"Administration of Biometric Database Systems - DOC"
Administration of Biometric Database Systems: What is Being Done to Ensure Adequate Security of biometric databases? Dissertation Idea Paper Submitted in Partial Fulfillment of the requirements for the Degree of Doctor of Professional Studies in Computing at Pace University School of Computer Science and Information Systems by Grace Cummins August 12, 2005 Abstract Biometric technology has been around for many years, since the 19th century, specifically in the form of fingerprinting. Since September 11, 2001, commonly known as 9/11, there has been a ramp up of biometric technology, with specific focus on combating terrorism aimed at the United States of America. There are numerous papers written discussing aspects of biometric technology development and applications for other biometric characteristics, and this is in its infancy. The specific human characteristics, the testing already completed, the results of the tests, and biometric systems currently used in collecting the biometric data on each particular characteristic are all discussed in detail but not much is being written on the biometric databases that store this data. 1. Essence of the Research The focus of this paper is to look at the administration of biometric databases in the United States. In particular,r it will explore what kinds of technologies will be use to make them secure. The goal of the International Civil Aviation Organization (ICAO) is to have centralized databases. This will increase the risk of the use of biometric data as a key to interconnecting databases . Even though paper will concentrate on the biometric databases in the USA, it may at times refer to outside agencies since the USA collects biometric data outside its borders. The collection of biometric data outside of the USA is mainly for the purpose of the Homeland Security objective, which this paper is not focused on. Biometrics is used to identify people based on their biological traits. It is a growing technological field which has deep implications because proving identity is becoming an integral part of our daily lives. It is evident that our identity is frequently required whether through passwords, signatures, cards, etc. Biometrics allow us to authenticate ourselves with things that we carry with us wherever we go, such as our hands, eyes, voices, faces, fingerprints, etc. Biometric systems involve converting unique human body characteristics into digital codes, and storing them in a database. Biometric data is captured, extracted and encoded as a biometric template . The collection and storage of some biometric data is intrusive and this entire process could have far-reaching impact on the user‟s behavior. 2. Significance of the Research Authorities have to demonstrate that they are capable of securing and properly managing this very sensitive information. In recent times we have seen where personal data has been mismanaged by banks in the form of stolen identities. The level of trust in the institutions that should be safeguarding our privacy has failed. Biometrics is a fallible technology and security breaches are a fact of life. It is therefore imperative that the authorities responsible for ensuring the correct implementation for the administration of biometric databases. Biometrics is in its infancy so while authorities are concentrating on how they will collect the data they should also be paying equal attention to safeguarding this sensitive information and its integrity. Because it is relatively new there is no way of telling what kinds of things it could be used for when placed in the hands of the unscrupulous. No one envisioned the level of security theft to which it has reached today, yet it has complicated many a person‟s life, creating various kinds of hardships for them. The Computer Security Institute and FBI conducted a study of organizations that experienced security breaches. The seventh annual survey polled 503 American corporations, government agencies, financial and medical institutions and universities. It reported 90 percent of respondents detected computer security breaches that year . Despite these alarming statistics, the United States has yet to develop a long range method of administering these large-scale multimodal databases. 3. Research Effort Being in its infancy, research on the administration of biometric technology may be quite limited. However, there are questions being raised in many articles with regard to biometric data security so it stands to reason that there must be work being completed. These databases, besides storing precious information, have the potential to be extremely large. There are still a lot of unanswered questions with regard to the whole idea of using biometrics for identification and verification. These databases, even though managed in the USA, will possibly be linked to databases in other countries. Standardization and possibly integration of databases create many challenges for developers, this could be part of the reason why there has not been a great deal written on the correct administration to be applied to them. 4. Research Approach With the recent attention on extended biometric technology, the research methodologies I will engage could be quite varied. It will involve many interviews which will range from interviews with those who select keepers of the databases, the administrators of the databases as they are today, developers of the software used in creating the databases and possibly attending some biometric conferences. There could be other methods I will employ if I think of any others. 5. Resources If at all possible I will try to interview experts in the field of biometrics, as well as experts in the medical research field to find out what kinds of threats are possible if biometric data get into the hands of the unscrupulous. There could possibly be other kinds of threats that unimaginable today by the average person, and as technology emerges, as hackers become more sophisticated, and as the unscrupulous become more resourceful, who is to say how biometric data can be manipulated to expose people to even greater risks, i.e., health risks. References  “An Open Letter to the ICAO”: A second report on „Towards an International Infrastructure for Surveillance of Movement‟, March 30, 2004. http://www.privacyinternational.org/issues/terrorism/rpt/icaoletter.pdf  Paul Rosenzweig, Alane Kochems, and Ari Schwartz, “Biometric Technologies: Security, Legal, and Policy Implications”, Legal Memorandum #12, June 21, 2001. http://www.heritage.org/Reaserch/HomelandDefense/lm12.cmf  Tommie Singleton, “Biometric Security Systems: The Best Infosec Solution?” March 01, 2003, Volume 30, Issue 9 http://www.itknowledgebase.net.eJournals/articles/article_synopsis.asp?id=41230 Other Readings not cited Dario Forte, “Biometrics: Untruths and the Truth” http://www.usenix.org/publications/login/199-4/biometrics.html Edwin P. Rood and Anil K. Jain, “Biometric Research Agenda: Report of the NSF shop Workshop”, April 29 – May 2, 2003 http://www.wvu.edu/~bknc/BiometricResearchAgenda.pdf Larry Greenemeier, “Programs Aim for Safer Travel, Shorter Lines”, August 16, 2004, http://www.databasepipeline.com/news/29100330