A Framework for National Integration of Biometric Information

ABSTRACT

Having a central database for Nigeria which organizations can rely on for identification/verification purposes has been a plan in the pipeline for many years now. This has become urgent because of the nation’s current security challenges and the problem of multiple enrolments across various organizations. All of these organizations collect data, but the data collected is not useful outside the collecting organizations.

According to various reports, the Nigerian government has been trying to create a central database to contain Nigerian nationals’ basic information and biometric information as well, to be managed by the Nigerian Identity Management Commission (NIMC), but to no avail. The project ‘National Identity Database’ creation was started in 2007 and to date has not yet been successful.

This thesis aims to create a central platform for integration of all of these biometric data in order to curb these problems while considering security of access control. In this work, we have created four different web applications and databases, to represent information of four different organizations; Nigerian Immigration System, Independent National Electoral Commission, Bank, NIMC, with NIMC serving as the central point. The data represented includes basic information and biometric information (fingerprints) of their enrolees. The web applications where designed using C#.net on visual studio IDE alongside other supporting software like MySQL connector, Adobe Fireworks and database access with PhpMyAdmin. Each application includes four modules, enrolment, admin, query and verification module. The verification module serves as the platform where different organizations’ applications can interface to the central database, giving the opportunity to identify individuals from any point.

The overall system developed provides a platform for this, in order to curb multiple and indiscriminate collection of biometric (fingerprint) data which is a major challenge in the country at present.

Keywords: Biometric, Central database, Fingerprint, Verification and Identification

TABLE OF CONTENTS

CERTIFICATION2

ABSTRACT5

ACKNOWLEDGEMENTS6

DEDICATION7

LIST OF FIGURES11

LIST OF ABBREVIATIONS12

CHAPTER ONE INTRODUCTION1

1.1 Background to Biometrics1

1.2 State of National Security in Nigeria2

1.3 Aim and Objectives3

1.4 Scope and Limitation3

1.5 Significance of the Study4

1.6 Justification of Study5

1.7 Definition of Terms5

1.8 Organization of the Study5

CHAPTER TWO LITERATURE REVIEW7

2.1
Introduction7

2.2
Overview of Database Systems7

2.2.1
Evolution of Database Technology7

2.3
Database Architecture8

2.3.1
Two-Tier Architecture8

2.3.2
Three-Tier Architecture9

2.4
Database Access Control10

2.4.1
Components of Access Control11

2.5
Biometrics: Its Current State12

2.5.1
Application of Biometrics12

2.5.2
Types of Biometrics13

2.6
Fingerprints14

2.6.1
Fingerprint Topologies16

2.6.2
Fingerprint Processing19

2.7
Review of Related Work20

2.8
National Database Examples23

2.8.1
The Social Security Master File23

2.8.2
The EURODAC System24

2.8.3
The UK Police National DNA Database24

2.8.4
The FBI’s Integrated Automated Fingerprint Identification System25

2.8.5
NIMC’s National Identity Database25

CHAPTER THREE
RESEARCH METHODOLOGY26

3.1
Data Collection26

3.2
Model Description and Architecture27

3.2.1
Nigerian Identity Management Commission29

3.2.2
Independent National Electoral Commission29

3.2.3
Central Bank of Nigeria29

3.2.4
Nigerian Immigration Service29

3.3
Centralized National Identity Database29

3.3.1
Identification of Enrolees31

3.4
Database Creation (Back End Design of Application)32

3.5
Windows Form Development (Front End Design)32

3.6
Performance Evaluation of Model33

3.7
Tools Used for Research33

3.7.1
Standard Query Language33

3.7.2
Visual Studio34

3.7.3
MySQL Connector34

3.7.4
Adobe Fireworks34

CHAPTER FOUR
RESULTS AND DISCUSSION35

4.1
Introduction35

4.2
Organizations’ Web Applications35

4.2.1
NIS’s Application Design36

4.2.2
INEC’s Application Design36

4.2.3
Commercial Banks Application Design37

4.2.4
NIMC Application Design38

4.3
Databases of the Organizations40

4.4
Authentication of Enrollees41

4.5
Security Control of System42

CHAPTER FIVE
SUMMARY, CONCLUSION AND RECOMMENDATION44

5.1
Summary44

5.2
Conclusion44

5.3 Recommendation44

5.4 Suggestions for Further Work45

REFERENCES46

APPENDIX50

LIST OF FIGURES

Figure 2.1: Two-tier architecture 9

Figure 2.2: Three-Tier Architecture10

Figure 2.3: Attacks on Template Database11

Figure 2.4: Block Diagram of a BIS13

Figure 2.5: Various Biometric Traits14

Figure 2.6: Diagram of a Typical Fingerprint Showing Ridge Endings and Bifurcations15

