Safety of Biometric Authentication - Essay Example

Biometric Authentication (Insert Biometric Authentication The era that we live in is computer centered meaning that almost everything, if not everything, relies on some computer technology to operate. The number of accounts that an individual operates are increasing by the day and consequently, so are the passwords that grant access to these websites and accounts. However, this does not guarantee safety for the individual’s property and data simply because of the rising number of identity theft cases and data disclosure cases. IT developers have therefore designed several technology software which authenticate or grant an individual access to an account by virtue of a physical character such as a fingerprint. This kind of authentication is what is referred to as biometric authentication. The security of a nation is very sensitive and therefore military bases and locations of security valuables need to be under 24 hour surveillance to ensure that there is no breaching in the perimeter. Ministries of defense in various developed countries have therefore employed biometric authentication in their military bases to restrict access to only authorized people and not just anyone. This paper will be assessing biometric authentication in the context of Ministry of Defense and its necessities, alternatives, weaknesses and strengths among other pertinent issues. The biometrics technology does not go without fault as it has been termed as both a promising and disruptive technology. The main reason why a dedicated biometric solution is needed is because the current biometric authentication services are not applicable under certain circumstances. Before a biometric is chosen for use in biometric authentication, it is necessary that a suitability test be performed on the biometric authentication. Jain, Bolle, and Pankanti (1996) have identified several factors which point out to the necessity of a dedicated biometric solution. The first thing that needs to be considered is the universality of the trait; the biometric that is to be used should be possessed by everyone. The biometric needed for authentication should also be unique to a particular person. Another important factor is permanence. This is in relation to the manner in which the biometric changes over time. Role-based access control is a concept of two extremes. At one end, it is simple while the other end is characterized by sophistication. According to the NIST model (Ferraiolo et.al, 2007), there are four sequential approaches to role based authentication. The sequence is arranged in terms of increasing functional capabilities. The first is the flat role-based access control. It embodies the essential aspects of role based access control. According to this approach, permissions and users are assigned to roles and therefore for a user to gain permission, it is necessary for them to be part of a role. It is however key to note that many roles can be assigned to one user while one role can be assigned to many users. The second is hierarchical role based access control. This level adds a requirement which supports the hierarchy in that the senior staff gains permission of the juniors. This approach has two levels. The first level is general hierarchical role-based authentication. In this case, there is support for an arbitrary partial order to serve as the role hierarchy. In the second level, restrictions may be imposed in the role hierarchy by the system and this level is referred to as restricted hierarchical role-based authentication. The third approach is constrained RBAC. Separation of duties, a technique that existed before the computer to reduce the possibility of fraud and accidental damage, is added as a requirement in this approach. There are two ways in which separation of duties can be implicated and they are static, and dynamic separation of duties. The final approach is the symmetric RBAC. This approach helps in the identification of roles to which a particular permission has been assigned and vice-versa. In this context of use, the alternative solution that is applicable is XACML (Crampton). The distinction between the NIST model and rule based authentication mechanisms is the fact that rule-based authentication policies consist of attribute based conditions which determine the allowed protocols and identity source while RBAC policies determine the roles in an organization and the permissions attributed to the roles and the individuals performing the roles. PALM biometrics operate differently when compared with other biometric systems such as the fingerprint scan system. The PALM biometric system compares the external physical features of the palm with the templates that are stored in the system. The PALM biometric system is also referred to as the palm vein biometric system. The system therefore uses the vein layout on the palms of the individual as a digital image and compares it with the templates stored in the system. The palm biometric system has several strengths and weaknesses. The first strength of the system is the fact that the vascular patterns of each person are different and unique. Therefore this unique pattern provides large, robust, stable, and hidden biometric features. The blood vessels pattern and the fingerprints are similar in that they remain relatively unchanged as of birth and the pattern is unaffected by ageing except for the predictable growth. As pointed out earlier, the palm biometric system is practically permanent (Ferraiolo et.al, 2007; Fette, p.116). This system also gives an individual a sense of safeguard in that the pattern of blood vessels is very intricate and therefore it becomes difficult to forge it considering how deeply rooted it is in the palm. The authentication accuracy is not affected by the texture of the palm; whether the palm is dry or rough, the vein pattern remains unchanged (Fette, 2009, p.116). According to various statistical studies, palm vein biometric system has a false rejection rate of 0.01% and a false acceptance rate of 0.00008% (Vacca, p. 152). This therefore proves that palm biometric systems are highly accurate. With regards to the weakness of the system, the quality of the image of the vein pattern is affected by various factors which are natural. For example, when the body temperature increases, the veins are dilated and therefore they appear to be larger to the camera and this can result to denied access because of false authentication. Other natural factors may include, nearness of the veins to the surface, ambient temperature, and uneven distribution of heat. From a public domain perspective, PALM biometric authentication is a reliable mechanism because of the strengths which have been stated above. The only unreliability of the system lies in the effects that are caused by natural factors. Although biometric authentication has been proved as a reliable source of safeguarding data, several ways