The Use of Biometrics as a Cybersecurity Method
This article provides information that helps and guides readers to fully understand the biometric security system and its role in ensuring cybersecurity.
Join the DZone community and get the full member experience.
Join For FreeIntroduction to Biometrics
Biometrics measures and analyses an individual's physical and behavioral characteristics. It is a technology used for proper identification and access control of people under surveillance. The theory of biometric authentication is that everybody can be accurately identified by intrinsic physical or behavioral traits. The word biometrics is derived from the Greek words bio, meaning life, and metric, meaning to measure.
Biometric identifiers are unique and measurable characteristics used to label and describe individuals. They are often classified as physiological characteristics related to the body's shape. Examples include but are not limited to, fingerprints, palm veins, face recognition, DNA, and iris recognition. Behavioral characteristics involve a person's behavior pattern, such as a mouse's movement, typing rhythm, gait, signature, and credentials. Some researchers have coined the term behavior metrics to describe biometrics in behavioral patterns.
History of Biometrics
Automated biometric solutions were introduced a few decades ago due to huge advances in computer processing capabilities. However, many of these automated techniques are based on ideas conceived hundreds to thousands of years ago.
While the origin of biometrics dates back to the Babylonian empire, the first biometric identification system was not invented until the 1800s. Alphonse Bertillon, a French researcher, created a method of classifying and comparing criminals based on their body measurements. Though this method was imperfect, it served as a catalyst for physical characteristics to be used to authenticate identity.
Then in the 1880s, fingerprints were used gradually to identify criminals and sign contracts. It became common knowledge that everybody has a unique fingerprint, a symbol of one's identity. Edward Henry developed the Henry Classification System fingerprint standard, the first system to be used for identification. Bertillon's method was immediately discarded by Law enforcement agencies, and the Henry Classification System became the standard system for criminal identity authentication. And this started 100 years’ worth of research into other unique biological factors that could be used as a method of identification.
Types of Biometrics
There are two types of biometric methods:
- Physiological biometrics
- Behavioral biometrics
Behavioral Biometrics
It is the scientific study of how the bodies of human beings and animals function. This type of biometrics pays attention to the actions of an individual. It considers the high level of inner variants such as mood and health conditions because it is useful only in constant use. It includes
- Signature Recognition
- Voice Recognition
- Keystroke
Physiological Biometrics
This particular biometrics involves a person's physical characteristics like fingerprints, hand geometry, iris, face, and DNA. It is a type of biometrics related to the specific measurements, dimensions, and characteristics of an individual's body. It is also called static biometrics because they are immutable and can easily be retained when registered in software and hardware systems. They include;
- Ear authentication
- Eye vein recognition
- Facial recognition
- Finger vein recognition
- Fingerprint recognition
- DNA matching
- Footprint and foot dynamics,
- Gait recognition
Biometrics in Cybersecurity
How Do They Work?
Biometric security is a type of security that verifies people’s behavioral and physical characteristics to identify them. It is the most accurate and strongest physical security technique for identity verification.
Most security systems use biometrics when physical security is crucial and theft is a concern.
Biometric security systems store and use physical characteristics that remain constant over time, such as hand patterns, facial recognition, retinal patterns, and fingerprints.
The system encrypts and stores these characteristics in a database to match and compare them during subsequent access attempts.
If, for instance, someone tries to access the biometric security system, it scans them, analyzes their characteristics, and compares them to previously saved records. The person is granted access to the facility or device, depending on whether a match is detected.
The components of biometric devices are:
- A scanning device or reader to capture the biometric factor to be authenticated.
- A database for storing and securely comparing biometric data.
- A software application that converts scanned biometric data into a digital format and compares observed and recorded data match points.
Use Cases
Home Security: Biometric security systems verify and identify people entering a home or building. They can also grant access to specific rooms, an entire house, and an office building. With this technology in place, keys are gradually becoming outdated, and access can be granted to buildings with just a fingerprint swipe.
Airport Security: Biometrics are also used for airport security. Many airports use iris recognition to verify the identity of an individual.
Mobile Devices: Biometric authentication has been fully integrated into Android and iOS smartphones over the past few years, and smartphone fingerprint scanning is now the norm. Presently device biometrics has now progressed beyond mere fingerprints. For instance, Intelligent Scan is a new feature developed by Samsung as a biometric security function. It provides biometric multi-factor authentication by combining facial recognition with an iris scan. Apple’s Face ID is another example, which projects over 30,000 infrared dots onto a user’s face, analyzes the pattern, and creates a “facial map." Subsequently, login attempts are then authenticated using that map.
Banking and Finance: In the banking sector, many customers are tired of proving their identification at every interval. Still, it is inevitable as the risk of identity theft will continue to rise without it. Bank biometric security systems are currently in high demand. Many banks use biometrics such as fingerprint scanning, facial recognition, and voice verification in their mobile apps and sometimes a combination of these biometrics. This means a nearly impenetrable layer of protection is created when multi-factor authentication is combined with biometrics.
Advantages of Biometric Security System
Biometric authentication is important in security, healthcare, banking, digital applications, and modern-day tech. It has several enormous advantages:
- Costs: Biometric security systems are mostly automated, which means less need for multiple security employees. Companies, businesses, and corporations can save a lot of money and reduce the costs of hiring security agencies and buying multiple security gadgets that are expensive to maintain.
