Fingerprint Concerns: Performance, Usability, and Acceptance of Fingerprint Biometric Systems

Andrew S. Patrick
National Research Council of Canada
1200 Montreal Rd., Ottawa, ON Canada K1A 0R6
Andrew.Patrick@nrc-cnrc.gc.ca

June 25, 2008

NOTE: This essay started out as a commissioned technical report, and then was revised as a book chapter for a book that was eventually canceled. Since I have not found a good venue for it, I am putting it here.

ABSTRACT

Despite the long history of using fingerprints, some key concerns still remain about the accuracy of identification, the usability of fingerprint systems in different situations, and acceptance by the users. This paper provides a review of those concerns and it provides recommendations for people considering adopting fingerprint recognition systems. The focus is on fingerprint-based systems, but other forms of biometrics will be mentioned as appropriate.

INTRODUCTION
One of the most important issues facing technology designers today is security. Recent history has shown that security problems can arise in many situations, and often the consequences can be serious. Some of the most fundamental issues in security are authentication and access control. System designers must make sure that users are who they claim to be, and that the service or system is only accessed by people with the authority to do so.

The most common method for implementing authentication and access control is a username and password. New users are provided, or asked to choose, a unique name and secret password that are associated with their account. When they wish to access the system, they must provide a valid username and correct password before they are given access. The problems with username/password systems are well known. For example, users may choose simple, easily guessed passwords. They may also write their username and password down in a place where it is easily found (e.g., taped to their computer monitor), or they may share their passwords with friends and family. Usernames and passwords can also be stolen by a variety of means, including accessing corporate databases and eavesdropping on network communications. “Phishing” is a recent phenomenon where users are tricked into giving their username and password to strangers when they are lured to counterfeit login pages that appear to be legitimate services (e.g., Internet banking sites).

Because of these inherent problems with password-based systems, designers are starting to look at alternatives, including biometric security systems. Biometric systems use a characteristic of the user that is generally universal, stable, and unique. Examples of biometric characteristics are fingerprints, iris images, and voice characteristics. With a biometric access control system, the user first enrolls in a system or service and provides a biometric sample, such as a fingerprint. When they want to use the system later, they must show their biometric characteristic, usually by presenting themselves to some form of scanner, and the characteristic is compared to the previously-stored biometric “template.” If the characteristics match, then the user is granted access to the system.

Biometric security systems that are based on fingerprints are receiving a lot of attention because of the potential to reliably identify people based on a near-universal physical characteristic. Fingerprint-based security systems are becoming small and inexpensive and, as a result, they are being deployed in a wide range of situations and applications including cellular phones and laptop computers, automobile and building doors, and border-crossing and high-security military applications. Fingerprints have been used for identification dating back to antiquity, but recent technological developments have led to ubiquitous, automatic fingerprint recognition systems. Despite the long history of using fingerprints, some key concerns still remain about the accuracy of identification, the usability of fingerprint systems in different situations, and acceptance by the users. This paper provides a review of those concerns and it provides recommendations for people considering adopting fingerprint recognition systems. The focus is on fingerprint-based systems, but other forms of biometrics will be mentioned as appropriate.

THE STATE OF THE ART IN BIOMETRIC PERFORMANCE
Measuring Biometric Accuracy
One of the most important factors in the success of a biometric system is its accuracy. This is a measure of how well the system is able to correctly match the biometric information from the same person and avoid falsely matching biometric information from different people. The measurement of biometric accuracy is usually expressed as a percentage or proportion, with the data coming from simulations, laboratory experiments, or field trials. There are four main measures of biometric accuracy:

True Acceptance Rate (TAR) / True Match Rate (TMR): this measure represents the degree that the biometric system is able to correctly match the biometric information from the same person. Developers of biometric systems attempt to maximize this measure.

False Acceptance Rate (FAR) / False Match Rate (FMR): this measure represents the degree or frequency where biometric information from one person is falsely reported to match the biometric information from another person. Developers attempt to minimize this measure.

True Rejection Rate (TRR) / True Non-Match Rate (TNMR): this measure represents the frequency of cases when biometric information from one person is correctly not matched to any records in a database because, in fact, that person is not in the database. Developers attempt to maximize this measure.

