Introduction
Every now and then, you come across an article. Top 10 WILDEST biometrics! Number 5 will SHOCK YOU. I’ve seen them too. But, these articles never go beyond the surface. They’ll tell you that buttholes are a viable biometric modality, but rarely provide a source to these claims. Instead of making a sarcastic [citation needed] comment, I decided to do some digging. Here’s my own top 10 list, which hopes to counter the claims seen in other lists.
This blog post is based upon a talk I gave at DEF CON 29’s Rogues Village. The video can be found here: https://www.youtube.com/watch?v=2Yv-9QguKuc
Also, I don’t hate biometrics. I know I sound super cynical of them in this post, and I think it stems from my efforts to make a strong counterpoint to existing claims. As with all random blog posts, take things with a pinch of salt!
In no particular order, here we go:
Buttprints
The usage of seat pressure maps to uniquely identify the person sat on a chair has been proposed. Made up of a map of 39 key points, these “buttprints” have the potential to act as an additional security measure in vehicles, verifying that the correct person is attempting to drive the car. The technique appears to have some potential, with a false negative rate of 2.2% and a false positive rate of 1.1%. It is unclear how often users might have to re-enrol into the system due to factors such as weight change. Despite the early promise of this technique in reducing rates of vehicle theft, no further investigation into this area appears to have been conducted.
Instead of the simple buttprint, researchers have moved to the slightly more invasive “analprint”. The usage of analprints as a secondary biometric to a fingerprint reader on the flusher of a smart toilet has been suggested, and proven somewhat successful. With a pool of 11 participants and thousands of still images taken from anus videos, analprint images were found to be matchable to their owners with ~88% confidence. Whilst a survey conducted by the research team found that 37% of respondents were “somewhat comfortable” and 15% were “very comfortable” with the toilet cameras, it seems likely that fewer people would be comfortable when coming face to face with the system (so to speak). A press release accompanying the work makes the following observation:
“To fully reap the benefits of the smart toilet, users must make their peace with a camera that scans their anus” ~Stanford Medicine News Center
Whilst this may be the case, the author of this white paper does not believe that the usage of analprint biometrics will be entering the mainstream any time soon. Whilst people have created quite comprehensive lists of what body parts can and cannot be enrolled using phone fingerprint readers (anecdotally the nipple is a favourite), people do not appear to be rushing towards anus biometrics.
Body salinity
Lists of novel biometric modalities occasionally include references to skin salt or body salinity levels. So far as the author can tell, no actual research into the viability of salinity as a biometric measure has been conducted.
The idea of salinity as a biometric measure appear to stem from a paper from 1995 proposing a novel Personal Area Network (PAN). Stemming from a previous project aiming to let Yo-Yo Ma use his cello bow as an approximated computer mouse (really), the paper proposes the usage of the human body to transmit electrical signals from a transmitter to a receiver. A connection between two humans (such as a handshake) would complete the electrical circuit, allowing for data to flow. To characterise this novel communications channel, the field of Electrical Impedance Tomography (EIT) was investigated. This technology allows for medical images to be created via the differences in conductivity, permittivity and impedance of various aspects of the human body. Somewhere within the world of biometrics, EIT and salt levels have become linked. This link is evidenced by the data transfer rate of 2400 baud reported in the PAN paper being frequently quoted in reports of the successes of body salinity biometric systems. The apparently baseless declaration that “salinity levels are believed to be unique” was also slapped upon this connection. Now, saline levels are included in lists of novel biometrics.
Since there is (as of yet) no evidence to support the usage of saline levels as a biometric measure, this modality can safely be discounted.
Odour
The potential for uniquely identifying people based on their odour is frequently touted in lists of non-standard biometric techniques. In 2014, a study found that members of a group of 13 people could be reliably identified 85% of the time across 28 trials. Since then, this study appears to have been rehashed and re-purposed indefinitely. No attempts have been made to verify the results of this trial or to conduct similar trials.
Due to the small sample size and relatively low reliability rate seen in this single study (compared to other biometric identification and authentication methodologies), odour analysis does not appear to be a reliable biometric modality. Equally, it is possible that odour may be a more reliable technique than it appears. Further practical study should be conducted within the domain before any decisions can be reached.
Tongues
When examining the human tongue, both the “tongueprint” and the shape of the tongue may be considered. A study examining both aspects found that the shape of the tongue provided more robust matching than the texture of the tongue. By combining both measures, the reliability of the system was increased. The combined approach was capable of forming true positive matches 93.3% of the time, with a false positive rate of 2.9%. Whilst tongue matching is not as reliable as other biometric modalities, it may be a viable technique. The practicalities of implementing and using such a system may however lower adoption rates.
