With the proliferation of automated systems for reliable and highly secure human authentication and identification, the importance of technological solutions in biometrics is growing along with security awareness. Indeed, conventional authentication methodologies, consisting of knowledge-based systems that make use of something you know (e.g., username and password) and token-based systems that make use of something you have (e.g., identification card), are not able to meet the strict requirements of reliable security applications. Conversely, biometric systems make use of behavioral (extrinsic) and/or physiological (intrinsic) human characteristics, overcoming the security issues affecting the conventional methods for personal authentication. This book chapter provides an overview of the most commonly used biometric traits along with their properties, the various biometric system operating modalities as well as various security aspects related to these systems. In particular, it will be discussed the different stages involved in a biometric recognition process and further discuss various threats that can be exploited to compromise the security of a biometric system. Finally, in order to evaluate the systems’ performance, metrics must be adopted. The most widely used metrics are, therefore, discussed in relation to the provided system accuracy and security, and applicability in real-world deployments.
*Address all correspondence to: david.palma@uniud.it
This chapter stands as an introduction to the field of biometrics which is rising as an advanced layer to many user- and enterprise-centric security systems. In fact, conventional authentication methods, such as traditional passwords, have long been a weak point for security systems. Biometrics aims to answer this issue by linking proof-of-identity to our physiological traits and behavioral patterns. It is therefore important to present the concepts and primitives of performance metrics due to their impact on secure biometric systems. Thus, a brief overview is given to describe the main biometric traits along with their properties as well as the various biometric system operating modalities and the relatively known vulnerabilities. Finally, the criteria for performance evaluation have been defined to determine the system accuracy and security which are related to the applicability in real-world deployments.
Various biometric modalities have been developed over the years making the biometric technology landscape very vibrant. Prominent examples of physiological/biological and behavioral biometric characteristics, which have been the purpose of major real-world applications, are illustrated in Figure 1.
Biological biometrics make use of traits at a genetic and molecular level which may include features like DNA or blood, whilst physiological biometrics involve the individual physical traits like a fingerprint, iris, or the shape of the face. On the other hand, behavioral biometrics are based on patterns unique to each person, for example, how an individual walks, speaks, or even types on a keyboard. Some examples of biometric traits are briefly described below.
Fingerprint: Fingerprint recognition, which measures a finger’s unique pattern, is one of the oldest forms of biometric identification. This trait appears as a series of dark lines and white spaces when captured from the device and it consists of a set of ridges and valleys located on the surface tips of a human finger to uniquely distinguish individuals from each other. The fingerprint features are generally categorized into— (i) macroscopic ridge flow patterns (core and delta points), (ii) minutia features (which consists of the ridge bifurcations/trifurcation and the ridge endings), and (iii) pores and ridge contour attributes (incipient ridges, pore, shape, and width). Fingerprints of identical twins are different and so are the prints on each finger of the same person [1].
Face: Facial features use the location and shape (geometry) of the face, including the distance between the eyes, the distance from the chin to the forehead, or other measures that involve eyebrows, nose, lips, and jawline [2]. This kind of recognition is a nonintrusive method with reasonable authentication performance in commercially available systems. However, several constraints may be imposed by the systems on how the facial images are obtained to work properly, for example, controlled illumination and background. Moreover, its susceptibility to change due to factors such as aging or expression may present a challenge [3].
Hand geometry: This trait is based on the geometric characteristics of the hand such as the length and width of fingers, their curvature, and their relative position to other features of the hand. Though once a dominant method of biometric measurement due to the requirement of the low complexity in feature extraction and low-cost imaging, modern advances in biometrics have replaced its relevance in most applications [4]. Furthermore, such a biometric trait is not known to be very distinctive and hand geometry-based recognition systems cannot be scaled up for systems requiring the identification of an individual from a large population. In addition, hand-geometry features from both hands are expected to be similar, as their anatomy is quite similar [5].
Iris: Systems based on this trait are among the most accurate biometric systems available. This human characteristic refers to the colored part in the eye that consists of thick, thread-like muscles characterized by unique folds and patterns that can be used to identify and verify the identity of humans. Furthermore, this biometric trait is stable because iris patterns do not vary during the course of a person’s life and are not susceptible to loss, manipulation, or theft, making an iris recognition system robust to spoofing attacks. One interesting point worth noting is that even the two eyes in the same person have different patterns [6].
Ear acoustic: The main purpose of this kind of recognition system is to map one aspect within acoustic ear recognition, namely the performance of the ear characteristics bands and peaks. An ear signature is generated by probing the ear with inaudible sound waves which are reflected bouncing in different directions and picked up by a small microphone. The shape of the ear canal determines the acoustic transfer function which forms the basis of the signature. The recognition process is also possible, whilst the subject is on the move and caters to the protection of secrecy, which expands the applicability of this technology [7].
Vascular patterns: This biometric trait has been largely investigated for its advantages over other features. In fact, the vascular pattern of the human body is unique to every individual, even between identical twins [8], remains steady during the course of a person’s life, and lies underneath the human skin ensuring confidentiality and robustness to counterfeiting, as opposed to other intrinsic and extrinsic biometric traits that are more vulnerable to spoofing, thus leading to important security and privacy concerns [9]. To acquire the network structure of blood vessels underneath the human skin, a vascular-based recognition system uses near-infrared light to reflect or transmit images of blood vessels, since they are almost invisible in normal lighting conditions [10]. The most commonly used vascular biometric solutions use hand-oriented modalities, such as finger vein, palm vein, hand dorsal vein, and wrist vein recognition, as well as eye-oriented modalities, such as retina and sclera recognition [11].
