VIEWS: 30 PAGES: 9 CATEGORY: Hardware POSTED ON: 1/11/2013
Walking into office, you flash your identification card at the security guard. He engages his face recognition system that identifies you and lets you pass. You later phone your colleague, who engages his voice-identification system to match your voice against an earlier recording, then gives you the information you need. After lunch you mark some bills with your personal bio-identification code and send them to accounts. They use their optical systems to scan your bio-code to clear those bills. In this high security office of the future, biometric systems are the primary means of identity authentication.
Sense And Security Walking into office, you flash your identification card at the security guard. He engages his face recognition system that identifies you and lets you pass. You later phone your colleague, who engages his voice-identification system to match your voice against an earlier recording, then gives you the information you need. After lunch you mark some bills with your personal bio-identification code and send them to accounts. They use their optical systems to scan your bio- code to clear those bills. In this high security office of the future, biometric systems are the primary means of identity authentication. This hi-tech, high-security office of the future exists even today. Everyday, the security guard looks at your face and recognizes you as an employee, your colleague hears your voice on the phone and knows it’s you, and your signature assures people that you approve of what the paper says. Biological systems like us use biometrics everyday to identify each other. Now computers are able to do the same. This opens up some significant security enhancements in the public space. For example, passports traditionally have a photograph and some identification marks described in them. Replace this with digital biometric data, and biometric security systems at airports could speed up the checking process many times over, perform more accurate checks, and free up the security personnel for other tasks. Taking this into account, the U.K. government is looking to add fingerprint or iris data to all passports by the year 2006. But that’s not all, you can even have your own personal biometric systems that effectively replaces passwords. All the passwords you’ll ever need to remember to use with your computer including login, Internet site passwords or e-mail would be hidden away behind your fingerprint. However, it is important to note that these systems work alongside passwords, not instead of them. You still need a login password for identification to let you access your files if the biometric system fails. Web sites currently do not record biometrics; the bundled software will send passwords to the site when you are authenticated via biometrics. So the need for strong passwords doesn’t go away. There are dozens of such systems available, and all perform with varying levels of success. Devices like the Sony Notebook Camera Kit let you access the PC only if you show your friendly face and the Digital Persona U. is. U Pro will be happy to see your clean fingers. Could it be magic? Biometrics is essentially the measurement of physiological or behavioral characteristics of a person. It is important to measure biological characteristics that are unique to individuals, difficult to fake, and easy to measure. On this basis, fin - reprints, handprints, voice and face top the easy to measure criteria, while iris and retina scans provide the highest level of unique, hard to fake biometrics. These are all physical characteristics of your body, and therefore a part of who you are. You can be reasonably sure (odds of 1 to a million) that you won’t bump into another person with the same characteristics. This is what biometric security banks upon. Biometrics does not guarantee security. It simply offers a more convenient and reliable means of identification and authentication. Identification is a process of recognition and involves taking the biometric data and searching for a match in the database, making it a slower process that is more prone to errors. Authentication involves confirming your identity, and the biometric system has to match your data with only one, single record. Some systems measure things you do, in addition to the things you are. When you type your password to login to your computer, you will notice that your typing has a certain pattern to it. Some letters follow others in quick succession, while others take longer. This pattern is almost a ritual that is very closely repeated every time you type, and is also reasonably unique to you. A software called Bio Password from Net Nanny, retailing for less than $100 (approx.. Rs 5,000), integrates with Windows 2000 and Windows NT login to provide this authentication, without the need for any additional hardware. Depending upon the technique used, biometrics have varying levels of accuracy. Moreover, since the measurements here are of actual people, there can be no predictability of response. The system might let you pass in one attempt on Monday and require five on Tuesday. Biometric systems are unique in the matter of having False Acceptance Rates (FAR)—the probability of the system falsely accepting a metric as a match, and False Rejection Rates (FRR), where the system fails to recognize an authentic bio-signature. Almost all biometrics systems can be adjusted to varying levels of ‘strictness’ to create a variation in FAR and FRR. Obviously, as the FRR is increased, the FAR goes down, and vice-versa. There are no accepted standards for measuring the accuracy of biometrics on both these criteria, so we often have to rely on manufacturer's own data or the results of studies that often do not agree on the results. Yet, there is a broad consensus on the relative