Knee X-Rays
Similarly to how the patterns of veins and viscera can be used for biometric identification, so too has the usage of x-ray images been proposed. Dental x-ray images have long been used to identify corpses. Images of other areas, such as the chest, have been proposed for similar purposes. One of the issues in this field is the requirement to already have obtained an x-ray image; hence the use of dental x-rays, which are the most likely type to be available.
To make use of x-rays in a biometric identification/authentication system, x-ray imaging would need to be conducted to obtain the initial images. An x-ray would need to be taken every time a comparison was to be made. How safe is this? There is, after all, a reason that the doctor leaves the room when an x-ray image is being taken. An x-ray of the teeth provides a dosage of radiation roughly equivalent to 1.5 days of background radiation, increasing the lifetime risk of fatal cancer by roughly 1 in 2 million. If you had to have an x-ray taken every day for authentication purposes, in a year that chance would rise to almost 1 in 5,000. It is hard to determine where to draw the line on unnecessary risk, but it seems like most living users would decline to use such a system long-term.
The usage of knee x-rays for identification of living subjects has been proposed and tested. Whilst it was found that knee x-ray images that are several years old may still be used within the system, identification was not very reliable. The highest success rate was found to be ~56%.
Because of the low reliability rates and the health risks associated with frequent x-ray exposure, the usage of x-rays within biometric systems is not advised.
Bacterial Faunas
People are covered in bacteria. With some 500 distinct species existing on us, it has been proposed that these bacteria could be used as a way to uniquely identify humans.
Much like DNA, humans leave traces of their natural bacterial fauna on everything that they touch. A study found that bacteria such as E. coli could survive for 20 minutes on the surface of a biometric scanner after usage, which is sufficient time for it to be transferred to the next human to use the sensor. How unique are these remnants? Whilst sequencing the fauna collected from a range of humans did not appear to be sufficient for unique identification, it was found to be somewhat useful in estimating the ethnicity of a person. That said, such identification required direct collection; a study which compared the differences between fauna collected from a person’s phone and their hands directly found only 22% commonality between the two. When only considering dominant bacteria, this value rose to 82%.
Other approaches to examining the human microbiome for identification purposes have been taken. A study found that humans could be correctly identified via the microbiome in their stool samples over 80% of the time. Whilst interesting (and raising potential privacy concerns), this fortunately does not appear to be a viable methodology for biometric authentication.
Whilst bacterial fauna can vary greatly between people, they do not appear to be a robust methodology for either identifying or authenticating people. If you are willing to go through the trouble of sequencing trace contacts left by humans, it may be best to take the DNA profiling approach instead.
Fingerprints
Fingerprint recognition is perhaps the most well-known technique for biometric identification. Their usage is frequently seen in true crime media, and people have grown familiar with their usage at border controls. The usage of fingerprint readers to unlock mobile phones is also now commonplace.
In the 1870s, Henry Faulds noticed when examining ancient pottery that the fingerprints of the potter were still visible. He pondered how unique fingerprints may be. He surveyed colleagues and found them to seemingly be unique. He learned about how static fingerprints remained over time, despite attempted removal. He was even able to use this principle to solve a minor theft. By the 1880s he was convinced, and proposed the use of fingerprints in police investigations.
Comparing entire fingerprint images to others was prohibitively expensive for wide-scale usage. Azizul Haque developed a method for encoding fingerprints based on the patterns of loops and whorls within them. This brought the speed of finding matches down to a matter of minutes. In the 1900s, the use of fingerprint identification in criminal investigations truly took off. In 1910, fingerprint evidence was used to secure a murder conviction.
In more recent times, the reliability of fingerprint evidence has been brought into question. Techniques and standards for fingerprint examination and comparison can vary greatly across the world. A study in 2010 found a 0.1% false positive error rate by experts matching fingerprints, and a 7.5% false negative rate. Having independent experts verify results reduced error rate, but increases the effort required to gain a match. The paper stresses the need to balance the trade-offs between the financial and societal costs and benefits of introducing additional verification phases into workflows.
When quantifying and matching fingerprints, it is hard to figure out how much detail to go in to. The loops and whorls of fingerprints, known as minutiae, can be encoded as a set of values which describe their originating fingerprint. But, how many points do we wish to measure, and at what level of detail? Quantifying the shape of a fingerprint harkens to the Coastline paradox. The almost fractal-like qualities of a country’s coastline mean that gaining an accurate measurement of length is quite difficult. Do we really care about that two-meter long outcropping? Do we want to measure as the crow flies in large stretches? The level of detail used in quantification can have a large impact on the overall accuracy of measurements.