- Increased Efficiency: Using biometrics, users can authenticate in less than one second. This saves a lot of time, making authentication easy. For instance, placing a finger on a scanner and unlocking an account in seconds is faster than typing out a long password with multiple special characters. In addition, forgetting a password is a common mistake of most users, but the chances of forgetting biometrics are impossible.
- Non-transferable: It is impossible to digitally transfer or share a physical biometric. A physical application is the only way to utilize most biometric authentication systems. And in many situations, a person’s biometrics must be present upon authorization.
- Difficult to duplicate: Biometrics are generally the same throughout the lifetime of a user. Biometrics like face patterns, fingerprints, iris scanning, and others are impossible to replicate with the current technology. There is one in 64 billion chances that your fingerprint will exactly match someone else's, making biometrics a unique form of authentication.
Biometrics Security Posture
Biometric Future Trends
While biometric authentication methods are becoming more common across consumer and enterprise systems, new fraud prevention and advanced biometric approaches fill the gap for systems that call for higher levels of reliability and security.
While there are reliable forms of biometrics and biometric passwords presently, new technologies focus on drawing even more advanced biometric markers from the body, providing another hard-to-fake marker for secure authentication. These include odor recognition, heartbeat pattern recognition, hand geometry, and DNA signature reading.
One major advantage of biometric authentication is that the user must be physically present to provide biometric data. Even stronger measures, like live AI-driven video identity verification, include “liveness” testing in their processes to counter emerging forms of identity fraud.
The future of biometrics will be adding facial, voice, or other types of biometric authentication to security for accessing confidential documents, applying for a bank loan, or using any banking or financial apps. Also, biometrics technology will be used in banks to accelerate digital onboarding, which usually includes eKYC (electronic Know Your Customer) activities such as taking a photo of yourself and a government-issued ID. This will power digital onboarding and make it easier for users and financial services providers.
Soon, ATM cards might become obsolete as biometrics solutions allow users to access their cash using their physical characteristics. Also, vehicles with biometrics will be easier and more convenient for drivers to access without worrying about losing the keys or having them stolen. Once inside the car, biometric voice control technology will make hand-free operations more convenient, such as pulling up directions, making a call, or playing music.
Data Regulations Guiding Biometrics
As tools to collect biometric data become more advanced, laws like the Illinois Biometric Information Privacy Act (BIPA) are being introduced and considered to prevent private entities from collecting biometric information without the disclosure and consent of affected individuals.
In 2008, Illinois became the first state to enact a biometric data privacy law. The law requires entities that use and store biometric identifiers to comply with certain requirements and provide a private right of action for recovering statutory damages when they do not comply.
BIPA states that, for the purposes of the act, a “‘biometric identifier’” means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry.” BIPA also specifies that biometrics are unique to an individual, and when compromised, the individual has no remedy and is at heightened risk for identity theft and will most likely withdraw from biometric-facilitated transactions.
However, the General Data Protection Regulation (GDPR) for European Member States does address biometric data, representing a significant step for data protection and privacy with a real international impact.
Drawbacks in the Biometric Security System
Despite increased security, efficiency, and convenience, biometric authentication solutions also have disadvantages:
- Costs: Significant investment is needed in biometrics for security
- Data breaches: Biometric databases can still be hacked
- Tracking and data: Biometric devices like facial recognition systems can limit privacy for users
- Bias: Machine learning and algorithms must be advanced to minimize biometric demographic bias.
Conclusion
Biometrics, if used appropriately, will be a valuable tool for cybersecurity. However, like the other methods for identification and authentication, it has drawbacks. No system is ever foolproof, and because of that, biometrics needs to be used in conjunction with at least one other method. This method is often referred to as two-factor authentication, requiring the user to either know something else or do something else to decrease the chances of errors. Also, if there is an issue with the biometric scanner, it would be easy to fall back on a password or a security card. The reason biometrics will never be used by itself is that it will never be secure enough without other forms. While biometrics can provide cybersecurity solutions, it is not a foolproof method. The need for an additional form of authentication provides another level of security that is still required.
References
[1] Joseph Lewis, University of Maryland, Bowie State University, “Biometrics for Secure Identity
Verification: Trends and Developments” January 2002. (journal style)
[2] Lia Ma, Yunhong Wang, Tieniu Tan, “Iris Recognition Based on Multichannel Gabor Filtering,” ACCV2002: The 5th Asian Conference on Computer Vision, 23-25 January 2002, Melbourne, Australia. (journal style)
[3] Muhammad Khurram Khan, Jiashu Zhang, and Shi-Jinn Horng, “An Effective Iris Recognition System for Identification of Humans,” IEEE 2004. (journal style)
[4] S. Prabhakar, S. Pankanti, A. K. Jain, "Biometric Recognition: Security and Privacy Concerns," IEEE Security & Privacy, March/April 2003, pp. 33-42.
(journal style)
[5] K P Tripathi, International Journal of Computer Applications (0975 –8887) Volume 14–No.5, January 2011. (journal style)
[6] D. Maio, D. Maltoni, R. Cappelli, J. L. Wayman, A. K. Jain, "FVC2002: Fingerprint verification
competition" in Proc. Int. Conf. Pattern Recognition (ICPR), Quebec City, QC, Canada, August 2002, pp. 744-747. (journal style)
Opinions expressed by DZone contributors are their own.
Comments