Biometric Security System - Essay Example

? Report on Access Control Biometric Security System Dynamic Air Parts plc has a large manufacturing complex within a square kilometre area. It has 3000 workers which makes security a top priority,for the running of its parts supplies business. As the senior managers have planned to improve the company`s security system, the current swipe card system is required to be replaced. Management has decided to use Biometric-based smart card system with either Fingerprint or Vein Recognition systems. As a document from specialist security consultancy company, this report will assist Dynamic Air Parts plc to take a descion best suited to their requirements. Physiological and /or behavioural characteristics are two basis of biometric recognition system. Human characteristics used for biometric recognition system are based on parametres like: universality, uniqueness, permanence, collectability, performance, acceptability, and circumvention, Ofcom(2009). Furthermore, verification and identification are two modes in system operation. Few technical considerations in selecting a system are false accept rate or false match rate (FAR or FMR), false reject rate or false non-match rate (FRR or FNMR), receiver/relative operating characteristics (ROC), equal error rate or crossover error rate (EER or CER), failure to enroll rate (FTE or FER), failure to capture rate (FTC), and template capacity. Dynamic Air Parts plc is currently using swipe card sytem .Swipe card is a type of card capable of storing data by modifying the magnetism of tiny iron-based magnetic particles on a band of magnetic material on the card. The swipe card system is read by physical contact and swiping past a magnetic reading head. An individually encoded pass card looks a like a credit card. The stripe on the back of the security pass card is a magnetic stripe, often called a magstripe. Typically, the data on an encoded security swipecard includes: 1. Name 2. ID # (social security number or other unique number) 3. Access level (where you're allowed to go) Next generation of magnetic cards - Smartcards. Smart Cards or Smartcards is the term referred to cards, made from plastic, with similarities in size, thickness and other physical appearance as plastic credit cards. It can describe chip card or integrated circuit card. Smart cards in addition have an Integrated Circuit (IC) Chip embedded in it. Smart cards are also known as IC cards and ICC cards. The amount of information can be stored in smart cards is much greater compared to magnetic stripe cards. Some of them can also be reprogrammed to add, delete or rearrange data. Compared to magnetic cards, smart cards offer more advantages, such as: 1. They can be readily reconfigured. 2. They are reusable. 3. They give more security, thus reducing the risk of transaction fraud . 4. They are much more durable and reliable. 5. They allow multiple applications to be stored in one card. 6. It provides reduction in costs. 7. It has technical specification standards. 8. It gives security of information. 9. It has more organized information. 10. It has emergency information. 11. The process doesn't require paper. 12. One card can access multiple transactions. 13. It reduces fraud. 14. It has high memory capabilities. 15. It has the ability for on-site approval. 16. End-user only accessibility. Besides advantages, smart cards also have some disadvantages, such as: 1. It gives liability issues if stolen or lost. 2. The accuracy of information is small. 3. Lack of technology to support users . 4. It is potential hazard to data security since too much data is stored on one card if lost or stolen. 5. It is a potential area for computer hackers and computer viruses. Fingerprint Recognition Systems. A fingerprint contain a number of unique physical characteristics called minutiae, which includes cert ain visible aspects of fingerprints such as ridges, ridge endings and bifurcations (forks in ridges). Minutiae are generally found in the core points of fingerprints, located near the centre of the fingertips. These characteristics are used to distinguish two fingerprints, or to state that they are the same. Even identical twins have different fingerprints. There are a number of different ways to get an image of a fingerprint, and the most common methods today for electronic fingerprint readers are optical scanning and capacitance scanning. When a fingerprint is applied to - or passed over - the sensor window of the fingerprint reader, the fingerprint is scanned and a gray-scale image is captured. Special computer software then identifies the key minutiae points from the image. These points are then converted into a unique digital representation, called "template", comparable to a very big password. When a fingerprint enrolment