Biometrics: Hollywood Hype or Real World Security Solution?

March 16, 2010 - By Ivan A. Vazquez

March 16, 2010 – Traditionally, biometrics has been the stuff of fantasy. Hollywood films often use it to show the evils of automation. For some, it conjures up images of clandestine organizations and covert activities.

In theory, biometrics is a great way to authenticate computer users that provides a great, additional layer of security. It’s impossible to lose your fingerprint (barring the most gruesome of developments), and you can’t forget it like you could a password. In practice, though, there are so many things that, for now, limit the more widespread use of this technology.

One of the problems that has been pointed out by experts like Guy Churchward, CEO of LogLogic, is its uniqueness. According to him and others, the uniqueness of biometric data also makes it an inherently flawed choice as a primary method of authentication. Churchward states, “Once you have your fingerprint scanned it will give a unique data sequence which if compromised is not exactly something you can change,” he says. “Imagine having an option of only one password ‘ever’. One loss and you are in deep Problems.”

Another problem is that current scanners still can’t recognize if the fingerprint is on a real finger or an artificial one. Andrew Clarke, of e-DMZ Security, says that in theory, one could get a hold of the user’s fingerprint using techniques used in crime detection and transfer it on an artificial finger. This will likely change as the technology evolves, but for now the system is still fallible. This negates it as a suitable a primary and 100% effective solution to the industry’s current authentication problem. In explanation, Clarke states, “As with all authentication, multiple factors increase the effectiveness of the solution. Something you have (fingerprint) combined with something you know (passcode) provides a stronger solution.”

While there are differing opinions regarding the overall efectiveness of biometrics, there is no doubt that it has benefits, when compared to traditional authentication methods, such as the user name and password combination.

What are the available options and their Pros and Cons?

Finger print readers

Pros: Not Much Storage space is required for data.
Cons: Traditionally associated with criminal activities (exaggerated by movies and TV), and, thusly, users could be reluctant to adopt this form of biometric authentication.

Hand Scans

Pros: Low data storage for templates.
Cons: Not necessarily unique to every user; Enrollment process can be time-consuming.

Voice Authentication

Pros: More readily accepted by users due to its non-intrusive nature; Additional hardware is cost-effective and readily available (Microphone).
Cons: Background noise must be controlled for accurate enrollment and verification; Significant storage space required, since 2,000 to 10,000 bytes is required for each template; Easily influenced by extraneous circumstances such as sore throats and common colds; For remote access authentication, phone lines may not be high enough quality to transmit voice traits accurately.

Retina Scans

Pros: High Accuracy in identifying users; Low data storage requirements for templates.
Cons: Extremely intrusive, low user acceptance rate; Extremely expensive, special hardware required.

Iris Scans

Pros: Non-intrusive, camera can be up to 12″ away; High accuracy in identifying users; Low data storage requirements for template.
Cons: Extremely expensive based on special hardware requirements.

Facial Scans

Pros: Data acquisition non-intrusive and requires no physical contact with equipment.
Cons: Data acquisition and authentication difficult since user must position face in same position each access; Ample background lighting important for accurate verification; Users may feel violation of privacy as data may be captured verified and used by third parties without their knowledge.

In conclusion, the effectiveness of a biometric authentication system is, for the most part, dependent upon the associated hardware requirements and user acceptance of the chosen biometric. What is certain is that the combination of biometric authentication, with a smartcard or token system, results in a far more secure network. Whether biometrics will become widespread remains uncertain given the associated high costs and large number of both real and perceived disadvantages.

However, as technology improves and the overall cost of purchase and operation come down, we may very well see a more statistically significant migration towards it. An increase in the implementation will likely be commensurate with the increased demand for more stringent network security mechanisms. A good indication of what is to come eventually may be seen in Microsoft’s recent announcement that they plan to include biometric authentication software in future releases of Microsoft Windows operating systems. If this possibility becomes a reality, biometrics is far more likely to become an everyday part of our computing lives.

Related posts:

1. Antennagate: Real-world solutions to the iPhone 4 antenna problem
2. Apple Releases Mac OS X 10.6.2 Security Update: What did it actually fix with regard to security?
3. iPad Hype: Too Much of a Good Thing?
4. Earth Day 2010: How Geeks Can Help Save the World
5. Alleged Employee Role in Google Attack Highlights the Importance of Computer Security Education