Biometric systems are generally restricted to specialist deployments and require expensive equipment. However, the world has recently experienced the widespread rollout of cheap biometric devices in the form of smart phones and tablets. One of the main drivers for mainstream adoption of biometric technologies is the need to address continuing problems with authenticating to online systems. These mobile devices may now be suitable to provide biometric-based authentication to a wide user population. This chapter discusses the different ways that face recognition can be used on smart mobile devices. The authors highlight the online authentication problem and show how three-factor authentication can address many pressing issues. They also discuss the ways that such a system could be attacked, and focus on replay attacks which have yet to be seriously addressed in the literature. The authors conclude with a brief examination of the current research into addressing replay attacks.
TopBiometrics
Biometrics has been defined as “The automated use of physiological or behavioral characteristics to determine or verify identity” (International Biometric Group, 2013) and has been studied for over 100 years (Bertillon, 1893). Jain et al. (1999) is an excellent introduction to the field of Biometrics.
Examples of the many modes of biometric systems include fingerprints, face recognition, voice recognition, iris scanning, retina scanning, hand geometry, ear patterns, gait recognition, vein patterns, written signature, keystroke dynamics, and DNA.
Immigration and border protection services are among the early adopters of automated biometric systems. The USA originally used hand geometry in their INSPASS program, and then moved to face recognition and fingerprints in the upgraded US-VISIT program. This current system is manually driven, and very labour intensive. Australia and New Zealand use face recognition in their SmartGate system that is coupled to the passenger's biometric enabled passport. This system uses automated booths, but there is still significant staff oversight to prevent security breaches and to facilitate passenger movement. Figure 1 shows examples of each of these biometric border protection systems.
Figure 1. Border protection biometric systems - INSPASS, US-VISIT, and SmartGate
Other uses for biometrics are personal identification of persons of interest (iris scanning), building/restricted space access control (face, voice, fingerprint), and crime scene investigation (DNA). More recently, biometrics have started to appear in laptop and desktop computers (face, fingerprint), but these are primarily used for local access to that computer system only.
Outside of such deployments, biometric systems are not commonly used by the general public. One of the primary challenges to widespread adoption is that the biometric sensor technology must be readily available in the location where it is expected to be used. An examination of the many different types of biometrics above shows that only a small subset of biometric modes could be supported in a practical system or the number of different sensors would continue to grow out of all proportion.
According to Jain et al. (2000) a suitable biometric should have the following characteristics:
- •
Universality: All users should possess the biometric;
- •
Distinctiveness: It should be possible to use the biometric to distinguish between any two different people;
- •
Permanence: The biometric should not change significantly over time;
- •
Collect-ability: It should be relatively easy to collect the biometric signal quantitatively;
- •
Acceptability: Users need to accept the biometric system.