accuracy levels of different biometric techniques. One study sponsored by the British Communications Electronics Security Group last year showed Iris-based identification systems had no false matches in 2.7 million trials, with a false rejection rate of less than 2 per cent in first attempts and zero in three attempts. Face recognition showed false matches of over 10 per cent, and fingerprint systems had false matches of less than 0.5 per cent Common biometrics The idea of a computer looking at a face and recognizing it is inherently enticing. It is the least intrusive method of biometrics. Your face is permanently on display no matter where you go, and measuring this metric is as simple as taking a picture or analyzing the images from a security video camera. A computer analyses the image to locate a ‘face’ within it, applies algorithms to compensate for factors such as lighting conditions and creates a normalized face image. This image is then compared with an existing database. One technique called the Facet algorithm by Visions works on the assumption that all faces have the same recurring elements that form it. These elements are small and many. The Facet algorithm catalogues a series of such elements in your face, analyzing their occurrence and geometric combinations. The company claims to achieve high levels of accuracy and produce quick search results. Fingerprinting is a common and well-known biometric. You place your finger on a scanner, which uses either optical or electromagnetic means to take its snapshot. While optics may be obscured by dirt on the finger or stains on the scanner surface, electromagnetic sensors take that in their stride and have the additional benefit of being able to detect the difference between live and dead fingers by their difference in capacitance. The software analyses your finger for patterns such as loops, whorls and arches. It takes the sampling of ten to fifteen points on your finger and stores that in an encrypted form. Authentication is a simple matter of comparing the finger you offer with the finger signature stored in the database. The retinal and iris patterns are quite unique to individuals, far more so than any biometric yet devised. If you have ever been for ‘computerized’ eye testing, you have some idea of how this technology interfaces with users. You need to put your face in front of a camera, and align it carefully to a specific position. A low intensity Infrared beam shines through your eye, hitting the inside surface of the retina and warming it up. When warmed up, the blood vessel pattern shows up more clearly. This is also one of the reasons why movies like ‘Demolition Man are a little off-track—you can’t rip off someone’s eyeball and expect the system to work! The camera takes a snapshot of the retina or iris, and the digitized image is processed by the software. Again, only key points on the retina are stored into the database during enrolment. For authentication, your retinal pattern from these key areas is compared to that stored in the database. Despite the high degree of reliability, iris and retina scans remain the domains of establishments with extreme security requirements. The scanning process is quite cumbersome and requires significant co-operation by the subject. It is also the most intrusive and works with the eye, an organ that most people are quite sensitive about. Putting it to use Fingerprinting is quite convenient to deploy, and is now showing up on an experimental basis in many US supermarkets. Customers are invited to give their credit card information and other personal details to the store, and tie it in with their fingerprint data. The next time, the customer can pay for purchases with just a fingerprint. Convenience is likely to be the main draw for public biometric systems, but with manufacturers also pushing the accuracy of biometrics, applications with higher security requirements are likely to emerge with ATMs being an obvious candidate. Deploying fingerprinting in a corporate environment for either employee attendance or as a security measure is also a growing trend. One Indian manufacturer offers fingerprint terminals for just over Rs 60,000, but there are additional costs involved for either a dedicated computer or Rs 20,000 for a controller. Electronic locks that can be operated by such a device are sold for Rs 4,000 and you also need to factor in the cost of installation and training for all employees who must use the system. Fingerprint scanners for personal computing devices are commonly available for $100 to $150 (between Rs 5,000 to Rs 7,500) with bundled software. Though simple pads like the Sony FIU- 710 are common, they come in many different form factors. Some laptops, like Toshiba’s 8200 series, can use PC Card fingerprint readers to provide BIOS level security. The Biolink U-Match Mouse has a thumb scanner located at the thumb rest area of the mouse. The final word Biometrics are going to be on a terminal near you soon enough, but should you blindly trust them? Not really. The propaganda on biometrics would have you believe that it is the definitive answer. Don’t. Security is not just about putting big locks on the front door, it also involves making sure all the windows are shut. As a security paranoiac, you will have to use multiple layers of security that include biometrics, smart cards and even the commonplace measure of passwords. Each one can be individually fooled or bypassed, but the combination makes the system more secure as a whole. Biometric data must reside on the same kind of servers and networks that are hacked every day. If credit card numbers can be stolen, why not biometric signatures? Yet, no matter what the security issues, biometrics systems do make ultra cool gizmos.
Pages to are hidden for
"Sense And Security"Please download to view full document