Skip to content

Biometrics Essay

Biometrics: Uses and Abuses

Biometrics are seductive. Your voiceprint unlocks the door of your house. Your iris scan lets you into the corporate offices. You are your own key. Unfortunately, the reality isn't that simple.

Biometrics are the oldest form of identification. Dogs have distinctive barks. Cats spray. Humans recognize faces. On the telephone, your voice identifies you. Your signature identifies you as the person who signed a contract.

In order to be useful, biometrics must be stored in a database. Alice's voice biometric works only if you recognize her voice; it won't help if she is a stranger. You can verify a signature only if you recognize it. To solve this problem, banks keep signature cards. Alice signs her name on a card when she opens the account, and the bank can verify Alice's signature against the stored signature to ensure that the check was signed by Alice.

There is a variety of different biometrics.In addition to the three mentioned above, there are hand geometry, fingerprints, iris scans, DNA, typing patterns, signature geometry (not just the look of the signature, but the pen pressure, signature speed, etc.). The technologies are different, some are more reliable, and they'll all improve with time.

Biometrics are hard to forge: it's hard to put a false fingerprint on your finger, or make your iris look like someone else's. Some people can mimic others' voices, and Hollywood can make people's faces look like someone else, but these are specialized or expensive skills. When you see someone sign his name, you generally know it is he and not someone else.

On the other hand, some biometrics are easy to steal. Imagine a remote system that uses face recognition as a biometric. ``In order to gain authorization, take a Polaroid picture of yourself and mail it in. We'll compare the picture with the one we have in file.'' What are the attacks here?

Take a Polaroid picture of Alice when she's not looking. Then, at some later date, mail it in and fool the system. The attack works because while it is hard to make your face look like Alice's, it's easy to get a picture of Alice's face. And since the system does not verify when and where the picture was taken--only that it matches the picture of Alice's face on file--we can fool it.

A keyboard fingerprint reader can be similar. If the verification takes place across a network, the system may be unsecure. An attacker won't try to forge Alice's real thumb, but will instead try to inject her digital thumbprint into the communications.

The moral is that biometrics work well only if the verifier can verify two things: one, that the biometric came from the person at the time of verification, and two, that the biometric matches the master biometric on file. If the system can't do that, it can't work. Biometrics are unique identifiers, but they are not secrets. You leave your fingerprints on everything you touch, and your iris patterns can be observed anywhere you look.

Biometrics also don't handle failure well. Imagine that Alice is using her thumbprint as a biometric, and someone steals the digital file. Now what? This isn't a digital certificate, where some trusted third party can issue her another one. This is her thumb. She has only two. Once someone steals your biometric, it remains stolen for life; there's no getting back to a secure situation.

And biometrics are necessarily common across different functions. Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications. If my fingerprint is used to start my car, unlock my medical records, and read my electronic mail, then it's not hard to imagine some very unsecure situations arising.

Biometrics are powerful and useful, but they are not keys. They are not useful when you need the characteristics of a key: secrecy, randomness, the ability to update or destroy. They are useful as a replacement for a PIN, or a replacement for a signature (which is also a biometric). They can sometimes be used as passwords: a user can't choose a weak biometric in the same way they choose a weak password.

Biometrics are useful in situations where the connection from the reader to the verifier is secure: a biometric unlocks a key stored locally on a PCM-CIA card, or unlocks a key used to secure a hard drive. In those cases, all you really need is a unique hard-to-forge identifier. But always keep in mind that biometrics are not secrets. Bruce Schneier <schneier@schneier.com> is CTO and Founder of Counterpane Internet Security, Inc. You can subscribe to his free security newsletter, CRYPTO-GRAM, at http://www.counterpane.com.

Categories: Computer and Information Security

Tags: Communications of the ACM

Biometrics Essay

Biometrics is used in many places and there is a bright future for them. Coca Cola has recently replaced time card system with hand scanning machines. Finger print scanners are being used in many states of the US. They have been used to trace social welfare fraud. An iris pattern identification system is being used in Cook County, Illinois to ensure that right people are released from jail. ATM machines have been installed with finger scanners to prevent theft and fraud in Indiana (Jain, 2005).
The world’s major credit card companies are using finger scanning devices to protect credit card information and save the consumer from credit card fraud. Walt Disney World in Orlando has implemented a hand scanning system to prevent people from lending their passes to others. Biometric systems are being widely used for security and convenience. Major departments of the United States government like the FBI, TWIC and RT are using such technologies. Many biometric identification systems have been installed in airports for security and preventing terrorism.
New biometric technologies are being developed using diverse physiological and behavioral characteristics. These technologies are in various stages of development. Vein scan technology identifies a person based upon blood vessel patterns. This technology uses infrared light to detect vein patterns. It is available for commercial purposes. Facial thermography detects heat patterns which are created by blood vessels that branch. These heat patterns are also emitted from the skin. An infrared camera is used to capture images. The advantage of this system is that it does not require close physical contact. These systems can also work in darkness. However these systems are very expensive to implement (Woodward, 2005).
DNA matching is a biometric system which can produce positive identification of a person. The technology is many years away from development. Blood pulses on a finger can be measured by new biometric systems. This technology is currently under development. Nail bed identification is based on identifying distinct spatial arrangement beneath the fingernail. Gait recognition is another technology which is under development. This recognizes individuals by their distinctive walk and captures a sequence of images to derive and analyze motion characteristics. The technology is currently under development and its complete potential and limitations can be fully assessed. Many biometric identification systems are being developed and tested (Woodward, 2005).


