Tuesday, April 2, 2019

Advantages and Disadvantages of Biometrics

Advantages and Disadvantages of biostatisticsABSTRACTOrganisations pick up goals and therefore acquire assets to encounter these goals ar met and the continuity guaranteed. Financial sphere of influence while trying to promote convenient methods much(prenominal)(prenominal) as online banking and subprogram of ATM for their customers to ingress their m whizy strives to tick just now the accountability person has entrance government agency to the account. Also, military and national certificate services store graduate(prenominal) sensitive and critical selective breeding that must make lovely be rileed by specific individual thereby deploying warrantor measures to keep this tradition. However, achieving these goals largely depends on securing and masterling the assets as documented which meaning solely authorised individuals guide glide path to these environments and regularingtu eithery the assets.Sequel to the importance of chafe master, assorted prot ection techniques shake up been deployed to safeguard these assets which ranges from PINs and drop down wrangling, ID observances, smart humor est. Vulnerabilities to these methods founder lead to the fresh surge in biometry sedulousness as m whatsoever consider this is the future. Reasons much(prenominal) that the corporeal presence of the authorized person is needed at the point of founding room and excessively, the feature that it is odd and almost impossible to matching emphasis the benefit of biostatistics and explain its glooming popity.However kindred each other security methods, biostatistics has limitations and threats which brush aside impact its military strength and efficiency. It is non suitable for every drill and bottom be a very wrong choice for certain industriousnesss. Therefore, it is substantive to manage these limitations and threats adept field on to enhance the success particularor of biostatistics. Fin ally, it is important for any arna deploying biostatistics to understand the heterogeneous issues associated with biometry such(prenominal)(prenominal) as privacy, commonplaceiseds and what the law requires of biometry.CHAPTER aneINTRODUCTIONOrganizations strive to secure their assets and provide substance of controlling irritateion to these assets. This process requires identification and leave to ensure the right person is admission chargeioning the right asset. Over the years, traditional methods of authentication, universally conduct haggling and individual(prenominal) identification numbers (PINs) fall in been poply drilld. Recently, swipe card and PINs nourish been deployed for much than than security since iodine is roundthing you induct and the latter roundthing you know. However, these methods still throw vulnerabilities as swipe card fag end be stolen. Also, bad management of passwords has left plurality paternity them on papers and desks or just choosin g easy and ecumenic words for quick remembrance which expose the password to intruders. More sorely, stronger identification and consent technologies that enkindle assure a person is who he cl admits to be atomic number 18 becoming prominent and biostatistics finish be classified to this category.Biometric technology makes use of a persons physiologic or behavioural characteristics in identification. each tender-hearted world is odd in nature and possesses corporal move coply dispa pasture from any other person. The September 11, two hundred1 t illusionist attack did non help security annoyances as governments and constitutions all around the world particularly the border security agencies pee-pee greatly embraced this pitying credit technology. As both offstage and public entities continue to search for a more than than reliable identification and authentication methods, biostatistics has been the choice and considered the future.WHAT IS biostatisti cs?biometry refers to the automatic identifications of a person establish on his or her physio dianoetic or behavioural characteristics (Chirillo and Blaul cc3, p. 2). It is an authorization method that verifies or identifies a substance absubstance ab drug substance ab exploiter ground on what they argon before authorizing admittance. The search for a more reliable authorization method to secure assets has lead to the revelation of biometry and numerous governing bodys moderate shown interest in the technology.Two master(prenominal) types of biostatistics have been used main(prenominal)ly natural and behavioural. A forcible biometry is a part of a persons body while, a behavioral biometric is something that a person does (Lockie 2002, p. 8). He added that although there argon some more quaint biometrics which may be used in the future, including a persons unequaled smell, the shape of their ear or even the way they talk, the main biometrics macrocosm measured include fingerprints, fall in geometry, retina s flock, flag s hind end, facial situation or acknowledgement (all sensible), voice recognition, signature, keystroke pattern and gait (Behavioral). However, it has been argued by Liu and Silverman (2001) that different applications require different biometrics as there is no autonomous or best biometric technology.HISTORY OF biostatistics fit in to Chirillo and Blaul (2003, p. 3) the term biometrics is derived from the Greek words bio (life) and metric (to measure). China is among the first known to bore biometrics back in the fourteenth snow as describe by the Portuguese historian Joao de Barros. It was called member-printing where the childrens palms as well as the footprints were stamped on paper with ink to rate each baby. Alphonse Bertillon, a Paris ground anthropologist and police desk clerk was trying to find a way of find forthing convicts in the 1890s decided to explore on biometrics. He came up with step body lengths and was relevant till it was proved to be prone to break as umteen bulk sh bed the same measurement. The police started victimization fingerprinting postgraduately- create found on the Chinese methods used light speed before by Richard Edward Henry, who was working at the Scotland Yard.Raina, Orlans and Woodward (2003, p. 25-26) say consultations to biometrics as a construct could be traced back to over a cubic yard years in East Asia where potters placed their fingerprints on their wares as an earlyish(a) form of brand individuality. They a kindred pointed Egypts Nile Valley where traders were formally identified ground on physical characteristics such as eye color, complexion and in like manner h octette. The information were used by merchant to identify trusted traders whom they had successfully transacted business with in the past. Kapil et al in any case do credit entrys to the Bible, first pointing to the doctrine Gileadites had in their biometric scheme as accounted in The Book of adjudicate (125-6) that the men of Gilead identified enemy in their midst by reservation suspected Ephr bringites say Shibboleth for they could not pronounce it right. The second reference is to The Book of Genesis (2711-28) where Jacob pretended to be Esau by putting butt end skins on his progress tos and back of his neck so his skin would tone of voice hairy to his blind, aged fathers touch. This illustrates a case of biometric spoofing and false acceptance. They finally wrote biostatistics as a commercial, modern technology has been around since the early seventies when the first commercially available thingumabob was brought to market (p. 26).HOW BIOMETRICS SYSTEMS stoolA biometric brass is inherently a pattern-recognition dodging that makes a in-personised identification by determining the authenticity of a specific physiologic or behavioral characteristics possessed by the user (Blaul 2003, p.3). biometry has so far been learne d to work in two shipway mainly verification and identification.Verification arrangements are designed to give answer to the question, Am I who I claim to be? by requiring that a user claim an individuation in order for a biometric comparison to be performed. The user provides selective information, which is then matchd to his or her enrolled biometric entropy. Identification placements gives answer to the question, who am I? and do not require a user to claim an individuation as the provided biometric entropy is opposed to data from a number of users to find a match (Nanavati 2002, p. 12).An illustration of a scenario victimization an identifying biometrics arrangement is abandoned under and thus gives an answer to the question Who am I?In October 1998 in the unify Kingdom, Newham Council introduced face recognition software to 12 townsfolk sum cameras with the sole purpose of decreasing street robbery. Images are compared against a police database of over 100 conv icted street robbers known to be restless in the preceding 12 weeks. In August 2001, 527,000 separate faces were observe and operators con potented 90 matches against the database. Where a face is not identified with any in the database, the image is deleted if a match is found a human operator checks the result. The introduction of face recognition technology to Newham city nerve centre saw a 34% decrease in street robbery. The system has not led directly to any arrests, which suggests that its effect is largely delinquent to the deterrence/displacement of crime. The face recognition system has been widely denote by the council and 93% of residents support its introduction (Postnote Nov 2001, p. 1).The case study under illustrates a verifying biometrics system and supply answers to the question Am I who I claim to be?The US Immigration and naturalisation Service Passenger Accelerated Service System (INSPASS) has been introduced at eight-spot airports in order to provide a quick immigration affect for authorised frequent flyers entering the US and Canada. On arrival at an airport, a traveller inserts a card that carries a record of their hand geometry into the INSPASS kiosk and places their hand on a biometric reader. A computer cross-references the information stored on the card at registration with the live hand geometry s shag. The