Image by Author Biometric has been for long the target of future authentication that expected that biometric authentication will largely displace other means of our current authentication and access control. Biometric systems can be used in two distinct modes as follows. A biometric system operates by firstly acquiring biometric data from an individual, then extracting feature set from the data, and finally comparing the feature set with the template in the database as shown in the below figure. The use of biometrics, or specifically unique human characteristics, has existed for hundreds of years in one form or another, whether it is a physical description of a person or perhaps more recently a photograph. Biometric authentication techniques are classified by the type of characteristics evaluated: physiological attributes or behavioral singularities. Physiological biometrics are based on classifying a person according to data obtained as part of the human body such as his fingerprints, face, or eye iris. Fingerprint Recognition The most popular biometric to date, fingerprint recognition, can utilize a number of approaches to classification, based on minutiae which are a reproduction of epidermal friction skin ridges found on the palm side of the fingers and thumbs, the palms, and soles of the feet. We can use them for authentication because there are basic principles as follows. Hand Geometry The second most widely deployed biometric is hand geometry. We use the geometric features of the hand such as the lengths of fingers and the width of the hand to identify an individual. Facial recognition The system record face images through a digital video camera and then analyze facial characteristics like the distance between the eyes, nose, mouth, and jaw edges. Iris Recognition The image below shows parts of the human eye. Image by AuthorThe iris is the colored tissue surrounding the pupil of the eye and is composed of intricate patterns with many furrows and ridges. Retinal Identification Retina based identification is perceived as the most secure method of authenticating identity. Retinal identification provides true identification of the person by acquiring an internal body image, the retina/choroid of a willing person who must cooperate in a way that would be hard to counterfeit Behavioral BiometricsIt consists of measurements taken from the user’s actions, some of them indirectly measured from the human body. Voice Verification Voice verification systems are different from voice recognition systems although the two are often confused. Voice recognition is the process of recognizing what a person says, whereas voice verification is recognizing who is saying it. Keystroke Dynamics The system measures and compares specific timing events also known as “typing signature”. The way in which a person types on a keyboard has been shown to demonstrate some unique properties. Handwritten Signature Signature recognition systems attempt to authenticate people based on their handwritten signature Comparison of biometric authentication methodsWe compare biometric authentication methods based on the following six characteristics that are security, accuracy, permanence, usability, adequacy, and costs with 3 levels which is high, medium, and low. The following table provides a quick comparison of the biometric types presented in this post. comparison of biometric authentication methodsSecurityIt is the strength of the system in terms of covered risk and its efficiency to resist potential attacks based on considering the risk they represent and its sophistication.
AccuracyDue to differences in the environment where data is collected, or between readers employed in biometrics, a 100% of accuracy cannot be achieved. Thus, certain performance thresholds must be defined to consider reliable biometric technology. The two conventional metrics used to evaluate biometrics performance are the FAR and the FRR.
PermanenceIt is the condition that biometric should not change over time.
UsabilityThe quality of being user-friendly and closer to user needs and requirements
CostsThe economic impact of the technology in the overall authentication system such as implementation costs, maintenance, etc.
AdequacyThe quality of being able to meet the needs and expectations of a particular user segment such as retail, corporate, private, and investor customers’ profile. the user segment of the biometric authentication techniqueHow Biometrics are Hacked?In a replay attack, an intruder has been able to record successful login sessions involving biometric systems or devices and later tries to perform authentication on his own by replaying the captured data. For instance, in the voice verification system, a hacker was able to intercept and record data that included the user’s voice. He later may attempt to access the same system and will playback the recorded data captured earlier. Faked credentialsSome biometric systems may be vulnerable to attacks using fake credentials. For example, if a biometric system relies on facial recognition a hacker may be able to fool such a system by holding a life-size photograph of the user in front of the camera. Stolen credentialsSome biometric systems are more vulnerable to stolen credential attacks than others. But the thought of a stolen eye is just gruesome to us. However, we think you’re pretty safe if your biometric system is voice-based because we have yet to hear of a stolen larynx being used to successfully fool a biometric system. ConclusionsNowadays biometric data extraction can be easily achieved without the need for specific sensors; therefore, its implementation can be low cost when taking advantage of modern technologies, such as mobile devices equipped with embedded cameras for facial recognization or fingerprints. types of biometric authentication methodFingerprintsThey are the most widely deployed technology even excluding police fingerprinting because of its low costs, easy to use, and deploy. But there are many methods for defeating biometric finger scanning technology such as dummy latex fingers, a wood with fingerprints etched on the surface. We can tack with these problems by forcing the use of more than one finger. Facial recognitionFacial recognition benefits from high user acceptance because of its costs but nonetheless they get low performance in non-standard environments. In addition to this method showed to be vulnerable, allowing authentication using “selfies”, which are not difficult to acquire. Therefore, it must be accompanied by additional methods such as liveness detection mechanisms. Voice verificationVoice verification benefits from a high acceptance rate because of its high usability and costs. Similar to facial recognition, the results demonstrated low performance in non-standard environments. Thus, voice authentication technologies cannot be considered mature enough and again, they must be accompanied or combined with additional mechanisms. Moreover, voice recognition algorithms must be tolerant of noise and should not be influenced by variations of the voice produced by sore throat or cold. Keystroke dynamicsSince there are no special devices are required, this method requires almost no costs; its usability and acceptability are considered high because in most cases it can be performed transparently to the user. However, the main drawbacks of this technique are its low accuracy and low-security level during the training phase; therefore, it is suitable for implementing continuous authentication. Easy right? |