Barriers to Biometrics for Mobile Authentication - Essay Example

Barriers to Biometrics History Biometrics is the science that uses unique physical characteristics of your body, such as your fingerprint or the pattern of your iris, to confirm your identity. Fingerprinting has been used for decades, primarily in law enforcement, but past technology was expensive and slow. Miniaturisation, which has led to lower cost, has made biometrics available to the average business owner. Why Biometrics Because of the ability of biometrics to be identified with only one unique individual, it offers unparalleled security in a wireless environment. With the current state of security that a single password holds, using only a single entry requirement leaves sensitive data at risk. Biometrics eliminates the danger of a password being stolen, or as is more common, a password being used without proper authorisation. Biometrics can reduce the problem of corporate risk associated with a supervisor "loaning" his badge to an associate to gain unauthorised access. With the vast number of systems and the associated passwords, forgotten passwords and their problems could be reduced. Estimates suggest that between 25 to 50 % of all calls to help-desks are caused by forgotten passwords and cost $25 and $50 each(Leyden). When a worker loans his password to another worker to gain access to protected information on a one-time basis, that password has been breached. Biometrics eliminates the risk and assures that access to any entryway, file, or account can only be granted to authorised personnel. Biometrics also has a future in a wide range of applications where it is essential to identify the subject such as credit transactions and health care records. Applications Biometric applications are almost always used to prevent the unauthorised access to sensitive data. Since the early 1980s, systems of identification and authentication based on physical characteristics have been available. These systems were slow and expensive. Twenty years later, computers are faster and cheaper and have renewed the interest in biometrics (Kay). Biometrics may be used in conjunction with smart card technology to gain access to a bank account to transfer funds. This eliminates the threat of unwanted intrusion, as can be the case with a PIN number. The added security verifies the account that is protected, and the biometric information can also be used as a legal verification in the same way we use signed documents. With the increased need for a central medical database for medical records has come the controversy surrounding the unauthorised use and access of the information. Biometrics can verify the request for the records has come from an authorised source and minimise the opportunity for the records to be compromised. Biometrics can also be applied to portable devices, such as laptops, to prevent stolen devices from being accessed with pre-boot biometric authorisation. This can be applied to cell phones and PDAs as well. Though there may not be a foolproof method, biometrics does make it more difficult. According to Jamie Fenton in PC World, "The devices are not error-free, so they're best suited for businesses that need another safeguard for standard or somewhat sensitive data " Wireless devices are especially appropriate for the application of biometrics. Biometrics can be used to prevent unauthorised use of communications devices such as cell phones as well as police, emergency, and defence department networks. As an ever-increasing number of wireless devices are connected to corporate networks, the need for security becomes imperative. With smaller and less expensive devices, the advancement of biometrics can assure that the implementation of wireless will be done with a minimum of risk(DigitalPersona). Voice recognition is another popular application in wireless communication devices. It is most widely used to place calls, or perform routines based on voice recognition. It allows for hands free operation and is generally applied for safety concerns. Though it can suffer from reliability issues, there is some promise in this technology as a security application. The Current State of Biometrics Fingerprint recognition, because of its longer history and widespread applications in identification, is the most widely used. It works by placing or rubbing your fingerprint across a sensor. The sensor reads the ridges and valleys on your fingertip and the data is stored. An algorithm is applied to the data and provides an image of your unique print. Image evaluation can be done in the device or can be accomplished at an on site location before authorisation. Common sensors are the capacitive, thermal, and laser imaging type. They can be a pad where the finger is placed and held, or can be a roller type where the finger is scanned across a thin element. Drawbacks for print reading technology can be false positives where the device allows unwarranted access. This can be due to latent prints on the pad or may be due to an unreliable