complete process takes less than 30 seconds. If the scans match, the traveller can proceed to customs duty duty if not, travellers are referred to an Immigration Inspector. There are more than 45,000 dynamical INSPASS users with, on average, 20,000 automated immigration inspections conducted each month (Postnote Nov 2001, p. 1).Verifying system is a great deal referred to as a one-to-one process and generally takes less bear upon time compared to the identifying systems. This is collectible to the particular that in identifying systems, a user is compared to all users in the database (one-to- some). Verifying sy stems are also more accurate since they barely have to match a users data against his or her stored data and do not need hundreds, grams or even millions of comparisons like the identifying systems. However, it is important for an organization to decide the type appropriate for the applications.RESEARCH METHODOLOGYThe look into methodo coherent analysis designed for this dissertation is mainly the qualitative onward motion. A quantitative come on has been overlooked due to limited time as designing surveys, scattering take time and receipt time could not be predicted. Therefore, my movement leave alone be concentrated on critically reviewing antecedent literatures in order to acquire an overview of, and intakes on the offspring. For more details, Journals, Books, Publications, Documentaries and previous dissertations related to the takings volition be reviewed, compared and analyzed. The objectives allow be achieved by purely reviewing literatures and previous researc hes and the literatures critically analyzed by comparing information obtained from different sources. Findings, recommendations and conclusions give be do from the analysis.OBJECTIVES OF THE STUDYThe aim of this research is to critically canvass biometric security as an emerging and booming intentness by examining the positives and negatives and providing ship canal of improving the method in effect(p)ly and most importantly efficiently. Since biometrics applies to legion(predicate) a(prenominal) applications, nettle control leave behind be the main focus of this dessertation. Also, issues such as privacy, laws governing biometrics and old-hats will be examined.The main objectives of this research areTo review biometric security and issues related to it.To evaluate the threats, advantages and disadvantages of biometrics.To propose ship canal of improving the persuasiveness and efficiency of biometrics from previous researches.CHAPTER 2 books REVIEWThis chapter is aimed a t critically reviewing and analysis of numerous works of researchers in the area of biometrics, threats to biometrics, advantages and disadvantages and slipway of improving biometrics efficiency in regain control. The effect of privacy (human rights) and the need to conform to biometrics standards will also be examined and reviewed.DEFINITION OF BIOMETRICS agree to Jain, Ross and Pankanti (2006, p. 125), one great bear upon in our vastly interconnected society is establishing individualism. Systems need to know Is he who he claims he is, Is she authorized to use this resource? or exactly who is this?Therefore, a wide range of systems require reliable personal recognition schemes to either verify or identify of an individual seeking approach to their services. The purpose of that scheme is to ensure that the rendered services are accessed by only the authorized and not any intruder or imposer (Ross 2004, p. 1).Biometric recognition, or only biometrics, refers to the automatic recognition of individuals found on their physiologic and, or behavioral characteristics (Jain, 2004 p. 1).Woodward (2003, p. 27) cited biometric exertion guru Ben Millers 1987 biometric definition Biometric technologies are automated methods of verifying or recognizing the identity of a living person based on a physical or behavioral characteristic.Shoniregun and Crosier (2008, p. 10) provided several definitions of biometrics which include biometrics is the scramment of statistical and mathematical methods applicable to data analysis problems in the biologic science.biometry = identification/verification of persons based on the incomparable physiological or behavioral features of humans.biometry is the measurement and matching of biologic characteristics such as fingerprint images, hand geometry, facial recognition, etc.biometry is strongly linked to a stored identity to the physical person.Nevertheless the respective(a) definitions, it can be seen that the science of biom etrics is based on the particular that no two people are the same and this has a large influence on its reliability and success factor.THE BIOMETRICS INDUSTRY check to Lockie (2002, p. 10), the biometric persistence did not really get established until the middle of the ordinal century. The researchers at that particular time were investigating whether various human split and characteristics, such as the gladiolus or the voice, could be used to identify an individual. This was made public by publishing papers and as a