Figure 2.7: Basic and Composite Ridge Characteristics16

Figure 2.8: Diagram of Arch Patterns17

Figure 2.9: Diagram of Whorl Patterns18

Figure 2.10: Diagram of Loop Patterns18

Figure 2.11: Minutiae points of a processed fingerprint image20

Figure 3.1: Flow Chart of Proposed Methodology28

Figure 3.3: Architecture of the Current System in Nigeria30

Figure 3.4: Architecture of Proposed Fingerprint-Based Enrolment and Authentication System31

Figure 4.1: Diagram of an Application’s Main Dashboard35

Figure 4.2: NIS enrolment form36

Figure 4.3: INEC Enrolment Form37

Figure 4.4: Commercial Bank Enrolment Form38

Figure 4.5: NIMC Application Main Dashboard39

Figure 4.6: NIMC Enrolment Form39

Figure 4.7: Use Case Diagram of Application40

Figure 4.8: Sample of Multiple Connection for Applications41

Figure 4.9: Verification Platform for Applications42

Figure 4.10: Admin’s control panel43

LIST OF ABBREVIATIONS

BVN Bank Verification Number

CBN Central Bank of Nigeria

DBMS Database Management System

DNA Deoxyribonucleic Acid

EURODAC European Dactyloscopy

IAFIS Integrated automatic fingerprint identification system

INEC Independent Electoral Commission

NDNAD National Deoxyribonucleic Acid Database

NID National Identity Database

NIMC National Identity Management Commission

NIS Nigerian Immigration Service

CHAPTER 1

INTRODUCTION

1.a Background to Biometrics

The adoption of biometrics can still be considered as not being a popular technology in developing nations. However, various practices have shown the use of physical characteristics for identification purposes have been in use since ancient times. For example, in ancient Babylon, Assyria, China and Japan, fingerprints were used to sign contracts (Taha & Norrozila, 2015). In the 1890s Alphonse Bertillon a Paris police clerk, who was also an anthropologist, developed a method of multiple body measurements called Bertillonage. He based this method on a claim that bones do not grow after age 20, so measurements of anyone after that age should remain the same. As a result, a 20-60 minute-long measuring procedure was done to identify criminals. The records of length, height, breath of heads, fingers, arms and leg were done by hand and filed. It was relatively fast and effective method for that time His system was used by police authorities until it failed because some people shared the same measures (“The German Biometric Strategy Platform Biometrics State of the Art, Industry Strategy Development, and Platform Conception Study,” 2009.). It was a relatively fast and effective method for that time, until two different people had the same measurements. Paris police switched to fingerprinting, which soon became widespread and Bertillonage was forgotten. Today different biometric technologies are widely employed in criminal prosecution, identity management and police records. In the 1960s, research on computer-based, automated recognition started, and the first commercial use, a fingerprint application, took place in 1968 (Dessimoz & Champod, 2008).

Biometrics is a developing area of technology, which seeks to uniquely identify, verify or authenticate persons based on certain features in the human body, which are distinct across individuals. These features refer to physiological and behavioural traits possessed which are unique in nature (Sapkal & Deshmukh, 2016). Due to the inaccuracies of conventional methods of identification such as pins or passwords (Mahfouz, Mahmoud, & Eldin, 2017), biometric technologies are now being widely adopted as a better replacement for identification in organizations, government agencies etc. (Sapkal & Deshmukh, 2016).

Biometrics are more appealing because they are closely bound to an individual and are supposedly more reliable, difficult to forge, lose or falsify.

Government and authorities seek enhanced security solutions to protect borders, issue secure identification documents and monitor public places (Breedt & Martin, 2004), thus in recent times there have been massive efforts by nations to adopt biometrics in identifying their citizens. Many countries have national identification systems based on databases containing some biometric information of its nationals. Examples are India (AADHAR), United States (FBI IAFIS), UK (NDNAD), the EU (EURODAC).

Biometrics generally refers to a wide range of traits: iris, hand, gaits, fingerprint, face DNA, keystroke, voice etc. However, in the literatures, fingerprints are seen as one of the best traits to be used because of the high level of structural differences from person to person (De Luis-García, Alberola-López, Aghzout, & Ruiz-Alzola, 2003). Thus, it is most widely adopted because it is a mature and affordable technology.

Following from the above, we have decided to adopt the fingerprint as our main biometric trait for use as the biometric trait in our platform for the central database.

1.b State of National Security in Nigeria

Recent years have been characterized by a more stringent requirement for people to be identifiable in response to security threats and to combat the escalating problems of identity theft. This increasing need to determine who an individual is has resulted in substantial growth in the implementation and use of biometric applications (The Irish Council for Bioethics, 2009).

