General security

Deploying Biometrics: The Modality Aspect

Ravi Das
December 6, 2016 by
Ravi Das

Overview of the Last Article

As our last two articles have reviewed, the procurement and deployment a full blown Biometric system at a corporation or business can be a very tedious, laborious, and extremely time-consuming process. Thus, the need to have an appropriate Biometric Project Plan becomes a vital tool in making sure that all processes go through smoothly in the implementation and training phases.

Now of course, if you were just deploying a few devices, a comprehensive Biometric Project Plan is not needed. But, it is still important to plan, especially in the way your employees will perceive these devices, which will be primarily of Fingerprint Recognition and Iris Recognition devices.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

As described previously in another article, the end-user perception (in this case, the employees of your organization) can also have a pronounced effect on the ultimate acceptance of these devices.

The first article provided an extensive review of what the start of the overall Biometric Project Plan should like. In it, more emphasis was placed upon the Human Factors and Ergonomics components. After all, as just described, the employees must feel comfortable and safe when using any Biometric Modality which might be deployed.

The second article closely examined as to what the Biometric Project Plan should look more from a technical perspective. In this regard, the main focus was on those considerations which need to be taken account as you, the C-Level Executive and your IT staff have started the process of sourcing different Biometric vendors, and the products and solutions which they offer.

Specifically, these topics were examined:

  1. The Systems Requirements Analysis:

    This is the phase in which the exact, specific Security needs of the business or corporation are set forth and established, and what Biometric Modality will serve the best purposes. For example, what applications will be needed? Physical or Logical Access Entry, or Time and Attendance? For this, do we need Hand Geometry Scanners or Vein Pattern Recognition devices, etc.?

  2. Biometric System Requirements Elicitation:

    Now that the technical aspects have been covered in the last phase, this step allows for the stakeholders to express their own individual concerns and specific needs. It is important to note that although everybody in a corporation or a business is technically a stakeholder, it is the representatives who will be representing the viewpoints.

  3. Biometric System Requirements Analysis and Regulation:

    In this phase, the IT staff reproduces various "what if" scenarios of the proposed Biometric implementation to see what the points of failure could be and any other unforeseen, extreme risks which could subsequently be present.

  4. Biometric System Requirements Documentation:

    In this phase of the Biometric Project Management Lifecycle, all of the processes and sub-processes which are involved in the procurement and deployment are completely documented, and after completion sent off to the stakeholders for final approval.

  5. Biometric System Specifications:

    In this last phase, all of the pieces of the Biometric Project Plan are put together thus far, to see if the planned Biometric modality (or modalities) will actually deliver on the needed Security requirements, and what other gaps may be present which still need to be filled.

In this article, we now hone in on that part of the Biometric Project Management Lifecycle which deals specifically with the Biometric modality itself.

An Introduction to the Modality Component of the Biometric Project Management Plan

This part of the Plan consists of the following modules:

  1. The System Architectural and Processing Designs
  2. The various Storage and Matching which can occur in the Biometrics Database
  3. The Operational Architecture Design
  4. The Information Processing Architecture
  5. The Subsystem Analysis and Design.

The System Architectural and Processing Designs


This particular phase can be considered as the blueprint which will be utilized to help specify the very exact Biometric hardware and software which will be deployed at the business or corporation. There are three primary objectives to be accomplished in this phase, and they are:

  • The High-Level Goals:

    This describes the specific Security based goals that the proposed Biometric system is supposed to accomplish.

  • The Mid-Level Objectives:

    This describes where the Biometric system will be placed and how the respective Biometric Templates will be matched and compared against one another (in this instance, it is the comparison of the Enrollment and the Verification Templates).

  • The Detailed High-Level Objectives:

    This helps to define which specific modality (which includes the hardware and the software) will be used in the Biometric system.

These objectives help to formulate both the Functional and Operational Architecture requirements of this step in the Biometric Project Management plan, and are detailed further as follows:

  1. The Functional Architecture:

    This component describes the actual physical aspects of the Biometric system hardware and the type of Security environment in which it will be deployed. It addresses these crucial subcomponents:

  • The Environmental Design:

    This describes how the Ergonomic environment will be created (as discussed in Part 1 of this article series).

  • The Hardware Design:

    This lays out the actual schematics and blueprints as to how the Biometric Modality (modalities), will be installed, how they will interact with another, and how they will also operate with any legacy Security systems already in force at the business or corporation. In this regard, it is important to note that Biometric system hardware design will be strongly correlated with the design and establishment of the existing Security infrastructure. As a result of this, the proposed Biometric system could very well add an extra layer of defense.