False Rejection Rate (FRR) / False Non-Match Rate (FNMR): this measure represents the frequency of cases when biometric information is not matched against any records in a database when it should have been matched because the person is, in fact, in the database. Developers attempt to minimize this measure.

These measures of biometric accuracy are interdependent in biometric systems. First, there is a mathematical relationship between the corresponding true and false rates so that if one rate is known, the other can be calculated using 100% – X when working with percentages or 1.0 – X when working with proportions. For example, if the TMR is 98%, the FMR must be 100% – 98% = 2%.

Second, there is inevitably a trade-off where attempts to minimize the false matches of a system tend to decrease the frequency of true matches. System designers often have to adjust threshold values to get the best combination of true and false performance measures, and sometimes these adjustments are also available to customers who want to fine-tune their own biometric deployments.

There are three other common measures of biometric accuracy that are very important for determining the final success of a system, but they receive less attention:

Equal Error Rate (EER or ERR): the point at which the False Acceptance Rate (FAR) is equal to the False Rejection Rate (FRR). This measure is often considered to be the optimal performance of a system where there is a reasonable trade-off between false acceptances and false rejections.

Failure to Enroll Rate (FER): the rate at which people are not able to enroll in a biometric system. Such failures are usually caused by missing or weak biometric characteristics, such as missing fingers, faint fingerprints, or an iris that is too dark. The FER is often an important, but overlooked, measure for determining the final business success of a biometric system because high FER rates will necessitate non-biometric alternatives so that people can still access the system or service without using the biometric system.

Failure to Acquire Rate (FTA): the rate at which biometric information is not obtained during use of a biometric system, even though the person was able to previously enroll. Failures to acquire can be caused by environmental conditions at the time of biometric system use, such as bad lighting affecting face or iris recognition systems, or dirty sensors affecting fingerprint systems. Failures to acquire are also important determinants of the final success of a biometric system, but they are often overlooked when discussing biometric accuracy.

Current Data on Biometric Accuracy
The accuracy of biometric systems is a very dynamic topic with new reports and claims coming out daily. Many vendors are eager to report that their systems are very accurate, since accuracy is seen as a key selling point and, as is shown below, there can be very large differences in the accuracy of different systems. One must be careful, however, when evaluating vendor’s claims of accuracy because of the wide variety of methods that can be used to measure accuracy and known discontinuities between vendor claims and actual performance seen when the systems are deployed.

It is also not clear what accuracy is required in actual practice. The nature of the information or system being protected and the consequences of security failures have to be considered when determining the appropriate accuracy rates for a deployment scenario. The UK Biometrics Working Group [20] has suggested a scheme for understanding relative biometric accuracy rates that is shown in Table 1. In many applications, basic or medium security strength may be all that is required to provide adequate protection. For example, the US-VISIT border control application has adopted a criterion of medium accuracy.

Table 1: A Scheme for Understanding Relative Biometric Strengths

FAR Far % Strength
1 in 100 1.0% Basic
1 in 10,000 0.01% Medium
1 in 1,000,000 0.0001% High

It is also useful to consider the larger context of human identification. The task of identifying a person based on physical characteristics is a hard one, and it is not something that human decision makers are particularly good at. For example, a study discussed by the International Biometric Group (IBG) was commissioned by an un-named national government office in 2004 to evaluate the accuracy of human decision makers [9]. Trained border patrol inspectors and untrained individuals were asked to identify 100 test subjects based on photo identification cards. The expert judges were 85.73% correct in accepting the correct subjects and rejecting the imposters, while the untrained people were 83.95% correct. Thus, recognition based on faces is rather difficult and training does not appear to provide much of a performance enhancement. So, we are asking our biometric systems to perfectly (or nearly perfectly) identify people when we cannot do so ourselves.

The most reliable data on biometric accuracy comes from independent tests of a variety of vendor’s systems. There have been a number of such tests conducted by government agencies (e.g., NIST, CESG) and large consulting groups (e.g., IBG). Typically the vendors provide the biometric equipment and/or decision making algorithms and then have no further control of the tests. Thus, these independent tests are important when making calculations about probable biometric accuracy for any systems that might be deployed, although vendor-supplied numbers can also be used when appropriate.

