Electronic access and the biometrics are the two most important tools used in the modern security scenario. The crime rate in the world is increasing day by day and it has become very difficult to identify the culprits easily because of very heavy population of the world. So in order to increase the security of a country or any organization various electronic techniques are used to identify individuals, these techniques include biometrics and electronic access all the human beings have same basic traits but still they differ in various forms such as we all have different size of the palm, the finger print of different individuals is different, also the DNA ( deoxy ribonucleic acid ) is very different. We use these differences in human beings to identify them in biometrics. These parts are scanned by the electronic equipment and the information is stored which is used to identify the individual when he is scanned by the electronic machine next time. Electronic access uses various codes and magnetic strips to store the information. Then those cards issued are further scrutinized by the issue of the security codes.
Biometrics as a tool for the security system:
The question that is increasingly being asked of individuals by governments and business organizations in their bid to fight fraud, organized crime and terrorism, as well as to contact illegal migration. Biometrics technology using advanced computer techniques is now widely adopted as a front-line security measure for both identity verification and crime detection, and also offers an effective crime deterrent. A team derived from ancient Greek 'bios' meaning life and 'metric' meaning to measure- biometrics embraces a range of techniques such as fingerprinting and handwriting recognition for identity verification using physical data and behavioral patterns.
History of biometrics:
Measurement of physical features such as height, eye color, scars, etc, as a method of personal identity is known to date back to the ancient Egyptians. Archaeological evidence of fingerprints being used to at least associate a person with some event or transactions also said to date back to ancient China, Babylonia and Assyria. But it was not until the end of the 19th century that the study of biometrics entered the realm of crime detection. Alphonse Bertillon, a French police clerk and anthropologist, pioneered a method of recording multiple body (anthropometric) measurements for criminal identification purposes. Known as 'Bertillonage' it was adopted by many police authorities worldwide during the 1890s, but soon became obsolete once it was recognized that people could indeed share the same physical measurements.
Meanwhile, the quest for a physical identifier that was unique to each individual gained significant ground when British anthropologist, Sir Francis Galton, worked on the principle that fingerprints were permanent throughout life, and that no two people had identical fingerprints. Galton calculated the odds of prints from two people being identical to be 1 in 64 billion and also identified characteristics - known as 'minutiae' - that are still used today to demonstrate that two impressions made by the same finger match. Minutiae are points of interest formed by the endings or forking of the friction skin ridges on each finger and are defined as one of the following:
Ridge ending - the point at which a ridge terminates Bifurcation - the point at which a single ridge splits into two ridges It is the arrangement of all the minutiae in terms of their location, orientation of ridge flow and type (i.e. ridge ending or bifurcation) that make an individual's finger prints unique. The flow of the friction skin ridges also form the patterns - the whorl, arch and loop of each finger - that were identified by Galton. Galton's patterns provided the basis of the first fingerprint file established in 1891 by Juan Vucetich, an Argentine police officer, who became the first to use a bloody finger print to prove the identity of a murderer during a criminal investigation. In 1897, Sir Edward Henry, a British police officer serving as Inspector General of the Bengal Police in India, also developed an interest in the use of fingerprints for identifying criminals, even though the Bengal Police was at that time using Bertillonage. Based on Galton's observations, Henry and colleagues established a modified classification system allowing fingerprints captured on paper forms using an ink pad to be classified, filed and referenced for comparison against thousands of others. By 1901, Henry's fingerprinting system had been adopted in the UK by Scotland Yard and its use then spread through most of the world (the exception being South America, where the Vucetich system was used) to become a standard method of identity detection and verification in criminal investigations.
