The word biometrics comes from the Greek words βίος (life - root bio) and μέτρηση (measurement). Biometrics is the measurement of life. Biometrics are the technologies to measure a person's physiological or behavioral characteristics that are unique to each person, so it can be used to verify or identify a person.
We have two main types of biometrics:
- Physiological, using passive traits and fixed or stable human characteristics such as iris, retina, finger, palm, face, voice, DNA, veins, teeth, etc.
- Behavioral, using active traits and human characteristics represented by skills or functions performed by an individual, like signature, keystrokes, speech etc.
Biometrics can be used in:
- Authentication, that answers the question “Are you the person who you are claiming to be?”.
- Verification, the process of matching input entered by a person and a previously stored input in a database.
- Authorization, the process of assigning access rights to the authenticated or verified users.
UK Government Office for Science, Biometrics: a guide
Biometrics is where statistical methods meet biological data. In modern terminology, as used here, its purpose is specifically to find or confirm the identity of individuals from intrinsic traits.
Accurate identification is fundamental to physical security, information security, financial transactions, contracts and employment, public services, criminal justice, national security and more. The range and frequency of instances where identity must be verified is increasing, with, for example, air passenger numbers forecast to double in the next 20 years.
Identity fraud is also increasing year on year.
Older systems of identification, such as manual passport checks and computer passwords, are therefore under considerable strain.
Scientific biometrics emerged around 1880, more or less simultaneously in several places. One motivation was to provide secure authentication for employment contracts, especially in the colonial context.
But even more significant was the drive to identify repeat offenders who were passing through the criminal justice system – people who were liable to change their names and superficial appearance.
The two technologies that emerged first were anthropometry (body measurements) and fingerprinting. The latter was more successful because of its ease of capture. Applications of fingerprinting have widened from authenticating documents and recording prisoners to forensic analysis of crime scenes, workplace access and device access. More than 1 billion smartphones with fingerprint scanners are expected to be made in 2018.
Despite its very widespread use, fingerprinting does have weaknesses, and there are numerous alternatives. These include matching of iris pattern, hand shape or the vasculature of fingers or the retina. Generating particular interest now are facial recognition and voice recognition. These can operate remotely and unobtrusively, utilising existing infrastructure such as CCTV and telephones.
Biometrics, either alone or in concert with other technologies, presents huge opportunities for consumers, businesses and government to make identity verification cheaper, more convenient and less vulnerable to fraud. Trends indicate that existing applications will expand and new ones will emerge, meaning that biometrics will become increasingly ubiquitous and powerful.
Indeed, improvements in hardware and software mean biometric technologies that until recently were the domain of science fiction, such as the personally targeted advertising based on iris scans in the 2002 film Minority Report, are now entirely possible. This raises popular interest in biometrics but also leads to questions about privacy and where the limits of acceptable use lie.
Identification and authentication
An important first principle is that identification is not a single, common process. The terminology of identification is confusing and often used inconsistently. People can be identified with or without their consent, with or without their active cooperation, and with or without them first claiming who they are. The word “authentication” is a generic term for proving the origin or truth of something and can be applied to any of these.
The consensual, cooperative end of that spectrum is generally associated with access control. This is a wide suite of applications, which essentially ensure that an individual has secure and private access to their home, car, workplace, money, data, democratic and travel rights, online identities, hazardous machinery and more. Access can be controlled with physical objects such as keys, cards or tokens, with secret knowledge such as a password or PIN, or with biometrics. A combination of those is multi-factor authentication, the classic “something you have, something you know, something you are”.
The main difference between those is that objects and knowledge can be shared, legitimately or illicitly, and must be remembered and looked after. Biometrics cannot be lost or forgotten, or readily shared or changed.
The non-consensual, non-cooperative end of the spectrum tends to be associated with powers of the state, relating to criminal justice and national security. Although forensic science and biometrics are closely related and use many of the same sources of data, they are not the same discipline.
Forensic science happens after an event, usually involves manual recovery of data, and its results have to be communicated verbally to a courtroom audience. Biometrics is usually applied before the event and can be completely automated. Noncooperative biometric applications are generally surveillance-based, very often using facial recognition.
Pattern matching
There are several types of evidence that can be used to find or confirm identity. They include process of elimination and the stated or documented opinion of a third party. But the most important type is direct evidence, which means pattern matching.
