Overview of the Last Article
In our last article, we took a little bit of a divergence and reviewed some of the key market applications which Biometric Technology serves. Wherever there is a need for security, just about any kind of modality can typically work. But, reality dictates that certain Biometrics work best only in certain market applications.
The market applications which were reviewed include the following:
- Logical Access Control;
- Physical Access Control;
- Time and Attendance;
- Law Enforcement;
The first two of these applications deal with gaining some sort of control or access to a needed resource. For example, when it comes to Logical Access Entry, an individual is wishing to gain access to either their workstation or another network resource. Traditionally, it has been the password which has been used, but it is now starting to show its grave security vulnerabilities.
To remediate this, both Iris Recognition and Fingerprint Recognition are used quite heavily to replace the password. These are also known as “Single Sign On Solutions,” because, in one swipe of your finger or one scan of the eye, you can be logged in.
Physical Access Entry refers to gaining access to either a secured building or a secured office space. The traditional lock and key approach have always been used, but this is now becoming fast replaced by Hand Geometry Recognition and Fingerprint Recognition. Literally speaking, the shape of your hand or the minutiae of your fingerprint can trigger an electromagnetic lock strike to open a door for you.
In terms of Time and Attendance, this refers to keeping track of the time employees have worked in a business or a corporation. The most common tools used to do this is the time card or even a spreadsheet.
But these methods can be very time-consuming, and the security risk of “Buddy Punching” is very prevalent. It is Hand Geometry Recognition which is used the most here. The advantages of using this modality include an irrefutable record of the time worked, and the automatic calculation of the time worked in just a matter of a few minutes.
Law enforcement is also utilizing Fingerprint Recognition in the field to confirm the identity of individuals whom they apprehend. Their mobile devices contain an optical based, fingerprint sensor which is connected to the AFIS databases maintained by the FBI, and a match can thus be conducted in real time.
Finally, with Surveillance, this involves either covertly or overtly watching an individual or group of people to see if there is any variance in what is considered to be “normal behavior.” In this regard, it is CCTV camera technology which is used to record the behavior, and Facial Recognition to identify the individual(s) in question. Both technologies work simultaneously with each other to achieve these results.
In this article, we now review a close “cousin” to the Ultimate Biometric of All (Retinal Recognition)-The Most Stable Biometric of All-Iris Recognition.
An Overview into the Iris – The Physiological Structure
The iris lies between the pupil and the white of the eye, which is known specifically as the “Sclera.” The actual color of the iris varies from individual to individual, but there is a commonality to these colors; they include green, blue, brown, and in extremely rare cases, hazel can also be found. The color of the iris is primarily determined by the DNA code which is inherited from our parents.
The unique patterns of the iris start to form when the human embryo is conceived, usually during the third month of fetal gestation. The phenotype of the iris is shaped and formed by a process known as “Chaotic Morphogenesis,” and the unique structures of the iris are completely formed during the first 2 years of childhood development.
The primary purpose of the iris is to control the diameter and the size of the pupil. The pupil is that part of the eye that allows for light to enter into the eye, which in turns reaches the retina, which is located at the back of the eye. For more information about the retina, please see our previous article.
The exact amount of light which can enter into the pupil is a direct function of how much it can expand and contract, which in turn is governed by the muscles of the iris. The iris is composed of two layers:
- A fibrous vascular tissue known as the “Stroma”;
- The Sphincter Muscles.
The Sphincter Muscles are responsible for the contraction of the pupil, and another group of muscles known as the “Dilator Muscles” governs the expansion of the pupil. When you look at your iris in the mirror, you will notice a radiating pattern. This is known specifically as the “Trabecular Meshwork. When a Near-Infrared Light (also known as the “NIR) is flashed onto the iris, many unique features can be observed.
These features include the ridges, folds, freckles, furrows, arches, crypts, corona, as well as other patterns that appear in in various, discernable fashions. Finally, the collaretta of the iris is the thickest region, which gives the iris its two distinct regions, known as the:
- The Pupillary Zone (this forms the boundary of the pupil);
- The Ciliary Zone (which fills up the rest of the iris).
The iris has been deemed to be one of the most stable and unique structures of the human physiology, and in fact, scientific studies have shown that even identical twins have a different iris structure. An actual image of the iris is illustrated below:
Iris Recognition: How it Works
To start the Enrollment process, an NIR light is shone into the iris of the individual. From this point, various grayscale images are then captured and compiled into one primary composite image. Specialized software then removes any obstructions from the iris, which can include portions of the pupil, eyelashes, eyelids, and any resulting glare coming from the Iris Recognition device.
From this composite image, the unique features of the iris are then “zoned off” into hundreds of phasors (also known specifically as vectors). Their measurements and amplitude level are then extracted (using the principles of Gabor Wavelet mathematics), and then subsequently converted into a binary mathematical file, which is not greater than 500 Bytes.
Because of this very small template size, verification of an individual can occur less than one second. The Iris Recognition template is also known as an “IrisCode.” But, to positively verify or identify an individual, both the Enrollment IrisCode and the Verification IrisCode must be compared with one another. To accomplish this task, these IrisCodes must be compared against one another, byte by byte, looking for any dissimilarities amongst the string of binary digits.
In other words, to what percentage do the zeroes and the ones in the Enrollment and Verification IrisCodes match up and do not match up against one another? This specific answer is found using a technique known as the “Hamming Distance.” This involves using tests of statistical independence (such as exclusive OR operators [XOR] and masked operators).
If the tests of statistical independence are passed, the individual is then positively verified or identified, but if the tests of statistical are failed, then the individual has not been positively verified or identified.