In 2006, a study aiming to examine the similarity of fingerprint patterns in twins was published. Comparisons were performed using two different levels of detail matching. In level 1 matching, the overarching patterns of the fingerprint are considered (archs, whorls, loops, etc). In level 2 matching, the minutiae of ridge patterns are considered.
It was found that when examining level 1 details, the fingerprints of twins appeared to (falsely) match at rates of 55% compared to those of non-twins, which occurred at 32%. False match rates with level 2 examinations dropped to 6.17% and 2.91% for non-twins. The comparison of twins aside, this paper found a false positive rate of 2.91% in fingerprints when making comparisons based on the minutiae of fingerprints. Even if we assume that every person in the world has unique fingerprints, this systematic error rate is still incredibly high. Would it be viable for an attacker to present a reader with a random selection of unrelated fingerprints, and eventually reach a match? As there is little to no standardisation in how biometric comparisons take place (due to techniques often being proprietary), it is hard to verify the robustness of such techniques without performing hands-on testing.
Can we really assume the uniqueness of fingerprints? The assumption of fingerprint uniqueness appears to stem from Sir Francis Galton’s claim in the 1890s that the probability of two individual fingerprints being the same sat at 1 in 64 billion. More modern estimates have put the probabilities of two given fingerprints matching at even lower probabilities than this. Based on this, it appears that the limiting factor in the security of fingerprint-based biometric systems will be the robustness of the matching system itself.
To increase the reliability of fingerprint collection and matching systems, some changes to collection modality have occurred. As flat images of fingerprints can easily be spoofed, some manufacturers have switched to using ultrasonic sensors to create 3D images of fingerprints. In response to this, attackers have created 3d printed models of fingerprints and used these to fool sensors. Implementing additional liveliness detection methods on top of this (such as the presence of a pulse) or using multimodal biometrics (such as the pattern of veins in the finger) can help to increase the resiliency of the system. Fingerprints alone should not be considered sufficient for authentication to sensitive systems.
Hearts
The constant monitoring of a person’s heart to detect cardiac events has previously been raised as a potential safety feature in future vehicles. Now, it has been proposed as a method of user authentication. Researchers developed a system known as “Cardiac Scan” which can unobtrusively monitor cardiac motion using a doppler radar. Cardiac motion refers to the behaviour of the heart as determined by its precise shaping, and is different to electrocardiogram (ECG). Collected information was found to be suitable for continuously recognising the subject with a 98.6% success rate, with low rates of error. This means that should the user walk away from the system without securing it, a malicious user would not be able to highjack their session; likewise, it would be incredibly difficult for an attacker to spoof the cardiac motions of another person precisely. The Cardiac Scan system appears to provide a highly robust biometric measure, unaffected by factors such as the user’s emotional state and movements at their workstation.
ECGs have also been proposed as a novel biometric authentication measure. It has been found that ECG signals can be used as a robust and stable biometric marker. A single heartbeat can be classified successfully ~90% of the time. Increases anomaly-detection can be seen when five heartbeats are examined, leading to an increased overall success rate. However, with the resting human heartrate being around one beat per second, this would require a five second period for authentication. This factor would perhaps make ECGs more suitable for a continuous authentication system such as the aforementioned cardiac motion techniques. In contrast to the contact-free detection system used for cardiac motion detection, ECG systems require a number of sensors to be directly attached to the subject. This would make the use of an ECG-based continuous authentication system quite cumbersome on the user, and so undesirable.
To combat this issue, a number of start-up companies have begun selling wrist-wearable ECG systems such as the Nymi and the Keyband. Little information on the working of these bands is available publicly; it is unclear if they really do make use of an ECG system, or simply just monitor the heartbeat via wrist veins. Likewise, information on their reliability is not available.
There seems to be a lot of potential for the use of heart behaviours and metrics within the world of biometrics. More and more research into this domain is being conducted in recent years, and some products are attempting to enter the market. It will be interesting to watch how the technology continues to mature in terms of both reliability and usability.
Brains
As the motivational posters say, everyone’s mind is unique. Or more accurately, their brain is. Because of this principle, researchers have investigated the potential of the human brain within biometric authentication systems.
A study in 2018 proposed that the folds of the human brain are unique to each person. Using Magnetic Resonance Imaging (MRI) scans, a “brainprint” can be created for use in biometric authentication systems. Amusingly, the paper refers to this as a “non-invasive approach”. Despite the need for an MRI scan every time a comparison is to be made, the proposed approach boasts a success rate of 99.6% for recognition purposes.
In addition to the folds of the brain, the electrical activity within the brain can be used to uniquely identify people (again, called brainprints). To collect such information, electroencephalograms (EEGs) can be taken via sensors placed around the scalp. Numerous studies have taken place on the usage of EEGs for biometric authentication. A wide variety of approaches to feature extraction and data processing have been taken. Although success rates vary greatly depending on approach, some tests have suggested success rate percentages in the high 90s. When combined with other biometric markers, success rates increase even further.