The cuts of a mechanical key are a pattern. Passwords are patterns of letters and numbers. Biometric modalities are ingrained patterns within the human body. To be useful for identifying an individual, these patterns must be distinguishing and repeatable. For some applications, pattern consistency over long periods is preferable. Fingerprints are formed semi-randomly in the womb, so even identical twins have non-identical fingerprints, and while they stretch over time their fundamental shapes never change, other than through injury. Iris patterns are similar, as are configurations of small blood vessels, for example in the retina or fingers.
Soft biometrics is a wider category of patterns, which may not be unique or permanent but can still be useful for identification. These include physical characteristics like height, body shape or eye colour; affectations like clothing, jewellery, tattoos or facial hair; or behavioural biometrics, which are patterns in learned actions such as gait, handwriting (including signature) or typing.
Attacks on biometric systems
The difficulty of changing one’s biometrics is useful for law enforcement applications: criminals such as the 1930’s gangster John Dillinger have attempted to burn or sand off their fingerprints, but the resulting scars simply mark one out as a high-value fugitive. Similarly, one can hide one’s face from a camera, but that might attract the attention of human operators. The potential value of one’s own biometrics also means there is considerable public concern around protecting biometric data from theft. Mitigation against these threats is a fast-evolving field of research.
Cyberattack is the first threat to biometrics and other types of authentication. Passwords are normally attacked via theft of the reference database. Plain text in that database is protected from instant compromise by hashing and salting. Hashing is irreversible encryption, while salting is the addition of random data that prevents an attacker from scanning for known hashes. However, as a desktop computer using its GPU can check around 2 billion hashes per second,26 it is still vital to choose passwords that are long and not guessable from any dictionary or open source data.
Biometric references, which are more complex than memorable passwords, can also be salted and hashed, making a “cancellable biometric” that could be regenerated if compromised. Note that storing the template on the device is in some ways more secure and private than storing it on a remote database, but equally means the device could be used as a closed sandbox for testing attacks. Human factors are the next possible line of attack.
The most disturbing way to obtain a victim’s biometrics is via mutilation, which didn’t take long to be imagined in fiction: in the 1993 film Demolition Man, a retinal scanner is fooled with a gouged-out eye. In reality, eye modalities and several others will only work if the tissue is live. Liveness testing for fingerprints can be built into scanners quite easily, albeit with a slight increase in the FRR.
Alternatively, an attacker might coerce their target into using a scanner. This is difficult to stop automatically: detection of stress is one thing, but accurate attribution of its cause is well beyond current technology. The most plausible solution would be for the scanner to recognise a secret distress signal, similar to the real one but triggering a different response.
Presentation attacks
Presentation attacks, also known as spoofing, involve obtaining the victim’s biometrics in some way, for example by taking a high-resolution photo of their face, fingertip or iris, or recording their voice, and then using that to create a copy image (2D or 3D), which may be turned into a mask or overlay for an imposter to use. Right back in 1971, the film Diamonds are Forever showed James Bond fooling a (crude) fingerprint scanner with latex overlays, as well as using a voice impersonation device: ideas that were apparently beyond the CIA’s own thinking at the time.
The huge expansion of smartphone biometrics has made spoofing an item of considerable news interest. Spoofing exploits a threshold that has been set to trade some accuracy for convenience. The acquisition aspect of a presentation attack cannot, in general, be prevented: it is legal to photograph people who are in a public place. Possible defences come at the presentation stage and overlap with liveness testing. They involve analysis of optical, electrical, ultrasonic or temperature properties of the material being scanned, to differentiate live human tissue from an artificial overlay.
Attacks can also be enacted at the enrolment stage if there is a possibility of presenting an imposter’s sample, or indeed a morph of multiple images.
FBI, Next Generation Identification (NGI)
Today, the term “biometrics” is not limited to fingerprints. It also includes palm prints, irises, and facial recognition. In an effort to harness new technologies, and to improve the application of tenprint and latent fingerprint searches, the FBI’s Criminal Justice Information Services (CJIS) Division developed and incrementally integrated a new system to replace the Integrated Automated Fingerprint Identification System (IAFIS). This new system, the Next Generation Identification (NGI), provides the criminal justice community with the world’s largest and most efficient electronic repository of biometric and criminal history information.
Biometrics has been incredibly useful to the FBI and its partners in the law enforcement and intelligence communities, and the Bureau continues to look to new scientific advancements to increase the range and quality of its identification and investigative capabilities. The NGI System offers services that provide a platform for multimodal functionality that will continue to evolve with new technologies and user requirements.
