Raul Alonso-Moreno

Evaluation methodology for analyzing usability factors in biometrics

In recent years, biometrics is more and more used in many security applications. This fact has led suppliers and researches to analyze biometric algorithms power and vulnerabilities, as to improve the feasibility of this technology. Nevertheless, as many authors claim, biometric performance does also depend on other factors such as usability and/or user acceptance, which can influence significantly their performance. Only a few of these factors have already been studied, using specific approaches and only for certain biometric modalities, such us fingerprint and face. However, there is not a general and independent methodology implemented to assess how these factors affect biometric system performance and to produce intercomparable results. Based on previous works and following procedures and requirements addressed in the International Standard ISO/IEC 19795–2 for scenario evaluations [1], authors have developed a general methodology to analyze end-to-end system performance when some usability factors are modified. Such factors cover different ways of presenting biometric characteristics to the sensor and also the biometric characteristic variability caused by illness or climatic changes. A generic and controlled scenario has been modelled to carry on all sets of trials. Then, the methodology has been particularized defining specific protocols, methods and considerations for each parameter to assess. Furthermore, details for analysing these parameters through different modalities have been defined. In addition, this methodology has been checked for one modality considering different usability aspects in order to obtain the feedback that is necessary to test its validity and viability and to detect points of interest for improvement. Results, main conclusions and suggestions for test operators will be presented.

Evaluation methodology for fake samples detection in biometrics

Nowadays biometrics is being used in many applications where security is required. This fact causes that new threatens have appeared and that the number of attempts to break biometric systems has increased. From all potential attacks, those involving damage or thefts to users are the most worrying. Most of them could be avoided if acquisition sensors would have suitable approaches for aliveness detection at the capture process. Many providers claim that their products support these methods but unfortunately it has been discovered that some products do not detect fake samples. In this paper a methodology based on Common Criteria is given to evaluate, in an independent way, whether biometric capture devices implement methods for fake samples detection, and till which extent such methods are effective. This methodology has been tested with sensors from different modalities.

Standardised system for automatic remote evaluation of biometric algorithms

It is difficult to generate significant results when evaluating algorithms developed in biometrics. Additionally, when third parties, such as system integrators, want to compare results among different algorithm providers, they cannot do so easily for several reasons: difficulty accessing large databases, inability to exchange biometric data among researchers due to data protection laws in some countries, or the lack comprehensive and standardised evaluation reports. This paper presents a new performance evaluation system for biometric systems that is secure, automatic and remote. This system has been developed using current standards developed within ISO/IEC JTC1/SC37 for data Formats, Application Program Interfaces (APIs) and evaluation methodology. Standardised technology is able to provide developers in biometrics and third parties with a way to perform comprehensive evaluations remotely and with 24/7 availability without compromising the privacy of the individuals included in the test crew. The solution described here offers the developers the ability to evaluate large databases that are stored in a secured centralised server. As this system is modality-independent, researchers can use the same protocol to perform different evaluations, and therefore lower the overhead costs for testing purposes. Additionally, such protocols can be plugged directly into end-user applications, minimising technology transfer costs. The system is described by block diagrams as well as flowcharts.

Usability Evaluation of Fingerprint Based Access Control Systems

Studying usability of biometric products is of great interest for learning in advance how users will behave once the system is installed. This paper presents the work carried out for the evaluation of the usability of five access control systems based on fingerprint recognition. Users are grouped by ages, and a homogeneous representation of ages and sex are considered. Results will show how different devices can present different results considering usability, and conclusions will provide the lessons learned as to be applied in following evaluations.

Evaluation methodology for analyzing environment influence in biometrics

Biometrics is a new technology that provides a secure identification, which is being used more and more these days. However, sensors and biometric systems are usually only tested by their own suppliers, and rarely an independent evaluation of these products is carried out. Also, when evaluating a biometric system/device, many factors that can affect its performance, are not even considered. This is the case of the environmental conditions, i.e. humidity, temperature, etc. In this paper, authors propose an evaluation methodology for measuring environmental factors influence in biometric products and their applications. This methodology describes factors, tools, requirements and procedures, needed to perform this kind of performance evaluations.

Smart Cards to Enhance Security and Privacy in Biometrics

Smart cards are portable secure devices designed to hold personal and service information for many kind of applications. Examples of the use of smart cards are cell phone user identification (e.g. GSM SIM card), banking cards (e.g. EMV credit/debit cards) or citizen cards. Smart cards and Biometrics can be used jointly in different kinds of scenarios. Being a secure portable device, smart cards can be used for storing securely biometric references (e.g. templates) of the cardholder, perform biometric operations such as the comparison of an external biometric sample with the on-card stored biometric reference, or even relate operations within the card to the correct execution and result of those biometric operations.

Automatic remote evaluation system for biometric testing

We present here a report on a new performance evaluation system for biometric systems, which is secure, automatic and remote. This system will provide developers in biometrics to progress in their works, avoiding problems with data protection policies related to testing, but without compromising the privacy of testing subjects. Biometric testing needs personal data to be recorded and used. Therefore in order to test their prototypes, researchers have to waste a lot of time and money for buying or creating testing databases. The solution described here offers the developers a secure and remote system which is available at all times, and which concentrates all private data in a secured centralized server. Also, as current standards, including standard APIs, are used, efforts needed by developers to use the system will be minimized, lowering also the overhead costs for testing purposes. The system is described by block diagrams as well as flowcharts.

Privacy friendly applications using citizen cards based on cryptographic smartcards

Citizen Cards are being deployed nowadays. Several applications are being developed using such cards. Different kind of services can be provided with such cards, from services demanded by the Administration, to applications from private companies. Unfortunately there is a great amount of applications that are not able nowadays to use the security these cards offer, due to their requirement of keeping the end-user anonymous. This requirement can be forced by the kind of application (e.g. restricted to certain ages), of by data protection laws, where there is no need to access personal data to provide a local service. Authors are proposing in this paper two solutions for this kind of services, benefiting from the already deployed citizen cards, reducing the cost of developing a new card, as well as maintain the card system.

Common Interface for Connecting of Low Profile Biometric Modules

For improving interoperability and gaining in many more benefits, standard interfaces for connecting modules in Information Technology (IT) are a need. Biometrics is not different from other IT fields. In fact in Biometrics those interfaces are needed at different levels: applications, data interchange, processing modules or sensors. Standardization bodies have already published standards related to data interchange and application programming interfaces (API), but some others are still missing. Authors present in this paper a first approach for a definition of a common interface for those biometric related modules to be integrated in small and low cost embedded systems. Definition is done at two different levels, leaving open the final implementation, but outlining such implementation with state of the art communication protocols.