In 2006, the Fourth International Fingerprint Verification Competition (FVC2006) compared 53 different algorithms submitted from a variety of vendors and research institutions [3]. The best accuracy when averaged over the four biometric databases that were used for the tests was an Equal Error Rate (EER) of 2.15% in the “open” category, and 1.92% in the more restrictive “light” category (systems that had low computing needs, limited memory usage, and small template size). There was a wide range of performance results with about half the systems scoring EERs of 5% or better, but some systems had very high error rates (the worst case being EER = 50.00% for a system from a Chinese developer). The highest accuracy on any single real (not simulated) fingerprint databases was an EER of 0.021% by anonymous company on a database created with an optical sensor.

In 2004, the International Biometric Group (IBG) reported the results of Round Five testing of a variety of biometric methods, including fingerprint, face recognition, hand geometry, and iris [8]. The results of the tests are proprietary to the vendors who participated but some of the key findings are known. The False Accept Rates (FAR) for the fingerprint systems ranged from 0% to more than 5%. The False Reject Rates (FRR) when the tests were conducted on the same day as enrolment ranged from 0% to 35%, and these increased during tests conducted six weeks later, with FRRs ranging from 0% to 66%. Thus, it appears that some of the systems work well while others had serious accuracy problems. Two of the vendors, NITGEN and BIO-Key, have claimed perfect Equal Error Rates of 0.00%. It is not clear, however, if this is a perfect score or if some actual errors were lost due to rounding during the calculations. People interested in these technologies would have to obtain the detailed test results directly from the vendors in order to examine them in detail.

Although the FVC2006 and IBG Round Five tests were vendor-independent, they were controlled laboratory tests that may not be representative of actual biometric information that is captured in the real world. In April 2005 NIST reported on a series of authentication tests conducted with a variety of algorithms (provided as Software Development Kits or SDKs) supplied by vendors and research organizations [22]. Here the tests were run using real-world fingerprint images from actual US government databases (e.g., the US-VISIT program). The test methodology was to conduct comparisons of all possible pairs of fingerprints in the database. The results again showed a wide range of performance. For example, when the False Accept Rate (FAR) was held constant at 0.01% (a rate that is considered adequate for many authentication scenarios), the True Acceptance Rate (TAR) ranged from 56.10% to 99.01%. The best performing systems all had TARs greater than 98%, and these were provided by Cogent and NEC (2 different algorithms each) and by ID Solutions.

Another recent test of biometric performance was reported in 2005 by the UK Passport office [21]. Although this was primarily a test of enrollment, the procedure did include an immediate test of accuracy. This study is very important because it is the first large-scale study of the success of biometric systems when they are used by a representative sample of people from various cultures, backgrounds, occupations, abilities, and ages. The participants in the study included a “quota” sample representative of the UK population (2,000), an “opportunistic” sample of people recruited at the testing sites (7,266), and a sample of disabled citizens (750).

For the fingerprint tests, enrollment was done of all 10 fingers using a multi-finger image capture device, while verification was done moments later using two fingers presented to a single-finger biometric reader. The successful matching rate (TAR) was only 81% for a sample of people representative of the UK population, and 80% for a special sample of disabled citizens. Some of the false rejection cases (3.75%) were caused by failures to acquire good fingerprint images at the time of verification, even though these people were enrolled successfully moments earlier. It is also interesting to note that the success rate drops dramatically with the age of the participants: e.g., 94.53% for age 25-34, 66.67% for age 65+. Overall, the study concluded that the low fingerprint matching performance was often due to poor quality fingerprint images that did not contain enough information for matching.

Another important test of real-world biometric accuracy has been done using the US-VISIT fingerprint system [24]. This study looked at the accuracy of the US-VISIT system when conducting matches from a variety of government fingerprint databases. Overall, the study found a TAR of approximately 96%, and this did not change depending on the database size, which ranged from 100 thousand to 6 million. The FAR, on the other hand, increased linearly with the size of the database, with a final value of 0.09% for a database of 6 million fingerprints.

