Docstoc

Sense And Security

Document Sample
Sense And Security Powered By Docstoc
					                         Sense And Security

Walking into office, you flash your identification card at the security guard. He
engages his face recognition

system that identifies you and lets you pass. You later phone your colleague, who
engages his voice-identification system

to match your voice against an earlier recording, then gives you the information
you need. After lunch you mark some bills with your personal bio-identification

code and send them to accounts. They use their optical systems to scan your bio-
code to clear those bills. In this

high security office of the future, biometric systems are the primary means of
identity authentication.



This hi-tech, high-security office of the future exists even today. Everyday, the
security guard looks at your face and

recognizes you as an employee, your colleague hears your voice on the phone and
knows it’s you, and your signature assures

people that you approve of what the paper says. Biological systems like us use
biometrics everyday to identify each other. Now computers are able to do

the same.




This opens up some significant security enhancements in the public space. For
example, passports traditionally have
a photograph and some identification marks described in them. Replace this with
digital biometric data, and biometric

security systems at airports could speed up the checking process many times
over,

perform more accurate checks, and free up the security personnel for other tasks.

Taking this into account, the U.K. government is looking to add fingerprint or

iris data to all passports by the year 2006. But that’s not all, you can even have

your own personal biometric systems that effectively replaces passwords. All the

passwords you’ll ever need to remember to use with your computer including
login, Internet site passwords or e-mail

would be hidden away behind your fingerprint. However, it is important to note
that these systems work alongside passwords,

not instead of them. You still need a login password for identification to let you
access your files if the biometric

system fails. Web sites currently do not record biometrics; the bundled software
will send passwords to the site when you

are authenticated via biometrics. So the need for strong passwords doesn’t go
away. There are dozens of such systems

available, and all perform with varying levels of success. Devices like the Sony
Notebook Camera Kit let you access the

PC only if you show your friendly face and the Digital Persona U. is. U Pro will be
happy to see your clean fingers.



Could it be magic?
Biometrics is essentially the measurement of physiological or behavioral
characteristics

of a person. It is important to measure biological characteristics that are

unique to individuals, difficult to fake, and easy to measure. On this basis, fin -

reprints, handprints, voice and face top the easy to measure criteria, while iris
and

retina scans provide the highest level of unique, hard to fake biometrics. These
are

all physical characteristics of your body, and therefore a part of who you are. You

can be reasonably sure (odds of 1 to a million) that you won’t bump into another
person with the

same characteristics. This is what biometric security banks upon.



Biometrics does not guarantee security. It simply offers a more convenient and
reliable means of identification

and authentication. Identification is a process of recognition and involves taking
the biometric data and searching for a match in the database, making it a slower
process that is more prone to

errors. Authentication involves confirming your identity, and the biometric system

has to match your data with only one, single record. Some systems measure
things you

do, in addition to the things you are. When you type your password to login to
your computer, you will notice that

your typing has a certain pattern to it. Some letters follow others in quick
succession,
while others take longer. This pattern is almost a ritual that is very closely
repeated every time you type, and

is also reasonably unique to you. A software called Bio Password from Net Nanny,
retailing for less than $100 (approx.. Rs 5,000), integrates with Windows

2000 and Windows NT login to provide this authentication, without the need for
any additional hardware.

Depending upon the technique used, biometrics have varying levels of accuracy.
Moreover, since the measurements

here are of actual people, there can be no predictability of response. The system
might let you pass in one attempt

on Monday and require five on Tuesday. Biometric systems are unique in the
matter

of having False Acceptance Rates (FAR)—the probability of the system falsely
accepting a

metric as a match, and False Rejection Rates (FRR), where the system fails to
recognize an

authentic bio-signature. Almost all biometrics systems can be adjusted to varying

levels of ‘strictness’ to create a variation in FAR and FRR. Obviously, as the FRR is
increased, the FAR

goes down, and vice-versa. There are no accepted standards for measuring the
accuracy of biometrics on

both these criteria, so we often have to rely on manufacturer's own data or the

results of studies that often do not agree on the results. Yet, there is a broad
consensus
on the relative accuracy levels of different biometric techniques. One study
sponsored by the British Communications Electronics Security Group last year
showed Iris-based identification systems

had no false matches in 2.7 million trials, with a false rejection rate of less than 2

per cent in first attempts and zero in three attempts. Face recognition showed
false

matches of over 10 per cent, and fingerprint systems had false matches of less

than 0.5 per cent



Common biometrics



The idea of a computer looking at a face and recognizing it is inherently enticing.

