A Framework for National Integration of Biometric Information
Having a central database for Nigeria which organizations can rely on for identification/verification purposes has been a plan in the pipeline for many years now. This has become urgent because of the nation’s current security challenges and the problem of multiple enrolments across various organizations. All of these organizations collect data, but the data collected is not useful outside the collecting organizations.
According to various reports, the Nigerian government has been trying to create a central database to contain Nigerian nationals’ basic information and biometric information as well, to be managed by the Nigerian Identity Management Commission (NIMC), but to no avail. The project ‘National Identity Database’ creation was started in 2007 and to date has not yet been successful.
This thesis aims to create a central platform for integration of all of these biometric data in order to curb these problems while considering security of access control. In this work, we have created four different web applications and databases, to represent information of four different organizations; Nigerian Immigration System, Independent National Electoral Commission, Bank, NIMC, with NIMC serving as the central point. The data represented includes basic information and biometric information (fingerprints) of their enrolees. The web applications where designed using C#.net on visual studio IDE alongside other supporting software like MySQL connector, Adobe Fireworks and database access with PhpMyAdmin. Each application includes four modules, enrolment, admin, query and verification module. The verification module serves as the platform where different organizations’ applications can interface to the central database, giving the opportunity to identify individuals from any point.
The overall system developed provides a platform for this, in order to curb multiple and indiscriminate collection of biometric (fingerprint) data which is a major challenge in the country at present.
Keywords: Biometric, Central database, Fingerprint, Verification and Identification
TABLE OF CONTENTS
LIST OF FIGURES11
LIST OF ABBREVIATIONS12
CHAPTER ONE INTRODUCTION1
1.1 Background to Biometrics1
1.2 State of National Security in Nigeria2
1.3 Aim and Objectives3
1.4 Scope and Limitation3
1.5 Significance of the Study4
1.6 Justification of Study5
1.7 Definition of Terms5
1.8 Organization of the Study5
CHAPTER TWO LITERATURE REVIEW7
Overview of Database Systems7
Evolution of Database Technology7
Database Access Control10
Components of Access Control11
Biometrics: Its Current State12
Application of Biometrics12
Types of Biometrics13
Review of Related Work20
National Database Examples23
The Social Security Master File23
The EURODAC System24
The UK Police National DNA Database24
The FBI’s Integrated Automated Fingerprint Identification System25
NIMC’s National Identity Database25
Model Description and Architecture27
Nigerian Identity Management Commission29
Independent National Electoral Commission29
Central Bank of Nigeria29
Nigerian Immigration Service29
Centralized National Identity Database29
Identification of Enrolees31
Database Creation (Back End Design of Application)32
Windows Form Development (Front End Design)32
Performance Evaluation of Model33
Tools Used for Research33
Standard Query Language33
RESULTS AND DISCUSSION35
Organizations’ Web Applications35
NIS’s Application Design36
INEC’s Application Design36
Commercial Banks Application Design37
NIMC Application Design38
Databases of the Organizations40
Authentication of Enrollees41
Security Control of System42
SUMMARY, CONCLUSION AND RECOMMENDATION44
5.4 Suggestions for Further Work45
LIST OF FIGURES
Figure 2.1: Two-tier architecture 9
Figure 2.2: Three-Tier Architecture10
Figure 2.3: Attacks on Template Database11
Figure 2.4: Block Diagram of a BIS13
Figure 2.5: Various Biometric Traits14
Figure 2.6: Diagram of a Typical Fingerprint Showing Ridge Endings and Bifurcations15
Figure 2.7: Basic and Composite Ridge Characteristics16
Figure 2.8: Diagram of Arch Patterns17
Figure 2.9: Diagram of Whorl Patterns18
Figure 2.10: Diagram of Loop Patterns18
Figure 2.11: Minutiae points of a processed fingerprint image20
Figure 3.1: Flow Chart of Proposed Methodology28
Figure 3.3: Architecture of the Current System in Nigeria30
Figure 3.4: Architecture of Proposed Fingerprint-Based Enrolment and Authentication System31
Figure 4.1: Diagram of an Application’s Main Dashboard35
Figure 4.2: NIS enrolment form36
Figure 4.3: INEC Enrolment Form37
Figure 4.4: Commercial Bank Enrolment Form38
Figure 4.5: NIMC Application Main Dashboard39
Figure 4.6: NIMC Enrolment Form39
Figure 4.7: Use Case Diagram of Application40
Figure 4.8: Sample of Multiple Connection for Applications41
Figure 4.9: Verification Platform for Applications42
Figure 4.10: Admin’s control panel43
LIST OF ABBREVIATIONS
BVN Bank Verification Number
CBN Central Bank of Nigeria
DBMS Database Management System
DNA Deoxyribonucleic Acid