have been suggested to protect biometric templates from revealing important information. Jain and Uludag (2003, p. 1495) suggest the use of steganography principles to hide biometricdata in host images such as faces. This is particularly useful in distributed systems where the raw biometric data may have to be transmitted over a non-secure communication channel. Embedding biometric data in an innocuous host image prevents an eavesdropper from accessing sensitive template information. Another alternative for biometric templates is the embedding of an algorithm of dynamic signature features in to face images present on ID cards. These features are transformed into a binary stream after compression. A computer-generated hologram converts this stream into the data that is finally embedded in the bluechannel of a face image. During verification, the signature features hidden in the face image are recovered and compared against the signature obtained on-line. It is reported that any modification of the face image can be detected, thereby disallowing the use of fake ID cards. A compromised template would mean translate to a user’s loss of identity simply because the biometric trait of a person cannot be easily replaced unlike passwords and personal identification numbers. Experts have proposed the use of distortion functions which can be used to generate biometric data that can be cancelled if necessary (Ratha, et.al 2001). The functions use a non-invertible transformation function that distorts the input biometric signal, for example the face image, prior to feature extraction or, alternately, modifies the extracted feature set (e.g., minutiae points) itself. A new template is generated when the stored template has been compromised. A new function replaces the current transformation function and therefore cancels the compromised template and a new template is generated.In the realm of template transformation, the so-called biometric cryptosystems are gaining popularity. These systems combine biometrics and cryptography at a level that allows biometricmatching to effectively take place in the cryptographic domain, hence exploiting the associated higher security. Uludag et.al (2005), suggests that converting fingerprint templates in to point lists in 2D space helps to implicitly hide a given secret. The list does not reveal the template data, since it is augmented with chaff points to increase security. The template data is identified only when matching minutiae data from an input fingerprintis available. The only weakness of these alternatives for using templates is the fact that they are expensive to implement as compared to other template strategies. It is practically impossible to prevent the copying of digital data. This is because of the fact that it is easily accessed and when released, it becomes publicly owned, meaning that it can be copied at any time. To protect digital data from being pirated or breached, companies will use Digital Rights Management Systems (DRMS) which use technical copyright protection measures to safeguard data (Bechtold, 2002, p.284).DRMS have three aims. They are; content access to data, monitor authorized consumption, and detect and prosecute copyright infringements. For these three aims to be achieved, it is necessary that the systems incorporate and integrate core security technologies, for example, watermarking and encryption techniques, and rights management language. When distinguishing on the basis of security and protection, software and hardware DRMS have a clear distinction. Software-based DRMS are different from hardware since they use special front-end software browsers or players to render the content on the client of the user, usually a general-purpose PC. A media firm just needs to implement in-house the corresponding back-end architectureto enable seamless rights and content delivery with the customer front-end. However, software-based DRMS front-ends areeasy to circumvent with special debugger and disassembler software. Proprietary Hardware-based DRMS offer a much stronger level of protection, as the process of encryption and decryption is done in a closed hardware environment and it is very difficult to access the decrypted data flows that are necessary to produce pirate copies.Other optimal means of protection at the end user level. The cache cleaner is one such means. The Cache Cleaner utilizes a secure delete function to ensure that data cleanup is complete and comprehensive to protect from malicious attempts to recover erased data from disks.Another means is the secure virtual workspace. Secure Virtual Workspace provides complete control over corporate information that is downloaded to the local machine during a session (Kasim p.51). In conclusion, biometric authentication is very fundamental in ensuring the security of an individual’s work on the personal computer and also ensuring that a country is kept safe by restricting access to the very sensitive security details to only key people. However, the whole biometric system of authentication is not entirely reliable simply because of the possibility of a biometric being damaged. If in any case the biometric feature of a person that is used for authentication gets damaged, then what this means is that the individual is at a risk of losing their identity. However, the alternatives that have been suggested in this paper can be very important in helping in the increase of the reliability of the biometric authentication. It is also necessary that companies endure that there is security at the end user level because it will help in reducing the probability of digital data theft and piracy. References BECHTOLD, S. (2002): VomUrheber- zumInformationsrecht, Implikationen des Digital Rights Management, 2002, Verlag C.H. Beck oHG. CRAMPTON, J. XACML and Role-Based Access Control.MACS Workshop on Secure Web Services and e-Commerce.Royal Holloway, University of London. FERRAIOLO, D., CHANDRAMOULI, R., & KUHN, D. R. (2007).Role-based access control. Boston [u.a.], Artech House. FETTE, B. A. (2009). Cognitive radio technology.Amsterdam, Academic Press/Elsevier. JAIN, A. K., BOLLE, R., & PANKANTI, S. (1996). Biometrics: personal identification in networked society. New York, Springer JAIN, A., K and ULUDAG, U. “Hiding biometric data, ”IEEE Trans. Pattern Anal. Mach. Intelligence, vol. 25, no. 11, pp. 1493–1498, 2003. KASIM, A. (2008). Delivering carrier Ethernet: extending Ethernet beyond the LAN. New York, McGraw-Hill. RATHA, N., CONNELL, J., & BOLLE, R. “Enhancing security and privacy in biometrics-based authentication systems,” IBM Systems Journal, vol. 40, no. 3, pp. 614–634, 2001. ULUDAG, U., PANKANTI, S., & JAIN, A., K. “Fuzzy vault for fingerprints,” To appear in Proc. Audio- and Videobased Biometric Person Authentication (AVBPA), (Rye Brook, NY), July 2005. VACCA, J. R. (2007). Biometric technologies and verification systems. Boston, MA, Butterworth-Heinemann/Elsevier. Read More