Biometrics: The Future of Security
There are some basic terminologies in the field of security.
Authorization: Permission or approval to access a resource.
Authentication: Validating or figuring out the identity of a person.
Access Control: A mechanism for limiting the use of some resources to the authorized users.
How Authentication is done?
The Security Field uses 3 Types of Authentication:
- Something We Know (Knowledge) (K) (e.g. A Password, Pin or personal Information)
- Something We Have or Possess (P) – A card or Token (e.g. ID cards, key, smart cards, digital certificates)
- Something We Are – A Biometric (B) (something that is part of us)
Physiological (fingerprints, face, iris…)
Behavioral (walking, keystroke pattern …)
Sometimes these modes are combined for authentication.
Like: ATM card + password
There are some limitations to Password Authentication.
According to a Password survey:
- 26% – use common words, dates, phone, address numbers
- 38% – recycle old passwords.
- 2% – change password only if perceiving a security threat
- 17% – keep password list on monitor, keyboard or desk drawer.
How many different passwords do you have?
According to the article “2002 NTA Monitor Password Survey”:
- 67 % of the users rarely or never change their passwords.
- 22% would only ever change one if forced to do so.
- An average “heavy” IT user has 21 passwords. Some users have up to 70 passwords!
What Do You Mean by Biometrics?
What the Dictionaries say is Biometrics means – “The statistical analysis of Biological Data”
But in today’s e-speak: Biometrics refers to an automated system that can identify an individual by measuring their physical and behavioral uniqueness or patterns and comparing it to those on record.
In other words, instead of requiring personal identification cards, magnetic cards, keys or passwords, biometrics can identify fingerprints, face, iris, palm prints, signature, DNA, or retinas of an individual for easy and convenient verification.
Commonly used Biometric Characteristics
Types of biometrics in Exploratory Stages:
Biometrics: Recognition: Biometric Recognition completed in 4 major steps as follows:
- Measure biometric characteristics with an appropriate device.
- The resulting data may be an image, a sound, …
- Multiple samples may be used. A quality measure may be associated with the measure.
- Pre-processing collected data (e.g. removal of noise, removal of unwanted data).
- Failure to enroll (Not able to extract the feature from the collected sample).
- Convert the data into a “numeric” feature template.
- Compare the extracted template with the previously enrolled biometric templates
- Determine a degree of similarity and output a matching
- Calculate the score.
- Matching scores are compared to a threshold
- Above threshold – Match
- Below threshold – No Match
First Enroll the user for biometric identification then the user can recognize as showing in the below diagram.
Biometric Data fusion scenarios:
We can combine the traits, sensors and feature sets in the process.
Biometric data fusion levels:
We can combine the features at different stages as shown in the below picture.
- More secure than a long password
- Solves repudiation problem
- No need to remember passwords or carry tokens
- Biometrics cannot be lost, stolen or forgotten
Common Applications of Biometrics
- PC/LAN Logon
- Single Sign-On (SSO)
- Access Control
- Transactions via e-commerce
- Automated medical diagnostics
- Application Logon
- Website Account Access and Purchasing
- Document encryption
Advantage for Employers
- Reduced Costs – Password Maintenance, No Buddy Punching.
- Increased Security – No Shared or Compromised Passwords, Detect Fraudulent Account Access.
- Competitive Advantage – Familiarity with Advanced Technology
Advantage for Employees
- Convenience – No Password to Remember or Reset, Faster Login.
- Security- Confidential Files can be Stored Securely.
Advantage for Consumers
- Convenience – No Passwords to Remember or Reset.
- Security – Personal Files, Including Emails can be Secure.
- Security – Online Purchase Safer.
- Violation of privacy.
- Often requires significant computational resources
- It cannot be changed: once forged, …
Which is the Best Biometric
Fingerprint recognition has long been favored among many biometric Identification technologies due to its uniqueness and permanence.
Nowadays, fingerprint recognition considered to be the best choice for most applications from network security systems to compact devices, due to its accuracy, speed, reliability, non-intrusive interfaces, and cost-effectiveness, resulting in acquiring 50% of the shares in biometric markets.