    1. The Operational Architecture:

      This type of architecture lays out the design of the software system of the entire Biometric deployment, and this is what enables the Functional Architecture component to do its part of the work as well. It should also be noted also that at this point, that the design of the software system is only conceived of at a high level. It does not go into the granular level of detail as to how the exact software code will be formulated and QA tested. It is also here that the goals of determining how the Biometric Templates and the Matching Algorithms will be stored and where is considered and documented in detail.

    The Storage and Matching Combinations


    This phase of the Biometric Project Management Plan deals specifically with how the raw images are collected, how they will be converted over to the respective Enrollment and Verification Templates, as well as how they will be stored into the Biometrics database.

    This phase consists of six separate sub-components (in actuality, these are the different combinations of the Biometric Template creation and storage):

    1. Store On Server, Match On Server Architecture:

      In this type of architecture, the Biometric raw images that are collected from the Sensors and the subsequent Biometric Templates that are created are both stored, compared/matched with one another at the server level. This is one of the most utilized architectures, and the typical applications that use this are the large scale, Identification (1:N) based scenarios.

    2. Store On Client, Match On Client Architecture:

      With this architecture, the Biometric raw images and the respective Biometric Templates are stored at the client level, and all processing of the data and information are conducted at the local level. This type of architecture can operate and function without a centralized network, and the most common applications used in that approach are those of the Single Sign On Solutions (SSOs) for workstations, wireless devices, and Smartphones.

    3. Store On Device, Match On Device Architecture:

      Regarding this operational architecture, the Biometric raw images, and the corresponding Templates are stored on the actual devices themselves, and all processing takes place again at the local level. The most common application for this architecture are the Verification based scenarios used on Wireless devices.

    4. Store On Token, Match On Token Architecture:

      With this operation architectural regime, the Biometric raw images, and the corresponding Templates are actually stored on physically based tokens, such as a Smart Card. A difference between this and the other architectural types is that all processing takes place over a Wireless connection, between the Smart Card and the Smart Card reader. The most common applications for this particular architecture are those of the credential based systems, such as turnstiles for Physical Access Entry at large office buildings.

    5. Store On Token, Match On Device Architecture:

      Under this regime, the Biometric raw images, and the corresponding Templates are also stored in the chip of a Smart Card. But, the primary difference here is that the matching and the processing actually take place on the Smart Card itself, without the need for a Smart Card Reader. A common application used here is that of worked based credentialing systems.

    6. Store On Token, Match On Server Architecture:

      With this type of operational architecture, the Biometric raw images and their Templates are stored onto the Smart Card, but the processing and matching of the Biometric Templates take place at the server level. A primary advantage of this scenario is that all decision-making occurs in a secure environment. A typical example which uses this approach is that of Network and Internet-based access.

    In summary, Identification based applications (such as AFIS) would work effectively under a server based system; and Verification based applications would work well with the locally based storage system (such as that of a Smart Card).

    The Operational Architecture Design


    This part of the Biometric Project Management Plan deals specifically with Multimodal based Biometric systems, whether it is implemented as the sole means of Security or whether it will also operate with a legacy based Security system at the business or corporation.

    With a Multimodal based Biometric system, there will be different types and kinds of Biometric information/data which will be shared with the different modalities. This concept is also known as specifically as "Fusion," and there are four levels of it:

    1. Sensor Level Fusion:

      At this level, the Biometric information which is collected is rich and the most unique, but it also contains a lot of extraneous background noise which could greatly affect the Biometric Template creation process.

    2. Feature Level Fusion:

      There are two different sub-fusion layers at this level and are as follows:

    • Unimodal Feature Fusion: Single Biometric information/data fusion can be applied.
    • Feature Normalization: This is a Biometric system with different modalities which require further unique feature extraction. In these situations, statistical means and variances are utilized.
      1. Score Level Fusion:

        At this stage, the Biometric information/data are greatly simplified and distilled to a level which is understandable and possesses a strong level of Ease of Use.

      2. Decision Level Fusion:

        At this stage, the Biometric information/data is very much limited, and this technique is only used when no datasets are presented. This concept is also referred to as "Rank Level Fusion" for large scale, Identification based applications.

      The Information Processing Architecture


      This part of the Biometric Project Management plan involves the design of any type of computing or other IT resource which is needed as well as the mathematical algorithms and the Network Infrastructure which are needed to support the entire Biometric system at the business or corporation.