With the advent of computers and digital technology in the 1970s, fingerprinting took ona new dimension. As a result, the UK's fingerprint service now records 120,000 sets of fingerprints each year - a volume of records that was simply untenable before computerization. Within a century, biometrics had evolved from tape measure, ink and pad technique requiring vast manual filing and archiving resources, to an automated biometric digital scanning process using computerized storage, automated search and find/match techniques, plus extensive archiving and access systems with worldwide links. Such technology now provides for the capture and processing of biometrics information and has transformed fingerprinting techniques and procedures
In the mid-1960s, the Royal Canadian Mounted Police (RCMP) adopted an automated video tape-based filing system allowing identification officers to make fingerprint comparisons on-screen. A similar 'Video file System' was installed at New Scotland Yard in1977. Around the same time, the USA's Federal Bureau of Investigation (FBI) was working with industry to build the first automated fingerprint card reader, which was implemented in 1974. Over the next five years, the FBI and other organization in Canada, Japan and the UK, developed further core technologies including fingerprint matching hardware, plus automated classification software and hardware. By the early 1980s, this culminated in the automatic fingerprint identification system (AFIS), which allowed the automatic matching of one or many unknown fingerprints against an electronic database of known prints; another major forward step in the world of crime detection and international security. Such systems have since reduced the manual capture, store, search and match processes for fingerprints from weeks and months, to hours and minutes, and have led to AFIS being deployed by law enforcement agencies in Europe and worldwide.
Current biometric information system:
Biometrics is, essentially, based on the development of pattern recognition systems. Today, electronic or optical sensors such as cameras and scanning devices are used to capture images, recordings or measurements of a person's 'unique' characteristics. This digital data is then encoded and can be stored and searched on demand, via a computer. Such biometric search is not only very rapid (often taking place in real-time), it is also a process that is accepted globally in establishing forensic evidence in a law court. Consequently, there are numerous forms of biometrics now being built into technology platforms. The most widely applied methods include.
Fingerprints and palm prints
It uses impressions printed on paper or card with ink, or digital scans of an individual's fingers (or palms) to record their unique characteristics. The risk of a duplicate print/scan occurring is now estimated at being 10 to the 48th power: in other words, each finger print is as close to being 'unique' as you can get. Fingerprints therefore remain the most powerful and widely used biometric technology in forensics. A common statistic however, is that 30% of crime scenes include palm prints, which is why these are also captured and processed using the latest AFIS solutions.
Facial recognition - identifies people by the sections of the face that are less susceptible to alteration, e.g. the upper outlines of the eye sockets, the areas around the cheekbones and the sides of the mouth. 2D facial recognition, as the name suggests, uses information from a two dimensional image of a face -such as a photograph - and relies on the comparison of relative positions of facial features. Substantial work has been devoted to 2D facial recognition but, more recently, advances in techniques for 3D facial recognition (which includes information on depth and enables images to be viewed and analyzed from a range of orientations) show promise in improving match accuracy. It should also be noted that facial recognition is the only viable recognition technology able to operate without the subject's cooperation, since facial characteristics can be captured from video cameras or closed-circuit television (CCTV). The accuracy of facial recognition however, is heavily dependent on the quality of the facial image and the consistency of its capture. As such, there are four types of facial recognition that vary in accuracy. The most accurate results are obtained from systems where the image capture is tightly controlled.
Iris recognition - uses a high-quality camera to capture a black-and-white, high-resolution image of the iris (the colored ring surrounding the pupil). It has been estimated that with an average of approximately 250 distinctive characteristics in an iris, the odds of two people having the same pattern are 1 in 7 billion. One approach to Iris recognition is to use these distinctive characteristics to define the boundaries of the iris, establish a coordinate system over the iris and then define the zones for analysis within the coordinate system. The accuracy of Iris recognition however, is dependent on the cooperation of the subject. For example, criminals have been known to use eye drops to dilate their pupil to hide the majority of their Iris.
Biometric information system as an emerging field:
Although fingerprints, facial images and iris recognition offer a proven methodology for Main stream applications, biometric alternatives are still being developed. Other physiological or behavioral characteristics have, and are, being researched - some of which are not yet viable, while others, although available commercially, are inappropriate for mass market application:
Hand geometry - the capture of measurements encompassing the width, height and length of the fingers, distances between joints and shapes of the knuckles. While reasonably diverse, the geometry of an individual's hands is not necessarily unique.