Past and Future of Biometrics
Beginning in July 1999, the CJIS Division operated and maintained the IAFIS, the world’s largest person-centric database. The IAFIS provided automated tenprint and latent fingerprint searches, electronic image storage, electronic exchanges of fingerprints and responses, as well as text-based searches based on descriptive information. Because of growing threats, new identification capabilities were necessary. Advancements in technology allowed further development of biometric identification services. The CJIS Division, with guidance from the user community, developed the NGI System to meet the evolving business needs of its IAFIS customers.
Building on the foundation of the IAFIS, the NGI brought the FBI’s biometric identification services and criminal history information to the next level. The NGI system improved the efficiency and accuracy of biometric services to address evolving local, state, tribal, federal, national, and international criminal justice requirements. New capabilities include a national Rap Back service; the Interstate Photo System; fingerprint verification services; more complete and accurate identity records; and enhancements to the biometric identification repository. Below are descriptions of some of those capabilities.
NGI Capabilities
Here are some of the NGI System's capabilities:
Advanced Fingerprint Identification Technology (AFIT)
The FBI deployed the first increment of the NGI System in February 2011, when the AFIT replaced the legacy Automated Fingerprint Identification System (AFIS) segment of the IAFIS. The AFIT enhanced fingerprint and latent processing services, increased the accuracy and daily fingerprint processing capacity, and improved system availability. The CJIS Division implemented a new fingerprint-matching algorithm that improved matching accuracy from 92 percent to more than 99.6 percent. In addition, contributors experienced faster response times, fewer transaction rejects, and increased frequency of identification and file maintenance notifications triggered by consolidations.
Repository for Individuals of Special Concern (RISC)
In August 2011, the RISC, a rapid search service accessible to law enforcement officers nationwide, became available through the use of a mobile fingerprint device. The NGI rapid search, with response times of less than 10 seconds, offers additional officer safety and situational awareness by providing on-scene access to a national repository of wants and warrants including the Immigration Violator File (IVF) of the National Crime Information Center (NCIC), convicted sex offenders, and known or appropriately suspected terrorists. The NGI RISC rapid search service is available only to authorized criminal justice personnel for criminal justice purposes in compliance with federal and state laws.
Latent and Palm Prints
The NGI System’s latent functionality uses a Friction Ridge Investigative File composed of all retained events for an individual as opposed to one composite image set per identity. These multiple events in the repository result in three times the previous latent search accuracy and allow for additional event image retrieval to support difficult casework.
Prior to the NGI System, latent images searched against the criminal repository. Now, latent users can search latent images against the criminal, civil, and Unsolved Latent File (ULF) repositories. Moreover, incoming criminal and civil submissions (tenprint, palm print, RISC, and supplemental fingerprints) are cascaded against the ULF, generating new investigative leads in unsolved and/or cold cases. The CJIS Division recommends latent fingerprint images submitted prior to 2013 be resubmitted to the NGI system if no identification was made during the initial search.
In May 2013, the FBI established the National Palm Print System (NPPS). This system contains palm prints that are searchable to law enforcement nationwide. The NGI System also allows direct enrollment and deletion of palm prints and supplemental fingerprints similar to the existing direct fingerprint enrollment capability. These types of search and enrollment enhancements provide powerful new crime-solving capabilities to local, state, tribal, and federal law enforcement agencies across the country.
Rap Back
The Rap Back service allows authorized agencies to receive notification of activity on individuals who hold positions of trust (e.g. school teachers, daycare workers) or who are under criminal justice supervision or investigation, thus eliminating the need for repeated background checks on a person from the same applicant agency. Prior to the deployment of Rap Back, the national criminal history background check system provided a one-time snapshot view of an individual’s criminal history status.
With Rap Back, authorized agencies can receive on-going status notifications of any criminal history reported to the FBI after the initial processing and retention of criminal or civil transactions. By using fingerprint identification to identify persons arrested and prosecuted for crimes, Rap Back provides a nationwide notice to both criminal justice and noncriminal justice authorities regarding subsequent actions.
Interstate Photo System
The Interstate Photo System, or IPS, is the FBI's repository of all photos received with tenprint transactions, by qualifying submission or bulk submission, when verified with an existing tenprint record. The IPS permits broader acceptance and use of photos by allowing:
- More photo sets per FBI record for criminal subjects.
- Bulk submission of photos maintained at state repositories.
- Submission of photos other than facial (i.e., scars, marks, tattoos).
Facial Recognition Search
A feature of the NGI IPS is the facial recognition search, another way biometrics can be used as an investigative tool. The IPS offers an automated search and response system targeted toward state and local law enforcement. Authorized law enforcement may submit a probe photo for a search against over 30 million criminal mug shot photos and receive a list of ranked candidates as potential investigative leads.
