By Peter Cochrane, 12 March 2007 12:40
COMMENT
Written on the A1M and dispatched to silicon.com via a free LAN connection provided by my hotel outside Newcastle upon Tyne
Have you noticed how easy it is to recognise a friend or loved one at a distance? How do we do that?
For sure it isn't on the basis of a single parameter recognition system. We don't look at the face alone, which may be indistinguishable or even turned away from us. We take a multi-parameter approach. Body size and shape, skin colour and tone, facial expressions, clothing, jewellery, mannerisms, gait, behaviour patterns all play a vital part in the complete picture that tells us, yep, that is my wife or husband, brother, sister or friend.
The efficacy of our biological (and multi-parameter) recognition systems is of course axiomatic as we use them, and live or die by them, every day. Strange then that we seem to persist in trying to create singular, or very limited, parameter systems in the ICT domain.
What gives? Why should we think that a hand or thumb, lip or ear, face or body, voice or other biometric print will suffice as part of a complete electronic recognition system? Beats me!
Hardly a day goes by without some champion of one system or another claiming they have found the holy grail of personal ID and security. But I believe all single parameter security systems are doomed to fail. So many humans look sufficiently alike that face and body recognition is bound to be poor, as is clothing and mannerisms taken singularly. The voice and other biometric data is easy to mimic or forge, and just about everything in isolation can be assumed to provide weak identification.
The answer is obvious - and well tried and tested over thousands of years. Just afford our ICT systems the luxury of a multi-parameter approach and recognition accuracy will improve dramatically. Let me illustrate with some incomplete but representative numbers as follows:
| Item | Recognition parameter | Nominal recognition error | Difficulty of implementation (1=easy, 10=hard) | Difficulty of use for subject (1=easy, 10=hard) | Nominal sensor and software cost |
| 1 | Body size | 10 per cent | 1 | 1 | $300 |
| 2 | Body shape | 10 per cent | 2 | 1 | $300 |
| 3 | Skin colour | 5 per cent | 4 | 1 | $300 |
| 4 | Clothing | 5 per cent | 3 | 1 | $300 |
| 5 | Mannerisms | 5 per cent | 4 | 1 | $500 |
| 6 | Gait | 1 per cent | 4 | 1 | $500 |
| 7 | Face | 0.10 per cent | 6 | 1 | $300 |
| 8 | Voice | 0.10 per cent | 10 | 3 | $100 |
| 9 | Hand | 0.01 per cent | 7 | 3 | $300 |
| 10 | Thumb | 0.001 per cent | 8 | 4 | $50 |
| 11 | Iris scan | 10-22 | 9 | 6 | $3,000 |
| 12 | Genetic sample | 10-16 | 10 | 10 | $10,000 |
At this point it is interesting to reflect that the concatenation of items 1 to 10 provides a far greater degree of recognition accuracy than a genetic sample and a marginally better accuracy than an iris scan but is considerably less expensive than either the iris scan or a genetic sample. Moreover, the first 10 items are generally more convenient and easier to use and items 1 to 8 can be realised overtly or covertly.
So the concatenation of the simple overcomes the dedication of the complex!
Comments
There are 13 comments. Join the discussion
1. Karen Challinor
by "thumb" do you mean a thumbprint or more accurately the fingerprint produced by your thumb ?
if so where exactly are you getting the nominal recognition error of 0.001% ?
and what exactly is a nominal recognition error rate anyway is it false positive matches, false negative matches, both or something else entirely
as far as I am aware there have been no independant scientific trials of fingerprint recognition to date so these figures do not actually exist, so quoting these non existent figures implies a legitemacy that also does not exist
further it casts doubt on the figures in the rest of the table
for example iris recognition or as you call it "iris scan" you quote a vanishingly small error of 10^-22, a quick trawl of the internet shows many different error rates, http://www.infomaticsonline.co.uk/computeractive/features/2014022/closer-look-biometrics goves a more realistic rate of around 7%
I have made errors in calculations and posted them on Silicon.com myself and believe me people were very quick to point out my mistakes but at least my figures could be checked
could you please tell uswhere you are getting your figures from as it seems that you are simply plucking them from the air at the moment and that would be irresponsible
2. Gary Hinson
Hi Peter.
Biometrics is not the only area where people/companies claim their security solution is "the best", ignoring the possibility of multi-bests. It happens all over (and, yes, I'm as guilty as anyone!).
The downsides of adding extra biometric tests are (a) dealing with conflicts and (b) the added systems complexity. (a) can be addressed in the system design, I guess e.g. 'voting'. (b) remains a concern for us paranoid security types. Complexity and security are like matter and anti-matter.
Well done on getting me thinking with a simple idea, well put.
Kind regards,
Gary
3. Jeremy Wickins
Biometrics are fine in their place - and that place is a relatively small enterprise where the inevitable problems can be dealt with quickly. However, the best way to get around the need for a techie to come out to sort the problem will be over-rides, probably based on user-name/password combinations, so the security "backdoor" will still exist.
Also, I agree with Karen Challinor:I've been researching this stuff for three years, and I haven't seen even the most rabid pro-biometrics advocate cite accuracy figures such as you produce here. I doubt it is possible in the lab, let alone the real world. The problem is that people are not the same day in, day out. All sorts of things can mess up biometrics - there is some evidence that pregnancy affects irises, for instance - and, the best biometric scanner is a human being or other animal.