It is interesting to note that the US-VISIT study actually found more clerical errors (0.5% to 1.5%) caused by filing fingerprints with the wrong personal information than it found false acceptances by the biometric system. It also found a strong relationship between the quality of the fingerprint images stored at enrollment and the accuracy during verification comparisons. The best images had TAR=98% at FAR=0.01%, while the worse images had TAR=47% at FAR=0.01%. Finally, this study also showed the value of combining two fingerprints at verification time. When this was done the accuracy increased to TAR=99.7% when FAR=0.01%.

Overall, the data currently available on fingerprint matching accuracy suggests that the performance can be quite good in laboratory studies and when high quality images are captured in the field. Caution is appropriate, however, because the results from real-world trials suggest that actually accuracy can be much lower and capturing high quality biometric information can be difficult in practice.

Biometric Speed
In addition to accuracy, the speed of operation of a biometric system will be important for its eventual success. If it takes too long to enroll and/or verify participants, the result will be frustrated users and slow business processes. There is some limited data on biometric speed. For example, the US-VISIT research study mentioned above [24] found that the best performing systems were able to examine over 1 million fingerprint records per second, while the worst performer only examined 731,000 fingerprints per second.

The UK Passport Service study took a different approach and looked at the real-time speed for verification, which included the time needed for the users’ interaction with the biometric devices. This study found that it took an average of 1 minute and 13 seconds to perform the verification task, and disabled users were understandably slower (1 minute, 20 seconds). There was a wide range of times needed to do the verification and the results are heavily skewed, as is seen in Figure 1. Some of the participants took a very long time to complete the verification.

Figure 1
Figure 1: Time needed to verify fingerprints in UK Passport Service study. [From [21], reprinted by permission.]

The UK Passport Service study also measured the speed of enrollment. They found that it took an average of 3 minutes and 57 seconds to conduct a fingerprint enrollment, and again disabled participants were slower (4 minutes, 52 seconds). This enrollment time did include approximately 1 minute, 30 seconds of screening time where the new fingerprints were compared to the records in the existing database. The enrollment times were also heavily skewed, as is seen in Figure 2, with some participants taking more than 10 minutes to enroll their fingerprints with the system.

Figure 2
Figure 2: Time needed for fingerprint enrollment in UK Passport Service study. [From [21], reprinted by permission.]

In a more recent study, NIST examined the time needed to use a 10-print fingerprint system [18]. Government agencies, such as the US Department of Homeland Security and the US-VISIT program, are migrating from two-finger systems to systems that record all 10 fingerprints. The NIST study found that use of a 10-print system took an average of 2 minutes, with approximately one minute required for instructions and the other minute required for the biometric scanning.

It is clear, then, that any adopter of fingerprint systems will have to consider the time needed to enroll and verify people in the biometric system when they design their services and business processes. They would also have to be sensitive to individual differences that might lead to much longer times.

Failures to Enroll
As was mentioned previously, failures to enroll are often a serious problem when deploying biometric systems, and yet they have not received as much attention as matching failures. Failures to enroll can be caused by missing or damaged biometric characteristics, poor user training, poor devices, etc. The UK Passport Service study provides valuable data on failures to enroll [21]. If you recall, this study used a 10-finger slap method of enrollment (4 left fingers, left thumb, 4 right fingers, right thumb). With this professional style of enrollment, the FER was a low 0.73%, although the rate was higher for disabled participants (3.91%). Many of the people, however, required multiple attempts before they were enrolled successfully (28.97% for normal participants, 43.83% for disabled participants.) Some of the failures to enroll were due to false matches with entries already in the database (0.17%). The final enrollment rates were lower for black participants (97.72% vs. 99.37%) and for females (99.09% vs. 99.38%). Also, older participants (55+) and disabled participants had more difficulties positioning their fingers and remaining still on the biometric devices.

Thus, it is clear that any biometric system will have to plan for participants who are not able to enroll in the system, and this may be a sizeable portion of the participants depending on the target customers.

USABILITY AND ACCEPTANCE ISSUES
The analysis above demonstrates that the performance of biometric systems will have a large effect on any business success of a deployment. Social and human factors, particularly the usability and acceptance of the system, will also be very important. If the users have difficulty using the system or fail to accept it, the service is likely to fail.