Deceased Persons Identification (DPI) Services
The Criminal Justice Information Services (CJIS) Division offers DPI Services to further increase the deceased identification tools available to the law enforcement community and authorized medical examiners and coroners. Formerly known as the Next Generation Identification (NGI) Cold Case/Unknown Deceased Service, the DPI Services provide a fingerprint-based identification service for active and cold cases.
The DPI Services uses the NGI System’s advanced search algorithms and cascades the deceased person's fingerprints against all identities, as well as the U.S. Department of Homeland Security and the U.S. Department of Defense’s fingerprint systems. The service provides the same search to contributors submitting these requests electronically and those who submit directly to the CJIS Division. This will increase the overall identification rate for deceased identification requests. This tool will strengthen criminal investigations and humanitarian aid through the use of state-of-the-art biometric technologies.
NGI Iris Service
The Next Generation Identification (NGI) Iris Service, provides a fast, accurate, and contactless biometric identification option for law enforcement and criminal justice users. The NGI Iris Service uses an iris image repository within the NGI system. All iris images enrolled in the repository are linked to a tenprint fingerprint record.
The NGI Iris Service has an automated iris search that is used for identification validation at some correctional facilities. Typically, inmates have an image of their iris scanned upon arrival. Then, when they are moved or released, staff scan the inmate’s eyes again to help ensure they are moving or releasing the correct person. In the future, this technology may also be used for moving arrestees, in court proceedings, and for probation/parole.
Once the NGI iris image repository grows, participating agencies will be able to search an iris image against the repository for an automated and contactless way to identify a subject.
Combined DNA Index System (CODIS)
The Combined DNA Index System, or CODIS, blends forensic science and computer technology into a tool for linking violent crimes. It enables federal, state, and local forensic laboratories to exchange and compare DNA profiles electronically, thereby linking serial violent crimes to each other and to known offenders. Using the National DNA Index System of CODIS, the National Missing Persons DNA Database also helps identify missing and unidentified individuals.
Overview
CODIS generates investigative leads in cases where biological evidence is recovered from the crime scene. Matches made among profiles in the Forensic Index can link crime scenes together, possibly identifying serial offenders. Based upon a match, police from multiple jurisdictions can coordinate their respective investigations and share the leads they developed independently.
Matches made between the Forensic and Offender Indexes provide investigators with the identity of suspected perpetrators. Since names and other personally identifiable information are not stored at NDIS, qualified DNA analysts in the laboratories sharing matching profiles contact each other to confirm the candidate match.
History
The FBI Laboratory’s CODIS began as a pilot software project in 1990, serving 14 state and local laboratories. The DNA Identification Act of 1994 formalized the FBI’s authority to establish a National DNA Index System (NDIS) for law enforcement purposes. Today, over 190 public law enforcement laboratories participate in NDIS across the United States. Internationally, more than 90 law enforcement laboratories in over 50 countries use the CODIS software for their own database initiatives.
Mission
The CODIS Unit manages CODIS and NDIS. It is responsible for developing, providing, and supporting the CODIS program to federal, state, and local crime laboratories in the United States and selected international law enforcement crime laboratories to foster the exchange and comparison of forensic DNA evidence from violent crime investigations. The CODIS Unit also provides administrative management and support to the FBI for various advisory boards, Department of Justice grant programs, and legislation regarding DNA.
The Team
Program managers, forensics system program managers, biologists, auditors, management and program analysts, and paralegal specialists.
The Future
Through the combination of increased federal funding and expanded database laws, such as the DNA Fingerprint Act of 2005, the number of profiles in NDIS has and will continue to dramatically increase, resulting in a need to re-architect the CODIS software. A considerable focus during this time will be to enhance kinship analysis software for use in identifying missing persons.
This next generation of CODIS will utilize STR and mtDNA information as well as metadata (such as sex, date of last sighting, age, etc.) to help in the identification of missing persons. The re-architecture will also enable CODIS to include additional DNA technologies, such as Y Short Tandem Repeat (Y-STR) and mini-Short Tandem Repeat (miniSTR).
The FBI Laboratory is committed to the support of the CODIS program. With the continued cooperation and collaboration of legislative bodies and all components of the criminal justice community—law enforcement, crime laboratories, victims, prosecutors, and the judiciary—the future of DNA, CODIS, and NDIS holds even greater promise to solve crime and identify missing persons.