The Market Applications of Iris Recognition
As a result of the technological breakthroughs in Iris Recognition, it now cuts across all realms of market applications, as previous articles have examined. Just within the past decade, because of the monopolistic grip it at held, Iris Recognition served only a very limited number of market applications, and because of that, acceptance of it by the public was very low.
Also, this modality was very expensive to procure and deploy (just the hardware alone cost between $3,000-$5,000), thus providing for a much larger obstacle in its adoption rate. Today, because of the innovations which have transpired, the prices have come down substantially, thus boosting its acceptance even more. Because of this, Iris Recognition has now become a dominant player in those areas that were once traditionally held by Hand Geometry Recognition and Fingerprint Recognition.
These market applications include the following sectors:
This includes nuclear power plants, oil refineries, large-scale military installations, as well as government facilities.
This includes everything from confirming passengers’ identity as they make their way through the security checkpoints at the airport to reading their e-Passports before they disembark at the country of destination.
This involves all maritime activities, which include securing the maritime terminals, as well as the “high consequence” facilities such as oil and gas storage, and the chemical, intermodal, and port operations.
This includes securing, with Iris Recognition, such areas as military bases, air force bases, and naval bases.
The Advantages and Disadvantages of Iris Recognition
The effectiveness of Iris Recognition can be measured against the same seven criteria upon which the other modalities have been evaluated upon as well. They are as follows:
On a theoretical level, everybody has at least one eye that can be scanned from which the unique features can be extracted from. Even in the unfortunate chance should an individual be blind in both eyes, the iris can be still be scanned, even though it will be much more difficult for the modality to capture a clean image of the iris.
As it has been previously described, the iris, along with the retina, is one of the most stable and richest sources regarding possessing very unique data points. For instance, Dr. John Daugmann, whom originally developed the Iris Recognition algorithms, calculated that the statistical probability of the iris being identical even amongst twins is 1 in 10^78.
One of the biggest advantages of the iris is that it is very stable, and the structure of it hardly changes over the lifetime of an individual. In addition, the iris is considered to be an internal organ. Thus it is not prone to the harsh conditions of the external environment, unlike the face, hand, or the fingers.
The images of the iris are extremely easy to collect, both regarding camera capture and the software analysis of the iris. In fact, the images of the iris can still be captured even when an individual is still wearing their eyeglasses/contact lenses, or even when he or she is on the move at a far distance.
Given the very small size of the Iris Recognition template, this modality is extremely fast as well as extremely accurate. For example, it possesses a False Acceptance Rate (FAR) of .0001% and a False Rejection Rate (FRR) of 0.0%. As a result, the iris can even be used in large-scale identification applications.
Because Iris Recognition is a non-contactless technology, its acceptance levels can be quite high. However, in the beginning, the individual may have some hesitancy at the thought of his or her eye being scanned, but with the right kind of end user training, this fear should be subsequently nonexistent.
Resistance to circumvention:
This modality is very difficult to spoof because it can discriminate a live iris from a fake iris by carefully examining the dilation and constriction of the pupil. Also, the IrisCode (the Enrollment/Verification Template) is almost impossible to reverse engineer.
A Case Study: Sharbat Gula, the “Afghan Girl”
Probably the best example of using Iris Recognition was used in trying to confirm the identity of Sharbat Gula, also known as the “Afghan Girl.” The famous picture of the striking, green eyes of Gula goes back to 1985. She is originally from Afghanistan, and during the time of the Soviet invasion, she and her family fled to the Nair Bagh refugee camp, located in Peshawar, Pakistan.
During that time, a world-famous photographer from the National Geographic Magazine, Steve McCurry, came to this region to capture the plight of the Afghanistan refugees on pictures. One of the refugees he met was and took pictures of was that of Sharbat Gula, when she was only 13 years old. McCurry did not know her name or anything else about her, or her family. Of the many pictures, he took of her, one stood out in particular -her piercing, green eyes.
During the next 17 years, this picture became world famous, appearing in books, magazines, newspapers posters, and other forms of media. Gula knew nothing of her fame until she met Steve McCurry for the second time in January 2002. At that time, he had returned to the same region in a final attempt to locate Gula.
Ethical Hacking Training – Resources (InfoSec)
McCurry and his team searched through numerous villages and came across various leads that had proved to be false. Finally, the breakthrough came when an individual came forward and claimed that Gula was a next-door neighbor from many years ago. After several days of making this claim, this same individual brought back the brother of Gula, who had the same color eyes. From that moment onward, McCurry and his team felt that they had located the family of Gula.
Because of her culture, Gula was not allowed to meet other men. However, a female producer at National Geographic was initially allowed to meet with and take photographs of her. After a series of negotiations with her family, McCurry was able to see Gula and take various pictures of her.
However, various tests had to be conducted to make sure that Gula was truly the Afghan girl. Two sophisticated tests were utilized:
- Facial Recognition techniques developed by forensic examiners at the FBI;
- Iris Recognition techniques developed by Dr. John Daugmann at Iridian Technologies.
The pictures taken in 1985 were compared with the pictures taken in 2002, in both tests. The Facial Recognition techniques confirmed her identity; however, the ultimate test came down to Iris Recognition, because of its uniqueness and stability.
The pictures of Gula (as taken by the Facial Recognition system) were scanned into a digital format. A major obstacle which had to be conquered was that Iris Recognition works only by taking scans from live subjects, and not static photographs. After making a series of adjustments to the Iris Recognition software, the scientists concluded that Sharbat Gula was positively the “Afghan Girl.”
Sharbat Gula in 1985
Sharbat Gula in 2002