      The various subcomponents which are needed in this part of the process include the following:

      1. The Computer Hardware:

        For Biometric systems, speed is one of the most Important functions (obviously given the fact that Verification transactions have to take place in under 2 seconds). However, it is not just the speed of the actual modality hardware which is of great importance, but the speed of the Central Processing Unit (CPU) is also equally important as well. For example, all of these factors need to be taken into consideration as well:

      • The generation of the of the CPU and its relative speed (measured in hertz)
      • The Arithmetic Logic Unit (also known as the ALU) which regulates the mathematical calculations
      • The bus speed of the CPU, which is measured in the actual speed and the width
      • The input/output rate (also known as the I/O rate) in which the Biometric information and data can be sent to other hardware devices which support the entire Biometric system.
        1. The Parallel and Distributed Processing:

          In most large scale Biometric systems, just one processor is simply not enough. Therefore, the workload must be shared. To accomplish this, a concept known as Parallel and Distributed Processing are must be utilized:

        • Parallel Processing:

          This is defined as "the simultaneous transfer, occurrence, or processing of the individual parts of the whole such as the bits of a character, using separate facilities for the various parts." (SOURCE: 1). In other words, one server processor can send the workload into different components to other server processors to execute a portion of the larger program that supports the Biometric software applications from within the system.

        • Distributed Processing:

          With this type of processing, the same task is broken up amongst a series of server processors. In this instance, a single mathematical instruction, multiple data architecture is utilized. This simply means that the server processors perform the same, repetitive tasks on different sets of Biometric information and data.

        • The parallel and distributed processing components as described above are actually a direct function of what is known as "Execution Efficiency." This is specifically defined as "the degree to which a system or component performs its designated functions with minimum consumption of time." (SOURCE: 2). This can also be referred to as "Computational Expense."

          This is greatly impacted by the sheer complexity of the mathematical algorithms that are involved in a Biometric system as well as the sheer amount of Biometric information and data that must also be processed. As a result, it should also be noted that there is a distinct tradeoff between the processing quality of the Biometric Templates and the total amount of memory which is required.

          Subsystem Analysis and Design


          The next phase of the Biometric Project Management Lifecycle is that of the Subsystems design phase. In any Biometrics Subsystem, they are designed to be logically separated from one another.

          To accomplish this specific task, the concepts of coupling and cohesion are utilized. Coupling can be defined as the "manner and degree of interdependence between software modules." (SOURCE: 3). Cohesion can be defined as "the manner and degree to which the tasks performed by a single software module are related to one another." (SOURCE: 4).

          For example, coupling is used and designed in such a way that in such a way that each Subsystem in the overall Biometric system can operate separately from one another. With respect to cohesion, every subsystem in the overall Biometric system can only perform and execute those specific tasks to which it has been assigned, in order to ensure that the Biometric system works as one harmonious unit.

          It is important to keep in mind, that one of the ultimate goals of any Biometric system is to be the "Human to Machine Interface." As a result, the proper choice of the Sensor becomes of paramount importance to capture and collect the raw images.

          The design and ultimate choice of a Sensor not only has a huge and direct impact on the performance of any Biometric system, but a phenomenon known as "Sensor Fatigue" can also set in over the useful lifetime of the Biometric Modality. This only occurs when the Sensor can no longer capture and collect raw images.

          In the Biometric Project Management plan, it is also important to give serious consideration the environment in which the Subsystems will be placed in, and the various applications which it will serve. These choices which will be made will also have a direct and strong impact upon the Sensor which will be ultimately utilized. Some of the factors which can influence the choice of Sensor in this regard include the following:

          1. The specific Biometric modality that will be required by the business or corporation
          2. The preprocessing and the feature requirements of the Biometric raw image/recordings (the latter is for Behavioral based Biometrics)
          3. Any changes in the preprocessing order
          4. Any modular designs are required to be incorporated
          5. The types of the statistical compression ratios that are required for the processing of the Biometric raw images.

          Conclusions

          In summary, this article has reviewed probably the most critical aspect of the Biometric Project Management Plan the modality itself. Just as other factors are important when considering the procurement and deployment of the overall system, the C-Level Executive and his or her IT staff must take a very serious look at the modality they wish to implement.