There is a relationship between biometric usability and accuracy. The methods that are the most accurate, such as iris and retina recognition, tend to be the least usable. Conversely, the methods that are most usable, such as speech and face recognition, tend to be the least accurate. Fingerprint systems tend to provide moderate levels of accuracy and usability.

The characteristics of the users are also important for system success. Julian Ashbourn has described 12 user characteristics that are influential in determining the eventual performance of a biometric system [1]. For example, the users’ acceptance of the biometric concept is important because users who are hostile towards the idea of providing biometric information may be more careless and problematic when forced to use the biometric devices. Also, familiarity with biometric characteristics can be important, with familiar users having more knowledge that is relevant when using the devices. For example, users familiar with fingerprints will know that the core of the fingerprint contains the most information, so it is important that the core is centered on the biometric reader.

Ashbourn has created a User Psychology Index to quantify the effects of human and contextual factors on the likely performance of the system. These factors are used to reduce the estimates of biometric performance when it is likely that there are human usability and acceptance issues. For example, a biometric deployment that has the characteristics of a hostile user with little familiarity with either the device or principles of operation, using the device in an uncomfortable environment where the result is critical to the user at that time, would have a multiplier of 7.0. This means that there would a large difference between the successes of the biometric information in the field versus any laboratory-based predictions of effectiveness.

In similar work, Angela Sasse [14] has argued that the eventual success of biometric systems will be governed by their performance (reliability, speed, universal access), user satisfaction (speed, ease of use, need for training, hygiene), and user cost (physical, mental, stress). Current biometric systems often have serious problems in each of these areas.

Regarding the usability of the biometric devices, Sasse again reported that the devices can be awkward to use and that the transactions can be much slower than vendors would like us to believe [13]. Sasse’s research showed that there are a number of steps in using a biometric device, including:
1. Walk up to machine
2. Put down bags, remove hats, etc.
3. Find token (if used)
4. Put in token (if used)
5. Read token
6. Wait for live image to be captured & matched
7. Repeat for average number of rejections & re-tries
8. Walk away & free machine for next user

Similarly, Proctor et al. [11] did a detailed task analysis of the use of biometric devices. They found that some of the tasks are rather difficult, and that many of the steps can lead to delays, errors, and the need to start again (e.g., aligning finger with reader, maintaining contact while looking at a screen, etc.).

Concerning the acceptance of biometric systems, research has shown that although acceptance is increasing, users are still wary because the benefits are not always evident (both in terms of security and convenience). Angela Sasse [15] has characterized security systems, including biometrics, as “enabling tasks” that differ from the “production tasks” (actual work) that users are interested in. If the enabling task is at all awkward, slow, or unusable, it is natural for users to try to avoid it. For biometrics, perceived convenience can be a bigger driver than any increase in security.

Research studies have found that users’ concerns about biometric misuse and privacy invasions are large and poorly articulated. Potential users are also concerned about the reliability of new technology. Moreover, Coventry [6, 7] reported that users found biometrics systems to be less hygienic and more stressful than traditional PIN systems. NIST also found concerns when people were asked to touch a 10-print scanner, with 2% of the participants expressing concerns about germs or health effects [17]. People have also reported significant fears that criminals may do them harm to obtain the biometric (e.g., cut off their finger). Including “vitality tests” that ensure the biometric is offered by a living person will be crucial to avoid these problems, and yet this technology is very immature. Observations in our lab have also suggested that an even basic understanding of biometric systems, such as the difference between iris and retinal imaging methods, can be lacking even in sophisticated populations.

There also appears to be a general lack of understanding of biometric templates. Users do not understand, and the interfaces don’t explain, how fingerprint templates are created, stored, and secured. Our observations suggest that users assume that a complete image of the fingerprint is saved, and this leads to heightened concerns about misuse and data aggregation. Since it is obvious to users that their fingerprint is not a secret, the applications must explain how the corresponding template is to be kept as a secret, and this explanation is rarely done. Managing privacy impacts and ensuring personal control of fingerprint use will be very important for promoting acceptance.

