Hardware/software architectures for iris biometrics

Nowadays, the necessity of identifying users of facilities and services has become quite important not only to determine who accesses a system and/or service, but also to determine which privileges should be provided to each user. For achieving such identification, Biometrics is emerging as a technology that provides a high level of security, as well as being convenient and comfortable for the citizen. Most biometric systems are based on computer solutions, where the identification process is performed by servers or workstations, whose cost and processing time make them not feasible for some situations. However, Microelectronics can provide a suitable solution without the need of complex and expensive computer systems. Microelectronics is a subfield of Electronics and as the name suggests, is related to the study, development and/or manufacturing of electronic components, i.e. integrated circuits (ICs). We have focused our research in a concrete field of Microelectronics: hardware/software co-design. This technique is widely used for developing specific and high computational cost devices. Its basis relies on using both hardware and software solutions in an effective way, thus, obtaining a device faster than just a software solution, or smaller devices that use dedicated hardware developed for all the processes. The questions on how we can obtain an effective solution for Biometrics will be solved considering all the different aspects of these systems. In this Thesis, we have made two important contributions: the first one for a verification system based on ID token and secondly, a search engine used for massive recognition systems, both of them related to Iris Biometrics. The first relevant contribution is a biometric system architecture proposal based on ID tokens in a distributed system. In this contribution, we have specified some considerations to be done in the system and describe the different functionalities of the elements which form it, such as the central servers and/or the terminals. The main functionality of the terminal is just left to acquiring the initial biometric raw data, which will be transmitted under security cryptographic methods to the token, where all the biometric process will be performed. The ID token architecture is based on Hardware/software co-design. The architecture proposed, independent of the modality, divides the biometric process into hardware and software in order to achieve further performance functions, more than in the existing tokens. This partition considers not only the decrease of computational time hardware can provide, but also the reduction of area and power consumption, the increase in security levels and the effects on performance in all the design. To prove the proposal made, we have implemented an ID token based on Iris Biometrics following our premises. We have developed different modules for an iris algorithm both in hardware and software platforms to obtain results necessary for an effective combination of same. We have also studied different alternatives for solving the partition problem in the Hardware/software co-design issue, leading to results which point out tabu search as the fastest algorithm for this purpose. Finally, with all the data obtained, we have been able to obtain different architectures according to different constraints. We have presented architectures where the time is a major requirement, and we have obtained 30% less processing time than in all software solutions. Likewise, another solution has been proposed which provides less area and power consumption. When considering the performance as the most important constraint, two architectures have been presented, one which also tries to minimize the processing time and another which reduces hardware area and power consumption. In regard the security we have also shown two architectures considering time and hardware area as secondary requirements. Finally, we have presented an ultimate architecture where all these factors were considered. These architectures have allowed us to study how hardware improves the security against authentication attacks, how the performance is influenced by the lack of floating point operations in hardware modules, how hardware reduces time with software reducing the hardware area and the power consumption. The other singular contribution made is the development of a search engine for massive identification schemes, where time is a major constraint as the comparison should be performed over millions of users. We have initially proposed two implementations: following a centralized architecture, where memories are connected to the microprocessor, although the comparison is performed by a dedicated hardware co-processor, and a second approach, where we have connected the memory driver directly in the hardware coprocessor. This last architecture has showed us the importance of a correct connection between the elements used when time is a major requirement. A graphical representation of the different aspects covered in this Thesis is presented in Fig.1, where the relation between the different topics studied can be seen. The main topics, Biometrics and Hardware/Software Co-design have been studied, where several aspects of them have been described, such as the different Biometric modalities, where we have focussed on Iris Biometrics and the security related to these systems. Hardware/Software Co-design has been studied by presenting different design alternatives and by identifying the most suitable configuration for ID Tokens. All the data obtained from this analysis has allowed us to offer two main proposals: The first focuses on the development of a fast search engine device, and the second combines all the factors related to both sciences with regards ID tokens, where different aspects have been combined in its Hardware/Software Design. Both approaches have been implemented to show the feasibility of our proposal. Finally, as a result of the investigation performed and presented in this thesis, further work and conclusions can be presented as a consequence of the work developed.