Biometric identification: about technology reliability
There is an opinion that biometric identification is a very reliable and safe thing. I have been working in this field for many years, and I propose to look into this issue in more detail using the example of fingerprint identification of a person.
What is she like? Take a look at your finger. You see a lot of lines that then converge, then diverge. Here, on the points of these very convergences-divergences, the so-called “biometric model” is built. It is different for everyone and fingerprintsists can almost unmistakably confirm or deny the involvement of a person to the print. But, first, fingerprints take the full rolling thumb model; secondly, taking into account all the lines, pattern, and other things. We can only be guided by the scanned part of the print. Which includes a certain number of points ("main"), but not all.
There is a so-called (roughly speaking) “threshold of sensitivity,” that is, the number of points that should coincide. The higher it is, the more reliable it is, and the more difficult it is to achieve proper matching of prints (identify a person). Because the finger, in the end, you need to attach the same or almost the same as on the reference scan. And it is not easy. In addition, as mentioned earlier, not all of the print model is available to us, but only a part. Accordingly, we will also check only part of the points. This predetermines the need for a “threshold of sensitivity”.
')
And everything would be fine, and the models are different for everyone, but the fact is that sometimes we have very similar prints. "Like two drops of water", with slight differences. And here we get the problem. Comparing a person with different people (identifying), we may well be mistaken - get a "false positive". And it would be okay when the system confuses the manager of one department with another. But when the system confuses junior - the developer and CEO, it is often sad. Especially for the CEO.
"Scientific" pomace (where do without them).
In biometrics there are key percentage probability indicators (thresholds):
- false tolerance FAR (False Acceptance Rate, "the level of system requirements"). That is, the probability that the system will let a "stranger" person.
- and a false failure FRR (False Rejection Rate, errors). That is, the probability that the system will not allow "its" person.
The indicators are very closely interrelated. The value (1 - FAR) is called specificity, the value (1 - FRR) is called sensitivity. By increasing / decreasing the sensitivity of the system, we increase / decrease its specificity and vice versa.
The situation is somewhat saved by verification. But what is it and how is it different from identification?
The identification looks like this: Ivanov came to the system, puts his finger, the system happily reports: “Bah! .. Ivanov! Hello, have been waiting for a long time! ”
The verification, in turn, looks like this: Ivanov came to the system, said to her: “I am Ivanov!”, And puts his finger. The system happily reports: “Bah-aaaa! .. Taki Ivanov. Hello, where were you ?! ”
That is, during verification, the comparison does not occur with many people (fingerprints), but with one specific person (fingerprint). Then the threshold of sensitivity can be set higher. Also, the situation improves if two fingers are applied. If on one print people are very similar, then it’s absolutely not a fact that they will be similar in another. But the technology is much more expensive.
Everything else, a lot depends on the scanner itself. Good scanners (from what I have seen) are very cumbersome and very expensive. But they can even be used in fingerprinting. However, they are extremely rarely taken. Mostly scanners are “cheap and angry” and work accordingly.
We are not directly concerned with the capabilities of some “conditionally-open” KFOR, which they provide to us. You can easily replace the imprint of a person and, without knowing his password or his login, log in to the system using his account.
In general, in my opinion, biometric identification is not as reliable as it seems.
Yes, and fingerprint, it is not as reliable at the moment, as we would like. Especially on large amounts of data (i.e., with a large number of users). After all, we will need to compare with a large number of prints and the likelihood that the system will fail increases.
Verification is definitely safer. An alternative may be identification by the retina. In any case, it looks much safer. But the equipment is expensive and it was not possible to touch it yet.
Recognition of visual images is still not more reliable than the "fingerprint". From what I have seen: technology confuses even the sex of a person. With the right approach.
And the biometrics approach implies thoughtful and conscious in any case.
I would like to add information about the questions that arise almost always.
1. Experience cutting fingers was not.
2. In spite of this, cut off fingers on most scanners do not work, because The scanner responds to the warmth of a finger. There are exceptions, but they are bulky and expensive. What is shown in the films causes outright bewilderment.
3. The fingers that I cut off have never been warmed up by me, therefore I cannot answer “what will be”.
PS Thanks for the karma, transferred to the blog, the subject of which (as I thought) the article is closest. Tell me if you missed.
What is she like? Take a look at your finger. You see a lot of lines that then converge, then diverge. Here, on the points of these very convergences-divergences, the so-called “biometric model” is built. It is different for everyone and fingerprintsists can almost unmistakably confirm or deny the involvement of a person to the print. But, first, fingerprints take the full rolling thumb model; secondly, taking into account all the lines, pattern, and other things. We can only be guided by the scanned part of the print. Which includes a certain number of points ("main"), but not all.
There is a so-called (roughly speaking) “threshold of sensitivity,” that is, the number of points that should coincide. The higher it is, the more reliable it is, and the more difficult it is to achieve proper matching of prints (identify a person). Because the finger, in the end, you need to attach the same or almost the same as on the reference scan. And it is not easy. In addition, as mentioned earlier, not all of the print model is available to us, but only a part. Accordingly, we will also check only part of the points. This predetermines the need for a “threshold of sensitivity”.
')
And everything would be fine, and the models are different for everyone, but the fact is that sometimes we have very similar prints. "Like two drops of water", with slight differences. And here we get the problem. Comparing a person with different people (identifying), we may well be mistaken - get a "false positive". And it would be okay when the system confuses the manager of one department with another. But when the system confuses junior - the developer and CEO, it is often sad. Especially for the CEO.
"Scientific" pomace (where do without them).
In biometrics there are key percentage probability indicators (thresholds):
- false tolerance FAR (False Acceptance Rate, "the level of system requirements"). That is, the probability that the system will let a "stranger" person.
- and a false failure FRR (False Rejection Rate, errors). That is, the probability that the system will not allow "its" person.
The indicators are very closely interrelated. The value (1 - FAR) is called specificity, the value (1 - FRR) is called sensitivity. By increasing / decreasing the sensitivity of the system, we increase / decrease its specificity and vice versa.
The situation is somewhat saved by verification. But what is it and how is it different from identification?
The identification looks like this: Ivanov came to the system, puts his finger, the system happily reports: “Bah! .. Ivanov! Hello, have been waiting for a long time! ”
The verification, in turn, looks like this: Ivanov came to the system, said to her: “I am Ivanov!”, And puts his finger. The system happily reports: “Bah-aaaa! .. Taki Ivanov. Hello, where were you ?! ”
That is, during verification, the comparison does not occur with many people (fingerprints), but with one specific person (fingerprint). Then the threshold of sensitivity can be set higher. Also, the situation improves if two fingers are applied. If on one print people are very similar, then it’s absolutely not a fact that they will be similar in another. But the technology is much more expensive.
Everything else, a lot depends on the scanner itself. Good scanners (from what I have seen) are very cumbersome and very expensive. But they can even be used in fingerprinting. However, they are extremely rarely taken. Mostly scanners are “cheap and angry” and work accordingly.
We are not directly concerned with the capabilities of some “conditionally-open” KFOR, which they provide to us. You can easily replace the imprint of a person and, without knowing his password or his login, log in to the system using his account.
In general, in my opinion, biometric identification is not as reliable as it seems.
Yes, and fingerprint, it is not as reliable at the moment, as we would like. Especially on large amounts of data (i.e., with a large number of users). After all, we will need to compare with a large number of prints and the likelihood that the system will fail increases.
Verification is definitely safer. An alternative may be identification by the retina. In any case, it looks much safer. But the equipment is expensive and it was not possible to touch it yet.
Recognition of visual images is still not more reliable than the "fingerprint". From what I have seen: technology confuses even the sex of a person. With the right approach.
And the biometrics approach implies thoughtful and conscious in any case.
I would like to add information about the questions that arise almost always.
1. Experience cutting fingers was not.
2. In spite of this, cut off fingers on most scanners do not work, because The scanner responds to the warmth of a finger. There are exceptions, but they are bulky and expensive. What is shown in the films causes outright bewilderment.
3. The fingers that I cut off have never been warmed up by me, therefore I cannot answer “what will be”.
PS Thanks for the karma, transferred to the blog, the subject of which (as I thought) the article is closest. Tell me if you missed.
Source: https://habr.com/ru/post/86530/
All Articles