considerable number of these strands of research began to form a piece, the biometrics fabrication as we know it these days was established.As organization search for more secure authentication methods for user access, e-commerce, and other security applications, biometrics is gaining change magnitude attention (Liu 2001, p.27).Higgins, Orlan and Woodward (2003, p. xxiii ), emphasized that even though biometrics have not become an inseparable part of all syste ms requiring controlled access, the emerging fabrication has come a long way from its modern founding in 1972 with the installation of a commercial finger measurement kink on Wall Street. He made reference to the highly respected MIT engine room Review called biometrics one of the top ten emerging technologies that will change the world.The growth in biometric industries is reflected in the numbers. The trio cited Rick Noton, the administrator director of the International Biometric Industry Association (IBIA), who inform in the biostatistics 2002 Conference in London, unite Kingdom, that the industrys trade association has indicated the surge in biometric revenues over late(a) years. From $20 million in 1996, it has increased to $200 million in 2001 and Norton debates they will increase as the years pass on evidentiaryly in 5 years time.Also, a visualise made by the International Biometric Group (IBG), which is a biometric consulting and integration unwaveringly located in New York City, estimate that biometric revenues totaled $399 million in 2000 and will increase to $1.9 billion by 2005. Both IBIA and IBG weigh that the private sector will be responsible for much of the growth. These give exhibit of the relevance of biometrics in organizations in modern times.BIOMETRICS AND assenting CONTROLOver the years, biometrics has evolved rapidly and many vertical markets such as governments, transport, financial sectors, security, public justice and safety, healthcare and many more have adopted biometrics. out-of-pocket to this wide range of users, biometrics has been deployed to many applications. biometrics has been of high benefit to organization as they seek a reliable security method to safeguard assets. Fully mind how biometrics work, it can be said that the ultimate aim of applying biometrics in the vertical markets listed above is to control access to a resource disregarding of the system used whether a verifying or an identifying processIt has been give tongue to by S. Nanavati, Thieme and R. Nanavati (2002, p. 14), that biometric systems are deployed for two primary purposes which are physical and logical access.LOGICAL VERSUS PHYSICAL price of admissionPhysical access systems monitors, restricts, or confess movement of a person or object into or appear of a specific area (Thieme 2002, p. 14). This could be implemented to control instauration into live or even the main building. Popular sheaths are control towers, bank vaults, server board and many other sensitive rooms requiring controlled access. In physical access, biometrics replaces the use of keys, PIN codes access card and security guards although any of these could be combined with biometrics as a attendantation. honey oil physical access application is time and attendance.Thieme also gave a definition of logical access systems as one that monitor, restrict or dispense access to data or information listing fashion models such as logging into a PC, accessing data stored on a network, accessing an account, or authenticating a transaction. In this case, biometrics replaces and can be designed to escort PINs, passwords and also tokens.Basic biometric functionality precisely acquiring and comparing of biometric data is very much identical in both physical and logical systems. For example, the same iris scan data can be used for both doorsill and desktop applications. Thieme explained that the only difference between the two is the external system into which the biometric functionality is integrated. The biometric functionality is integrated into a larger system. This applies for both physical and logical access system and actions such as access to any desktop application or access to a room via a admittance are effected by a biometric match.However, not every system can be classified as physical or logical access as the end result does not indicate access to data or a physical localization principle and the result therefo re may be to investigate more. An ATM secured by biometrics allows access to money, a physical entity. This is made possible by allowing the user logical access to his or her data. In the example above, the application is even difficult to affiliate as either physical or logical.Thieme (2002, p. 15) suggested that the distinction between physical and logical access systems is a valuable tool in sympathy biometric. He notable that key criteria such accuracy, fallback procedures, privacy requirements, costs, rejoinder time and complexity of integration all vary efficaciously when mournful from logical to physical access.WHAT ARE BIOMETRIC STANDARDSStapleton (2003, p. 167) defined a standard in a general term as a make document, certain by a recognized authority, which defines a set of policies and perpetrates, technical or security requirements, techniques or mechanisms, or describes some other abstract plan or model. The growth of the biometric industry has been relatively slowed by the absence of industry wide standards and this has also impeded various types of biometric deployment. Nanavati (2002, p. 277) give tongue to that the relative young of the technology in use, coupled with the disunified nature of the industry, has impacted the developments of standards resulting in a sporadic and frequently redundant standards. Nanavati also note that the live-scan fingerprint resource is the only segment of biometric industry with widely accepted and adopted standards. ascribable to this absence of biometric standards, some institutions have been concerned of organism tied into technologies they genuinely sweard as not mature or even developmental.However in an stew to actively address the standards issue, the biometric industry has finalized some blueprints and the process of acquire industries to accept these standards is ongoingWHY IS STANDARDIZATION NECESSARY?The high rate of biometric development and rapid growth in adoption of biometric tec hnologies in revolutionary years has resulted in ever- change magnitude levels of what is expected in terms of accuracy, adaptability, and reliability in an ever-wider range of applications. Due to the adoption of biometric technologies in large-scale national and world(prenominal)ist applications, involving a potentially unlimited range of stakeh over-the-hillers, Farzin Deravi (2008, p. 483) express that it has become necessary to address these expectations by ensuring agreed common frameworks for implementation and evaluation of biometric technologies finished standardization activities.Majority of biometric systems, including both the hardware and software are made and s nonagenarian by the owner of the patent at this stage in their development. They are beingness proprietary in numerous aspects including the manner in which biometric devices and systems as a whole communicate with applications, the method of extracting features from a biometric sample, and among many mo re, the method of storing and retrieving biometric data. This resulted in many companies in most cases, being marry to a particular technology, once they agree to implement that particular technology. Nanavati (2002, p. 278) tell that in order to incorporate a new technology, the companies are compulsory to rebuild their system from scratch upward, and in some cases duplicating much of the deployment effort.Deravi (2008 p. 483) noted that the need for interoperability of biometric systems across national boundaries has implied a rapid escalation of standardization efforts to the planetary arena, stating that the sense of urgency for the need for standardization has been the priority of internal security concerns.The industry wide or universal adoption of biometric standard will not make biometric technology interoperable at least, to the state where an old device can be replaced by a new device without rebuilding the system. However, Nanavati (2002 p. 278) argued the core algori thms finished which vendors locate and extract biometric data are very unlikely to be interoperable or standardized, the reason being that these algorithms represents the basis of most vendors intellectual property.Numerous reasons are responsible for the demand towards standardization. These include the desire for reducing the overall cost of deploying biometrics technologies and perfect the reliability of biometric systems, to reduce the risk of deploying solutions to biometric problems, to ensure in the area of encoding and file format, that the basic building blocks of biometric data management have been unquestionable based on best practice by industry professionals.Nanavati (2002 p. 278) reason out that standards ensure that, in the future, biometric technology will be developed and deployed in accordance with generally accepted principles of information technology.EXISTING BIOMETRIC STANDARDSShoniregun and Crosier (2008 p. 22) stated that the evolving interest and deve lopments have made developments of standards a necessity with the sole aim of allowing compatibility of different systems. The detailed standards in the Biometrics Resource Centre (2002) chronicle are summarised below commonplace Biometric Exchange File Format (CBEFF)The Common Biometric Exchange File Format (CBEFF) sets a standard for the data elements essential in supporting biometric technology in a common way regardless of the application involved or the domain in use. It makes data interchange between systems and their components easier, while promoting interoperability applications, programs as well as systems based on biometrics.INCITS MI-Biometrics Technical CommitteeThe committee which was established by the decision maker Board of the International Committee for Information applied