I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
I527-290 ESRIF Final Report (WEB).indd - European Commission
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Tuning of biometric systems<br />
The decision errors of a biometric verifi cation system are measured in terms of:<br />
False Acceptance Rate (FAR): the expected proportion of transactions with wrongful claims of identity that are incorrectly<br />
confi rmed. A transaction may consist of one or more wrongful attempts dependent upon the decision policy.<br />
False Rejection Rate (FRR): the expected proportion of transactions with truthful claims of identity that are incorrectly<br />
denied. A transaction may consist of one or more wrongful attempts dependent upon the decision policy.<br />
There is inevitably a trade-off as attempts to minimize the false matches of a system tend to decrease the frequency of true<br />
matches. System designers often have to adjust threshold values to get the best combination of true and false performance<br />
measures, and sometimes these adjustments are also available to customers who want to fi ne-tune their own biometric<br />
deployments.<br />
Other performance indicators such as Failure To Enrol (FTE, percentage of people not able to enrol in the system) or Failure To<br />
Acquire (FTA, percentage of people not able to have their biometrics captured for matching) can also be measured and tuned<br />
in each system. If the requirements in terms of quality of the samples captured are too high, the FTE and FTA will be extremely<br />
high. But on the other hand if these requirements are too low the system will not be secure.<br />
While it is important to be able to adapt a system’s performance specifi cally to a given application and environment, this<br />
can also be dangerous, especially in Border Control scenarios. In Europe for instance, we can imagine that diff erent countries<br />
deploy systems with diff erent performance in terms of any of the indicators mentioned above. For this reason, and to maintain<br />
a good level of trust for the overall <strong>European</strong> system, it is important to have a mean to uniformly assess this performance.<br />
Certifi cation of the systems is one of the solutions to achieve this goal.<br />
Certifi cation of systems<br />
It is challenging to defi ne and compare security levels of diff erent biometric identity management systems. As we just<br />
mentioned, diff erent attacks can be carried out against biometric systems and by design the systems can achieve diff erent<br />
performance levels. One possible approach could be to introduce a certifi cation mechanism or a conformance mechanism.<br />
This would allow interoperability and trustworthiness through connected service providers. It is also important to defi ne<br />
quality requirements targeted to diff erent applications where biometric systems are required. This is of particular concern as<br />
these systems interact with people’s privacy and can lead to judicial penalties.<br />
A good example of this can be found in large-scale applications where the choice of the acquisition devices is one of the most<br />
critical issues. For example, the 10-print (4-4-2) fi ngerprint capture devices that will be used for the <strong>European</strong> Visa Information<br />
System (VIS) project require implementing the ISO/IEC 19794 series standard. This provides a common level of quality and<br />
mutual trust between all the participants in the project.<br />
8.2.1.3 Trusting assets<br />
The opportunities and challenges mentioned above equally apply to assets. With better performing technologies, but also<br />
an increased complexity of the exchanges of assets, establishing trust of physical assets is at the same time becoming more<br />
feasible but also more complex.<br />
The best example of the challenges that have to be faced can certainly be found in multimodal freight transportation, which<br />
is a complex, distributed and unbounded network linking geographically-scattered nodes through broad and diverse fl ows<br />
and infrastructures covering direct air/sea/road/inland/waterway/railway connections. In such a scenario, as in any complex<br />
networked system, the weakest point always determines its overall resilience and exposure to risks.<br />
Here are some of the challenges to be addressed to enhance trust in this context:<br />
Authentication, authorisation and organisational/institutional control/ruling providing guarantees for all actors involved.<br />
Customs control and procedures addressing inspection requirements and technological solutions for monitoring, tracking<br />
and automatic control of freight and carrier at the crossing points, during transport and the eff ective interaction of the<br />
authorities with the stakeholders towards a greater effi ciency.<br />
175