Despite high success rates in EEG recognition trials, it has been noted that EEGs may not be the most stable of biometric measures. Factors such as diet and time since enrolling can reduce identification accuracy by as much as 30%. Mood also has a large impact on EEG. It has been noted that different emotions tend to be seen most intensely on different sides of the brain, contributing to variations in EEG readings. It has been noted that the impact of emotions on EEGs could be of use in high-security applications. A study found that when a system has been trained on the EEG of a calm person, a ~1-1.5 second EEG reading of the same person in a calm state is sufficient for a match to be formed. However, matching a stressed person to their calm enrolment recording requires an 8 second reading. Based on this principle, it has been proposed that EEGs could be used to create coercion-resistant biometric authentication systems.
Although technically the usage of MRIs and EEGs to quantify the brain are non-invasive techniques (meaning they do not require anything to be inserted), performing these types of scans is quite an involved process for the user. The potential for EEGs to be used in coercion-resistant authentication systems is interesting, but unlikely to be of much practical use currently. Potentially in the future the process of scanning brains will become easier and brain-based biometrics will become more viable for real-world usage, but for now they remain within the domain of “novel biometrics”.
DNA
Since DNA profiling was first used to clear a suspect and find the true perpetrator in a murder case back in 1987, its usage within law enforcement has become common. Alongside databases of fingerprints, law enforcement may hold databases of DNA profiles of suspects and convicted criminals. The US now allows the use of Rapid DNA profiling systems within law enforcement which is designed to be both easy to use, and capable of creating a profile as well as seeking a database match in under two hours. However, the functionality of such machines is limited. The FBI itself does not allow for Rapid DNA profiles to be uploaded to its main database (CODIS) as profiles do not meet their quality standards.
As with fingerprints, the reliability of DNA profiling techniques has recently been brought into question. Sometimes this stems from simple mishandling of materials, as was the case for the Phantom of Heilbronn. Police in Germany believed that they had a serial killer on their hands after the same woman’s DNA was found to be present at six murders. As it turns out, the alleged serial killer was a woman working in the factory that produced the swabs used to collect DNA samples. In this case, it was noted that swabs were being sold only for medical use; there were no requirements for swabs to be kept free of DNA. The lack of legislative requirements can have more nefarious implications than this.
Another common usage of DNA profiling techniques is for paternity testing. Paternity tests can be conducted for a variety of reasons, from simple peace of mind through to settling child support cases. As it turns out, DNA paternity testing is loosely regulated in the US, Canada, and other countries. If a paternity test is to be used as evidence in the US courts, the provider requires third party accreditation. For “peace of mind” testing, no such requirements are set. An investigative journalist found that this often leads to incorrect results after he was declared the father of a colleague’s non-existent foetus by one such company. In response to this, the test provider attempted to sue him and his employer.
Genetic sequencing can be classified as a probabilistic science. A match cannot be ascertained with 100% accuracy. Users of consumer genetic testing kits have noted that ancestry location results vary company to company, and even between identical twins having consumer-level genetic tests performed by the same company. The well-known home DNA profiling company 23andMe claims accuracy for health results in excess of 99%. Accuracy in health profiling is of much greater concern than in ancestry location testing. Whilst the US FDA reversed its decision to disallow 23andMe to carry out DNA health testing back in 2017, opponents of the technology make the points that such tests do not consider every gene responsible for disorders. Without the genetic counselling that would come with a traditional genetic disorder testing, people have the potential to cause themselves a lot of unnecessary stress. If a person is truly concerned that they might carry the gene for a genetic disorder, they should instead speak to their doctor.
Within biometric authentication systems, is the probabilistic science of DNA profiling suitable? Potentially, yes. The availability and simplicity of DNA profiling machines has increased as the technology further matures. The breakthrough of nanopore sequencing has led to small machines which can be used to create profiles using devices available for as little as £1,500. Although this system still costs £72 in reagents per profile, it is evident that the costs of the technology are dropping. Home biohackers have even begun attempting to create their own home-made DNA profiling systems. With only 20 key points within the human DNA profile being required to robustly perform matches, perhaps even cheaper DNA authentication systems will exist in the future which only examine a smaller range of key points.
For the time-being, DNA profiling is not suitable for usage within consumer biometric authentication systems. However, this may change in the future as the costs and complexity of DNA profiling techniques continue to drop.
Conclusions
There’s a hell of a lot of weird thoughts and opinions on biometrics out there. I may pull together another post here with information on other modalities.
Be First to Comment