Electrocardiogram (ECG): This trait considers the human heart and body anatomic features form the shape of the ECG signal typically acquired using a few electrodes, amplifiers, filters, and a data acquisition module, and which reports the strength and timing of the electrical activity of the heart [12]. However, scientific findings to date throw doubt on the specificities of real-world application scenarios and acceptability by the potential end users, which pose several constraints and questions.
Deoxyribonucleic acid (DNA): DNA matching is based on a common molecular biology method named short tandem repeat (STR) 2 analysis, which is used to compare allele repeats at specific locations on a chromosome in DNA between two or more samples [14, 15]. DNA-based biometric recognition has been widely used in forensic science and scientific investigation due to its very high accuracy, despite the fact that identifications require tangible physical samples and cannot be done in real time.
Keystrokes, handwriting, gait, how a person uses a mouse, and other movements are some of the behavioral traits that a biometric system may analyze to assess the individual’s identity.
Gait: This characteristic may be changeable over a large time span due to various reasons, such as weight gain [16]. Thus, it can be used in low-security applications for massive crowd surveillance as it can quickly identify people from afar based on their walking style, even harnessing the potential of a large number of surveillance cameras installed in public locations into a biometric system. In fact, such a system does not require the individuals to be cooperative, nor that they wear any special device or equipment to be recognized [17].
Mobile interactions: It is based on the unique ways in which users swipe, tap, pinch-zoom, type, or apply pressure on the touchscreen of mobile devices like tablets and phones, thus providing characteristic patterns that may be used to identify people, even considering further features deriving from on-board sensors such as GPS, gyroscope, and accelerometers [18], which can also be configured to collect data in passive mode. Therefore, mobile interactions-based biometrics focuses not so much on the outcome of the user’s actions but rather on the way a user performs those actions.
Signature: Signature recognition is the most widely accepted method for documents authentication and it makes use of shorter handwriting probes compared to text-independent writer recognition methods, but it requires to write the same sign every time. A signature authentication scheme can be categorized into two methods—(i) off-line or static (the signature is digitized after the writing process) and (ii) online or dynamic (the signature is digitized during the writing process). Signature biometric features are extracted by analyzing curves, edges, spatial coordinates, inclination, the center of gravity, pen pressure, and pen stroke of the signature samples in both off-line and online applications. However, dynamic information like writing speed and stroke order is available only in online signatures [19].
Mouse dynamics: It makes use of patterns in mouse or trackpad cursor movement including clicks, trajectories, direction changes, tracking speed, and the relationships between them. Mouse-generated movement features are relatively stable for the same individual and different compared to other users, as such can be used to authenticate individuals [20]. These methods are most often used to continuously verify the user’s identity.
Keystrokes: Keystroke dynamics (also known as typing biometrics) include the tracking of the rhythm used to type on a keyboard. Two events constitute a keystroke event—key down and key up. The first one occurs when an individual presses a key, whilst the second one is associated with the event that occurs when the pressed key is released. Making use of these events, a set of inter-key and intra-key features known as delay times, hold times, and key down-key downtimes can be extracted. In general, keystroke recognition will work on the computer or virtual keyboards, mobile phones, smartwatches, and touchscreen panels, providing a low-cost authentication method that can be easily deployed in a variety of scenarios [21].
Voice: Voice recognition technology falls under both the physiological and behavioral biometric categories. Voice biometric recognition allows to distinguish among humans’ voice for personal authentication as voice features include physical characteristics such as vocal tracts, nasal cavities, mouth, and larynx [22]. Behaviorally, the way a person speaks or says something, for example, tone, movement variations, accent, pace, and so on, is also considered unique to each individual. Using data from both physiological and behavioral biometrics creates, therefore, a precise vocal signature, though mismatches may occur due to illness or other factors.
Real-life biometric recognition systems ought to meet the requirements of accuracy, speed, and resource constraints, be harmless to the users, be accepted by the intended population as well as sufficiently robust to various fraudulent methods and attacks to the system [25].
Table 1 is reported a comparison study of the most popular traits based on the characteristics of biometric entities [26].
| Biometric trait | Universality | Uniqueness | Permanence | Collectability | Performance | Acceptability | Circumvention |
|---|---|---|---|---|---|---|---|
| Fingerprint | M | H | H | M | H | M | H |
| Face | H | L | M | H | L | H | H |
| Hand geometry | M | M | M | H | M | M | M |
| Iris | H | H | H | M | H | L | L |
| Ear | M | M | H | M | M | H | M |
| Vascular patterns | H | H | M | M | H | M | L |
| DNA | H | H | H | L | H | L | L |
| Gait | M | L | L | H | L | H | M |
| Signature | L | L | L | H | L | H | H |
| Keystroke dynamics | L | L | L | M | L | M | M |
| Voice | M | L | L | M | L | H | H |
Comparison study of the most common traits based on the characteristics of biometric entities.
