What these 2 graphs tell us about biometrics
Biometrics is ‘probabilistic’ by nature since it measures unpredictably variable body features of living animals in ever changing environments.
A graph below shows the False Acceptance Rates (FAR) and False Rejection Rates (FRR) of two biometrics products — one relatively more accurate and the other less accurate.
** False Acceptance is also called False Positive and False Match. False Rejection called False Negative and False Non-Match.
What this graph indicates is, firstly, that FAR and FRR are not the variables that are independent from each other, but are dependent on each other.
A FAR could be fixed only against a certain FRR, i.e., both variables can be positioned only at the same single point on the same single curve. In other words, the couple of a FAR and a FRR can exist only in a certain combination.
Secondly, it also indicates that the lower a FAR is, the higher the corresponding FRR is. The lower a FRR, the higher the corresponding FAR. That is, FAR and FRR are not just mutually dependent but are in a trade-off relation.
The level of a FAR that rejects a twin would have to bring the level of a FRR that rejects the registered user very frequently. The level of a FRR that eliminates the need of a fallback means would have to bring the level of a FAR that accepts nearly anyone.
Thirdly, also indicated is that the more accurate the biometrics sensor becomes (the lower the Equal Error Rate becomes), the curve goes downwards/leftwards in this graph. But, when a FAR is close to 0 (zero), the corresponding FRR remains close to 1 (one). When a FRR is close to 0 (zero), the corresponding FAR remains close to 1 (one).
Another graph below helps us to grasp how FAR and FRR are mutually dependent and also in a trade-off relation.
Move the threshold to the right (stricter) and we would see the combination of a lower FAR and a higher FRR. Moving it to the left (more lenient), the outcome would be the combination of a higher FAR and a lower FRR.
The presence of False Rejection, however close to 0 (zero), would require a fallback means against the False Rejection.
If the officials responsible for the Aadhaar-based PDS had been informed of the above, they must have provided a fallback means in case of the false rejection. Then this kind of misery could have been avoided. We have to wonder how it was possible that these people were not advised of the issue of false rejection.
Footnote: This is a reproduction of my earlier writing published in 2018 following a mind-boggling report from India where the biometrics; is mandatory for its Aadhaar-based Public Distribution System. The report reads ‘biometric authentication failure at the ration shop deprived a woman of the subsidized grain she was entitled to’. It refers to ‘failure’ and ‘glitch’ of biometrics, but it is not necessarily correct. ‘False Rejection’ as against ‘False Acceptance’ is inherent in biometrics; there is no biometrics that is free from False Rejection.
Incidentally, the public should have heard the above information from biometrics vendors and security professionals who tout biometrics, not from us.
Key References
Archive 2021 — Comments Posted since January 2021 on Digital Identity and Threats to It (Monthly Updated)
External Body Features Viewed as ‘What We Are’
Bizarre Theory of Password-less Authentication
Removal of Passwords and Its Security Effect
Negative Security Effect of Biometrics Deployed in Cyberspace
Additional References
Bring a healthy second life to legacy password systems (Aug/2021)
For Achieving Solid Digital Identity on Information Security Buzz (Mar/2021)
“Impact of Episodic Memory on DigitalIdentity”
Digital Identity for Global Citizens
What We Know for Certain about Authentication Factors
Summary and Brief History — Expanded Password System
Proposition on How to Build Sustainable Digital Identity Platform
History, Current Status and Future Scenarios of Expanded Password System
Update: Questions and Answers — Expanded Password System and Related Issues (30/June/2020)
< Videos on YouTube>
Digital Identity for Global Citizens (90 seconds)
Slide: Outline of Expanded Password System (3minutes 2seconds)
Digital Identity for Global Citizens (10minutes — narrated)
Demo: Simplified Operation on Smartphone for consumers (1m41s)
Demo: High-Security Operation on PC for managers (4m28s)
Demo: Simple capture and registration of pictures by users (1m26s)
Slide: Biometrics in Cyber Space — “below-one” factor authentication
Corporate website: Mnemonic Identity Solutions Limited
#identity #authentication #password #security #biometrics #privacy #democracy #ethics #emergency #disaster #panic #defense #government #pandemic #teleworking #blockchain