It is the least intrusive method of biometrics. Your face is permanently on

display no matter where you go, and measuring this metric is as simple as taking

a picture or analyzing the images from a security video camera. A computer

analyses the image to locate a ‘face’ within it, applies algorithms to compensate

for factors such as lighting conditions and creates a normalized face image. This

image is then compared with an existing database. One technique called the Facet
algorithm

by Visions works on the assumption that all faces have the same recurring
elements that form it. These elements are small and many. The Facet algorithm
catalogues

a series of such elements in your face, analyzing their occurrence and geometric
combinations. The company claims to achieve high levels of accuracy and produce
quick search results.

Fingerprinting is a common and well-known biometric. You place your finger on a
scanner, which uses either optical

or electromagnetic means to take its snapshot. While optics may be obscured by
dirt on the finger or stains on the

scanner surface, electromagnetic sensors take that in their stride and have the
additional benefit of being able to detect

the difference between live and dead fingers by their difference in capacitance.
The software analyses your finger for patterns

such as loops, whorls and arches. It takes the sampling of ten to fifteen points

on your finger and stores that in an encrypted form. Authentication is a simple

matter of comparing the finger you offer with the finger signature stored in the

database. The retinal and iris patterns are quite unique to individuals, far more so
than

any biometric yet devised. If you have ever been for ‘computerized’ eye testing,

you have some idea of how this technology interfaces with users. You need to put

your face in front of a camera, and align it carefully to a specific position. A low

intensity Infrared beam shines through your eye, hitting the inside surface of the

retina and warming it up. When warmed up, the blood vessel pattern shows up

more clearly. This is also one of the reasons why movies like ‘Demolition Man are
a little off-track—you can’t rip off

someone’s eyeball and expect the system to work! The camera takes a snapshot
of
the retina or iris, and the digitized image is processed by the software. Again, only

key points on the retina are stored into the database during enrolment. For

authentication, your retinal pattern from these key areas is compared to that
stored

in the database. Despite the high degree of reliability, iris and retina scans remain
the domains

of establishments with extreme security requirements. The scanning process is

quite cumbersome and requires significant co-operation by the subject. It is also

the most intrusive and works with the eye, an organ that most people are quite

sensitive about.



Putting it to use



Fingerprinting is quite convenient to deploy, and is now showing up on an
experimental basis in many US supermarkets.

Customers are invited to give their credit card information and other personal
details to the store, and tie it in

with their fingerprint data. The next time, the customer can pay for purchases
with

just a fingerprint. Convenience is likely to be the main draw for public biometric

systems, but with manufacturers also pushing the accuracy of biometrics,
applications
with higher security requirements are likely to emerge with ATMs being an
obvious candidate. Deploying fingerprinting in a corporate environment for either
employee

attendance or as a security measure is also a growing trend. One Indian
manufacturer

offers fingerprint terminals for just over Rs 60,000, but there are additional costs
involved for either a dedicated computer or Rs 20,000 for a controller. Electronic

locks that can be operated by such a device are sold for Rs 4,000 and you also

need to factor in the cost of installation and training for all employees who must

use the system. Fingerprint scanners for personal computing devices are
commonly available

for $100 to $150 (between Rs 5,000 to Rs 7,500) with bundled software. Though
simple pads like the Sony FIU-

710 are common, they come in many different form factors. Some laptops, like

Toshiba’s 8200 series, can use PC Card fingerprint readers to provide BIOS level

security. The Biolink U-Match Mouse has a thumb scanner located at the thumb

rest area of the mouse.



The final word



Biometrics are going to be on a terminal near you soon enough, but should you
blindly trust them? Not really.

The propaganda on biometrics would have you believe that it is the definitive
answer. Don’t. Security is not just about putting big locks on the front door, it also
involves

making sure all the windows are shut. As a security paranoiac, you will have to
use

multiple layers of security that include biometrics, smart cards and even the

commonplace measure of passwords. Each one can be individually fooled or
bypassed, but the combination makes

the system more secure as a whole. Biometric data must reside on the same kind
of servers and networks that are hacked

every day. If credit card numbers can be stolen, why not biometric signatures?

Yet, no matter what the security issues, biometrics systems do make ultra cool
gizmos.

				
DOCUMENT INFO
Description: Walking into office, you flash your identification card at the security guard. He engages his face recognition system that identifies you and lets you pass. You later phone your colleague, who engages his voice-identification system to match your voice against an earlier recording, then gives you the information you need. After lunch you mark some bills with your personal bio-identification code and send them to accounts. They use their optical systems to scan your bio-code to clear those bills. In this high security office of the future, biometric systems are the primary means of identity authentication.