Biometric Error Rates
Contents |
and Segmentation Market Sizing & Forecasting Market and Product Strategy Consulting Marketing Campaign Support Strategic Advisory Sessions Resources Company Profiles White Papers About Overview Team Research Methodology Careers Contact Us Newsroom Press Releases Tractica in the News Events Blog cost and error rates of standard biometrics My Reports Register June 23, 2015 Bob Lockhart In Biometrics, Which Error Rate
Biometric Crossover Error Rate
Matters? Biometrics error rates are like wine. The question, “What is a good wine?” cannot be answered out of context. problem with biometrics Not for me, at least. I need more information like, “What are you eating with it?” I might not suggest the same wine for a rack of lamb as I would for a crossover error rate calculation filet of sole. Biometrics’ wine question is, “What is the most important error rate?” Again, it depends on what you’re doing. Three error rates are commonly discussed relating to biometrics: the false accept rate, the false reject rate, and the equal error rate (or crossover error rate): the point where a biometrics’ false accept rate and false reject rates are equal. Vendors can tune their false
Equal Error Rate Calculation
accept and false reject rates: for example, by adjusting the size of their biometric templates or by adjusting the confidence interval that determines a match. Biometric verification is a statistical process, not a yes/no comparison, so a more precise comparison produces a greater degree confidence in the verification. You might think that a greater confidence interval is better but that is not always the case. Like most everything in biometrics, error rate selection is governed by use cases. For starters, we can dismiss the equal error rate (EER). In all my research, I have yet to encounter a use case where having an equal probability of false accept or false reject was optimal. EER is an interesting academic construct but it’s hard to think of a use case where it matters. That leaves us with choosing the right false accept or false reject rate, and with choosing the right wine for our rack of lamb. A greater confidence interval lowers the probability of a false positive: that someone will be accepted who should not be accepted. This is highly desirable when authenticating a remote wire transfer of $10 million. It is the rack of lamb’s Châteauneuf-du-Pape.
as a match by the system. A False Reject is when a matching pair of biometric data is wrongly rejected by the system. The two errors are false non match rate complementary: When you try to lower one of the errors by varying the false acceptance rate threshold, the other error rate automatically increases. There is therefore a balance to be found, with a decision threshold that
Biometric Authentication
can be specified to either reduce the risk of FAR, or to reduce the risk of FRR. In a biometric authentication system, the relative false accept and false reject rates can be set https://www.tractica.com/biometrics/in-biometrics-which-error-rate-matters/ by choosing a particular operating point (i.e., a detection threshold). Very low (close to zero) error rates for both errors (FAR and FRR) at the same time are not possible. By setting a high threshold, the FAR error can be close to zero, and similarly by setting a significantly low threshold, the FRR rate can be close to zero. A meaningful operating point for the threshold http://www.biometricnewsportal.com/biometrics_issues.asp is decided based on the application requirements, and the FAR versus FRR error rates at that operating point may be quite different. To provide high security, biometric systems operate at a low FAR instead of the commonly recommended equal error rate (EER) operating point where FAR = FRR. Compromised biometric data Paradoxically, the greatest strength of biometrics is at the same time its greatest liability. It is the fact that an individual's biometric data does not change over time: the pattern in your iris, retina or palm vein remain the same throughout your life. Unfortunately, this means that should a set of biometric data be compromised, it is compromised forever. The user only has a limited number of biometric features (one face, two hands, ten fingers, two eyes). For authentication systems based on physical tokens such as keys and badges, a compromised token can be easily canceled and the user can be assigned a new token. Similarly, user IDs and passwords can be changed as often as required. But if the biometric data are compromised, the user may quickly run out of biometric features to be used for authentication. Vulnerable points of a biometric system The
Rate FAR and the False Rejection Rate FRR. When using a biometric application for the first time the user needs to enroll to the system. The system http://www.biometric-solutions.com/index.php?story=performance_biometrics requests fingerprints, a voice recording or another biometric factor from the operator, this input is registered in the database as a template which is linked internally to a user ID. http://security.stackexchange.com/questions/57589/determining-the-accuracy-of-a-biometric-system The next time when the user wants to authenticate or identify himself, the biometric input is compared to the templates in the database by a matching algorithm which responds with error rate acceptance (match) or rejection (no match). FAR and FRR The FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input with a template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly accepted. The crossover error rate FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input with a template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs which are incorrectly rejected. FAR and FRR are very much dependent on the biometric factor that is used and on the technical implementation of the biometric solution. Furthermore the FRR is strongly person dependent, a personal FRR can be determined for each individual. Take this into account when determining the FRR of a biometric solution, one person is insufficient to establish an overall FRR for a solution. Also FRR might increase due to environmental conditions or incorrect use, for example when using dirty fingers on a fingerprint reader. Mostly the FRR lowers when a user gains more experience in how to use the biometric device or software. FAR and FRR are key metrics for biometric solutions, some biometric devices or software even allow to tune them so that the s
tour help Tour Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with us Information Security Questions Tags Users Badges Unanswered Ask Question _ Information Security Stack Exchange is a question and answer site for information security professionals. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Determining the accuracy of a biometric system up vote 2 down vote favorite 1 How is the accuracy of a biometric security system (its ability to minimize false acceptance rate and false rejection rate) determined? authentication biometrics share|improve this question edited May 9 '14 at 11:22 Rory Alsop♦ 50.6k1081256 asked May 9 '14 at 8:09 nuha 1113 I have removed the 2nd question you included - it is far too broad to be answerable here. –Rory Alsop♦ May 9 '14 at 11:23 add a comment| 3 Answers 3 active oldest votes up vote 3 down vote Well, I am not sure if this what you are looking for. In general, the performance of any biometric system (e.g fingerprint, voice, facial recognition, etc) is described using several metrics. FAR or False Acceptance rate is the probability that the system incorrectly authorizes a non-authorized person, due to incorrectly matching the biometric input with a template. The FAR is normally expressed as a percentage, following the FAR definition this is the percentage of invalid inputs which are incorrectly accepted. FRR or False Rejection Rate is the probability that the system incorrectly rejects access to an authorized person, due to failing to match the biometric input with a template. The FRR is normally expressed as a percentage, following the FRR definition this is the percentage of valid inputs which are incorrectly rejected. CER or Crossover Error Rate is the rate where both accept and reject error rates are equal. FER The Failure to Enroll Rate (FER) is the percentage of the population which fails to complete enrollment. EXAMPLE: let us assume we have a