-----------------------------------------------------------------------------------------Actualmente la identificación usuarios para el acceso a recintos o servicios está cobrando importancia no sólo para poder permitir el acceso, sino además para asignar los correspondientes privilegios según el usuario del que se trate. La Biometría es una tecnología emergente que además de realizar estas funciones de identificación, aporta mayores niveles de seguridad que otros métodos empleados, además de resultar más cómodo para el usuario. La mayoría de los sistemas biométricos están basados en ordenadores personales o servidores, sin embargo, la Microelectrónica puede aportar soluciones adecuadas para estos sistemas, con un menor coste y complejidad. La Microelectrónica es un campo de la Electrónica, que como su nombre sugiere, se basa en el estudio, desarrollo y/o fabricación de componentes electrónicos, también denominados circuitos integrados. Hemos centrado nuestra investigación en un campo específico de la Microelectrónica llamado co-diseño hardware/software. Esta técnica se emplea en el desarrollo de dispositivos específicos que requieren un alto gasto computacional. Se basa en la división de tareas a realizar entre hardware y software, consiguiendo dispositivos más rápidos que aquellos únicamente basados en una de las dos plataformas, y más pequeños que aquellos que se basan únicamente en hardware. Las cuestiones sobre como podemos crear soluciones aplicables a la Biometría son las que intentan ser cubiertas en esta tesis. En esta tesis, hemos propuesto dos importantes contribuciones: una para aquellos sistemas de verificación que se apoyan en dispositivos de identificación y una segunda que propone el desarrollo de un sistema de búsqueda masiva. La primera aportación es la metodología para el desarrollo de un sistema distribuido basado en dispositivos de identificación. En nuestra propuesta, el sistema de identificación está formado por un proveedor central de servicios, terminales y dichos dispositivos. Los terminales propuestos únicamente tienen la función de adquirir la muestra necesaria para la identificación, ya que son los propios dispositivos quienes realizan este proceso. Los dispositivos se apoyan en una arquitectura basada en codiseño hardware/software, donde los procesos biométricos se realizan en una de las dos plataformas, independientemente de la modalidad biométrica que se trate. El reparto de tareas se realiza de tal manera que el diseñador pueda elegir que parámetros le interesa más enfatizar, y por tanto se puedan obtener distintas arquitecturas según se quiera optimizar el tiempo de procesado, el área o consumo, minimizar los errores de identificación o incluso aumentar la seguridad del sistema por medio de la implementación en hardware de aquellos módulos que sean más susceptibles a ser atacados por intrusos. Para demostrar esta propuesta, hemos implementado uno de estos dispositivos basándonos en un algoritmo de reconocimiento por iris. Hemos desarrollado todos los módulos de dicho algoritmo tanto en hardware como en software, para posteriormente realizar combinaciones de ellos, en busca de arquitecturas que cumplan ciertos requisitos. Hemos estudiado igualmente distintas alternativas para la solucionar el problema propuesto, basándonos en algoritmos genéticos, enfriamiento simulado y búsqueda tabú. Con los datos obtenidos del estudio previo y los procedentes de los módulos implementados, hemos obtenido una arquitectura que minimiza el tiempo de ejecución en un 30%, otra que reduce el área y el consumo del dispositivo, dos arquitecturas distintas que evitan la pérdida de precisión y por tanto minimizan los errores en la identificación: una que busca reducir el área al máximo posible y otra que pretende que el tiempo de procesado sea mínimo; dos arquitecturas que buscan aumentar la seguridad, minimizando ya sea el tiempo o el área y por último, una arquitectura donde todos los factores antes nombrados son considerados por igual. La segunda contribución de la tesis se refiere al desarrollo de un motor de búsqueda para identificación masiva. La premisa seguida en esta propuesta es la de minimizar el tiempo lo más posible para que los usuarios no deban esperar mucho tiempo para ser identificados. Para ello hemos propuesto dos alternativas: una arquitectura clásica donde las memorias están conectadas a un microprocesador central, el cual a su vez se comunica con un coprocesador que realiza las funciones de comparación. Una segunda alternativa, donde las memorias se conectan directamente a dicho co-procesador, evitándose el uso del microprocesador en el proceso de comparación. Ambas propuestas son comparadas y analizadas, mostrando la importancia de una correcta y apropiada conexión de los distintos elementos que forman un sistema. La Fig. 2 muestra los distintos temas tratados en esta tesis, señalando la relación existente entre ellos. Los principales temas estudiados son la Biometría y el co-diseño hardware/software, describiendo distintos aspectos de ellos, como las diferentes modalidades biométricas, centrándonos en la Biometría por iris o la seguridad relativa a estos sistemas. En el caso del co-diseño hardware/software se presenta un estado de la técnica donde se comentan diversas alternativas para el desarrollo de sistemas empotrados, el trabajo propuesto por otros autores en el ¶ambito del co-diseño y por último qué características deben cumplir los dispositivos de identificación como sistemas empotrados. Con toda esta información pasamos al desarrollo de las propuestas antes descritas y los desarrollos realizados. Finalmente, conclusiones y trabajo futuro son propuestos a raíz de la investigación realizada

