Stanford professor scrutinizes Indiaís biometric identification program
Posted on 02 May 2014.
The cutting edge of biometric identification ó using fingerprints or eye scans to confirm a personís identity ó isnít at the FBI or the Department of Homeland Security. Itís in India.


Indiaís Aadhaar program, operated by the Unique Identification Authority of India (UIDAI) and created to confirm the identities of citizens who collect government benefits, has amassed fingerprint and iris data on 500 million people. It is the biggest biometric database in the world, twice as big as that of the FBI. It can verify one million identities per hour, each one taking about 30 seconds.

The program unnerves some privacy advocates with its Orwellian overtones, and the U.S.-based Electronic Frontier Foundation has criticized it as a threat to privacy.

But many developing countries see biometric identification (ID) as a potential solution for millions of citizens who donít have any official and fraud-resistant ID. The Indian government distributes $40 billion a year in food rations, but fraud is rampant because most people lack proper ID. Analysts estimate that 40 percent of Indiaís food rations never reach the people they are intended to help. Indeed, a new study of initial results from Indiaís biometric program found that it both reduced corruption and was popular with beneficiaries.

India isnít the only developing nation to explore biometric strategies. The Center for Global Development, a Washington-based think tank, reports that 70 nations have some sort of biometric program.

Now a Stanford business professor is proposing a way to make Indiaís program far more accurate. Lawrence Wein, a professor of management science, applies mathematical and statistical modeling to solve complex practical puzzles.

In health care, Wein has analyzed strategies to optimize food aid in Africa and to mitigate the toll of pandemic influenza. In homeland security, he has developed strategies that the U.S. government has adopted for responding to bioterrorist attacks involving smallpox, anthrax, and botulism.

Weinís interest in biometrics started almost a decade ago, with his analysis of fingerprint strategies used by the Department of Homeland Securityís US-VISIT program for nonresidents entering the country. That analysis influenced the governmentís decision to switch from a two-finger to a 10-finger identification system.

For Indian officials, the big practical challenge has been to make the program more accurate without getting bogged down when used by a billion people.

The system has to be accurate enough to spot all but about one in 10,000 imposters. But it shouldnít be so foolproof that it falsely rejects large numbers of people who are who they claim to be. Nor should it take so long that people have to wait in long lines. If either of those things happened, few people would sign up. Participation in Indiaís program is voluntary, not mandatory.

Indiaís system is sophisticated. When a person first enrolls, scanners take image data for all 10 fingers and both irises. When people show up at a local office to receive a benefit, they get scanned again. That data is then sent to the central database, which compares it to the personís original enrollment data.

But comparisons are complicated. One problem is that the scanning equipment where people first enroll is usually more expensive and sophisticated than the equipment at local government offices. That sets the stage for a lot of false rejections. Making matters more difficult, fingerprints and even irises vary tremendously in how distinctive they are.

The tradeoff is between accuracy and speed. Comparing all 10 fingerprints, or both irises, is extremely accurate, but it takes about 107 seconds. That may sound lightning fast, but it isnít for a system that is supposed to perform 1 million verifications an hour. To speed up the process, Indian officials originally compared only a personís right thumbprint. But a single thumbprint ó or any other individual fingerprint ó may be too hazy to compare. Indian officials then latched on to the idea of picking a personís best fingerprint ó the one that provides the easiest match. Results were better, but not ideal.

Wein teamed up with two graduate researchers, Apaar Sadhwani and Yan Yang, to derive and test sophisticated algorithms based on the Indian biometric data. Wein didnít charge for his work, but he thought that it might have ramifications for many other governments, as well as for commercial companies. Indeed, banks in India are already developing their own applications for the Aadhaar system.

The researchersí solution, which Indian officials are studying at the highest levels, is to focus on a particular subset of each personís fingerprints and eye scans that are the easiest to compare to those originally scanned. The combination of fingerprints and iris data will vary from person to person. For some people, it could be just the right index finger. For others, it could be an index finger and a thumb. Or, it could be the irises, or a combination of fingerprints and irises.

For many people, as it turned out, an easy check of only one or two fingerprints is enough for an accurate identity confirmation. For about 37 percent of people, itís necessary to compare just the irises. And for a very small number of people, itís necessary to compare both irises and some fingerprints.

By spending a small amount of time on most people, and more time on a minority of others, the researchers found they could keep the average verification time to just 37 seconds. Thatís a bit longer than it takes to just compare one finger, but the rate of false rejections is about 200,000 times lower.

Wein doesnít expect the United States to replicate the Indian approach. Americans are already suspicious about government surveillance, and most Americans already carry driversí licenses and other photo identification that are fairly hard to forge. But for low-income countries, he says, biometrics may have a big future.





Spotlight

Behavioral analysis and information security

Posted on 22 September 2014.  |  In this interview, Kevin Watkins, Chief Architect at Appthority, talks about the benefits of using behavioral analysis in information security and how behavioral analysis can influence the evolution of security technologies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //