A measurable physical characteristic
A biometric can be defined as a measurable physical characteristic or personal behavioral trait used to recognize the identity or verify the claimed identity of an individual. In regards to information security, biometrics applies to the automated use of physiological or behavioral characteristics to determine or verify an identity. With the increasing awareness in security risks and identity theft on the rise, there is a greater need to have new methods available to identify specific individuals uniquely and accurately. Biometrics is seen as the technology to provide accurate identification both now and in the future. Biometrics can be divided into two categories: physiological and behavioral. Advances in biometric technology put greater pressure on the individuals responsible for managing the technology. The modern versions of biometrics must have a template in a database in which to match the input data. This input data is used in order to provide for verification or identification, which are the two primary objectives of biometrics.
Verification is the process of confirming or denying the identity that a person claims to be, while identification is the process associated with establishing a person's identity. Biometrics can be used to confirm a specific individual is who they say they are which is referred to as one to one matching, or identifying an individual from their biometric data referred to as one to many matching. Using a biometric to link an individual to an ID card is an example of one to one matching while the an example of one to many matching is using a fingerprint to track down a criminal.
Some examples of physiological biometric patterns are fingerprints, iris, face, hands, and retina. Some examples of behavioral biometric patterns are signatures, keystrokes, voice and gait. First of all, we will explore the physiological patterns of biometrics. A fingerprint is defined by the patterns found on a finger tip. These patterns are unique to an individual. The main use of fingerprints is by the police. There are a variety of methods for using fingerprints to identify an individual. Some emulate the traditional police method of visually matching minutiae, which are the major features of a fingerprint. There are also some unusual techniques, including moiré which is an interference pattern created by overlapping two grids at angles to see if the pattern matches or has differences. The next biometric pattern is the iris. The iris is the colored ring of tissue surrounding the pupil of the eye. The iris is unique to an individual. To use the iris as a biometric, it needs to be scanned by a device similar to a camera. An iris scan can then be matched against a library of templates to identify or authenticate an individual (Woodward, 2001). Next pattern is the face. The face can be analyzed by the geometry of facial characteristics. The geometry is captured by taking a digital image of the face and then using software to analyze the characteristics. The geometry of a user's hand can be analyzed in the same manner as the face. Last of the physiological patterns is the retina. The retina biometric is based on the analysis of the blood vessels at the back of the eye which are unique to the individual. To take a retina scan, a low intensity light is used to capture the unique patterns of the retina. Lastly, we will explore the behavioral patterns for use in biometrics. A signature biometric can be based on the image of the signature or the way it is written. A static signature biometric is solely based on image comparison, while dynamic analysis uses both the image and the dynamics of the signature. Next, keystroke patterns recognize the speed and accuracy in which an individual types. Last, the voice biometric is based on the frequency and or time analysis of the voice. A template of the user's voice is taken by effectively recording the voice. As with most other biometrics the recording can be compared with a series of templates to perform the biometric check.
Biometrics is one of three user identification methods commonly practiced. There are three approaches to user identification. First approach is something you know, like a password, PIN or piece of personal information. Second, is something you have, like a token, a swipe card, a smart card or a passport. Last, is something you are, a biometric, like a fingerprint, a signature or an iris scan. Often the methods are combined for increased security. For example a swipe card will also have a PIN. Such combinations are sometimes referred to as two factor authentication. Three factor authentications could be a smart card containing the user's biometric data that also required the user to disclose their PIN. As various methods are combined to increase security, there is a tradeoff between a high level of security and usability or compatibility. PINs and passwords are vulnerable to being forgotten, given away, observed by others, or otherwise obtained by social engineering. Physical cards can be stolen or forged. A combination of these can help against fraud; however, combine either of these methods with a biometric, and usability as well as security is improved. This is provided that the performance and capability of the biometric technology is of a high standard and can accurately handle the combination of user authentication.
The use of biometric identification has a number of factors. These factors include: the level of security required, physical environment performance, user acceptance capabilities, and cost. The performance of biometrics is a measurement of false negatives against false positives. A false negative is when the biometric of the correct individual is deemed to be incorrect by the system, and therefore rejects legitimate entry to the system. A false positive is when the biometric of the wrong individual is identified by the system as being correct, and therefore allows illegitimate entry to the system. Statistically false positives can never be zero, but need to be sufficiently low to meet the level of security required. The acceptable level of false negatives is driven by user acceptance, but is also a function of the level of security required and the physical environment the biometric identifier is performing in. A level of 0-20% for false negatives is considered acceptable by most people for most electronic processes, providing these results in close to 0% within a few authorization attempts. In the past it has proved difficult to produce biometric identification solutions with adequate performance within a cost to enable use. As a result, biometric identification has been used for specialized purposes, and most commonly electronic user identification is implemented by giving users an ID and a password or PIN. PINs and passwords offer minimal levels of security and are often changed on a regular basis to increase security. This further increases the instances of passwords and PINs being forgotten. The majority of requests to the I.T. help desk in corporations consist of re-setting passwords. PINs and passwords are also open to being stolen; especially if they are written down to avoid forgetting them. PINs are particularly subject to over the shoulder gazing and captured by criminals. All these factors have driven the electronic biometric identification developers to drive performance up and cost down to establish common use of biometric identification for all electronic processes. The general increasing awareness of security and the rising problem of identity theft has meant that biometrics are now seen as the preferred method of user identification in electronic systems, and are being seriously considered in many environments. For any biometric a major issue is that of user acceptance. Many users prefer biometrics instead of passwords. This is driven by the amount of passwords and PINs we each have to remember. There still are cultural and environmental issues on the selection of particular types of biometrics. Generally people will associate fingerprints with law enforcement rather than everyday identification. Some cultures object to physical contact to devices, like fingerprint readers that are used by the general public. Some physical environments also make the selection of biometric identification restricted. As an example, in the healthcare industry where many functions are performed with individuals wearing gloves, fingerprint reading is not practical. In noisy environment, voice recognition proves to be ineffective. Poorly lit environments make facial recognition very difficult and inaccurate. Out of all the biometrics available, the fingerprint reader is the best value having the lowest cost with a high degree of reliability. Iris scanning however the highest degree of reliability, but the cost has is very high.
Some of biometrics current uses include the U.S. Visit program that was implemented in January 2004. For this program the U.S. Department of Homeland Security takes photographs and digital fingerprints of some of the visitors prior to them entering the U.S., and then compares them to a database of known criminals and terrorists for matches. Some Federal buildings and corporations are utilizing biometrics for entry to the office buildings and secure areas. At Walt Disney World, biometric measurements are taken from the fingers of guests to ensure that the person's ticket is used by the same person from day to day and not passed off to someone else (Harmel, 2006). Some laptop manufacturers such as Dell are incorporating fingerprint readers as a means of security for the user to access their laptop instead of using a password, or using it in conjunction with a password. There are many other countries as well that are in the process of implementing biometrics into their passports. Biometrics is being utilized for border security and at airports around the globe. Escalating world issues such as terrorism are the drivers behind the rise for figuring out who is where and what they are doing at any given moment. Can biometrics really make us more secure, or will some of our liberties be lost?
Biometrics is a rapidly advancing and growing technology that is also growing in acceptance and use. Security and the management of biometrics are a great concern. As an example of the physical risks of biometrics, fingerprint readers have been fooled by imposters. Fingerprints can be lifted in the same manner that law enforcement officials dust for prints, and then transferred to a piece of paper and photocopied. Also gelatin fingers have also been able to fool fingerprint readers. Iris readers have been fooled with contact lenses and photocopied eyes. Facial recognizers have been fooled with beards, cosmetics, glasses and general aging can lead to inaccuracy. There is also the system security aspect. This process begins with identifying the cyber risk exposures that biometrics makes possible. System vulnerabilities are weak points that are identified in various internal network entry points and integral components such as workstations, employee awareness, servers, databases, mainframes, mobile users and remote users. In addition to the internal weak points, external network influences that pose weak points include vendors, customers, and partners. System circumvention involves using systems in ways they were not intended. An example would be hackers gaining access to a system using hardware and software weaknesses. Once a system's weakness has been found, the system gives intruders the ability to use, sell, alter or destroy the data stored on it. The weakness could be from inadequate network security, or leaked or stolen passwords. Hackers may include terrorists, stalkers, abusive ex-spouses, blackmailers or organized crime. There is no single profile that fits all hackers, either by the methods they use or by their motives for invading data systems. Verification fraud involves circumvention of the system during the process of verification itself that can be achieved in a number of ways. A perpetrator may be able to force an individual with registered biometrics to provide his or her biometric sample, enabling entry to the network. There could be enrollment fraud. A person can enter an organization under the disguise of an employment service with the malicious motivation of system infiltration. This is accomplished through providing biometric information just like every other employee, which allows full access to security, premises and information systems. Strong network security is the first concern a Chief Information Security Officer (CISO), especially when working with biometrics. Appropriate firewalls, routers, antiviral and anti-spam methods will help to reduce the impact of a system breach by a hacker. A verification process must be in place to ensure the right people are getting in to the right places (Fonseca, 2001). It is not enough to assume absolute verification with biometrics alone, but rather as part of a well designed security implementation that considers strong two factor authentication, such as a PIN or digital signature. As biometrics become more critical in the protection of civil infrastructure, they will have to become more interoperable, scalable, usable, reliable, and secure. That will require comprehensive universal biometric standards.
There are many common every day uses in which the biometric field could provide greater efficiency and enhance our lives in the future. Some of the possible uses could be to unlock and start your car, to open the doors to your home and office, to access account at a bank orautomated teller machine, or even to turn on appliances or stereos. There would be no access to cards or keys, just your body as the method with which to gain access. E-commerce is one of the ways in which consumers as well as companies will find useful in the biometric field as purchases online become more common and frequent. The future of biometric use is in our hands and we must now decide what to do with it. While there are still a vast amount of issues that need to be resolved like security and costs, biometrics are the waves of the future and are not going to go away. We need to decide how we are going to approach biometrics and improve on the current methods. While the convenience of this technology is obvious we must address the many issues such as privacy and protection of personal information because this new technology is gaining momentum and will continue to evolve. We must be prepared for how can we make maximum use of biometrics and still maintain our anonymity. With the proper mechanisms in place, biometric technology has the potential to improve security without seriously compromising individual privacy.References:
- Harmel, Karen (2006)Walt Disney World: The Governments Tomorrow LandRetrieved fromhttp://newsinitiative.org/story/2006/09/01/walt_disney_world_the_governments
- Woodward, John D. (2001)Biometrics: And Now The Good Side Of Facial ProfilingRetrieved fromhttp://www.milesresearch.com/main/BiometricReferencesPreview.htm
- Fonseca, Brian (2001)Biometrics Scan the Future of SecurityRetrieved fromhttp://transcripts.cnn.com/2001/TECH/computing/01/17/biometrics.future.idg/index.html
Article name: A measurable physical characteristic essay, research paper, dissertation