          For instance, the modality being taken into consideration has to meet the exact security requirements of the corporation or the business. Apart from the theoretical constructs which have been reviewed in this article, the device(s) must also be first put into a testing mode which simulates the current security environment; the applications it will serve; and the potential threats and the risks it supposed to thwart off. Once all of these have been deemed to be at an acceptable threshold, only then should the device(s) be released into the production environment.

          There is yet another part of the Biometric system which is often overlooked in the Project Management Plan which is the Database component. A major reason for this is that the thinking is once a particular modality is installed, the storage issue is taken care of because a standalone device can house both the Enrollment and the Verification Templates.

          What should you learn next?

          What should you learn next?

          From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

          But if the modalities are networked together in a Client-Server Network topology, the issue of database design and Biometric Template storage becomes much more complex, thus requiring careful consideration and planning in the Project Management Lifecycle. This will be the topic to be addressed and fully reviewed in the next article.

          Sources

          1. Certified Biometrics Learning System, Module 2, Biometrics System Design and Performance, 2010 IEEE pp. 3-90).
          2. Certified Biometrics Learning System, Module 2, Biometrics System Design and Performance, 2010 IEEE pp. 3-32).
          3. Certified Biometrics Learning System, Module 2, Biometrics System Design and Performance, 2010 IEEE pp. 3-92).
          4. Certified Biometrics Learning System, Module 2, Biometrics System Design and Performance, 2010 IEEE pp. 3-92).
          5. http://www.idc-online.com/control/Design_and_Implementation.pdf
          6. http://e-archivo.uc3m.es/bitstream/handle/10016/7492/Tesis_JLiuJimenez.pdf?sequence=1
          7. http://csrc.nist.gov/nissc/1999/proceeding/papers/t14.pdf
          8. http://upcommons.upc.edu/bitstream/handle/2099/1604/Hardware-Software%20Co-Design%20for%20Fingerprint%20Biometric%20Identification.pdf?sequence=1
          9. https://pdfs.semanticscholar.org/e237/3a719f882842f4ec220d6fcb184a13a3e565.pdf
          10. http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.100.1519&rep=rep1&type=pdf
          11. https://go.noknok.com/rs/207-VEO-726/images/PwCLegal-Biometric-Privacy.pdf
          12. http://www.oasis-pki.org/pdfs/biometricsweb.pdf
          13. http://www.cse.lehigh.edu/prr/Biometrics/Archive/Papers/BiometricEncryption.pdf
          14. https://www.sans.org/reading-room/whitepapers/authentication/iris-recognition-technology-improved-authentication-132
          15. http://www.ucalgary.ca/btlab/files/btlab/ch1.pdf
          16. https://www.dhs.gov/sites/default/files/publications/National%20Protection%20and%20Programs%20Directorate%20(NPPD)%20-%20Office%20of%20Biometric%20Identity%20Management%20Multi-Year%20Investment%20and%20Management%20Plan.pdf
          17. https://danishbiometrics.files.wordpress.com/2009/08/biometricattackvectors.pdf
          18. http://biometrics.cse.msu.edu/Publications/GeneralBiometrics/JainPankantiBioSystemPerformance_IEICE00.pdf
          19. https://arxiv.org/ftp/arxiv/papers/1003/1003.1458.pdf
          20. https://pdfs.semanticscholar.org/3ac6/b0b87f74d117edef017ba39ef6c17e791f5b.pdf

          21. https://www.cse.msu.edu/~jain/BiometricCryptosystemsIssuesAndChallenges.pdf
          22. http://www.ti.com/lit/wp/spry222/spry222.pdf
          23. https://erncip-project.jrc.ec.europa.eu/sites/default/files/ReqNo_JRC95455_Experiences%20from%20Large%20Scale%20Testing%20of%20Systems%20using%20Biometric%20Technologies.pdf
          24. http://www.merl.com/publications/docs/TR2009-002.pdf
          25. http://www.sce.carleton.ca/faculty/adler/publications/2004/adler-2004-NATORTA-biometric-encryption-vulnerabilities.pdf
          Ravi Das
          Ravi Das

          Ravi is a Business Development Specialist for BiometricNews.Net, Inc., a technical communications and content marketing firm based out of Chicago, IL. The business was started in 2009, and has clients all over the world. Ravi’s primary area of expertise is Biometrics. In this regard, he has written and published two books through CRC Press. He is also a regular columnist for the Journal of Documents and Identity, a leading security publication based out of Amsterdam.

          You can visit the company’s website at www.biometricnews.net (or http://biometricnews.blog/); and contact Ravi at ravi.das@biometricnews.net.