EURODAC European Dactyloscopy
IAFIS Integrated automatic fingerprint identification system
INEC Independent Electoral Commission
NDNAD National Deoxyribonucleic Acid Database
NID National Identity Database
NIMC National Identity Management Commission
NIS Nigerian Immigration Service
1.a Background to Biometrics
The adoption of biometrics can still be considered as not being a popular technology in developing nations. However, various practices have shown the use of physical characteristics for identification purposes have been in use since ancient times. For example, in ancient Babylon, Assyria, China and Japan, fingerprints were used to sign contracts (Taha & Norrozila, 2015). In the 1890s Alphonse Bertillon a Paris police clerk, who was also an anthropologist, developed a method of multiple body measurements called Bertillonage. He based this method on a claim that bones do not grow after age 20, so measurements of anyone after that age should remain the same. As a result, a 20-60 minute-long measuring procedure was done to identify criminals. The records of length, height, breath of heads, fingers, arms and leg were done by hand and filed. It was relatively fast and effective method for that time His system was used by police authorities until it failed because some people shared the same measures (“The German Biometric Strategy Platform Biometrics State of the Art, Industry Strategy Development, and Platform Conception Study,” 2009.). It was a relatively fast and effective method for that time, until two different people had the same measurements. Paris police switched to fingerprinting, which soon became widespread and Bertillonage was forgotten. Today different biometric technologies are widely employed in criminal prosecution, identity management and police records. In the 1960s, research on computer-based, automated recognition started, and the first commercial use, a fingerprint application, took place in 1968 (Dessimoz & Champod, 2008).
Biometrics is a developing area of technology, which seeks to uniquely identify, verify or authenticate persons based on certain features in the human body, which are distinct across individuals. These features refer to physiological and behavioural traits possessed which are unique in nature (Sapkal & Deshmukh, 2016). Due to the inaccuracies of conventional methods of identification such as pins or passwords (Mahfouz, Mahmoud, & Eldin, 2017), biometric technologies are now being widely adopted as a better replacement for identification in organizations, government agencies etc. (Sapkal & Deshmukh, 2016).
Biometrics are more appealing because they are closely bound to an individual and are supposedly more reliable, difficult to forge, lose or falsify.
Government and authorities seek enhanced security solutions to protect borders, issue secure identification documents and monitor public places (Breedt & Martin, 2004), thus in recent times there have been massive efforts by nations to adopt biometrics in identifying their citizens. Many countries have national identification systems based on databases containing some biometric information of its nationals. Examples are India (AADHAR), United States (FBI IAFIS), UK (NDNAD), the EU (EURODAC).
Biometrics generally refers to a wide range of traits: iris, hand, gaits, fingerprint, face DNA, keystroke, voice etc. However, in the literatures, fingerprints are seen as one of the best traits to be used because of the high level of structural differences from person to person (De Luis-García, Alberola-López, Aghzout, & Ruiz-Alzola, 2003). Thus, it is most widely adopted because it is a mature and affordable technology.
Following from the above, we have decided to adopt the fingerprint as our main biometric trait for use as the biometric trait in our platform for the central database.
1.b State of National Security in Nigeria
Recent years have been characterized by a more stringent requirement for people to be identifiable in response to security threats and to combat the escalating problems of identity theft. This increasing need to determine who an individual is has resulted in substantial growth in the implementation and use of biometric applications (The Irish Council for Bioethics, 2009).
Many countries, both developed and developing nations, have been victims of security issues. Nigeria is no exception. In recent years, the nation has been in the midst of many security problems stemming from the infamous group Boko Haram; not only that, the country is also dealing with the problem of high crime rates in other aspects, including armed robbery, kidnapping, ritual killings, corruption etc. Many of these crimes remain unsolved due to lack of concrete evidence to pin the actual perpetuator to the crime. This is despite the fact that various Nigerian organizations have biometric information on Nigerian nationals which can be useful in solving some criminal problems as needed; however, the data is scattered across different organizations, lying idle and not being used to their full potential.
