Biometric Myths

Dr. Manfred Bromba
http://www.bromba.com/contacte.htm

Permanent address for citation: urn:nbn:de:0125-2008032572

2007-01-07 (First Release: 2004-02-28)

There are many fundamental statements about biometrics which are very familiar and widely accepted. But if one tries to get to the bottom of these "facts", often the opposite proves true. Using such false arguments in marketing can severely damage the reputation of biometrics. This publication lists many of these factoids and myths to contribute to an objectification of the discussion. If you get knowledge of further biometric myths not listed here, or if you are not sure about the validity of a statement, or if you even think the listing of a statement is not justified, please contact me at my email address above! -> Go to the index of biometric myths

	Index of biometric myths
1	The smaller the False Acceptance Rate (FAR), the higher the security!
2	Biometric features cannot be copied
3	Biometric features cannot be forged
4	Iris and retina recognition systems scan the eye using laser beams
5	Biometric features cannot be reconstructed from templates
6	Liveness testing resolves all remaining security issues
7	The password is no biometric feature
8	DNA is the most powerful biometric feature
9	DNA is no biometric feature
10	Thanks to face recognition, surveillance cameras may impair civil rights
11	Good face recognition systems are able to separate monozygotic twins
12	Iris and retina recognition can be mis-used to diagnose disease
13	User acceptance is mainly determined by the biometric feature
14	The performance increases with the number of degrees of freedom
	General information

The smaller the False Acceptance Rate (FAR), the higher the security!

If we assume that security is directly associated with the ability to prevent false authentications, we have to bear in mind that the limitations of the recognition algorithms are not the only way to achieve false authentications. Besides other ways, one important method to cause false authentications is to fake the biometric feature. In certain applications this may even be the dominating limitation in security, such that further improvements in FAR have no effect. To give an example: A fingerprint system normally shows a much better FAR than a face recognition system. However, if the face recognition system is better protected against fakes than the fingerprint system, security may be better for face recognition in a specific application!

Biometric features cannot be copied

Each biometric feature can be copied: as physical feature or as data representation.

Biometric features cannot be forged

All known biometric features seem to be susceptible to forgery. The fact that this has not yet been reported for a specific feature does not prove the impossibility. For all known biometric features a forgery method can be given. It is only a matter of expense or discovery.

Iris and retina recognition systems scan the eye using laser beams

Maybe, there had been proposals for using laser beams to scan the eye in the past. However, it is a matter of fact that this is not necessary to get the features acquired. Indeed, sensor devices available on the market do not use laser beams. Peculiarly, this myth is one of the most resistant ones in non-scientific publications.

Biometric features cannot be reconstructed from templates

Biometrics features can be reconstructed from templates to an extent that it is possible to fool the corresponding biometric system. It is only the non-redundant information which has been removed during template creation, which cannot be reconstructed! -> more

Liveness testing resolves all remaining security issues

Liveness testing is often proposed to prevent forgery. Unfortunately, once a liveness detection method is revealed, it is relatively simple to construct a method to circumvent it. Indeed, all known liveness tests only increase the forgery expense. They will presumably never exclude forgery completely.

The password is no biometric feature

Normally, passwords are regarded as being opposed to biometric features. It is generally accepted that biometric features comprise randotypic, genotypic, and behavioral components. So it seems to be consistent to consider a password as a (nearly) completely behavioral biometric feature! Even the biometric performance in terms of FAR and FRR shows all the peculiarities known from biometric features - provided one considers the complete acquisition channel including man.

DNA is the most powerful biometric feature

Often it is stated that DNA provides the best biometric performance with respect to FER, FAR, and FRR. However, besides the very time consuming analyzing procedure, there are two problems: First, DNA methods today cannot distinguish between monozygotic twins. This is not a limitation to forensic applications neither does it influence the mean error rates. But it may exclude certain identification applications such as ATMs. Second, at least to the author, no real-world test is known which delivers comparable performance data. If you can provide trustworthy data, please contact the author!

DNA is no biometric feature

There are several reasons why some people do not accept DNA as a biometric feature. The most popular one is that today there is no completely automated acquisition and analysis procedure available. Furthermore, processing time will be several hours at the best in contrast to the other biometric procedures which take seconds. In my opinion: In practice, DNA has proven an extremely powerful tool in recognizing and distinguishing persons. It is only a matter of time and technical progress that the processing becomes faster and fully automatic. It cannot depend on the status of technical progress that a biometric method is counted as biometric feature or not!

Thanks to face recognition, surveillance cameras may impair civil rights

Many people think face recognition in combination with surveillance cameras allow a closed tracing of any individuals. As a consequence, these systems can be mis-used to control all activities of even normal citizens. This anxiety is intensified by numerous attempts to find wanted criminals by this method. But it is not justified - for fundamental reasons! In such an application, the face recognition system has to work in identification mode. It then has to cope with two problems:

Identification may yield much higher FARs (false acceptance rates) than verification
The people identified may be non-cooperative or even anti-cooperative

The second fact may increase the FRR (False Rejection Rate) drastically towards 100% for an individual. As a result, the system must be adjusted for a lower FRR by changing the decision threshold. This way the FAR will inevitably increase. Good face recognition systems can be adjusted for FAR = 0.1% @ FRR = 10% in the verification mode (cooperative users). So let us assume an FAR = 1% @ FRR = 10% for a non-cooperative verification. Now, if we compare a single wanted reference face with, say, 1000 people, the system will find the reference person (if present) with a probability of 90% and will mistake about 1000 x 1% = 10 persons for the person wanted. This is a good rate, if the recognition is used to assist men. In this case the effort for investigating the 1000 people manually will be 100 times higher. But it is absolutely unusable for a fully automatic people tracing system. The situation becomes even worse, if not only a single person is to be traced but, say, 1000. This is a typical identification with 1000 reference faces which shows an identification FAR of about 100% if we assume 1% verification FAR. That is, nearly every identification is false! Even if face recognition systems could be improved by a factor of 100 (which is supposed to be beyond the (unknown) fundamental limit), the situation does not change drastically enough to trace large quantities of people.

