/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsAfter the events on September 11 in the US, personal security and access security are on top of most minds. Until a few years ago, using computer technology to implement access security was limited to sci-fi movies. In real life, it was like a box of chocolate cookies kept on a shelf too high to reach, for the average company or person. And for those serious enough to implement it, there just weren’t enough options. However, this is fast changing, thanks to advances in biometrics
/pcq/media/post_attachments/6b8cdb9887bfdec4b679061d9c9123374cd7714a3453761c69d08ec02d6f1df9.jpg)
In the movie Mission Impossible I, only one authorized person can access a high-security computer room. His retina is scanned and only when it matches, is he allowed admission into the room. This is biometrics being used for verification in movies. In real life, though, it is today being used for a very sad cause–to identify the victims of the carnage in the US. The FBI is asking the relatives of victims to send in their toothbrushes, combs, or other personal objects from where they can get the victims’ DNA samples.
Biometric technologies are used to accurately identify and verify an individual’s identity. This involves identifying his physiological and behavioral characteristics. Biometrics, in general, refers to the study of biological characteristics. With reference to computer security, it refers to authentication techniques using biological characteristics that are measurable or identifiable, and unique to an individual.
Biometric systems are not flawless. Just as any new technology, biometrics, too, has drawbacks. Some biometric systems are easy to fool, while some are just not feasible to implement, because of their exorbitant installation and maintenance costs and resource requirements.
The accuracy of any biometric system is measured in two ways: FAR (False Acceptance Rate), where an impostor is accepted as a match, and FRR (False Rejection Rate), where a legitimate match is denied access. For a system to be successful, both have to be within acceptable low limits.
In the pages that follow, you’ll get an insight into the pros and cons of some of these technologies. But before that, take a quick look at the evaluation methods used by these technologies.
Fingerprint verification involves the user placing his finger over a glass-plate which resides over a high-resolution CCD (charge-coupled) camera. The image captured is compared to that in the system’s database. Positive identification or rejection, as the case may be, is based on the number of minutiae (small lines on the surface of the skin) that match. The number that must match for the result to be a ‘hit’ or ‘no hit’ can be defined. These images are relatively large in size and so there can be many permutations and combinations to adjust the threshold value. This technology is neither too expensive, nor does it require extensive user-training. It’s also simple to implement since a fingerprint-reader can sit on a mouse or keyboard, or simply connect like one. It also gives a high level of accuracy.
Hand-geometry involves comparing a 3-D image of the user’s hand to that present in the system’s database. This is fairly complex in usage and thus calls for greater discipline from the user’s side. Accuracy is as good as, if not better, than fingerprint verification. Implementation is, however, expensive since it involves high-resolution 3-D imaging.
Signature dynamics involves breaking-down of the way a signature is made. Some qualities looked into include acceleration rates, directions, pressure, and stroke length. A flaw with this technology lies in the randomness or the inconsistency with which a user makes his signature. Due to this, multiple matches might result in a higher number of FARs or FRRs. Accuracy is thus below satisfactory levels and so can currently only be implemented in areas where precision is not the only relevant factor in decision-making.
Voice dynamics relies on a voice ‘template’ created by the user during a training phase before first usage. He is asked to repeat several phrases so that the system can create a unique ‘image’ of the person’s voice patterns. However, this technique is prone to inaccuracy since it relies on the behavior of the subject rather than the physical characteristics of the voice. Incon- sistent repetition of phrases can lead to incorrect results. It’s inaccuracy overshadows the inexpensive equipment required to implement it.
Retinal scan is currently the most dependable because of its high level of accuracy. It involves imaging of the blood vessels in the retina of the eye when infra-red light of a certain frequency and wavelength is incident upon it. The extent to which this energy is absorbed by the blood vessels is different in different individuals. However, this method of imaging is personally invasive since it involves the projection of a laser-beam through the cornea of the eye. Also, diseases like cataracts or infections affect the evaluation by the system and could return inconsistent results. Extreme skill and discipline (not to forget patience) is required on both the operator’s and the end user’s side.
Iris scan uses a concept similar to retinal scanning, but uses a conventional CCD camera instead of infra-red radiation. The subject is made to stand 12 to 14” from a camera, which frame-grabs an image of the iris. Since this is a very high-resolution image, the accuracy of this technology is the highest after the retinal scan system. This is, however, in the prototype testing stage and so it will be a while before it is commercially available.
DNA analysis, which involves checking the DNA patterns of a human, is used when the physical characteristics are unrecognizable, especially to identify dead people. It is also used to find out relationships, like in cases involving identifying a child’s natural parents. This is one biometric technology that is judicially accepted. Since no humans have identical DNA patterns (with the rare exception of twins), this is one of the most foolproof methods of all. Modern technology allows the system to scan the DNA directly by taking dead cells from a person’s external skin.
Other biometric technologies include face-recognition systems and vascular-pattern recognition systems. Both of these, however, are in their initial development stages and so cannot be compared to the other biometric systems already available.
Personally, if it is a question of verification for my bank-account, I wouldn’t mind being zapped or even electrocuted. At the same time, I would prefer to look at someone’s photograph instead of his skull’s watermark-embedded digital images. Call me old-fashioned or call me whatever....
Dharit Anjaria