Smart Cards to Enhance Security and Privacy in Biometrics

Smart cards are portable secure devices designed to hold personal and service information for many kind of applications. Examples of the use of smart cards are cell phone user identification (e.g. GSM SIM card), banking cards (e.g. EMV credit/debit cards) or citizen cards. Smart cards and Biometrics can be used jointly in different kinds of scenarios. Being a secure portable device, smart cards can be used for storing securely biometric references (e.g. templates) of the cardholder, perform biometric operations such as the comparison of an external biometric sample with the on-card stored biometric reference, or even relate operations within the card to the correct execution and result of those biometric operations. In order to provide the reader of the book with an overview of this technology, this chapter provides a description of smart cards, from their origin till the current technology involved, focusing especially in the security services they provide. Once the technology and the security services are introduced, the chapter will detail how smart cards can be integrated in biometric systems, which will be summarized in four different strategies: Store-on-Card, On-Card Biometric Comparison, Work-sharing Mechanism, and System-on-Card. Also the way to evaluate the joint use of smart cards and Biometrics will be described; both at the performance level, as well as its security. Last, but not least, this chapter will illustrate the collaboration of both technologies by providing two examples of current major deployments.Publicad

The Impact of Pressure on the Fingerprint Impression: Presentation Attack Detection Scheme

This article belongs to the Special Issue Biometric Identification Systems: Recent Advances and Future Directions.Fingerprint recognition systems have been widely deployed in authentication and verification applications, ranging from personal smartphones to border control systems. Recently, the biometric society has raised concerns about presentation attacks that aim to manipulate the biometric system’s final decision by presenting artificial fingerprint traits to the sensor. In this paper, we propose a presentation attack detection scheme that exploits the natural fingerprint phenomena, and analyzes the dynamic variation of a fingerprint’s impression when the user applies additional pressure during the presentation. For that purpose, we collected a novel dynamic dataset with an instructed acquisition scenario. Two sensing technologies are used in the data collection, thermal and optical. Additionally, we collected attack presentations using seven presentation attack instrument species considering the same acquisition circumstances. The proposed mechanism is evaluated following the directives of the standard ISO/IEC 30107. The comparison between ordinary and pressure presentations shows higher accuracy and generalizability for the latter. The proposed approach demonstrates efficient capability of detecting presentation attacks with low bona fide presentation classification error rate (BPCER) where BPCER is 0% for an optical sensor and 1.66% for a thermal sensor at 5% attack presentation classification error rate (APCER) for both.This work was supported by the European Union’s Horizon 2020 for Research and Innovation Program under Grant 675087 (AMBER).Publicad