Voice recognition - focuses on differences resulting from the shape of vocal tracts and learned speaking habits. Operates best when there's no background noise.
Signature recognition - analyses a series of movements that contain unique biometric data such as personal rhythm, acceleration and pressure flow. Since these movements can vary with each signing, differentiating between the consistent and the behavioral parts of a signature is difficult.
Keystroke recognition - assesses the user's typing style, including how long each key is depressed (dwell time), time between key strokes (flight time) and typical typing errors. This is more suited as an internal security technology, such as providing computer access within an organization.
Gait recognition - captures a sequence of images for analysis of how an individual walks. Still in an early stage of research & development.
Importance of biometrics:
The need to facilitate the increasing levels of international trade, migration and travel while combating organized crime and national security threats, has placed identity management high on the agenda of governments world-wide. The implementation of biometrics technology in ID-cards, passports and other travel documents is under consideration because biometrics combines two processes key to verifying the identity of an individual and establishing the validity of their documents:
Enrolment - uses the capture of an individual's unique characteristics to create a secure credential that ties their identity to the document. This then facilitates the next process of:
Identification and verification
Identification: one-to-many (1:N) recognition - determines a person's identity by searching against a biometric database. Positive identification answers the question: "Who is this person?" The response could be anything from a name or an employee's ID number, to a criminal's alias.
Verification: one-to-one (1:1) matching or authentication - establishes the validity of a claimed identity by comparing a verification template to an enrolment template. Verification answers the question: "Am I who I claim to be?" The International Civil Aviation Organization (ICAO) has already defined standards for machine readable passports that include a facial biometric as mandatory for global interoperability. Finger and iris are also recommended by ICAO as secondary biometrics to be included at the discretion of the passport issuing authority with fingerprints becoming mandatory in 2008. Wireless technologies such as TETRA, APCO-P25, GSM/GPRS or professional mobile radio (PMR), are also adding a further dimension. Mobile solutions for example, comprising ruggedized laptops, two-finger scanning devices and wireless connectivity to a central AFIS, have been implemented in a number of European countries for law enforcement and border control. Such systems ensure remote and timely access to valuable information, such as fingerprints, facial images, and relevant demographic records and documents.
Till now I have given the details about the biometrics as a security system, biometrics is an effective security system but there are certain areas which cannot utilize biometrics as the security system because of the reasons that it may not be feasible there if we take the example of the ATM( automated teller machine), this requires a security system to access our accounts through a card provided by the bank officials, for this matter we cannot avail the facility of the biometrics because there are hundreds of people who access these machines daily so it is not possible to recognize every individual concerned with the bank hence here we utilize the electronic access, a security code is provided to the customers so that they can provide this electronic code to the machine before accessing their account for the transaction. The areas like the offices where we use the look door system requires to enter the code fixed for that particular device and once we give this code, it is electronically accessed and the door opens. The present world is an information technology world and the world is rightly called as the global village this all is possible with the networking and in these systems because of the cyber crime, the security is of the prime concern, so all the emails accessed have been provided with the codes or passwords which are a prerequisite condition to access all our online documents.
Electronic access control systems:
Anaccess control systemis a system which enables an authority to control access to areas and resources in a given physical facility or computer-based information system. An access control system, within the field ofphysical security, is generally seen as the second layer in the security of a physical structure. Access control is, in reality, an everydayphenomenon. A lock on acardoor is essentially a form of access control. A PIN on anATMsystem at a bank is another means of access control. Bouncers standing in front of anight clubis perhaps a more primitive mode of access control (given the evident lack ofinformation technologyinvolved). The possession of access control is of prime importance when persons seek to secure important, confidential, or sensitive information and equipment. Item control orelectronic key managementis an area within (and possibly integrated with) an access control system which concerns the managing of possession and location of small assets or physical (mechanical) keys.