4. Karen Challinor
and another minor detail, you propose using multiple biometrics instead of a single one
this is good it makes it harder to compromise the scheme, but still not impossible
and the central failing point of biometrics remains unaddressed
if my biometric signature is compromised somehow then how exactly do I get it changed without using the same illegal methods with which it was compromised in the first place
after all the whole idea is that you can't change a biometric measurement, isn't it
personally I prefer passwords, pins and even signatures as should these become compromised I don't have to resort to surgery to get them changed
5. Brian Kett
Hi Peter,
I agree with you and it is not imprtant whether the numbers are correct or not the principle is right. We at neusciences have spent some time researching this area, both on our own account and in funded projects with universites at Southampton and Kent. We developed software methods that could take in not only physical, but behavioral charachteristics as well. The key to getting working systems is for the sensor manufacturers to provide the data that enables probabilstic information to be gathered. Some work on standards is moving this way, but most biometric suppliers only like to output a yes/no decision. The other aspect that most systems people overlook is that it is possible in cases where the result is 'maybe' to go back and request supplementary information, after all most people will want to co-operate in getting accepted.
I am happy to share our findings with anyone seriously thinking about this.
6. anonymous
I agree that we recognise by no single factor. Some years ago I went with several colleagues to 3M's video tape plant in Swansea. Everyone wore identical protective suits and caps and it was very difficult to recognise someone without staring into their face.
7. peter Cochrane
Gary = The big problem seems to be that there are the theoretical results, the lab results, and then the real world. On every occassion I have been involved in this technology area the reality of people using the technology quickly reduces the optimistic performance figures published.
Just recently I have been witness to the rather farcical attempts to get iris scanning to work well at airports. And my increasingly arthritic fingers just seem to defy finger print recognition systems!
So as I scan conference papers, interface with people in the field, check out professional publications, and scan the web for results, and of course look out my own records from the past, I find a huge variance in results. BUT the conclusion is always on the downside of the performance claims - and mostly by a long way!
Thanks for the input.
Peter
8. Peter Cochrane
Karen = By "thumb" I imply the fingerprint - perhaps I should have said digit!
Nominal indicates quite a spread - and it really depends who is doing the assessment! Companies selling are usually over optimistic, whilst the customer experience can be pessimistic.
There have been lots of trials - check out professional journals and books-etc:
http://www.amazon.com/Handbook-Fingerprint-Recognition-Davide-Maltoni/dp/0387954317
http://www.springer.com/west/home/computer/information+security?SGWID=4-40160-22-3035623-0
http://ieeexplore.ieee.org/Xplore/login.jsp?url=/iel5/9317/29659/01347697.pdf
http://biolab.csr.unibo.it/research.asp?organize=Activities&select=&selObj=111&pathSubj=111&Req=&
"for iris scan you quote a vanishingly small error of 10^-22, a quick trawl of the internet shows many different error rates, http://www.infomaticsonline.co.uk/computeractive/features/2014022/closer-look-biometrics goves a more realistic rate of around 7%"
Then it is a very poor system - 10^-22 was achieved at BTLabs 10 years ago!
My figures are from conference presentations, papers, press, www, my own experience... and there is a huge amount available. I have just tried to summarize what I have found and seen!
9. Karen Challinor
I'll have a look for the books you mention but I still maintain 10^-22% is a ridiculous figure for an error rate
I would have accepted zero quite happily as running a test in a lab and finding no errors is a reasonable event to expect
but 10^-22% error rate means that either they have checked against a sample size of 10^24 or they have worked out a theoretical error rate based on the error rate of the component parts of the system and it will still be wrong as combining error rates for components will give an overall error rate greater than the largest error rate for an individual component
ambient radiation inducing a single pixel error in the scanner will produce a higher rate than this
and the airport scanner with the 7% error rate was working perfectly until it was used on subjects who were not in the original dataset
however this is all beside the point
we do not need more biometrics, we do not need any biometrics
I leave my fingerprints on every flat surface I touch, my iris scan can be obtained using a camera, my skin cells shed like everyone elses and so I leave my DNA wherever I go
my biometric identity is available to any sufficiently determined criminal unless I choose to live in a plastic bubble
and once it has been compromised how would I prove that it was not me who emptied my bank account ?
and even if I did prove it was not me how would I then alter my biometric signature to once again secure my assets ?
in an orderly environment where most of the people involved stick to the rules biometrics may have a place but out in the world ? no.
10. Peter Cochrane
Jeremy = Thanks for this. You are right - figures are a real problem. The sector is full of amatuers and people with vested interests, plus professional purists. I have just tried to steer a reasonable line. Some of the figures are mine, some are averages of works done by others. Perhaps I'll cover this subject again and bound the published results where possible. Also recognize that results come with a price tag $100 and $10000 systems perform a little different! Peter
11. Peter Cochrane
Karen 2 = By some irrational thought process that I have never been able to fathom the human race expect machines to be infallible in their attempts to replace the so very obviously poor human systems they are designed to supersede.
Passwords and PINS are very poor indeed and so easily defeated...
Peter
12. Peter Cochrane
Brian = Thanks for this - and a very good obsevation I had overlooked - but will now remember for sure! 'If you can't decide ask/look for more data'. Peter
13. Peter Cochrane
Anonymous York. Agreed! I always found it really difficult in a clean room where everyone seems to take on the persona of a cherub! Peter