Not invulnerable, and rife with issues, but increasingly sophisticated and widely deployed
Biometric security advocates say it could potentially be the solution to today’s increasingly insecure digital environment. Biometric security has already quickly been incorporated into our lives, for instance many people use their face or fingerprint to open their smart devices. Computer Business Review took a look at five biometric security methods that your business could consider.
Five Biometric Security Methods
1: Iris Recognition
Iris recognition technology involves a person submitting to an eye scan. The scanner illuminates the eye with infrared light that demarcates unique patterns in the iris, which are then encoded into a pixelated copy that can be used for security verification.
Currently the technology is used by the New York Police Department to keep digital records of detainees. In India the government launched the Unique Identification Authority of India project to register 1.2 billion residents by their iris and fingerprint biometrics. The goal of the project is to give residents a unique identification that they can use to access social services.
However, the tech isn’t bulletproof as researchers proved in 2012 when they took the digital data captured by an iris scanner from a system and recreated the iris convincingly enough to fool a security system into given them access. Its advocates say it is rapidly becoming more sophisticated and harder to fool, however, with MarketsandMarkets predicting the sector to be worth $4.3 billion by 2024.
Fingerprinting technology is probably the most visible and ubiquitous of the biometrics in this list. Having your fingerprints taken is no longer just for people who have fallen foul of the law, as anyone who has visited America over the last few years will know; all incoming passengers have to submit to a digital fingerprint scan.
Fingerprints are practically unique for the purpose of security. The claim that no two people can share the same fingerprint is false, but at the same time even identical twins will have contrasting fingerprints. Many employers now use fingerprint technology as a means to verify when an employee signs onto or out of their shift.
Yet, once again this technology is not foolproof, as hacker Jan Krissler demonstrated when he used commercial software to reverse-engineer the fingerprint of the then German defence Minister Ursula von der Leyen from photographs. Below Krissler recreates a fingerprint from a screen smudge.
3: Facial Recognition
Facial recognition software has quickly moved from a largely unreliable technology to a critical part of security systems and is increasingly deployed in airports. The technology involves capturing a detailed image of an individual’s face, this can be done via a video, photo or in real-time. This image can then be used to verify a person identity.
American technology firm NCR is equipping airports with the technology to handle passenger inflows. They note that its: “Biometric Kiosk camera can capture high-clarity images across a broad range of lighting environments and distances (4mm – 5m), making it a good fit for airport conditions. Passengers aren’t required to remain perfectly still, step into a light-controlled environment, or be exposed to excessive camera flashes in order to have their identities verified.”
The technology has controversially been used in the UK by the Metropolitan and South Wales Police forces, who both conducted live facial recognition tests on the public which resulted in legal challenges.
4: Voice Recognition
When a bullet leaves the barrel of a gun it is scratched and marked by its explosive exit, these marks allow investigators to match the bullet to the gun. Like the bullet, when we speak our voice is shaped by the air being pushed through airways, soft tissue cavities and the shape of our mouths, all of which gives our voices a differentiating quality.
Voice recognition via a microphone captures several samples of an individual’s voice and analyses key factors such as intensity, duration, dynamics and pitch. When used as part of a security system, at the point of ingress into a building, a logged users will simple speak a chosen key phrase and the software will compare and contrast its stored samples to verify the authentication.
A number of banks, as well as HMRC are among those using voice recognition to help speed up customer service in the UK.
Unfortunately voice recognition security may be one of the weakest in this list as it is very easy to capture a recording of someone’s voice and recreate it. To be secure, vendors need to incorporate some form of liveness detection test to verify it’s not a recording. Again, the technology – while not failsafe – is improving fast and typically linked to another form of authentication. (A continued challenge is the level of background noise present in most environments; while our ears and brain does a good job of filtering sound out, a microphone does not.)
Many people are familiar with using a fob or security key to tap their way in and out of buildings. However, that fob can be stolen along with your security credentials, one security device that would be messy to steal is an embedded microchip in the hand. Not strictly a biometric technique as most of the above are, it nonetheless is moving out of science fiction and into enterprise deployment, albeit narrowly.
Microchip implants roughly the size of a grain of rice can be placed under the skin on someone’s wrist or hand. Theses microchips have Near-field communication (NFC) capabilities and uses can stored a number of unique security signals that are transmitted when close to a security checkpoint, just like a fob.
This may sound like the intro to a dystopian sci-fi story, but biohacking firms Biohax in Sweden and BioTeq in the UK are already fitting people with their own microchips that can be used for security or even as a means of payment in shops that facilitate contactless payments. In Sweden the rail company Statens Järnvägar lets passengers use their implanted chips instead of physicals tickets.
The truth is that no one of these five biometric security methods is completely secure. As with with online password security a multifaceted approach is best, as evident with 2FA. Using two or more of the methods listed above would ensure that employees are accessing data securely, but potentially this could be detrimental to personal privacy.
Critics warn, however, that while you can change a password, you can’t change or iris or voice, so once compromised the risk cannot be mitigated. The flip-side of this argument, is that passwords can increasingly easily be brute-forced.
Civil rights group the Electronic Frontier Foundation meanwhile notes that “problems are multiplied when biometrics databases are ‘multimodal,’ allowing the collection and storage of several different biometrics in one database and combining them with traditional data points like name, address, social security number, gender, race, and date of birth. Further, geolocation tracking technologies built on top of large biometrics collections could enable constant surveillance.”
By 2022, Gartner meanwhile predicts that 60 percent of large and global enterprises, and 90 percent of midsize enterprises, will implement passwordless methods in more than 50 percent of use cases — up from a mere five percent in 2018.