BiometricsBiometrics by the numbers
Fingerprint biometric is the oldest and most popular biometric technology; a tech blogger finds flaws in it we should be addressed
A ZDNet.UK blogger offers a useful discussion of the state of biometrics. He writes that we must first distinguish biometric technologies that do not work or must not work — “I mean both behavioral (keystroke dynamics, handwriting) and physical (voice, face and palm) recognition systems.” Why does he think that these technologies are not working? Because the error ratio is too high for real life implementation; it is too easy to trick these systems even for non-experienced hacker. He is also not addressing iris scan and retina scan. “These systems are accurate. It is much harder to trick them. But these systems are too expensive,” he says. For the same token he does not talk about DNA, odor identification systems, and the like. He suggests we talk about biometrics that works in real world conditions — fingerprint. What are concerns?
1. Accuracy
Regular fingerprint identification system has standard FAR of 0.001 percent and FRR of 0.1 percent. What does it mean? FAR (False Accept Ratio) is the possibility that the system will accept a wrong finger instead of registered one, and 0.001 percent means that if one fingerprint is registered, the system can, once in 100,000 attempts, wrongly grant access to a impostor. Pretty high accuracy. If 10 fingerprints are registered — the same statistical mistake accumulates resulting in one in 10,000 attempts. This is also fine, the blogger writes, but suggest we imagine a public system with 1,000 registered users (not rare situation). Every user has 10 fingerprints registered. What is the resulting false accept ratio?
10 fingerprints * 1000 users * 0.001% = 0.1%
This is already alarming. That means that every passer-by may enter the gate in maximum 10 attempts. For a system with 10,000 registered users the resulting false accept will be “1,” meaning that anyone can enter in the first attempt.
2. Response time, user acceptance and FRR
It was tested and proved that FRR (false reject) rises exponentially with the number of attempts. If the person trying to pass the gate is a bit nervous, the possibility of false reject is 1 percent at the first attempt, 12 percent at the second, 48 percent at the third time. Imagine a huge line of employees trying to get their workplace on time.
3. Psychological resistance
The fingerprint technology has still some criminal “aura” about it; it is deep in our minds. We do not want to leave our fingerprints somewhere.