Access control system operation:
When a credential is presented to a reader, the reader sends the credential's information, usually a number, to a control panel, a highly reliable processor. The control panel compares the credential's number to an access control list, grants or denies the presented request, and sends a transaction log to a database. When access is denied based on the access control list, the door remains locked. If there is a match between the credential and the access control list, the control panel operates a relay that in turn unlocks the door. The control panel also ignores a door open signal to prevent an alarm. Often the reader provides feedback, such as a flashing red LED for an access denied and a flashing green LED for an access granted. The above description illustrates a single factor transaction. Credentials can be passed around, thus subverting the access control list. For example, Alice has access rights to the server room but Bob does not. Alice either gives Bob her credential or Bob takes it; he now has access to the server room. To prevent this,two-factor authenticationcan be used. In a two factor transaction, the presented credential and a second factor are needed for access to be granted. The second factor can be a PIN, a second credential, operator intervention, or a biometric input. Often the factors are characterized as something you have, such as an access badge or passcard, something you know, e.g. a PIN, or password. something you are, typically a biometric input.
Access control system components:
Access control decisions are made by comparing the credential to an access control list. This lookup can be done by a host or server, by an access control panel, or by a reader. The development of access control systems has seen a steady push of the lookup out from a central host to the edge of the system, or the reader. The predominate topology circa 2009 is hub and spoke with a control panel as the hub and the readers as the spokes. The lookup and control functions are by the control panel. The spokes communicate through a serial connection; usually RS485. Some manufactures are pushing the decision making to the edge by placing a controller at the door. The controllers are IP enabled and connect to a host and database using standard networks.
The most common security risk of intrusion of an access control system is simply following a legitimate user through a door. Often the legitimate user will hold the door for the intruder. This risk can be minimized through security awareness training of the user population or more active means such as turnstiles. In very high security applications this risk is minimized by using a sally port, sometimes called a security vestibule or mantrap where operator intervention is required presumably to assure valid identification the second most common risk is from levering the door open. This is surprisingly simple and effective on most doors. The lever could be as small as a screw driver or big as a crow bar. Fully implemented access control systems include forced door monitoring alarms. These vary in effectiveness usually failing from high false positive alarms, poor database configuration, or lack of active intrusion monitoring. Similar to levering is crashing through cheap partition walls. In shared tenant spaces the demisal wall is a vulnerability. Along the same lines is breaking sidelights. Spoofing locking hardware is fairly simple and more elegant than levering. A strong magnet can operate the solenoid controlling bolts in electric locking hardware. Motor locks, more prevalent in Europe than in the US, are also susceptible to this attack using a donut shaped magnet. It is also possible manipulate the power to the lock either by removing or adding current. Access cards themselves have proven vulnerable to sophisticated attacks. Enterprising hackers have built portable readers that capture the card number from a user's proximity card. The hacker simply walks by the user, reads the card, and then presents the number to a reader securing the door. This is possible because card numbers are sent in the clear, no encryption being used. Finally, most electric locking hardware still have mechanical keys as a failover. Mechanical key locks are vulnerable to bumping.
The paper has described all the aspects of the modern security systems. The two most very often used security systems i.e. biometrics and electronic access have been described in detail; both have the applications in their respective areas which are specific for both. However after explaining all the parameters of the operation of these security systems I come to conclusion that although these systems have increased the security systems to a considerable extent however there are still lot of implications associated with these systems especially with the biometric system, for e.g. the use of the electromagnetic radiations for the scanning of the various vital body parts such as eyes, these radiations can damage the eyes so we need to work in this area and make the more efficient systems that could prevent the damage with maximum safety. The electronic items like the infrared detection of the individuals is used now a days very often as measure of security in our homes but the infra red does have a considerable effect on humans especially on the old age people particularly those which have certain electronic equipments integrated inside the body like the pace maker. Same is the case with the electronic accesses where several people can decode the security systems so we need to make more effective systems that can provide the maximum security with the minimum chances of the failure.
Electronic security system by colemen fedrer. International publishing house.