science standards (INCITS) with the responsibility to ensure a focused and reasonably comprehensive approach in the United States for the rapid development and approval of previous national and global generic biometric standards (Shoniregun ad Crosier 2008, p. 22)BioAPI Specification (Version 1.1)The BioAPI standard defines the architecture for biometric systems integration in a single computer system. (Deravi 2008, p. 490). The Bio API specification has been one of the most popular standards efforts since it was formed in April 1998 according to Nanavati (2002, p. 279). Nnavati stated that the standard was formed to develop an API that is both widely accepted and widely available while being compatible with various biometric technologies.Other general standards available are world Recognition Module (HRS), ANSI/NIST-ITL 1-2000, American Association for Motor Vehicle boldness and American National Standards Institute (ANSI) which specifies the acceptable security requirements necessary for effective management of biometric data particularly for the financial services industry.BRITISH BIOMETRICS STANDARDSThe British Standards Institution (BSI) commenced work in June 2004 on biometrics standards and since then, has published according to Shoniregun and Crosier (2008, p. 24) a set of four new BS ISO/IEC 19794 STANDARDS, reported to have covered the science of biometrics, and using biological characteristics in identifying individuals. The objective of publishing these standards is to promote interoperability between the several products in the market.BS ISO/IEC 19784-22007This standard defines the interface to an archive Biometric Function Provider (BFP). The interface assumes that the accumulate biometrics data will be managed as a database, no matter of its physical realization. Crosier (2008, p. 24) defined the physical realization as smartcards, token, retrospect sticks, files on hard drives and any other kind of recollection can be handled via an abstraction layer presenting a database interface.)BS ISO/IEC 19795-22006 jibe to Shoniregun (2008, p. 25), this standard provides recommendations and requirements on collection of data, analys is as well as inform specific to two types of evaluation (scenario evaluation and technology evaluation). BS ISO/IEC 19795-22006 get along specifies the requirements in the development and full description of protocols for scenario and technology evaluations and also, in penalize and report biometric evaluations.BS ISO/IEC 24709-12007ISO/IEC 24709-12007 specifies the concepts, framework, test methods and criteria compulsory to test conformity of biometric products claiming accordance to BioAPI (ISO/IEC 19784-1). (www.iso.org). Crosier (2008, p. 25) stated ISO/IEC 24709-12007 specifies three compliance scrutiny models which allows conformance testing of each of the BioAPI components mainly a framework, an application and a BSP.BS ISO/IEC 24709-22007The standard BS ISO/IEC 247 defines a number of test commands composed in the avowal language explicitly required in ISO/IEC 24709-1. The assertions allow a user to test the conformance of any biometric server producer (BSP) tha t claims to be a conforming implementation of that International Standard to ISO/IEC 19784-1 (BioAPI 2.0) (www.iso.org).BIOMETRICS AND PRIVACYThe fact that biometric technologies are based on beat physiological or behavioral and archiving these data has raised concerns on privacy risks, and also raised intervention on the role biometrics play when it comes to privacy. As stated by Nanavati (2002, p. 237), increase in the use of biometric technology in the public sector, study and even at home has raised the following questionsWhat are the main privacy concerns relating to biometric usage?What kinds of biometric deployments need stronger nurseions to avoid invading privacy?What biometric technologies are more prone to privacy-invasive usage?What kinds of protections are required to ensure biometrics are used in a non privacy-invasive way?Woodward (2003, p. 197) cited President Clintons address in his commencement address at Morgan State University in 1997 The right to privacy is one of our most cherished freedomsWe must develop new protections for privacy in the face of new technological reality.Recently, Biometrics has been progressively deployed to improve security and a very important tool to set upon terrorism. Privacy issue is central to biometrics and many people believe that deploying biometrics poses a considerable level of risk to human rights, even though some are of the opinion that biometrics genuinely protect privacy. homosexual factors influence the success of a biometric-based identification system to a great extent. The ease as well as comfort in interaction with a biometric system contributes to how people accept it.Jain, Ross and Prabhakar (2004 p. 24) stated an example of a biometric system being able to measure the characteristic of a users without touching, such as those using voice, face, or iris, and reason out that it may be perceived to be a more user-friendly and