Introducing the Biometrical Electronic Passport (ePass)

Transcription

Introducing the Biometrical Electronic Passport (ePass)
University of Fribourg
Information Systems Research Group
Seminar work on Electronic Business Module
Introducing the Biometrical
Electronic Passport (ePass)
Students:
Course Instructor:
Workshop Assistant:
Daniele Cavadini
Lorenzo Cimasoni
Prof. Dr. Andreas Meier
Daniel Fasel
Spring Semester 2008
2
Contents
1 Introduction
1.1 Objective and problem definition . . . . . . . . . . . . . . . .
2 Biometrics
2.1 Introduction . . . . . . . . . . . . . .
2.2 Evaluation Parameters . . . . . . . .
2.2.1 Performance Measurement . .
2.3 Physiological biometrics . . . . . . .
2.3.1 Fingerprint . . . . . . . . . .
2.3.2 Face Recognition . . . . . . .
2.3.3 Iris Recognition . . . . . . . .
2.4 Behavioural biometrics . . . . . . . .
2.4.1 Signature . . . . . . . . . . .
2.4.2 Voice . . . . . . . . . . . . .
2.5 Other biometric examples . . . . . .
2.5.1 High uniqueness biometric . .
2.5.2 Medium uniqueness biometric
2.5.3 Low uniqueness biometric . .
2.5.4 Multi-biometric verifications .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
3
3
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
4
4
5
5
6
6
7
8
9
9
10
10
10
12
12
12
3 Biometrical Electronic Passport
3.1 Introduction . . . . . . . . . . . . . . .
3.2 German ID strategy . . . . . . . . . .
3.2.1 Electronic Identity Card (eID)
3.2.2 Electronic Passport (ePass) . .
3.3 Swiss Passport . . . . . . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
13
13
14
16
17
18
4 Biometrics in e-Business
4.1 E-Banking . . . . . . . . . .
4.2 Digital signature . . . . . .
4.3 Other applications . . . . .
4.3.1 Walt Disney World .
4.3.2 KSS Sport & Leisure
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
19
19
20
20
21
22
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
5 Biometrics in e-Government
22
5.1 E-Voting case studies . . . . . . . . . . . . . . . . . . . . . . . 22
5.2 United Arab Emirates . . . . . . . . . . . . . . . . . . . . . . 23
6 Conclusions
24
6.1 Biometric weakness . . . . . . . . . . . . . . . . . . . . . . . . 24
6.2 Big brother . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
6.3 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . 25
1
Bibliography
27
2
1
Introduction
The globalization in all its aspects political, economical and technological
is creating a more strong connection between countries. It increases the
flow of people, goods, services and capital and it increase the spreading of
information across Internet.
In the other hand also new dangers are created and an increasing demand
for safety and security in the public and private sectors is driving research
in the field of automated recognition of individuals by using behavioral and
biological characteristics.
The Biometrical Electronic Passport is only one of the solutions proposed
in administration and business field.
1.1
Objective and problem definition
The introduction of Biometrical Electronic Passport (ePass) subject could
be treated analyzing the different concepts that compose it.
First of all the biometrical part will be treated in this work, analyzing the
general evolution of biometrics, the main characteristics and in more detail
some biometric techniques that are currently used in different domain. For
example the facial recognition used in modern passport or voice recognition
technique used in different commercial situations.
Then the application of those biometric techniques on country’s passports will be discussed, explaining the need of this changement and how
is treated internationally. A more detailed view over German Electronic
Identification project and on the Swiss situation will be given.
In a second part will be discussed how biometrical techniques have been
and could be applied in e-Business sector, which are the practical advantages
and disadvantages of this practice, and currently which kind of solution are
used and proposed.
Due a previous seminar work on e-Government’s theme case studies on
e-Voting a part of this work will be devoted on the explanation of an eventual
application of biometrics techniques in this field.
The intent of this work is not to give a technical and specific documentation over biometrics but to give a wide overview in the biometric application
field, analyzing how and why biometrics techniques has been introduced at
the administration and business levels, which are the possible further application in those domains and which are the obstacles in all this process.
3
2
Biometrics
2.1
Introduction
The word biometrics derived from bios that means life and metron that
means measure; in other words is the study of methods to uniquely recognize
human traits of each person. These unique characteristics can be divided in
two distinct classes:
• Physiological: related to the body of the person. The most famous
unique trait is the fingerprint, but there are a lot more, like the shape
of the hand or of the face, the iris recognition or the DNA analysis.
• Behavioural: related to the behaviour of the person. In this case
the well-known example is the signature, another known biometric
characteristic known is the voice. There is also the keystroke dynamic
or the gait (the study of locomotion).
The word biometric can also be associated to a larger set of information
that a person own, the three category are: Who you are, What you have
and What you know (Figure 1).
Figure 1: Set of information schema
These characteristics can also be combined and not simply used separated. Some combinations are already used: in example Swiss Post Finance
system uses a username and a password protection for the first step of identification, the second step is based on a postcard-reader (in this case what
you have and what you know works together).
4
2.2
Evaluation Parameters
To classify and better evaluate the various systems based on biometric characteristics is enough to explain the power or the weakness of the following
parameters for every characteristic:
• Uniqueness: an higher value indicates that every person can be separated from another.
• Permanence: measures how well a characteristic resists ageing.
• Collectability: the easiness to measure the biometric characteristic.
• Performance: speed, robustness and accuracy.
• Acceptability: degree of approval of a technology.
• Circumvention: easiness of use of a substitute.
2.2.1
Performance Measurement
The performance parameter is a little bit more complicated than the others.
In this case we have to define different kinds of error or mistake that a
biometric characteristic can perform during the recording phase or during
the recognizance phase.
In fact, every biometric characteristic (physiological or behavioural) has
to be firstly recorded into a database (or a RFID chip) and then, when
needed, the data have to be verified and evaluated to check that the physical
person owner of data is effectively the person recorded previously.
• The first possibility is the FA error (False Accept): the system incorrectly declares a successful match between the input and a random
non-matching pattern in the database. This error leads to calculate a
FAR (False Accept Rate) that is a percent of these invalidity matches.
• Another common rate to calculate is the FRR (False Reject Rate): in
this case the input do not match with its corresponding pattern.
• The EER (Equal Error Rate) is the error when both accept and reject
rate are equal. More the EER value is then more accurate the system
is.
• FTE or FER (Failure to Enrol) is the percent of data that fails inserting into the system (poor or invalid quality of the data used as
input).
• FTC (Failure To Capture): this error happens when, in automatic
system the biometric characteristics are presented correctly but the
system was unable to detect them or capture them correctly.
5
• Template Capacity: is the maximum capacity of the system.
This small introduction about biometric procedures and measurements
was useful to better comprehend the following examples of biometrics. The
description will be deeper for some biometric (like fingerprint, face recognition, ...) because of the relation to the ePassport and eBusiness. Other
biometrics will be described shortly (like iris recognition or voice analysis).
2.3
2.3.1
Physiological biometrics
Fingerprint
Figure 2: Fingerprint example
The main characteristics of the fingerprint biometric are: uniqueness,
permanence and performance. In fact the fingerprint is unique; this means
that every person has his personal fingerprint. It is permanent, because
growing a person always keeps the same fingerprint and the performance
analysis is high: the time to a nalyze an input with a pattern is pretty fast
and the FRR and FAR are low.
The fingerprint biometric become wildly used since lasts years; actually
we can find the fingerprint reader over almost every notebook in commerce.
For this reason the use of the fingerprint as biometric identification becomes
every year more accepted and the population understand better the necessity
to introduce a biometric system in passports or ID cards too.
Figure 3: Fingerprint reader example
6
This biometric has some weakness too. One of them is that the fingerprint protection can be easily bypassed and in this case all security measure
becomes useless.
To clearly explain how a fingerprint reader works we need first know
what kind of fingerprint there are; basically there are 3 kinds of fingerprints:
arch, loop and whorl.
• The arc fingerprints are formed by lines that enter from the left side,
they form an arc in the middle of the pattern and then they exit to
the right side.
• The loop fingerprints are formed by lines that enter from one side of
the pattern, then they form a curve and they exit to the same side.
• In the whorl fingerprint there is a central point around it the lines turn
around.
The fingerprint sensor simply reads these lines and creates a pattern
that can be stored into a database or in another storage support. When the
pattern is created there are some algorithms that can be used to compare
the input with all the entry into the database.
One of these algorithms is the Minutia-Based algorithm which use some
minutia-points (like bifurcations, ridge ending and short ridge) to create
some hotspots that can be used like referring-point when an input is compared with the patterns into the database. In each image can be from 10
to 100 minutia points and with a match of 7-20 of them the pattern surely
match.
2.3.2
Face Recognition
The biometric face recognition becomes more and more popular and used.
In fact it is not intrusive (do not need to touch anything during the scan to
produce the input), it is fast but the main weakness is that about 10% of
cases are False Rejected.
Its principal robustness is the fast collectability. It is easy to collect
data and store them into the database, for this reason the people accept
that technology more than an intrusive one (like the DNA scan or the iris
scan). The principal weakness is that uniqueness of individuals is not so
precise; two people can be alike and the input can be accepted even if there
is not a pattern of that specific person, but just a pattern of a similar one.
If this problem is added to the high FRR then the result is that the system
is fast and non-intrusive but there is a good probability to do not have an
exact match for every measurement.
This system is not used just in airport or in according to the ePassport,
but it was used for the surveillance too. To mention some example:
7
• In 2001 was used the biometric face recognition for the Super Bowl
35, in Tampa Bay, Florida. During that event it recognized 19 people
with pending arrest warrants.
• In the 2000 presidential election the Mexican government used this
system to prevent the multi-voting. Some individual were recognized,
they tried to vote twice using different names.
The face recognition algorithm is similar to the fingerprint one. It uses
some unique landmarks like the distance between the eyes, the width of the
nose, the depth of the eyes socket, the shape of the cheekbones and the
length of the jaw line (Figure 4). These nodal points are measured creating
a numerical code, called faceprint, representing the face in the database.
When an input is inserted to be checked the program create a new faceprint
number and check if into the database there is another similar number.
There is a threshold that can be modified: more this value is high, more the
program will generate False Repentance.
Figure 4: Face recognition example
2.3.3
Iris Recognition
The iris (Figure 5) has a lot of good aspect, but also some disadvantage too.
One of the more robust characteristic of the iris is his uniqueness (for the
fingerprint was the same); every person has his own iris and it is impossible
that two people has the same (the twins do not have the same iris as well).
Another good aspect of the iris is the permanence; everyone has always
the same iris. The performance is another good aspect; the algorithm is fast
and the FFR and FAR are very low because the scan is very accurate.
The iris is an internal organ, so it is protected against damage (more
than fingerprints). There is a new algorithm (developed by John Daugman)
8
that has a FRR of about 10−11 . The texture remains the same during all
the life (some surgical operation can modify the colour of the eye, but not
the pattern).
One weakness of iris recognition is clearly its invasive nature; because of
this reason the acceptability is very low (even if with modern technology an
iris could be photographed from 10cm to a few meters away).
Other disadvantages are that if a person does not want to cooperate
the iris reading procedure becomes very difficult or that the image quality
influences the FRR.
Figure 5: Iris target example
2.4
2.4.1
Behavioural biometrics
Signature
The signature is clearly a behavioural biometric characteristic (Figure 6).
The only positive characteristics are the collectability and acceptability;
everyone can have a personal signature in less than one second, because it
is enough to put a sign over a paper to confirm two fundamental things:
• The provenience of the document.
• The intention of an individual with regard to that document.
The signature has clearly a lot of weakness in a biometric domain, first
of all the uniqueness; someone could have the same signature of another.
The permanence is another bad aspect for signature; until a person does
not learn to write cannot have a signature, and the signature could change
growing; the signature can also being copied very easily. It is clear that the
signature cannot be used as a provable biometric test to recognize a person.
9
Figure 6: Signature example
2.4.2
Voice
Speaker recognition (or voice recognition) is a computing task of recognizing
people from their voice.
There are two main aspects of speaker recognition, the first is to identify
the speaker and the second is the speaker verification. The first differs from
the second because is a slower process and concern to identify a speaker
from his voice searching over a database of voices. In biometrical domain is
more used the second variant, a speaker have just to be verified, having just
his voice as input and the pattern of his voice as verification model.
The high acceptability makes the voice one of the best candidate for
future implementation of biometric security systems. However the voice does
not have more positive aspects; one of the weakest points is the uniqueness,
a voice can easily being copied by another person. In addition the voice is
not permanent; so a person growing can change his tone and his voice can
become completely different from the voice previously recorded to identify
him. This aspect touches also the performance aspect.
The voice recognition’s security measures are various, one of them is
provided by the system that randomly asks the user one question and the
user must provide the correct answer. Another option is to ask the user to
repeat a sentence that the system randomly chose. The text-independent
system is often used to speaker identification because in this case just a
small piece of speech is enough to find the most probable speaker inside the
database.
2.5
Other biometric examples
Some biometric recognition system have to be at least mentioned because in
that way the research is spending a lot of time in lasts years. The following
examples are sorted by uniqueness, because the uniqueness is one of the
more important characteristic that a biometric should have.
2.5.1
High uniqueness biometric
• Retinal Scan: it is very difficult to copy but it is very intrusive.
The collectability is difficult growing the structure change a little bit
10
Figure 7: Voice pattern example
(Figure 8).
• Facial Thermograph: the collectability is very easy to do so the
acceptability is very high too. The facial thermograph has the same
problem of retinal scan, growing the structure change.
• Odor: the only positive aspect is that the permanence is very high,
but because of the weirdness the acceptance is low. Two other negative
aspects are the collectability (difficult) and the performance (low).
• DNA: the only negative aspects are the collectability (difficult) and
the acceptability (felt like very intrusive procedure to get it). The
other aspects are all very high; the permanence is assured and does
not change growing. The uniqueness is granted and the performance
is high.
Figure 8: Retina pattern example
11
2.5.2
Medium uniqueness biometric
• Hand Geometry: the only good aspect of this biometric is that
the collectability is very easily done. This biometric does not have
very negative aspects, but is not enough to define this as a very good
biometric.
• Hand Veins: this biometric is similar to hand geometric, but the
collectability is a little bit more difficult to perform (Figure 9).
• Ear Canal: the only remark to do about this biometric is that the
permanence is very high.
Figure 9: Hand veins example
2.5.3
Low uniqueness biometric
• Keystrokes: similar to the signature biometric. The keystroke change
very easily growing.
• Gait: similar to keystrokes and signature. The gait can change regularly and it is easy to copy.
2.5.4
Multi-biometric verifications
Some companies approached the biometric recognition in different ways,
but one of the securest ways is to utilize two or three biometric verification
simultaneously, in example voice and facial or signature and voice.
12
3
3.1
Biometrical Electronic Passport
Introduction
A Biometrical Electronic Passport, sometimes simply called Electronic Passport or ePass, is a combined paper and electronic identity document that
uses biometrics in order to authenticate the identity of travellers.
In the actual standardized passport all information are stored on a passive Radio-Frequency Identification (RFID) chip using recommended files
formats and communication protocols established by the International Civil
Aviation Organisation (ICAO).
The chip holds the same information’s that are printed on the passport’s
data page: the holder’s name, date of birth, and other biographic information. An ePass also contains some biometrics identifier depending on the
different countries choice and technical evolution.
The ICAO defines the biometric identification as a verification of human identity through the measurement of distinguishing physiological or
behavioural characteristics. The ICAO only considers three types of biometrics: facial recognition, fingerprint and iris scan. Actually only facial
recognition is compulsory.
From 2001, after terroristic attacks in USA, a higher level of security
became a priority in order to prevent any passport forgery and fraudulent
identification papers. An international pressure has been conducted by the
US Government with a reform of their Visa Waiver Program (VWP).
All foreigners that want to enter the US visa-free under the VWP must
bear a machine-readable passport which complies with international standards. If a foreign passport was issued on or after October 2006 that passport
must be a biometric passport.
Under those conditions several countries created their ePass projects
following the international standards directives.
The European Union Council Regulation on standards for security features and biometrics in EU citizens’ passport, defined in 2004 the timeline
for introducing digital face and fingerprint images in all European passport.
This regulation implemented the technical specifications established by the
ICAO.
EU member states decided to use fingerprints as the second biometric
identifier because fingerprint capture and reading systems have proved convenient in practice. In addition, two different biometric features increase the
flexibility of controls and also the security with a cross check. Depending
on the situation, inspectors will be able to choose to check only the photo
or also the fingerprint during biometric controls.
There are some technical difficulties that are delaying biometric integration into passport in the United States and in the European Union. These
difficulties include compatibility of reading devices, information formatting
13
Figure 10: Example composition of an Electronic Passport according to
GmbH
and the nature of content. For example the US currently expects to use only
image data, whereas the EU intends to use fingerprint and image data in
their passport.
The controls with the e-Passport will change but not drastically, biometric verification methods will not replace but will be a complement in
traditional border controls. In a first step, personal and biometric data will
be read and verified electronically and the digital photo will be used for a
visual check. In the second step the photo and/or the fingerprints taken
at the checkpoint will be compared with the data on the e-Passport chip.
During this process, theoretically, no data will be stored.
3.2
German ID strategy
Germany is one of the most advanced countries in the development of new
generation of identification methods.
The German governmental project is not limited on Passport changes
but also integrate other identity cards, for example the national ID card for
all German citizens (eID Card) and European eResidence Card for foreign
14
residents, the eHealth card and others, all in a comprehensive identification
strategy (Figure 11).
Figure 11: Comprehensive German Identification Strategy according to
bund.de
The objective is not merging all electronic cards into one but to introduce
a common standard for market participants, ensuring the interoperability
and the security of the system.
This strategy is an integral part of a German Administration program,
called eGovernment 2.0, originated from the implementation of the BundOnline 2005 and Deutschland-Online initiatives. This plan has the objective
to promote the modernisation process in all public administrations and a
connection with business under 4 key points:
• Portfolio: enhancement of the federal eGovernement services in terms
of quantity and quality
• Process chains: establishing of electronic between the public administration and the business community utilizing common business
process chains
• Identification: Introduction of an electronic Identity Card (eID Card)
and development of electronic Identification concepts
• Communication: development of secure communication infrastructure for citizens, business and public administrations
According to this program, Internet has to become the major communication and distribution channel for public administration services. The
15
collaboration between businesses and administration could lead to an integration of the systems. The security in internet transaction in the area
of electronic business and e-Government could be realized and facilitated
though the utilisation of eID cards and certificated portals as platform.
3.2.1
Electronic Identity Card (eID)
The introduction of the electronic Identity Card is an important step of the
eGovernment 2.0 program. In addition to the traditional functions (photo
ID, identification document and travel document) the card has the aim to
facilitate the reciprocal identification on the Internet.
Like for the passport a microchip will provide all authentication functionality, applicable to both eGovernment and eBusiness transactions (Figure
12).
Figure 12: Authentication with eID card according to bund.de
Electronic identity cards want to ensure a higher level of data protection
by enabling access only to certain data required for the respective identification purposes.
Optionally the eID card can include electronic signature functionality
and in addition biometric data (the same of the passport).
During this year the card will be tested and then introduced in 2009.
The procedure for authenticate citizens for an online service is the following:
1. The card is introduced in a card reader connected to the computer
16
2. The client send a request to the Application Service Provider
3. The Application Service Provider send an access certificate for presentation to the citizen
4. The certificate is transferred to the card chip
5. A Basic Access Control is established with the insertion of a PIN
number in a secure connection
6. An Extended Access Control establish the chip and the application
authenticity
7. The data of access certificate are sent to the Application Service Provider
With the increasing security level situation is possible to imagine that in
the Basic Access Control a biometric control in addition or instead of the
PIN could be added in the future. The important argument is that identity
controls are done on the local machine and not comparing data with a remote
database.
The authenticating function of the eID card could be summarized as:
• Optical authentication (classic function): for the government sectors is used for identification when crossing national borders, for private sectors could be used for opening a bank account or checking into
a hotel.
• Electronic authentication (new function): used in electronic networks (Internet or Intranet) for eGovernment applications (tax filling,
applications, information request) and for eBusiness applications (ebanking, online shopping, online auctions)
• Qualified signature: is planned as an optional add-on, it want to be
the electronic equivalent of handwritten signature and could be used
for signing contracts or others official documents.
3.2.2
Electronic Passport (ePass)
In Germany the e-Passport has been introduced in November 2005, in the
first phase, with the digitalisation of all biographic information and in addition a digital facial image.
In the second phase, in November 2007, 2 fingerprints has been included
among with all others information’s.
The German ePass was the first introduced in Europe, before only the
Belgian passport was released in November 2004 but it was not full conform
to the European Union and international standards.
17
3.3
Swiss Passport
The Swiss policy concerning the new data content of e-Passport has been
to follow and analyze the international evolution and more precisely all
European Union Council decision in this matter.
Figure 13: Swiss Passport and passive RFID chip example
The Swiss parliament in this days has to decide if agree to apply another
change to the passport in order to follow all other countries. The new
sophistication proposed will be the introduction of a scanned fingerprint,
along with all biographic data and the digitalized picture contained in the
actual e-Passport, starting from 2009. If this change will be approved, this
will be the fourth generation of passport in 7 years:
• In 2003 Swiss authorities creates the first version of machine-readable
Passport.
• In 2006 after international pressure, and also with the Shengen openborder treaty, all member of European Union and also Switzerland
introduced the biometric passport with an RFID chip containing biographic data for comparison.
• In 2007 a digitalized picture of the passport’s holder was included with
biographic data.
• In 2009 a digitalized fingerprint will be included in the chip memory.
A peculiar decision that the Swiss parliament has to take is to decide if
create a central database where memorize all information contained in every
passport. In case of approval Switzerland will be the first European country
to systematically file all citizens included all fingerprints.
This proposal has been criticized in different sectors, from a part of the
parliament to the head of federal data protection and transparency bureau.
18
All European authorities charged to control data protection are against the
central archiving of this type of information, in particular for biometrical
one.
4
Biometrics in e-Business
The example of the German national biometric identity card (eID Card),
and the general strategy for an implementation of electronic identification
infrastructure, could be a valuable security support for governmental but
also commercial needs, especially with new applications based on electronic
signatures.
Users could be allowed to access eGovernement, eBanking or eCommerce
applications using a similar identification system and this could create a
trusted domain where exchange information’s in a secure channel.
For the moment the development of biometrics is concentred into the
Administration-to-Citizen (A2C) relationship but the interest is growing
fast and spreading in others sectors especially into Business-to-Consumer
(B2C) and Business-to-Business (B2B).
In similar scenario citizens, business and governments can interact using
certified ID and could encourage the development of new business models
and services based on trusted transactions.
The application of this new kind of authentication method became relevant in some specific eBusiness and eCommerce sectors.
4.1
E-Banking
In e-Banking case for example there is a strong demand and researches for
a more reliable authentication method for system operators and customers.
The actual security system is usually composed by a cryptographic connection though Internet using Secure Soket Layer (SSL) cryptography, and
the authentication is done using an user number ID, a password or a PIN
and often a synchronized random number generator.
But the increasing number of different kind of attacks, such as phishing
attacks where the attacker using fake e-mails try to capture user’s financial
information and account password, make all online bank systems vulnerable.
Some banks already experiment a sort of biometric identification with
the introduction of phone based transactions, somethimes also called vCommerce. In this domain the user is identified by his voice pattern and
some others identification methods like personal code and random questions. Speaker verification is an effective way for providing a good security
but remaining not intrusive, and with lower operational costs compared with
others techniques.
Another example is the introduction of biometric automated teller machine (ATM) in India for testing if such system is valid. The machines are
19
expected to serve about 100,000 workers who will use fingerprint scanners,
rather than ATM cards and PINs, to obtain their funds. This remain an
experiment due the fact that similar machines have not caught much success
during trials in other part of the world. This is due to the fact that the use
of only fingerprint for authentication, withouth any card or PIN code, is not
considered safe enought caused by False Acceptance Rate and circumvention
techniques of this biometric.
4.2
Digital signature
As in others applications also in digital signature there is a growing interest
for implementing a PKI (Public Key Infrastructure) with some biometric
techniques. The major problem is the same as in all others aspect: data
protection and the trusted identification of people involved. The aim is to
compare at the same level a personal handwritten signature to a remote
digital one, with the same legal and economical implications.
In the German electronic national identity card there is the optional
possibility to have the digital signature feature. The card is prepared and
contains keys and the qualified certificate. This creates also some legal basis
for electronic signature on contracts and other legal paper such as electronic
employment certificate, salary statement and tax statement.
The only way to identify the owner of a public key in traditional asymmetric encryption is through the correspondence justified by Certification
Authorities. In current solutions an authentic digital signature proves that
the signer possessed the proper secret key, however it cannot be verified
whether really the rightful owner of the key used it, or someone else did.
In a system constructed with keys and certificates stored on an eID
card protected with PIN number or biometrics check, the security of the
transaction and the identity of contractors rise considerably. But not all
problems could be avoided, algorithms weakness and direct attack remain
problems to be solved.
4.3
Other applications
There are many others sectors that could be interested in the ePass and
biometrics evolution, in first place all systems that involves payments and
monetary transactions but also virtual auctions systems and digital signature for contracts. People are still less or more afraid to give personal information and credit card number over the Internet, with biometrics security
techniques maybe this will change.
In quite all business and governmental organisations biometrics are already used to secure physical systems and places in order to prevent unauthorized access, for example banks servers, critical structures or military
facilities. In those situations the acceptance of biometrics is not relevant
20
due the fact that only few people has the right to use those systems and
often are the same that work in order to deploy them.
All problems and recommendations encountered during the application
of biometrics methods into business are the same that could be encountered
into the eBusiness world. A low acceptance of those techniques, the lack
of a valid regulatory and the lack of standard data protection rules could
create security problems for single users.
There are also other examples of more extended and large scale use of
biometrics for business and governments, is the case of ticket owner problem
or border controls. In some facilities a biometric system has been deployed
to ensure that the owner of the ticket is the one allowed to use it and in
other cases to control immigrations.
4.3.1
Walt Disney World
The interesting and discussed case of Walt Disney World in Orlando (USA)
where for years the earlier system recorded onto tickets the geometry and
shape of visitors’ fingers and now the system uses a geometric formula in order to create an identifying number to prevent ticket fraud or resale (Figure
14). The database where all identifying numbers are stored is maintained
for 30 days and Disney claims that no fingerprint images are taken but only
some measures.
Figure 14: Walt Disney World ticket and fingerprint checking point
Against all criticism of lack of transparency the Disney project has been
followed with attention by the US government because it was the largest
national single commercial application of biometrics.
21
4.3.2
KSS Sport & Leisure
Another example is the case of KSS Sport & Leisure Centre in Schaffhausen
where, since January 2005, a system with a central database stored all customer’s personal data and also their fingerprints in order to perform a control
over season tickets that give access to the facilities for 6 or 12 month. The
image of the fingerprint taken at the access barrier is compared with the
reference template.
The negative reaction of many customers who refuse to allow their biometric data to be stored induced some inspections. This type of use of
biometric data for access control is not conform with Swiss data protection
rules. Customers who do not want provide their biometric data should be
offered an alternative solution and the biometric data must be recorded on a
chip placed on their season ticket rather than stored on a central computer.
And like for the Walt Disney case is important to delete all personal data
after a certain period.
5
5.1
Biometrics in e-Government
E-Voting case studies
In a previous seminar work in eGovernments the case studies in e-Voting
has been treated and the final discussion concerns were quite all about the
identification of the voter.
Figure 15: Geneva voting card
22
In the actual e-Voting systems tested in Switzerland (Geneva, Neuchâtel
and Zurich) the identity of the voter is verified generally only by some information printed on the voting card that is sent at home (Figure 15) and
some biographic data. This authentication method create the possibility,
for everyone that can take the voting card and know some biographic data
of the citizen, of what is called a ”family vote” or even create a market for
selling votes.
The conclusion was that the actual security measures are no sufficient for
protecting the e-Voting system and a possible solution for verify the identity
of the voter is to introduce a biometric checking component. The German
eID strategy could give an important development instrument to add some
further applications in order to allow a secure identification.
Another possibility in Switzerland is to use the actual discussed and discussed central database that will be created in 2009 with the introduction of
fingerprints into the ePass but a system that not relies to a remote database
is preferable.
In any case an improvement of identification security must be considered
for an extended phase of the e-Voting pilot projects.
5.2
United Arab Emirates
Figure 16: United Arab Emirates Iris checking point
Starting from 2001, in the largest national deployment of iris recognition
to date, the United Arab Emirates (UAE) Ministry of Interior requires iris
recognition tests on all passengers entering UAE from all air, land, and sea
ports (Figure 16). Through Internet each passenger is compared against each
of 313,000 iris patterns of foreign nationals who were expelled for various
23
violations, whose IrisCodes were registered in a central database before the
expulsion.
The time required for a search through the database is in average 2 seconds. Each day in average, 6,000 arriving passengers are compared against
the entire watch list of 313,000 patterns stored in the database; this is about
2 billion comparisons per day. A total of 4,387 matches have so far been
found against persons in the watch list by these iris algorithms. According
to the UAE Ministry of Interior, none of these matches have been disputed,
and all have ultimately been confirmed by other records.
6
6.1
Conclusions
Biometric weakness
The risk of all biometrics is that there is a possibility that can be forged.
For example fingerprints with a small kit consisting of commonly available
products, from just dome glue to photographic technology, can be easily
duplicated and applied over another fingerprint. Biometrics could be a potential danger as well as every technology if used with illegal intents.
The biometric sector is pretty new and in constant evolution, also attacks
evolve with. The biometric technology is considered young and with a large
margin of evolution and amelioration. There will be further evolution every
year, with new idea and system ameliorations.
6.2
Big brother
People acceptance in biometrics depend on different factors, from the society
where they live to the personal perception of what is considered intrusive,
the big brother problematic is well know with the increasing number of
video surveillance. The introduction of biometrics techniques in a too fast
and uncontrolled way could lead to a reject of those technologies. For example taking the fingerprint image for the major part of citizens is strictly
connected to crime and police investigations like for DNA.
The introduction of biometrics reading devices in common used electronics devices, such as fingerprint readers for computers, could help to change
the mind of simple users about the use of biometrics features.
But there are also differences between biometrics, people are less threatened to use voice or facial recognition, rather than iris and fingerprint, because the human normal behaviour is to identify other persons by the face
and the voice and other behavioural and physical details that are saw by
everyone.
Latest events where biometrics, like face recognition, has been used and
tested in public places in order to identify people could create in one hand
24
a more secure environment but in other hand could increase the perception
of being controlled all the time.
In actual news a similar system that has been used in USA during the
Super Bowl will be probably deployed in train station and the entrance of
all stadiums for the European Football competition 2008 in Switzerland and
Austria. The aim of the system is to identify and stop all filed hooligans
that could create problems during or after football matches.
The problem remain to find the border between privacy and security
measures, how many individual privacy could be sacrificed in order to maintain an acceptable security level?
6.3
Considerations
Biometrics, in essence ’what you are’, are not destined to replace ’what you
know’ items such as PIN numbers, and ’what you have’ forms of identification such as ID cards, in short time. The most probable situation is the use
of those three kinds of identification methods in combination or at least a
mix of biometrics and ID card, which is the case of Biometrical Electronic
Passport.
The application of biometrics in eBusiness will expand every year thanks
to the technology evolution, but the best way to follow is to create a common
framework with eGovernment initiatives in order to have a common base
that could be better accepted by users.
On the side of computer producers the introduction of technological components that are usable for biometric identification, actually microphones,
webcams and fingerprint readers, help the introduction, the development
and the experimentations of biometric applications for different purposes
and in different field from academic to industry.
There is an international interest from industries and governments around
all pilot projects that are running today, from Walt Disney to ATM, from
electronic biometrical passport to national ID card. Those tests are an initial experimentation of biometric in large scale with millions of potential
user or customers.
Another important subjet treated is the storage of biometrics data, a
general concern from users is the memorisation of, for example, fingerprints
records or voice patterns in potentially unsecure database online. Actually
the international recommendations on this subject are to avoid that kind
of database and to limit biometric data stored on personal cards and documents. Personal cards provide a convenient method for storing biometrics
template, also biometrics can be used to protect access to the information
stored in the card or used in combination to give access to network applications and services.
In conclusion the importance of biometrics will certain grow during next
years and will interest all kind of field, from economical to juridical and ethi25
cal, involving industry, governments and academic sectors, in order to create
and improve security standards. This process will of course also involve the
world of Internet in all his dimension, to create a more secure virtual environment where the exchange of critical data will be better protected than
today.
26
References
[Backer 2003] Stephen Baker, Biometrics Meets E-Commerce, News
Analysis, June 2003, available: http://www.businessweek.com/
technology/content/jun2003/tc20030620_3373_tc119.htm,
accessed 03th of May 2008.
[Bechelli 2002] Luca Bechelli, Stefano Bistarelli, Fabio Martinelli, Marinella
Petrocchi and Anna Vaccarelli, Integrating Biometric Techniques with
an Electronic Signature for Remote Authentication, IIT-CNR, 2002,
available: http://www.ercim.org/publication/Ercim_News/enw49/
bechelli.html, accessed 02nd of May 2008.
[Busch 2005] Christoph Busch, Biometrics and Secure Travel Documents,
Fraunhofer-IGD, Darmstadt, 2005, available: http://www.embo.org/
scisoc/busch.pdf, accessed 11th of March 2008.
[Busch 2006] Christoph Busch,
Facing the future of biometrics,
European Molecular Biology Organisation, Darmstadt,
2006,
available:
http://www.3dface.org/files/papers/
busch-embo2006-face-recognition-overview.pdf, accessed 11th of
March 2008.
[Daugman 2006] John Daugman, Probing the uniqueness and randomness
of IrisCodes: Results from 200 billion iris pair comparisons, Proceedings of the IEEE, 2006, available: http://www.cl.cam.ac.uk/users/
jgd1000/ProcIEEEnov2006Daugman.pdf, accessed 05th of May 2008.
[Epractice 2008] Epractice, eGovernement in Germany, eGovernement
Factsheets, January 2008, available: http://www.epractice.eu/
resource/737, accessed 10th of April 2008.
[E-Voting 2007] Daniele Cavadini, Lorenzo Cimasoni, Case Studies on EVoting, Seminar Work on E-Government, Information Systems Research Group, University of Fribourg, Autumn Semester 2007.
[FDPIC 2007] Federal Data Protection and Information Commissioner,
Biometric access control to sport and leisure centres, Annual Reports,
July 2007, available: http://www.edoeb.admin.ch/dokumentation/
00445/00509/01130/01140/index.html?lang=en#, accessed 2nd of
May 2008.
[Federal 2007] Federal Ministry of the Interior Germany, Discover Germany
Electronic Passport, Office of the Chief Information Officer, November
2007, available: http://www.bmi.bund.de, accessed 10th of April 2008.
27
[Gildas 2004] Gildas Avoine, Kassem Kalach, Jean-Jacques Quisquater,
Belgian Biometric Passport does not get a pass..., UCL Crypto Group,
Louvain-la-Neuve, April 2004, available: http://www.dice.ucl.ac.
be/crypto/passport/index.html, accessed 22nd of April 2008.
[Harmel 2006] Karen Harmel, Walt Disney World: The Government’s Tomorrowland?, September 2006, available: http://newsinitiative.
org/story/2006/09/01/walt_disney_world_the_governments, accessed 2nd of May 2008.
[Hennebert 2008] Jean Hennebert, La reconnaissance du locuteur, Traitement de la Parole course, Sping Semester 2008, available: http://
moodle.unifr.ch/course/view.php?id=2085, accessed 24th of April
2008.
[Meier 2008] Andreas Meier, Henrik Stormer eBusiness & eCommerce Managing the Digital Value, Springer, Berlin, 2008.
[Möller 2007] Jan Möller,
eID developments in Germany,
Federal Ministry of the Interior Germany, Coimbra, May 2007,
available:
http://www.ama.pt/porvoo/apresentacoes/25_manha/
porvoo11_jeanmoller.pdf, accessed 11th of March 2008.
[Mombelli 2008] Armando Mombelli, La Svizzera, un paese di banche.. dati,
In: Swissinfo News, March 2008, available: http://www.swissinfo.
ch/ita/swissinfo.html?siteSect=43&sid=8881783, accessed 4th of
April 2008.
[Reisen 2006] Andreas Reisen, Electronic Passport and National e-ID Card
in Germany, Federal Ministry of the Interior Germany, October
2006, available: http://www.teletrust.de/fileadmin/files/isse/
vortr_reisen.pdf, accessed 11th of March 2008.
[Schmidt 2005] Albrecht Schmidt, German e-Card Strategy: The National ID-Card, Federal Ministry of the Interior, October 2005,
available:
http://www.porvoo8.rrn.fgov.be/porvoo8/doc13/14_
porvoo8_2005-10-11_porvoo\%208cu_germany.ppt, accessed 10th of
April 2008.
[Schmitz 2006] Patrice-Emmanuel Schmitz,
Biometrics in Europe,
European Biometrics Portal, June 2006,
available:
http:
//www.libertysecurity.org/img/pdf/trend_report_2006.pdf, accessed 10th of April 2008.
[Schwarz 2006] Sylvia Schwarz,
Pilot project fot biometric passport
in Switzerland,
Siemens Corporate Press, Austria, September
2006, available: http://www.cognitec-system.de/press-releases/
pm-epassschweiz-0906.pdf, accessed 11th of March 2008.
28
[Zhang 2002] David D. Zhang, Biometrics Solutions For Authentication In
An E-World, Kluwer Academic Publisher, Massachussets, 2002.
29