is done, only the fingerprint template is stored, not the actual image of the fingerprint. The fingerprint template is not only smaller than the finger image, but also faster to process when comparing two fingerprints. Fingerprint recognition technology is divided into two distinct processes: verification and identification. In the verification process finger print taken is matched against one stored finger print. In identification new finger print is matched against complete database. Although it may appear to be a simple process, fingerprint recognition involves the state-of-the-art technology in hardware, for the readers, and software, to process the fingerprint images and templates. But due to the effort of the hardware and software makers, all this complexity is hidden and fingerprint technology usage is nowadays as simple as touching the reader. For biometric characteristics ranking high in accuracy, fingerprints currently have the lowest costs. It is one of the most heavily used and actively studied biometric technologies. Advantages 1. Since fingerprints are the composition of protruding sweat glands, everyone has unique fingerprints. They do not change naturally. 2. Its reliability and stability is higher compared to the iris, voice, and face recognition method. 3. Fingerprint recognition equipment is relatively low-priced compared to other biometric system and R&D investments are very robust in this field. Disadvantages 1. Vulnerable to noise and distortion brought on by dirt and twists. 2. Some people may feel offended about placing their fingers on the same place where many other people have continuously touched. 3. Some people have damaged or eliminated fingerprints. 4. Finger prints change due to aging. Vein Recognition Systems. The prominence and acceptance of biometric technologies such as fingerprinting, facial recognition, hand geometry, and iris recognition may leave little demand for other modalities. However, the emerging vein-pattern recognition technology, with its own unique features and advantages, has maintained its position against the others. Vein authentication uses the vascular patterns of an individual's palm/finger/back of the hand as personal identification data. Veins and other subcutaneous features in the human hand present large, robust, stable and largely hidden patterns. The deoxidized haemoglobin in the vein vessels absorbs light having a wavelength in the near-infrared area. When an infrared ray image is captured only the blood vessel pattern containing the deoxidized haemoglobin are visible as a series of dark lines. Based on this feature, the vein authentication device translates the black lines of the infrared ray image, and then matches it with the previously registered pattern of the individual (Sersc). Vein authentication technology consists of a small vein scanner - the users simply need to hold the palm/finger/back of hand a few centimetres over the scanner and the scanner reads the unique vein pattern (Palmsure). Vein recognition works by recording subcutaneous Infra Red (IR) absorption patterns to produce unique and private identification templates for users. Subcutaneous features can be conveniently imaged within the wrist, palm, and dorsal surfaces of the hand. Vein pattern IR grey-scale images are binarised, compressed and stored within a relational database of 2D vein images. Subjects are verified against a reference template. There are different types of vein recognition technology, which include finger vein, wrist vein, palm, and backhand vein recognition. The underlying concept of scanning remains the same with each of these techniques. Advantages of using Vein Recognition. 1. The vein patterns are unique to each individual and apart from size; the pattern does not change over time. 2. A contact free technology involving no physical contact with the hardware. 3. Extremely difficult to steal/misuse as veins are not visible to naked eye. 4. Not contact models are more hygienic than all forms of contact biometrics 5. Since veins are under the skin, its authentication information is hardly corrupted. Therefore, it is safe to obtain and use the biometric information. 6. It is difficult to replicate veins because they are not seen with the naked eye. 7. Vein recognition technology has a False Rejection Rate (FRR) of 0.01% and a False Acceptance Rate (FAR) of 0.0001%, hence making it suitable for high-security applications. 8. User friendliness: This technology overcomes aversion to fingerprinting and related privacy concerns since its traditional association to criminal activity is non-existent. In countries such as Japan, where there is strong opposition to fingerprinting, vein recognition has become the biometric technology of choice. It is relatively quick as it takes less than 2 seconds to authenticate. The test taker does not touch the palm vein sensor, eliminating the possibility of smudging. The system is also much more accessible for people with some physical disabilities. Some non-contact models are more hygienic than fingerprint readers. 