Many countries, both developed and developing nations, have been victims of security issues. Nigeria is no exception. In recent years, the nation has been in the midst of many security problems stemming from the infamous group Boko Haram; not only that, the country is also dealing with the problem of high crime rates in other aspects, including armed robbery, kidnapping, ritual killings, corruption etc. Many of these crimes remain unsolved due to lack of concrete evidence to pin the actual perpetuator to the crime. This is despite the fact that various Nigerian organizations have biometric information on Nigerian nationals which can be useful in solving some criminal problems as needed; however, the data is scattered across different organizations, lying idle and not being used to their full potential.

According to a publication from the INEC, through the 2015 general elections registration exercise alone, it collected the biometric details of about 68 million Nigerians (The Scoop, 2015), which includes 10 fingerprints images, facial image and bio-data. In addition, various commercial banks at the instance of the CBN, through the BVN exercise have also gathered millions of items of biometric information from Nigerians. According to statistics from the Nigeria Inter-Bank Settlement System Plc, NIBSS, show that about 20,833,635 bank customers registered for the BVN (Udo, 2015).

The Nigeria Communications Commission (NCC) requires that every single active mobile telephone number have an individual’s biometric data registered to it. According to NCC statistics, there were more than 145 million active mobile phone lines in Nigeria as at June 2015 (Bolade, 2015).

If all these biometrics are integrated into a whole as a centralized database while excluding redundancy, then they can be put to use in solving some of the security concerns and criminal problems of Nigeria.

1.c Aim and Objectives

The aim of this research work is to develop a framework for nation-wide integration of biometric information.

The following objectives combine to achieve the aim:

1. To develop a platform that can serve as a wrapper for biometric data captured;

2. To develop a centralized database system of biometric information of Nigerian nationals; and

3. To integrate security control of access to system.

1.d Scope and Limitation

The framework developed from this study is meant for unimodal biometric system, as it will only cover fingerprints because of their uniqueness, availability and ease of collection. According to (Edgar, 2006), of all the methods of identification, fingerprinting alone has proved to be both infallible and feasible. Its superiority over the older methods, such as branding, tattooing, distinctive clothing, photography and body measurements (Bertillon system), has been demonstrated time after time. While many cases of mistaken identification have occurred with these older systems, to date the fingerprints of no two individuals have been found to be identical. This model does not provide a framework for policies to regulate its use. I assume that such a system will be regulated and deployed by corresponding government agencies in charge. Theft and social engineering methods of unauthorized access are not considered. The framework shall also consider some of the soft biometric traits, it will include:
Age; Gender; and Ethnicity.

This study does not, however, cater for other numerous biometric such as hand geometry, iris scan, due to its unavailability in other organizations’ databases and unused nature in this part of the world.

1.e Significance of the Study

The significance of this study should be felt in various sectors of the country, including the judicial sectors, military, health care sector and others, but most importantly, it would be significant in the area of national security. The framework could serve as a platform for government and authorities to seek for enhanced security solutions to protect borders, issue secure ID documents, monitor public places and combat terrorism.

Some specific applications include adoption in:

Identification documents and border control; Criminal prevention and prosecution;

Identifying known or suspected criminals; and Control of illegal immigration.

1.f Justification of Study

According to (Rotimi, Francis, Adebayo, & Owolabi, 2013) “a national database is an organized data or numerical environment where every citizen of a nation and the immigrants are uniquely identified and possesses a strong national virtual identity. National database may be population, identity, security, electorate, group or association’s classified information or data of national interest”. The national identity will help to deter people using multiple identities and be a good mechanism in the fight against crime and terrorism.

1.g Definition of Terms

1. Biometrics: a technology that identifies individual uniquely based on their physiology or behavioural traits

2. Biometric template: the individual mathematical data set calculated from a biometric sample

3. Biometric system: an automated system capable of taking a biometric sample, extracting biometric data, comparing it with other biometric data and deciding whether or not the recognition process has been successful

4. Framework: a layered structure indicating what kind of programs can or should be built and how they would interrelate

5. Central database: a database that is located, stored and maintained in a single location. This location is most often a central computer or database system, for example a desktop or server CPU, or a mainframe computer.

1.h Organization of the Study

The study is structured into five chapters. The first chapter gives an introduction to the thesis, comprising the background, the aim and objectives and the significance. The second chapter, which is the literature review, gives an in-depth overview of the concepts that relate to this work, it also presents a review of previous work done by other researchers in this field. The third chapter, research methodology, gives an insight into how the work was implemented, the methods and software adopted. Discussion of results, the fourth chapter, presents the implemented work, giving explanations on how the applications and databases function. Lastly, chapter five gives a brief summary of the entire thesis work and presents a conclusion.