According to a publication from the INEC, through the 2015 general elections registration exercise alone, it collected the biometric details of about 68 million Nigerians (The Scoop, 2015), which includes 10 fingerprints images, facial image and bio-data. In addition, various commercial banks at the instance of the CBN, through the BVN exercise have also gathered millions of items of biometric information from Nigerians. According to statistics from the Nigeria Inter-Bank Settlement System Plc, NIBSS, show that about 20,833,635 bank customers registered for the BVN (Udo, 2015).
The Nigeria Communications Commission (NCC) requires that every single active mobile telephone number have an individual’s biometric data registered to it. According to NCC statistics, there were more than 145 million active mobile phone lines in Nigeria as at June 2015 (Bolade, 2015).
If all these biometrics are integrated into a whole as a centralized database while excluding redundancy, then they can be put to use in solving some of the security concerns and criminal problems of Nigeria.
1.c Aim and Objectives
The aim of this research work is to develop a framework for nation-wide integration of biometric information.
The following objectives combine to achieve the aim:
1. To develop a platform that can serve as a wrapper for biometric data captured;
2. To develop a centralized database system of biometric information of Nigerian nationals; and
3. To integrate security control of access to system.
1.d Scope and Limitation
The framework developed from this study is meant for unimodal biometric system, as it will only cover fingerprints because of their uniqueness, availability and ease of collection. According to (Edgar, 2006), of all the methods of identification, fingerprinting alone has proved to be both infallible and feasible. Its superiority over the older methods, such as branding, tattooing, distinctive clothing, photography and body measurements (Bertillon system), has been demonstrated time after time. While many cases of mistaken identification have occurred with these older systems, to date the fingerprints of no two individuals have been found to be identical. This model does not provide a framework for policies to regulate its use. I assume that such a system will be regulated and deployed by corresponding government agencies in charge. Theft and social engineering methods of unauthorized access are not considered. The framework shall also consider some of the soft biometric traits, it will include:
Age; Gender; and Ethnicity.
This study does not, however, cater for other numerous biometric such as hand geometry, iris scan, due to its unavailability in other organizations’ databases and unused nature in this part of the world.
1.e Significance of the Study
The significance of this study should be felt in various sectors of the country, including the judicial sectors, military, health care sector and others, but most importantly, it would be significant in the area of national security. The framework could serve as a platform for government and authorities to seek for enhanced security solutions to protect borders, issue secure ID documents, monitor public places and combat terrorism.
Some specific applications include adoption in:
Identification documents and border control; Criminal prevention and prosecution;
Identifying known or suspected criminals; and Control of illegal immigration.
1.f Justification of Study
According to (Rotimi, Francis, Adebayo, & Owolabi, 2013) “a national database is an organized data or numerical environment where every citizen of a nation and the immigrants are uniquely identified and possesses a strong national virtual identity. National database may be population, identity, security, electorate, group or association’s classified information or data of national interest”. The national identity will help to deter people using multiple identities and be a good mechanism in the fight against crime and terrorism.
1.g Definition of Terms
1. Biometrics: a technology that identifies individual uniquely based on their physiology or behavioural traits
2. Biometric template: the individual mathematical data set calculated from a biometric sample
3. Biometric system: an automated system capable of taking a biometric sample, extracting biometric data, comparing it with other biometric data and deciding whether or not the recognition process has been successful
4. Framework: a layered structure indicating what kind of programs can or should be built and how they would interrelate
5. Central database: a database that is located, stored and maintained in a single location. This location is most often a central computer or database system, for example a desktop or server CPU, or a mainframe computer.
1.h Organization of the Study
The study is structured into five chapters. The first chapter gives an introduction to the thesis, comprising the background, the aim and objectives and the significance. The second chapter, which is the literature review, gives an in-depth overview of the concepts that relate to this work, it also presents a review of previous work done by other researchers in this field. The third chapter, research methodology, gives an insight into how the work was implemented, the methods and software adopted. Discussion of results, the fourth chapter, presents the implemented work, giving explanations on how the applications and databases function. Lastly, chapter five gives a brief summary of the entire thesis work and presents a conclusion.