9. Potential fusion with other biometric technologies: With the popularity of multimodal biometrics, vein recognition technology could be used in conjunction with hand or fingerprint biometrics. Vein recognition can provide one-to-many matching, and hand geometry can be used for one-to-one matching, thereby enhancing security. 10. The digitally encrypted palm vein patterns cannot be read by any other system. Some of the disadvantages of vein recognition technology are: 1. Invasive: While it is less invasive than iris scanning, the fact that the technology studies the subcutaneous level can create apprehensions among people, giving them the psychological impression that it could be a painful process. 2. Expensive: The technology is not cheap enough for mass deployment. Vein recognition units cost $2,000 to $4,000, whereas hand geometry readers and fingerprint scanners are priced at $1,200 and $500, respectively. 3. Large Size: The presence of a CC camera makes the unit larger than a fingerprint reader.  Comparison between systems From Employees Perspective Convenience Current swipe card System. 1. Easy to use. 2. Users are accustomed to the system. 3. Employees have already registered with the system and they are not required to undergo registration. 4. It is easy for employees to cheat the system since who ever brings the card can enter the area. 5. It works 99.9 % of time therefore there is no inconvenience. Smart Card and Fingerprint Recognition System. 1. Initially the system will be inconvenient since all employees will be required to register for making smartcards and use of finger print recording. 2. Initial errors of FRR or FER will disturb few employees and the will not be given access by the system. 3. They are not used to putting fingers on scanners and initially there will be some resistance to use the system based on hygiene. 4. It is inconvenient from hygiene point of view whether employees say it or not. 5. Use of smart card is easier than swipe card since in case of contact less smart cards physical contact of cards to reader is not necessary. 6. Smart cards are convenient to use since one card can be used in other applications in the factory area. 7. Smart card is easy to use since it is stronger than swipe cards and chances of damage are less. Smart Card and Finger Vein Recognition System 1. Initially the system will be inconvenient since all employees will be required to register for making smartcards and use of vein pattern recording. 2. Initial errors of FRR or FER will disturb few employees and the will not be given access by the system. 3. Vein recognition is a new technology and few employees may feel offended to place hands under IR rays every time. 4. Smart cards are convenient to use since one card can be used in other applications in the factory area. 5. Smart card is easy to use since it is stronger than swipe cards and chances of damage are less. 6. Vein recognition system will be more convenient and hygienic since no physical contact will be required like fingerprint scanning. Reliability. Current Swipe Card System. 1. It is less reliable from honest worker point of view since cheating is possible. 2. A fair degree of reliability is there since limited misuse is possible. 3. It works 99.9 % of time therefore, it is reliable and workable. Smart Card and Fingerprint Recognition System. 1. Combination of two systems will give reliability and employees will feel safer. 2. It will ensure fair wage and entry system for all. 3. Chance of un authorized access are less in restricted areas therefore employees will get a reliable working environment. 4. It will enhance security Smart Card and Finger Vein Recognition System 1. Reliability is max due to use of two systems. 2. Once data is stored, it will remain unchanged for lifetime. Acceptability. Current Swipe Card System. 1. It is being already used therefore readily acceptable. 2. Since it is a common item like credit card it is readily acceptable by all. 3. It has no hygienic issues like finger print system therefore more acceptable. Smart Card and Fingerprint Recognition System. 1. Being new system acceptability will be difficult due to use of finger scanning initially. 2. Due to initial failures in access, it will be accepted with little difficulty. Smart Card and Finger Vein Recognition System. 1. It will be more acceptable as compared to fingerprint and smart card system. 2. Few employees may not initially accept scanning of hands. 3. Smart card system will be accepted without difficulty. From Employers Perspective Convenience Current Swipe Card System. 