs, the shape of your face, and even the tiny imperfections in your skin. To measure a biometric identification technology, we use the false acceptance rate and the false rejection rate. The false acceptance rate is the probability that an interloper's biometrics will match a legal user in the database. The false rejection rate is the probability that a legal user's biometrics will not match their own database entry. Both are undesirable for good security.

Fingerprint
Ever since Dr. Henry Faulds first devised a system for identifying fingerprint patterns and classifying them, fingerprints have been used as a method of unique identification. Some laptops, such as the HP Pavilion have optional fingerprint scanners. One swipe becomes your password identification to log in. Numerous fingerprint scanners exist, such as the Eikon To Go USB fingerprint reader, and they are even Mac compatible. Current fingerprint scanners have a 3% false rejection rate, which is rather high. But their false acceptance rate is 0.1%. These can be confused by an uneven finger scanning rate when swiped.

The coolest new fingerprint technology is the TI LightCrafter, a MEMS device that uses structured light illumination (SLI) technology to scan a small 3D object such as your finger. This means you don't even have to touch the device for it to read your fingerprints. And it will read faces, teeth, and palms easily as well. It uses a DLP projector with 416,000 micro-mirrors to project stripes of light onto an object, then it measures the deformations of the stripes to reconstruct the object's 3D height field.

But at $600 each, it won't be included in your smartphone any time soon - until the price comes down.

Infrared-scanned eye and Iris code
Source: John Daugman
One of the most promising biometrics techniques is iris recognition. The best iris scanners operate using near-infrared illumination and sensing. First, the iris scanner takes a picture of your iris (the part of your eyes that make them blue, brown, hazel, and gray) in relatively high resolution. It doesn't have to be a complete picture of your iris, though. This is fortunate, because most people don't open their eyes wide enough to see the entire circular iris. The portion of the iris that is visible, minus things like specular shines, is unrolled from its circular format using a polar projection and thresholded. The areas that are not present are labelled don't care and the other areas are labelled with a one or a zero. Then this matrix of ternary bits (trits) is matched (using wrap-around to account for face rotation) with a database using special comparison algorithms.

When properly done, iris scanners are good enough to provide nearly 100% security and uniqueness on a population of many million. And, by the way, identical twins have different iris patterns, too. So that scene in Eagle Eye when the identical twin gets into the system and matches his brother's biometrics: that just can't happen! The false acceptance rate of an iris scanning system that is state-of-the-art is a mere 0.00008%. The false rejection rate is nearly 0%.

There is some evidence that moderately high-resolution video cameras in normal daylight can do iris scanning and verification. This is the technology that seems most likely to be applicable to smartphones, with their modern high-resolution cameras.

Voiceprint
Voiceprint identification systems are another cool and reliable biometric. Studies show an error rate of only 0.31% for false identifications, and 0.53% for false eliminations, which is quite good. Still, it might indeed be too easy to hear the phrase used as a password. And to record it as it is being uttered.

Facial detail identification is another technology that is being investigated. Here's my example of this technology. In my red-eye work, I came across this image that looks like Mark Zuckerberg. But is is really him? Let's use this technology to prove that it is him.

Here is the picture (to left). He's having fun at a party. So to prove it is really him, I will find a baseline image of Zuck somewhere on the web. Ahh, here's one (below to the right)!

Guillaume Paumier / Wikimedia Commons, CC-by-3.0
Comparing, we see that the eyebrow shapes and shiny superorbital ridge are remarkably similar, but (!) vastly more importantly, the three spots on the right cheek, the spot nearly in the center of the left cheek, and the one spot above the left eyebrow are just too much alike to be a coincidence. That, the canine teeth, and the right ear shape make it a 100% certain match. So, if you don't want to be identified - don't be famous!

Soon, perhaps it will be entirely unnecessary to enter passwords. And, to me, it looks like the iris scanning system is the most secure.



1 comment: