Exhaustive search is a possible attack against the visual crypto scheme given in class.
The spam reduction protocol we gave in class works better against a computationally weaker attacker.
Biometrics -- Something You Are
Some example biometrics include:
Fingerprint
Handwritten signature
Facial recognition
Speech recognition
Gait (walking) recognition
"Digital doggie" (odor recognition)
Many more!
Why Biometrics?
Cheap and reliable biometrics needed
Today, an active area of research
Biometrics are used in security today
Thumbprint mouse
Palm print for secure entry
Fingerprint to unlock car door, etc.
But biometrics not too popular
Has not lived up to its promise (yet?)
Ideal Biometric
Universal -- applies to (almost) everyone
More secure replacement for passwords
In reality, no biometric applies to everyone
Distinguishing -- distinguish with certainty
In reality, cannot hope for 100% certainty
Permanent -- physical characteristic being measured never changes
In reality, OK if it to remains valid for long time
Collectable -- easy to collect required data
Depends on whether subjects are cooperative
Also, safe, user-friendly, etc., etc.
Biometric Modes
Identification -- Who goes there?
Compare one-to-many
Example: The FBI fingerprint database
Authentication -- Are you who you say you are?
Compare one-to-one
Example: Thumbprint mouse
Identification problem is more difficult
More "random" matches since more comparisons
We are interested in authentication
Enrollment vs Recognition
Enrollment phase
Subject's biometric info put into database
Must carefully measure the required info
OK if slow and repeated measurement needed
Must be very precise
May be weak point of many biometric
Recognition phase
Biometric detection, when used in practice
Must be quick and simple
But must be reasonably accurate
Cooperative Subjects?
Authentication cooperative subjects
Identification uncooperative subjects
For example, facial recognition
Used in Las Vegas casinos to detect known cheaters (terrorists in airports, etc.)
Often do not have ideal enrollment conditions
Subject will try to confuse recognition phase
Cooperative subject makes it much easier
We are focused on authentication
So, subjects are generally cooperative
Biometric Errors
Fraud rate versus insult rate
Fraud -- Trudy mis-authenticated as Alice
Insult -- Alice not authenticated as Alice
For any biometric, can decrease fraud or insult, but other one will increase
For example
99% voiceprint match -- low fraud, high insult
30% voiceprint match -- high fraud, low insult
Equal error rate: rate where fraud == insult
A way to compare different biometrics
Fingerprint History
1823 -- Professor Johannes Evangelist Purkinje discussed 9 fingerprint patterns
1856 -- Sir William Hershel used fingerprint (in India) on contracts
1880 -- Dr. Henry Faulds article in Nature about fingerprints for ID
1883 -- Mark Twain's Life on the Mississippi (murderer ID'ed by fingerprint)
1888 -- Sir Francis Galton developed classification system
His system of "minutia" still used today
Also verified that fingerprints do not change
Fingerprint Comparison
Common minutia of fingerprints include loops, whorls, and arches
In the pre-computer era, collected fingerprints were classified into one 1024 bins.
Given a fingerprint of an unknown subject, a binary search on minutia, let one
find quickly which bin to check for matches.
Features within these minutia were then compared. In Britain, fingerprints had to match in 16
of these feature locations; in the U.S. no fixed number was used.
Fingerprint: Enrollment
Capture image of fingerprint
Enhance image
Identify points
Fingerprint: Recognition
Extracted points are compared with information stored in a database