Biometric technologies are getting better and finely tuned. The rate of false readings and errors has sharply fallen. However it still requires careful consideration and planning to implement a biometric identification system. They are most costly and complicated to implement as compared with other authentication systems. A proper evaluation of the system is important before purchasing any biometric system. A thorough risk analysis is...

Loading: Checking Spelling

0%

Read more

Biometrics and Ethics Essay

1466 words - 6 pages Computer technology brought upon many unexpected ethical issues. When discussing about ethics, we need to talk about the importance of computers and be able to answer questions like: what is the reason for addressing the impact of computers on ethics? In his article “What is computer ethics?” Dr. James Moor analyzed and elaborated the very question. Dr. Moor begins his article by defining computer ethics. In his words, “computer ethics is the...

Research Paper-Biometrics

2048 words - 8 pages Research Paper-Biometrics “Biometric technologies are defined as "automated methods of identifying or authenticating the identity of a living person based on a physical or behavioral characteristic."(Source #1) Growing up I loved to watch McGyver. He use to run around and break in and out of military compounds that were equipped with all types of security systems. Somehow he would always find the laser beams, or trick the fingerprint...

Biometrics: Are we the key?

3032 words - 12 pages TABLE OF CONTENTSBIOMETRICS 21. INTRODUCTION 21.1. Biometrics Background 21.2. History of Biometrics 21.3. Areas of Research 22. RESEARCH INFORMATION 42.1. Biometric Methods Used 42.2. Areas of Implementation 52.3. Future Advances 62.4. Negative Aspects 72.5. Positive Aspects 73....

Biometrics Introduction to Information Systems Security

622 words - 2 pages Biometrics is used in many places and there is a bright future for them. Finger print scanners are being used in many states of the US. They have been used to trace social welfare fraud. An iris pattern identification system is being used in Cook County, Illinois to ensure that right people are released from jail. ATM machines have been installed with finger scanners to...

Biometric identification, can we rely on it in Australia?

827 words - 3 pages We live in a world where technology advances everyday. Due to this there are increasing numbers of identity theft. People are finding new ways to steal other peoples' credit card details, social security numbers and many others. Biometric identification will not reduce the number of identity theft in Australia. It's an invasion of privacy to users, there's still a chance that your identity could be stolen, and a physical identity is almost...

Computer security

2637 words - 11 pages Biometrics is now becoming more popular with the introduction of information technology. This technology is used to verify and/or identity someone using his or her own unique physical patterns, for example fingerprints, facial recognition, iris scanning, retinal scan and hand geometry or behavioural patterns such as voice, keystroke dynamics and signatures (See Appendix...

Security and Privacy on SAT´s (IRS) Electronic Signature

2298 words - 9 pages Introduction New information technologies change the way society lives. This is why the tax authorities cannot remain outside such changes. Since the year 2005 the Tax Administration System (SAT Servico de Administracion Tributaria), which is the Mexican IRS, has been introducing and applying new information technologies with the objective of a better, faster and safer way of fulfilling its obligations with taxpayers. One of the most...

Sixth Sense Technology

2114 words - 8 pages SIXTH SENSE TECHNOLOGY [SENSING OBJECTS IN A SECURE PASSION] INTRODUCTION “SIXTH SENSE TECHNOLOGY” shows improvement. Of all the technologies emerging today, the enhanced technology is SIXTH SENSE”. Whenever we encounter a new object our senses try to sense and analyse that particular object and makes us interact with them. But to know the complete information about a particular object we should go through it in detail...

Latent Fingerprint and Vein Matching Using Ridge Feature Identification

1511 words - 6 pages I. INTRODUCTION Now a days, Biometrics maps to a new civilian applications of commercial use. Automatic Fingerprint Identification System(AFIS) appeared as an essential tool for all the biometrics and the law enforcement agencies[1].The demand of the secured biometric system, now lead to the growth in the features and individualities for the responsibility of quite complicated fingerprint and finger-vein present in the fingertips of the...

Image Processing Based Finger-Vein Biometric Recognition System

2314 words - 9 pages A. Iris Recognition A large number of iris biometric identification techniques have been developed and there are several literatures available for Iris recognition. Iris recognition combines computer vision pattern recognition,statistics, and the human-machine interface[1]. The iris recognition system involves a number of steps: First, a camera acquires an image of an eye. Next,the iris is located within the image. The annular region of the iris...

One Day I'll Teach a Robot to Write My Essays

1251 words - 5 pages Technology is advancing every field of science in unimaginable ways. Computers alone have opened up countless job and schooling opportunities that are continually growing by the day. Doctors an scientists in the medical world are using computers for everything from keeping patient files on hand at all times, to better understanding the human brain. (Friedman, and Koffman 2) Technology can make everyday life infinitely easier. Nearly every...