What these 2 graphs tell us about biometrics

Hitoshi Kokumai
5 min readAug 30, 2021

--

Biometrics is ‘probabilistic’ by nature since it measures unpredictably variable body features of living animals in ever changing environments.

A graph below shows the False Acceptance Rates (FAR) and False Rejection Rates (FRR) of two biometrics products — one relatively more accurate and the other less accurate.

** False Acceptance is also called False Positive and False Match. False Rejection called False Negative and False Non-Match.

What this graph indicates is, firstly, that FAR and FRR are not the variables that are independent from each other, but are dependent on each other.

A FAR could be fixed only against a certain FRR, i.e., both variables can be positioned only at the same single point on the same single curve. In other words, the couple of a FAR and a FRR can exist only in a certain combination.

Secondly, it also indicates that the lower a FAR is, the higher the corresponding FRR is. The lower a FRR, the higher the corresponding FAR. That is, FAR and FRR are not just mutually dependent but are in a trade-off relation.

The level of a FAR that rejects a twin would have to bring the level of a FRR that rejects the registered user very frequently. The level of a FRR that eliminates the need of a fallback means would have to bring the level of a FAR that accepts nearly anyone.

Thirdly, also indicated is that the more accurate the biometrics sensor becomes (the lower the Equal Error Rate becomes), the curve goes downwards/leftwards in this graph. But, when a FAR is close to 0 (zero), the corresponding FRR remains close to 1 (one). When a FRR is close to 0 (zero), the corresponding FAR remains close to 1 (one).

Another graph below helps us to grasp how FAR and FRR are mutually dependent and also in a trade-off relation.

Move the threshold to the right (stricter) and we would see the combination of a lower FAR and a higher FRR. Moving it to the left (more lenient), the outcome would be the combination of a higher FAR and a lower FRR.

The presence of False Rejection, however close to 0 (zero), would require a fallback means against the False Rejection.

If the officials responsible for the Aadhaar-based PDS had been informed of the above, they must have provided a fallback means in case of the false rejection. Then this kind of misery could have been avoided. We have to wonder how it was possible that these people were not advised of the issue of false rejection.

Footnote: This is a reproduction of my earlier writing published in 2018 following a mind-boggling report from India where the biometrics; is mandatory for its Aadhaar-based Public Distribution System. The report reads ‘biometric authentication failure at the ration shop deprived a woman of the subsidized grain she was entitled to’. It refers to ‘failure’ and ‘glitch’ of biometrics, but it is not necessarily correct. ‘False Rejection’ as against ‘False Acceptance’ is inherent in biometrics; there is no biometrics that is free from False Rejection.

Incidentally, the public should have heard the above information from biometrics vendors and security professionals who tout biometrics, not from us.

Key References

Archive 2021 — Comments Posted since January 2021 on Digital Identity and Threats to It (Monthly Updated)

External Body Features Viewed as ‘What We Are’

Bizarre Theory of Password-less Authentication

Removal of Passwords and Its Security Effect

Negative Security Effect of Biometrics Deployed in Cyberspace

Additional References

Bring a healthy second life to legacy password systems (Aug/2021)

For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)

“Impact of Episodic Memory on DigitalIdentity”

Digital Identity for Global Citizens

What We Know for Certain about Authentication Factors

Summary and Brief History — Expanded Password System

Proposition on How to Build Sustainable Digital Identity Platform

History, Current Status and Future Scenarios of Expanded Password System

Availability-First Approach

Update: Questions and Answers — Expanded Password System and Related Issues (30/June/2020)

< Videos on YouTube>

Digital Identity for Global Citizens (90 seconds)

Slide: Outline of Expanded Password System (3minutes 2seconds)

Digital Identity for Global Citizens (10minutes — narrated)

Demo: Simplified Operation on Smartphone for consumers (1m41s)

Demo: High-Security Operation on PC for managers (4m28s)

Demo: Simple capture and registration of pictures by users (1m26s)

Slide: Biometrics in Cyber Space — “below-one” factor authentication

Corporate website: Mnemonic Identity Solutions Limited

#identity #authentication #password #security #biometrics #privacy #democracy #ethics #emergency #disaster #panic #defense #government #pandemic #teleworking #blockchain

--

--

Hitoshi Kokumai
Hitoshi Kokumai

Written by Hitoshi Kokumai

Advocate of ‘Identity Assurance by Our Own Volition and Memory’, Inventor of Expanded Password System and Founder of Mnemonic Identity Solutions Limited in UK.