algorithm. As the algorithm gets more sophisticated, the false positive error is reduced. However, due to the increased sensitivity, false negatives become a concern. The technology is subject to reliability issues in a wireless environment. The capacitive elements are subject to failure due to electrostatic discharge. Pads can become scratched and rollers can wear. Researchers are gaining ground in producing newer more reliable systems. Retinal recognition is the most accurate method of identifying a user. It reads an image of the blood vessels in the back of the eye. This system, though highly accurate, is also somewhat intrusive and awkward to use. Because of it's high cost, it is usually only implemented to gain access to high security installations or protect other high risk data. A recent technology available from Hitachi is finger vein recognition. The system utilises a finger-vein pattern reader that reveals the vein pattern in a finger when an LED light is shone from a sensor(Hitachi). This technology overcomes latency problems and decreases the impact of the complex algorithms associated with fingerprints. Face and hand recognition are also methods of biometric identification that are available. They utilise a system that measures key points between the physical features of the subject and compares it to pre-stored data. These methods are relatively new and reliability is still at question when applied to large population studies. Though they may prove to be accurate methods of identification, at present the cost has prohibited their widespread use. Several other methods are in limited use or are emerging These include signature dynamics and typing patterns. These systems do not compare the data or the signature, but looks for traits such as pen pressure, typing speed and patterns(Kay). Rapid DNA sampling is yet one more method being researched. It could prove to be foolproof, but it is years away from a practical application at an affordable cost. The Barriers Expense is only one barrier to the implementation of wireless biometrics. Smartcard and mobile technology have the further constraints of limited memory, computing power, and transmission speed. This places serious limitations on cell phones and PDA based applications. In addition, there is additional hardware and software required when implementing a biometric program into an existing platform. In addition to the technical and expense aspects of biometric implementation, there is also the public perception and social concerns. Many people fear that their physical information stored in a database is an invasion of privacy. The intrusive nature of measuring a person's hand or face can put a user in an uncomfortable position. The general public, outside the IT industry, may be slower to accept the newer innovations designed to prevent credit card fraud or bank account access at an ATM. This may slow the development of newer technologies and reduce the number of practical applications. Yet, according to Sabah Jassim of the University of Buckingham, widespread use of biometric identification will provide a feasible and reliable method to control credit card fraud and repudiation of online transactions in the future. Biometrics in the Future Biometrics is here to stay and is the only foreseeable solution to the security risks faced in the wireless environment. As the past has proven, when technology becomes more widespread, the cost comes down. The cost of a fingerprint scanner had dropped from $1200US to $300US in the three-year period of 1997 to 2001(Biometrics in Healthcare). That represents a 400% drop. Today, scanners can be purchased for under $100. Facial recognition cameras used to perform identification have realised a similar, if not more dramatic drop in cost. Future applications will include smart card technology coupled with biometrics on credit cards and security badges. DNA sampling may eventually become a reality. When used in conjunction with radio frequency ID technology, processing and authorisation can take place over wireless networks and reduce the point of sale costs of implementation. The reduction in fraud and abuse could speed the use of biometric technology as a cost saving device. Works Cited "Biometrics in Healthcare." Business Solutions. 13 Dec. 2005 "DigitalPersona Revolutionizes Mobile Biometrics." DigitalPersona. 6 May 2003. 13 Dec. 2005 < http://www.digitalpersona.com/news/releases/050603.php> Fenton, Jamie. PC World. 2005. 13 Dec. 2005 " Hitachi Unveils Notebook With Biometric Security." Computerworld. Ed. Digital World Tokyo Staff. 2 Dec. 2005. 13 Dec. 2005 < http://www.computerworld.com/ hardwaretopics/hardware/story/0,10801,106710,00.html> Jassim, Sabah. " Multi-resolution Approach to Facial Recognition." 13 Dec. 2005 Kay, Russell. " QuickStudy: Biometric Authentication." Computerworld 4 Apr. 2005. 13 Dec. 2005 Leyden, John. "Password Overload Plagues US.biz." The Register 27 Sept. 2005. 13 Dec. 2005 < http://www.theregister.co.uk/2005/09/27/password_overload_survey> Read More