Fingerprint presentation attack detection utilizing spatio-temporal features

This article belongs to the Special Issue Biometric Sensing.This paper presents a novel mechanism for fingerprint dynamic presentation attack detec-tion. We utilize five spatio-temporal feature extractors to efficiently eliminate and mitigate different presentation attack species. The feature extractors are selected such that the fingerprint ridge/valley pattern is consolidated with the temporal variations within the pattern in fingerprint videos. An SVM classification scheme, with a second degree polynomial kernel, is used in our presentation attack detection subsystem to classify bona fide and attack presentations. The experiment protocol and evaluation are conducted following the ISO/IEC 30107-3:2017 standard. Our proposed approach demonstrates efficient capability of detecting presentation attacks with significantly low BPCER where BPCER is 1.11% for an optical sensor and 3.89% for a thermal sensor at 5% APCER for both.This work was supported by the European Union's Horizon 2020 for Research and Innovation Program under Grant 675087 (AMBER)

Low-Cost and Efficient Hardware Solution for Presentation Attack Detection in Fingerprint Biometrics Using Special Lighting Microscopes

Biometric recognition is already a big player in how we interact with our phones and access control systems. This is a result of its comfort of use, speed, and security. For the case of border control, it eases the task of person identification and black-list checking. Although the performance rates for verification and identification have dropped in the last decades, protection against vulnerabilities is still under heavy development. This paper will focus on the detection of presentation attacks in fingerprint biometrics, i.e., attacks that are performed at the sensor level, and from a hardware perspective. Most research on presentation attacks has been carried out on software techniques due to its lower price as, in general, hardware solutions require additional subsystems. For this paper, two low-cost handheld microscopes with special lighting conditions were used to capture real and fake fingerprints, obtaining a total of 7704 images from 17 subjects. After several analyses of wavelengths and classification, it was concluded that only one of the wavelengths is already enough to obtain a very low error rate compared with other solutions: an attack presentation classification error rate of 1.78% and a bona fide presentation classification error rate (BPCER) of 1.33%, even including non-conformant fingerprints in the database. On a specific wavelength, a BPCER of 0% was achieved (having 1926 samples). Thus, the solution can be low cost and efficient. The evaluation and reporting were done following ISO/IEC 30107-3

Estudio de la Casuística de las Muestras de Entrada en los Sistemas de Reconocimiento mediante Iris Ocular

10 pages, 9 figures.-- Contributed to: V Jornadas de Reconocimiento Biométrico de Personas (JRBP 2010, Huesca, Spain, Sep 2-3, 2010).Aunque genéticamente idénticos, los iris de un individuo son únicos y estructuralmente distintos. Esto hace que el iris sea un candidato idóneo para utilizarse con propósitos de reconocimiento biométrico. Existen muchos y muy diversos algoritmos de reconocimiento mediante iris ocular, pero la mayor parte de ellos utilizan imágenes adquiridas en entornos colaborativos y condiciones ideales. No obstante, la necesidad de un comportamiento cooperativo del individuo y de condiciones de adquisición de la imagen muy controladas, restringe la aplicación de estos sistemas. Con el objetivo de ampliar los ámbitos en los que los sistemas de reconocimiento de iris pueden utilizarse, es necesario desarrollar algoritmos robustos que puedan funcionar en entornos no colaborativos y para ello, es importante considerar las diferentes situaciones que pueden presentarse en este tipo de entornos. De acuerdo con esto, en este artículo se describen diferentes fuentes de ruido y falsificaciones de iris y se analiza su influencia en las prestaciones de los sistemas de reconocimiento mediante iris ocular.Publicad

Fuzzy Vault scheme based on fixed-length templates applied to dynamic signature verification