Now, what are the benefits of a surveillance camera? There are two benefits:
First, it acts as a deterrent to criminals. Second, it helps to identify and to clarify crimes manually.

Good face recognition systems are able to separate monozygotic twins

"We had two twins which visited our booth. One has been enrolled and has been recognized during verification. The other twin has been rejected by our system!" I heard this statement from a vendor of face recognition systems on CeBIT 99. My explanation for this (most probably single) event: This was a false rejection! In other words: Face recognition is not able to separate most monozygotic twins with reasonable reliability. The reason for this fact is that a face is mainly determined by genetics. Only a small part is randotypic, depending on the individual person. However, the randotypic parts are necessary to distinguish between "identical" twins. For probably most twins this randotypic part is smaller than the natural variability of the face and the lighting conditions. (If you know about a scientific investigation/publication about this matter, please contact author!)

Iris and retina recognition can be mis-used to diagnose disease.

Many people believe that the eye is a mirror of all body parts and is able to reflect any disease in these body parts. For this belief there is no scientific evidence! For literature about this medical myth see John Daugman: http://www.CL.cam.ac.uk/users/jgd1000/iridology.html.

On the other hand, there are eye diseases which affect biometric recognition because they may alter features or make acquisition more difficult. Furthermore, many non-eye diseases such as hypertension, show secondary effects in the eye. But most of this information can only be used to detect that there is "something wrong". The diagnosis has to be posed by the physician and the physician will consider many other, often more distinctive methods to gain a finding and to confirm it.

A very pragmatic approach to this problem is the fact, that it would be extremely helpful to have an automated system which finds a diagnosis simply by investigating raw images coming directly from a camera. The existence of such a method has the advantage not to be affected by any superstition. Such a system has indeed been developed by http://www.e-EyeCare.de/. It automatically investigates the eyeground to detect hypertension and to evaluate the risk (not the presence) of coronary thrombosis and apoplexy: http://www.sbk.org/de/service/presse/archiv/presse.13.06.2003.html.

The result of the preceding discussion is that the eye does only allow the detection of very special diseases and risks. Here it's time to break with the sub-myth that eye recognition is more susceptible to misuse than other biometric features with respect to health data! Indeed, any biometric feature is affected by certain illness: fingerprint by skin diseases, face by measles, voice by hoarseness, signature by fracture of the arm, hand geometry by rheumatism, to show only a few examples.

What about health data in the template? Most templates created by biometric systems reduce the data content to that part that is valuable for personal identification. Acute disease is no individual property, this information is even adversarial with respect to a stable recognition. So in most cases, this information is removed from the template to the greatest possible extent. For example, in contrast to health applications, retinal recognition looks for the endings and branchings of the veins' structure. In the case of iris recognition, the part which is most susceptible to changes, the color, is completely omitted. Standardization of templates helps to get knowledge about what information is used for authentication.

User acceptance is mainly determined by the biometric feature

Often, biometric features are directly associated with user acceptance or refusal. Frequent examples of substantiations are associations with crime in the case of fingerprint or the (unjustified) innuendo of using laser rays for iris or retina recognition. Indeed, in most cases user acceptance is stated by speculation! In practice, user acceptance mostly depends on the user's benefit provided by the application and on the ease of use of the specific realization as well as its reliability! Users are able to change their minds radically, if an application behaves that way. That is, only a real-life field trial can reveal user acceptance, not a theoretical discussion, which is only based on preconception and often ignores the real needs of people.

The performance increases with the number of degrees of freedom

Sometimes, instead of degrees of freedom, "number of independent parameters" to represent a biometric feature is said. However, the number of degrees of freedom is definitely unsuitable to compare different biometric features. A simple example shall clarify this: Human size is a biometric feature with one degree of freedom. Now suppose, human size would be constant and could be measured with the accuracy of modern physical measurement methods. Then resolution and accuracy would be so high (significantly better than 1 nm) that this biometric feature could outperform features with much higher degrees of freedom such as face geometry. In reality, the measurement of human size is corrupted by a lot of imperfectnesses: Men's ability to change size willingness, variability of size in the course of a day, the difficulty to define an exact measurement procedure (with or without hair, when is the posture of the head perpendicular, etc.). But it is not the small number of degrees of freedom which makes human size unsuitable as biometric feature, it is the large amount of variability. Of course, it may be better to have a biometric feature with low number of degrees of freedom but high stability and measurability than one with high number of degrees of freedom, if each parameter is subject to a high amount of noise.

General Information

BioIdentification FAQ (http://www.bromba.com/faq/biofaqe.htm)

TOP