Early research on attitudes towards biometric systems (e.g., using fingerprints to login to computers or iris scans to pass through immigration checkpoints) suggested that the public had serious concerns about privacy and misuse. People often associated biometric systems with law enforcement activities (e.g., fingerprints at crime scenes), and many were worried that their biometric data could be lost, stolen, or misused in some way. They were also concerned that government authorities might use the biometric information in ways they did not approve of (e.g., linking databases).

Later research has confirmed these concerns. A recent study by TNS/TRUSTe [19] found that a majority of Americans fear that biometric systems will be vulnerable to criminals, misused by the government, and used by the government to track movements. Nevertheless, recent studies suggest that people are coming to accept and expect biometric systems. A recent survey of Canadian citizens, for example, found that 80% of the respondents think that biometric systems will be commonly used in the next 10 years [5]. Another study of UK citizens found general support for entitlement cards that include the use of biometrics [23], but that issue continues to be very controversial.

In addition, reports are coming in that the public is accepting, and perhaps demanding, biometric security systems for some applications (e.g., successful “pay by touch” and border control systems). For example, the BioPay service, which allows patrons of convenience stores to pay for goods by presenting a previously enrolled finger to a fingerprint reader, has been experiencing very rapid growth [10]. The likely factor that explains the discrepancy in acceptance is context, meaning the identity, place, time, and activity that is associated with using the biometric system. Thus, the acceptance of biometrics in a commercial context will likely be quite different from acceptance for border control or other government applications.

Some of the most recent research on attitudes towards biometrics has also started to examine cultural contexts, at least on a small scale. Bente and Eschenburg [2] in Germany have conducted surveys in various European countries and found some small differences between countries on background knowledge, acceptable locations of use, and preferences for where the data is stored (e.g., on a smart card or in a central database). The TNS/TRUSTe study [19] looked at differences between Americans and Canadians and found that Canadians were somewhat more supportive of biometrics being included in passports than Americans (85% versus 79% when measuring both strong and weak support). On the other hand, Americans were somewhat more supportive of biometrics being used for commercial purposes (e.g., 28% versus 18% for use in loyalty cards). These cross cultural studies have been very limited, and it is not clear how cultural factors might affect a biometric deployment.

Another area that must be considered is privacy. Depending on the place of deployment, it is likely that any biometric service involving the public would be covered by privacy legislation, which means that a privacy impact assessment would have to be completed and methods put in place to protect the privacy of the users. The organization bioprivacy.org has produced some tools that may be useful for doing impact assessments for biometric deployments. In addition, the Ontario Privacy Commissioner looked at a biometric deployment scenario when Toronto proposed an anti double-dipping scheme [4]. They required that such a system have the following characteristics:

• requiring the biometric, in this case, the finger scan, to be encrypted;

• restricting the use of the encrypted finger scan only to authentication of eligibility, thereby ensuring that it is not used as an instrument of social control or surveillance;

• ensuring that an identifiable fingerprint cannot be reconstructed from an encrypted finger scan stored in the database;

• ensuring that a latent fingerprint (i.e., picked up from a crime scene) cannot be matched to an encrypted finger scan stored in a database;

• ensuring that an encrypted finger scan cannot itself be used to serve as a unique identifier;

• ensuring that an encrypted finger scan alone cannot be used to identify an individual (i.e., in the same manner as a fingerprint can be used);

• ensuring that strict controls are in place as to who may access the biometric information and for what purpose;

• requiring the production of a warrant or court order prior to granting access to external agencies such as the police or government departments;

• ensuring that any benefits data (i.e., personal information such as history of payments made, etc.) are stored separately from personal identifiers such as name, date of birth, etc.

It is clear, then, that usability and acceptance factors will be important for determining the success of a biometric authentication system. Research to date suggests that there can be serious usability problems when interacting with biometric devices, and users often lack the necessary basic knowledge. In addition, users may be reluctant to accept biometric devices because of concerns about performance, reliability, and privacy.

FUTURE TRENDS
Looking forward, there are still some fundamental issues associated with fingerprint-based biometric systems that must be solved before wide deployment is feasible. Most importantly, fingerprints are not secrets and they are not revocable. So, if a user’s fingerprint falls into the wrong hands, which can be easily done by copying the fingerprints left on hard surfaces, a false finger can be created and a user’s account can be compromised. The fingerprint information could also be stolen from any database where it is stored, or intercepted during network transmission. Once stolen, the fingerprint can never be used again for authentication.