As a consequence of the wide deployment of biometrics-based recognition systems, there are increasing concerns about the security of the sensitive information managed. Various techniques have been proposed in the literature for the biometric templates protection (BTP), having gained great popularity the crypto-biometric systems. In the present paper we propose the implementation of a Fuzzy Vault (FV) scheme based on fixed-length templates with application to dynamic signature verification (DSV), where only 15 global features of the signature are considered to form the templates. The performance of the proposed system is evaluated using three databases: a proprietary collection of signatures, and the publicly available databases MCYT and BioSecure. The experimental results show very similar verification performance compared to an equivalent unprotected system.This work was supported by the Spanish National Cybersecurity Institute (INCIBE) through the Excellence of Advanced Cybersecurity Research Teams Program

Unsupervised and scalable low train pathology detection system based on neural networks

Currently, there exist different technologies applied in the world of medicine dedicated to the detection of health problems such as cancer, heart diseases, etc. However, these technologies are not applied to the detection of lower body pathologies. In this article, a Neural Network (NN)-based system capable of classifying pathologies of the lower train by the way of walking in a non-controlled scenario, with the ability to add new users without retraining the system is presented. All the signals are filtered and processed in order to extract the Gait Cycles (GCs), and those cycles are used as input for the NN. To optimize the network a random search optimization process has been performed. To test the system a database with 51 users and 3 visits per user has been collected. After some improvements, the algorithm can correctly classify the 92% of the cases with 60% of training data. This algorithm is a first approach of creating a system to make a first stage pathology detection without the requirement to move to a specific place

QRS Differentiation to Improve ECG Biometrics under Different Physical Scenarios Using Multilayer Perceptron

This article belongs to the Special Issue Electrocardiogram (ECG) Signal and Its Applications.Currently, machine learning techniques are successfully applied in biometrics and Electrocardiogram (ECG) biometrics specifically. However, not many works deal with different physiological states in the user, which can provide significant heart rate variations, being these a key matter when working with ECG biometrics. Techniques in machine learning simplify the feature extraction process, where sometimes it can be reduced to a fixed segmentation. The applied database includes visits taken in two different days and three different conditions (sitting down, standing up after exercise), which is not common in current public databases. These characteristics allow studying differences among users under different scenarios, which may affect the pattern in the acquired data. Multilayer Perceptron (MLP) is used as a classifier to form a baseline, as it has a simple structure that has provided good results in the state-of-the-art. This work studies its behavior in ECG verification by using QRS complexes, finding its best hyperparameter configuration through tuning. The final performance is calculated considering different visits for enrolling and verification. Differentiation in the QRS complexes is also tested, as it is already required for detection, proving that applying a simple first differentiation gives a good result in comparison to state-of-the-art similar works. Moreover, it also improves the computational cost by avoiding complex transformations and using only one type of signal. When applying different numbers of complexes, the best results are obtained when 100 and 187 complexes in enrolment, obtaining Equal Error Rates (EER) that range between 2.79–4.95% and 2.69–4.71%, respectively

Dynamic fingerprint statistics: Application in presentation attack detection

Fingerprint recognition systems have proven significant performance in many services such as forensics, border control, and mobile applications. Even though fingerprint systems have shown high accuracy and user acceptance, concerns have raised questions about the possibility of having our fingerprint pattern stolen and presented to the system by an imposter. In this paper, we propose a dynamic presentation attack detection mechanism that seeks to mitigate presentation attacks. The adopted mechanism extracts the variation of global fingerprint features in video acquisition scenario and uses it to distinguish bona fide from attack presentations. For that purpose, a dynamic dataset has been collected from 11 independent subjects, 6 fingerprints per user, using thermal and optical sensors. A total of 792 bona fide presentations and 2772 attack presentations are collected. The final PAD subsystem is evaluated based on the standard ISO/. Considering SVM classification and 3 folds cross validation, the obtained error rates at 5% APCER are 18.1% BPCER for the thermal subset and 19.5% BPCER for the optical subset.This work was supported by the European Union's Horizon 2020 for Research and Innovation Program under Grant 675087 (AMBER)