Biometric Authentication - Assignment Example

? Biometric Authentication (Insert Introduction The era that we live in is computer centered. This means that almost everything, if not everything, relies on some computer technology to operate. The number of accounts that an individual operates are increasing by the day and consequently, so are the passwords that grant access to these websites and accounts. However, this does not guarantee safety for the individual’s property and data simply because of the rising number of identity theft cases and data disclosure cases. IT developers have therefore designed several technology software which authenticate or grant an individual access to an account by virtue of a physical character such as a fingerprint. This kind of authentication is what is referred to as biometric authentication. The security of a nation is very sensitive and therefore military bases and locations of security valuables need to be under 24 hour surveillance to ensure that there is no breaching in the perimeter. Ministries of defense in various developed countries have therefore employed biometric authentication in their military bases to restrict access to only authorized personnel and not just anyone. This paper will be assessing biometric authentication in the context of Ministry of Defense and its necessities, alternatives, weaknesses and strengths among other pertinent issues. Why is a dedicated biometric "solution" needed? Briefly and critically review leading edge approaches to role based authentication. What alternative solution(s) are applicable to this context of use? Provide their distinction(s) to rule-based authentication mechanisms. The biometrics technology does not go without fault as it has been termed as both a promising and disruptive technology. The inapplicability of the current authentication services deem a dedicated biometric solution extremely necessary. Before a biometric is chosen for use in biometric authentication, it is necessary that a suitability test be performed on the biometric authentication. Jain, Bolle, and Pankanti (1996) have identified several factors which point out to the necessity of a dedicated biometric solution. The first thing that needs to be considered is the universality of the trait; the biometric that is to be used should be possessed by everyone. It should also be unique to a particular person. Another important factor is permanence. This is in relation to the manner in which the biometric changes over time. Role-based access control is a concept of two extremes. At one end, it is simple while the other end is characterized by sophistication. According to the NIST model (Ferraiolo et.al, 2007), there are four sequential approaches to role based authentication. The sequence is arranged in terms of increasing functional capabilities. The first is the flat role-based access control. It embodies the essential aspects of role based access control. According to this approach, permissions and users are assigned to roles and therefore for a user to gain permission, it is necessary for them to be part of a role. It is however key to note that many roles can be assigned to one user while one role can be assigned to many users. The second is hierarchical role based access control. This level adds a requirement which supports the hierarchy in that the senior staff gains permission of the juniors. This approach has two levels. The first level is general hierarchical role-based authentication. In this case, there is support for an arbitrary partial order to serve as the role hierarchy. In the second level, restrictions may be imposed in the role hierarchy by the system and this level is referred to as restricted hierarchical role-based authentication. The third approach is constrained RBAC. Separation of duties, a technique that existed before the computer to reduce the possibility of fraud and accidental damage, is added as a requirement in this approach. There are two ways in which separation of duties can be implicated and they are static, and dynamic separation of duties. The final approach is the symmetric RBAC. This approach helps in the identification of roles to which a particular permission has been assigned and vice-versa. In this context of use, the alternative solution that is applicable is XACML (Crampton). The distinction between the NIST model and rule based authentication mechanisms is the fact that rule-based authentication policies consist of attribute based conditions which determine the allowed protocols and identity source while RBAC policies determine the roles in an organization and the permissions attributed to the roles and the individuals performing the roles. The Strengths and weaknesses of PALM Biometrics and the authentication and reliability of this mechanism. PALM biometrics operate differently when compared with other biometric systems such as the fingerprint scan system. The PALM biometric system compares the external physical features of the palm with the templates that are stored in the system. The PALM biometric system is also referred to as the palm vein biometric system. The system therefore uses the vein layout on the palms of the individual as a digital image and compares it with the templates stored in the system. It has several strengths and weaknesses. The first strength of the system is the fact that the vascular patterns of each person are different and unique. Therefore this unique pattern provides large, robust, stable, and hidden biometric features. The blood vessels pattern and the fingerprints are similar in that they remain relatively unchanged as of birth and the pattern is unaffected by ageing except for the predictable growth. As pointed out earlier, the palm biometric system is practically permanent (Ferraiolo et.al, 2007; Fette, p.116). This system also gives an individual a sense of assured security in that the pattern of blood vessels is very intricate and therefore it becomes difficult to forge it considering how deeply rooted it is in the palm. The authentication accuracy is not affected by the texture of the palm; whether the palm is dry or rough, the vein pattern remains unchanged (Fette, 2009, p.116). According to various statistical studies, palm vein biometric system has a false rejection rate of 0.01% and a false acceptance rate of 0.00008% (Vacca, p. 152). This therefore proves that palm biometric systems are highly accurate. With regards to the weakness of the system, the quality of the image of the vein pattern is affected by various factors which are natural. For example, when the body temperature increases, the veins are dilated and therefore they appear to be larger to the camera and this can result to denied access because of false authentication. Other natural factors may include, nearness of the veins to the surface, ambient temperature, and uneven distribution of heat. From a public domain perspective, PALM biometric authentication is a reliable mechanism because of the strengths which have been stated above. The only unreliability of the system lies in the effects that are caused by natural factors. Alternatives to biometric templates that MOD can use and an analysis of their suitability, limitations, and risks. Although biometric authentication has been proved as a reliable source of safeguarding data, several ways have been suggested to protect biometric templates from revealing important information. Jain and Uludag (2003, p. 1495) suggest the use of steganography principles to hide biometric data in host images such as faces. This is particularly useful in distributed systems where the raw biometric data may have to be transmitted over a non-secure communication channel. Embedding biometric data in an innocuous host image prevents an eavesdropper from accessing sensitive template information. Another alternative for biometric templates is the embedding of an algorithm of dynamic signature features in to face images present on ID cards. These features are transformed into a binary stream after compression. A computer-generated hologram converts this stream into the data that is ?nally embedded in the blue channel of a face image. During veri?cation, the signature features hidden in the face image are recovered and compared against the signature obtained on-line. It is reported that any modi?cation of the face image can be detected, thereby disallowing the use of fake ID cards. A compromised template would mean translate to a user’s loss of identity simply because the biometric trait of a person cannot be easily replaced unlike passwords and personal identification numbers. Experts have proposed the use of distortion functions which can be used to generate biometric data that can be cancelled if necessary (Ratha, et.al 2001). The functions use a non-invertible transformation function that distorts the input biometric signal, for example the face image, prior to feature extraction or, alternately, modi?es the extracted feature set (e.g., minutiae points) itself. A new template is generated when the stored template has been compromised. A new function replaces the current transformation function and therefore cancels the compromised template and a new template is generated. In the realm of template transformation, the so-called biometric cryptosystems are gaining popularity. These systems combine biometrics and cryptography at a level that allows biometric matching to effectively take place in the cryptographic domain, hence exploiting the associated higher security. Uludag et.al (2005), suggests that converting fingerprint templates in to point lists in 2D space helps to implicitly hide a given secret. The list does not reveal the template data, since it is augmented with chaff points to increase security. The template data is identi?ed only when matching minutiae data from an input ?ngerprint is available. The only weakness of these alternatives for using templates is the fact that they are expensive to implement as compared to other template strategies. Means of protection at the end-user level (PC) that Steria can employ as part of the security policy imposed. It is practically impossible to prevent the copying of digital data. This is because of the fact that it is easily accessed and when released, it becomes publicly owned, meaning that it can be copied at any time. To protect digital data from being pirated or breached, companies will use Digital Rights Management Systems (DRMS) which use technical copyright protection measures to safeguard data (Bechtold, 2002, p.284). DRMS’s have three aims. They are; content access to data, monitor authorized consumption, and detect and prosecute copyright infringements. For these three aims to be achieved, it is necessary that the systems incorporate and integrate core security technologies, for example, watermarking and encryption techniques, and rights management language. When distinguishing on the basis of security and protection, software and hardware DRMS’s have a clear distinction. Software-based DRMS’s are different from hardware since they use special front-end software browsers or players to render the content on the client of the user, usually a general-purpose PC. A media firm just needs to implement in-house the corresponding back-end architecture to enable seamless rights and content delivery with the customer front-end. However, software-based DRMS’s front-ends are easy to circumvent with special debugger and disassembler software. Proprietary Hardware-based DRMS’s offer a much stronger level of protection, as the process of encryption and decryption is done in a closed hardware environment and it is very difficult to access the decrypted data flows that are necessary to produce pirate copies. There are other optimal means of protection at the end user level. The cache cleaner is one such means. The Cache Cleaner utilizes a secure delete function to ensure that data cleanup is complete and comprehensive to protect from malicious attempts to recover erased data from disks. Another means is the secure virtual workspace. Secure Virtual Workspace provides complete control over corporate information that is downloaded to the local machine during a session (Kasim p.51). Conclusion In conclusion, biometric authentication is very fundamental in ensuring the security of an individual’s work on the personal computer and also ensuring that a country is kept safe by restricting access to the very sensitive security details to only key people. However, the whole biometric system of authentication is not entirely reliable simply because of the possibility of a biometric being damaged. If in any case the biometric feature of a person that is used for authentication gets damaged, then what this means is that the individual is at a risk of losing their identity. However, the alternatives that have been suggested in this paper can be very important in helping in the increase of the reliability of the biometric authentication. It is also necessary that companies ensure that there is security at the end user level because it will help in reducing the probability of digital data theft and piracy. References BECHTOLD, S. (2002): Vom Urheber- zum Informationsrecht, Implikationen des Digital Rights Management, 2002, Verlag C.H. Beck oHG. CRAMPTON, J. XACML and Role-Based Access Control. MACS Workshop on Secure Web Services and e-Commerce. Royal Holloway, University of London. FERRAIOLO, D., CHANDRAMOULI, R., & KUHN, D. R. (2007). Role-based access control. Boston [u.a.], Artech House. FETTE, B. A. (2009). Cognitive radio technology. Amsterdam, Academic Press/Elsevier. JAIN, A. K., BOLLE, R., & PANKANTI, S. (1996). Biometrics: personal identification in networked society. New York, Springer JAIN, A., K and ULUDAG, U. “Hiding biometric data, ”IEEE Trans. Pattern Anal. Mach. Intelligence, vol. 25, no. 11, pp. 1493–1498, 2003. KASIM, A. (2008). Delivering carrier Ethernet: extending Ethernet beyond the LAN. New York, McGraw-Hill. RATHA, N., CONNELL, J., & BOLLE, R. “Enhancing security and privacy in biometrics-based authentication systems,” IBM Systems Journal, vol. 40, no. 3, pp. 614–634, 2001. ULUDAG, U., PANKANTI, S., & JAIN, A., K. “Fuzzy vault for ?ngerprints,” To appear in Proc. Audio- and Videobased Biometric Person Authentication (AVBPA), (Rye Brook, NY), July 2005. VACCA, J. R. (2007). Biometric technologies and verification systems. Boston, MA, Butterworth-Heinemann/Elsevier. Read More