Some work is being done on solving this fundamental problem. For example, some fingerprint readers include a “liveness” detection method to prevent false fingers. Special finger scanners can measure the temperature or conductivity of the skin to ensure it is presented by a living person. Most recently, research has shown that perspiration patterns can be used to distinguish authentic, living fingers from fake or cadaver fingers [16].

Another approach is to combine biometric characteristics in multi-modal systems so that multiple characteristics must be verified before access is granted. So, for example, a fingerprint might be combined with an iris scan. This would mean that two biometric characteristics would have to be stolen and reproduced to compromise a system. Some developers also combine biometric and traditional authentication systems so that users have to provide a secret, such as a password, along with the biometric characteristic to prove identity.

A third approach is to transform the biometric information so that it is unique to the application context. In the “cancelable biometric” scheme proposed by IBM, a fingerprint image might be systematically distorted or scrambled in some secret way before it is stored and used [12]. If the fingerprint information is ever stolen from a database, it will be useless without knowing the kind of distortion that was used.

Another fundamental issue is that, although biometric characteristics like fingerprints are universal, usable biometric characteristics may not be completely universal. As we have seen, the elderly often have faded and damaged fingerprints that hinder the use of biometric systems. Other populations, such as manual laborers, may also have problems presenting usable fingerprints. Special populations who are living with physical and mental challenges may also have problems using biometric systems. More research and experience is needed to determine the extent of this problem and how successful remedial measures can be for providing effective biometric-based systems for all users.

It is also not clear how successful fingerprint-based systems will be in different environments. Can fingerprint scanners be used effectively, for example, in outdoor contexts such as street-side banking machines? How will factors such as the temperature, rain, and dirt effect use of the system? Also, there is some evidence that some people are concerned about hygiene issues when touching fingerprint scanners, but it is not clear how prevalent or problematic these concerns are.

CONCLUSIONS
Despite all of the interest in fingerprint-based biometric security systems, a number of serious concerns remain. The enrollment and matching performance can be poor, especially in real-world deployment situations, although combing multiple biometrics can improve performance a great deal. Usability and acceptance remains a problem, especially with certain populations (e.g., older people). In addition, the acceptance and success of a biometric system is highly dependent on the context where it is being used, with the highest adoption and acceptance rates being found in situations where there is a direct and obvious benefit to the users (e.g., speeding border crossing, convenience store purchases). Also, the safe storage and privacy protection of biometric data is a serious worry for any large-scale deployment. All of these concerns should be considered by anyone considering adopting a fingerprint-based biometric security system.

REFERENCES

1. Ashbourn, J. (2000). Biometrics: Advanced identity verification. London: Springer Verlag.

2. Bente, G., & Eschenburg, F. (2005). Usability and acceptance issues in biometric security technology: The BioSec approach. Presentation to the Second BioSec Workshop, Brussels, Jan 19-20. URL: http://www.biosec.org/documents/2WS/03_UCOL_usability.pdf

3. Biometric System Laboratory – University of Bologna. (2006). FVC2006 – Fourth International Fingerprint Verification Competition. URL: http://bias.csr.unibo.it/fvc2006/default.asp

4. Cavoukian, A. (1998). Privacy and Biometrics: An Oxymoron or Time to Take a 2nd Look? Computers, Freedom and Privacy Conference. URL: http://www.ipc.on.ca/scripts/index_.asp?action=31&N_ID=1&P_ID=11551&U_ID=0

5. Citizenship & Immigration Canada (2003). Tracking public perceptions of biometrics. URL: http://www.cic.gc.ca/english/press/03/poll-biometrics-e.pdf (accessed Oct. 24, 2003)

6. Coventry, L. (2004). Fingerprint authentication: The user experience. Paper presented at the DIMACS Workshop on Usable Privacy and Security Software, July 7 – 8, Rutgers University, Piscataway, NJ. URL: http://dimacs.rutgers.edu/Workshops/Tools/program.html

7. Coventry, L. (2005). Usable biometrics. In L.F. Cranor & S. Garfinkel (Eds.), Security and usability: Designing secure systems that people can use. O’Reilly Media, Inc.