1. More convenient if status quo is maintained. 2. Not convenient due to chances of misuse / exchange of cards. 3. Change of system will require much work initially in installation of system. Smart Card and Fingerprint Recognition System. 1. Two systems are more secure therefore convenient. 2. After initial problems, management will be more convenient in running system. 3. Smart card can be used in other applications therefore; employer will remain easy on costs. 4. Smart cards are re usable therefore convenient for re-programming. 5. There will be hygiene problems in factory due to finger touch. Smart Card and Finger Vein Recognition System. 1. More convenient since more hygienic due to contact less system. 2. Difficult to install but easy to operate. Reliability Current Swipe Card System. 1. Less reliable due to chances of misuse. 2. Less reliable since chance of un authorized access are there. 3. In case of some incidence, identification of present people difficult. 4. It is a dumb system therefore less dependable. 5. Cards can be easily damaged therefore less reliable. Smart Card and Fingerprint Recognition System. 1. Two systems are more secure therefore reliable 2. Finger print system can be dodged therefore less reliable. 3. Use of smart card will add reliability if finger print system is compromised. Smart Card and Finger Vein Recognition System. 1. This system is most reliable of all. 2. Chances of fraud or error are negligible. Acceptability. Current Swipe Card System. 1. Readily acceptable since being used. 2. Confidence level in operation is more. Smart Card and Fingerprint Recognition System. 1. Will be acceptable however, hygienic problems will disturb management. 2. More cleaning is required on daily basis. 3. Initially the system will be inconvenient since all employees will be required to register for making smartcards and use of vein pattern recording. 4. Initial errors of FRR or FER will disturb few employees and the will not be given access by the system. Smart Card and Finger Vein Recognition System. 1. Will be more acceptable being contact less system. 2. Fewer errors will make system readily acceptable. 3. Bigger size of system will initially create problems. 4. 25 % High cost of system will be required. Drawing on these comparisons, a justified statement as to the extent to which each of the two proposed new systems is likely to reduce the problem of unauthorised access to the complex, its buildings and its individual departments within those buildings. The two systems that are; a combined Smartcard plus Fingerprint recognition system and Smartcard plus Finger Vein recognition system have been discussed in detail in previous paragraphs. It is evident that both systems are almost equal from accuracy point of view to stop unauthorised excess to complex and its buildings with vein recognition having negligible edge in accuracy. However from acceptability and convenience point of view Finger Vein recognition system has been recommended for installation. Thus a justified statement is that “ Smartcard plus Finger Vein recognition system is recommended for installation”. Final Recommendation. After the detailed analysis comparing convenience, reliabilty ,acceptability, accuracy, costs,advantages and disadvantages of above mentioned biometric recognition systems it is recommended that Dynamic Air Parts plc should install a combination of Smart Card and Finger Vein Biometric Recognition System. References T215 Communication and Information Technologies, Block 4 Companion 2011, pp.1-19. Ofcom(2009) Report of the Digital Britain Media Literacy Working Group, 27 March [online]. Available from http://stakeholders.ofcom.org.uk/binaries/research/media-literacy/digitalbritain.pdf (accessed 3 May 2011) Biometrics. Available from http://en.wikipedia.org/wiki/Biometrics (accessed 27 May 2011) Automated Fingerprint Identification. Available from http://en.wikipedia.org/wiki/Automated_fingerprint_identification (accessed 27 May 2011) Magnetic Stripe Card. Available from http://en.wikipedia.org/wiki/Magnetic_stripe_card (accessed 27 May 2011) Smart Card. Available from http://en.wikipedia.org/wiki/Smart_card (accessed 27 May 2011) K.Jain, Anil 2004, An Introduction to Biometric Recognition. Available from http://www.csee.wvu.edu/~ross/pubs/RossBioIntro_CSVT2004.pdf (accessed 27 May 2011) Definition: Finger Vein ID. Available from http://searchsecurity.techtarget.com/definition/finger-vein-ID (accessed 27 May 2011) Finger Vein Authentication Technology. Available from http://www.hitachi.co.jp/products/it/veinid/global/introduction/index.html (accesed 27 May 2011) Sersc http://www.sersc.org/journals/IJCA/vol3_no1/3.pdf (accessed 14 June 2011) Palmsure. http://www.palmsure.com/technology.html (accessed 14 June 2011) Read More