8. International Biometric Group. Comparative biometric testing. URL: http://www.biometricgroup.com/reports/public/comparative_biometric_testing.html

9. Nanavati, R. (2005). Global biometric developments and challenges. Paper presented at the NATO Biometrics Workshop, 19 April, Ottawa.

10. Prakash, D. (2005). Consumers pay with their finger. Paper presented at the Biometric Consortium Conference, Sept. 19-21, Arlington, VA. URL: http://www.biometrics.org/bc2005/program.htm

11. Proctor, R.W., Lien, M.-C., Salvendy, G., & Schultz, E. E. (2000). A task analysis of usability in third-party authentication. Information Security Bulletin, 49-56.

12. Ratha, N.K., Connell, J.H., & Bolle, R.M. (2001). Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal, 40(3), 614-634.

13. Sasse, M.A. (2004). Biometrics: Usability and user acceptance. Presentation at the CESG/BWG Government Biometrics Workshop, London. URL: http://www.cesg.gov.uk/site/ast/biometrics/media/Usability_and_User_Acceptance.pdf

14. Sasse, M.A. (2004). Usable security: Beyond the interface. Paper presented at the DIMACS Workshop on Usable Privacy and Security Software, July 7 – 8, Rutgers University, Piscataway, NJ. URL: http://dimacs.rutgers.edu/Workshops/Tools/program.html

15. Sasse, M.A., Brostoff, S., & Weirich, D. (2001). Transforming the ‘weakest link’: A human/computer interaction approach to usable and effective security. BT Technology Journal, 19, 122-131.

16. Tan, B., & Schuckers, S. (2006). Comparison of ridge-and intensity-based perspiration liveness detection methods in fingerprint scanners. Proceedings of SPIE, 6202.

17. Theofanos, M. (2006). Health and safety perceptions of biometric devices. National Institute of Standards and Technology. URL: http://zing.ncsl.nist.gov/biousa/docs/Health_Safety.pdf

18. Theofanos, M., Stanton, B., Orandi, S., Micheals, R., & Zhang, N. (2007). Usability testing of ten-print fingerprint capture. National Institute of Standards and Technology, NISTIR 7403. URL: http://zing.ncsl.nist.gov/biousa/docs/NISTIR-7403-Ten-Print-Study-03052007.pdf

19. TNS/TRUSTe (2005). Consumer attitudes about biometrics in ID documents. URL: http://www.truste.org/pdf/Biometrics_Study.pdf

20. UK Government Biometrics Working Group (BWG). (2003). Biometric security concerns. URL: http://www.cesg.gov.uk/site/ast/biometrics/media/BiometricSecurityConcerns.pdf

21. UK Passport Service (2005). Biometrics enrollment trial report. URL: http://www.passport.gov.uk/downloads/UKPSBiometrics_Enrolment_Trial_Report.pdf

22. Watson, C., Wilson, C., Marshall, K., Indovina, M., & Snelick, R. (2005). Studies of one-to-one fingerprint matching with vendor SDK matchers. URL: http://fingerprint.nist.gov/SDK.

23. Wearden, G. (2003). Survey gives thumbs-up to ID cards. URL: http://news.zdnet.co.uk/story/0,,t269-s2129590,00.html (accessed May 9, 2003).

24. Wilson, C.L., Garris, M.D., & Watson, C.I. (2004). Matching performance for the US-VISIT IDENT system using flat fingerprints. URL: ftp://sequoyah.nist.gov/pub/nist_internal_reports/ir_7110.pdf

5 thoughts on “Fingerprint Concerns: Performance, Usability, and Acceptance of Fingerprint Biometric Systems”

  1. Pingback: Andrew Patrick » New Essay on Performance, Usability, and Acceptance of Fingerprint Biometric Systems

  2. Pingback: SHB Session 3: Usability « The New School of Information Security

  3. Pingback: Second SHB Workshop Liveblogging (4) | Security

  4. Pingback: DailyDirt: Passwords? We Don’t Need No Stinkin’ Passwords | Deep Packet Inspection

Leave a Reply

Your email address will not be published. Required fields are marked *