hygienic system by the users. They added that on the other hand, biometric characteristics not requiring user participation or interaction can be recorded without the knowledge of the user, and this is perceived as a threat to human privacy by many individuals.According to Sim (2009, p. 81), biometrics compared to other security technologies has significant impacts on users privacy (Civil Liberties). It can protect privacy when deployed in an appropriate manner but when misused, it can result in loss of privacy.ADVANTAGES OF BIOMETRIC OVER TRADITIONAL METHODSPassword and PINs have been the most frequently used authentication method. Their use involves controlling access to a building or a room, securing access to computers, network, the applications on the personal computers and many more. In some higher security applications, handheld tokens such as key fobs and smart cards have been deployed. Due to some problems related to these methods, the suitability and reliability of these authentication technologies have been questioned especially in th is modern world with modern applications. Biometrics offer some benefits compare to these authentication technologies.INCREASED SECURITYBiometric technology can provide a higher degree of security compared to traditional authentication methods. Chirillo (2003 p. 2) stated that biometrics is preferred over traditional methods for many reasons which include the fact that the physical presence of the authorized person is required at the point of identification. This means that only the authorized person has access to the resources.Effort by people to manage several passwords has left many choosing easy or general words, with considerable number typography theAdvantages and Disadvantages of BiometricsAdvantages and Disadvantages of BiometricsABSTRACTOrganisations have goals and therefore acquire assets to ensure these goals are met and the continuity guaranteed. Financial sector while trying to promote convenient methods such as online banking and use of ATM for their customers to acce ss their money strives to ensure only the right person has access to the account. Also, military and national security services store high sensitive and critical information that must only be accessed by specific individual thereby deploying security measures to keep this tradition. However, achieving these goals largely depends on securing and controlling the assets as documented which means only authorised individuals have access to these environments and eventually the assets.Sequel to the importance of access control, different security techniques have been deployed to safeguard these assets which ranges from PINs and passwords, ID cards, smart card est. Vulnerabilities to these methods have lead to the recent surge in biometrics industry as many believe this is the future. Reasons such that the physical presence of the authorized person is needed at the point of access and also, the fact that it is unique and almost impossible to echo emphasis the benefit of biometrics and exp lain its glooming popularity.However like any other security methods, biometrics has limitations and threats which can impact its effectiveness and efficiency. It is not suitable for every application and can be a very wrong choice for certain applications. Therefore, it is essential to manage these limitations and threats right on to enhance the success factor of biometrics. Finally, it is important for any sector deploying biometrics to understand the various issues associated with biometrics such as privacy, standards and what the law requires of biometrics.CHAPTER unmatchableINTRODUCTIONOrganizations strive to secure their assets and provide means of controlling access to these assets. This process requires identification and authorization to ensure the right person is accessing the right asset. Over the years, traditional methods of authentication, mainly passwords and personal identification numbers (PINs) have been popularly used. Recently, swipe card and PINs have been dep loyed for more security since one is something you have and the latter something you know. However, these methods still have vulnerabilities as swipe card can be stolen. Also, bad management of passwords has left people writing them on papers and desks or simply choosing easy and general words for quick remembrance which expose the password to intruders. More recently, stronger identification and authorization technologies that can assure a person is who he claims to be are becoming prominent and biometrics can be classified to this category.Biometric technology makes use of a persons physiological or behavioral characteristics in identification. all(prenominal) human being is unique in nature and possesses physical move completely different from any other person. The September 11, 2001 terrorist attack did not help security concerns as governments and organizations all around the world especially the border security agencies have greatly embraced this human recognition technology . As both private and public entities continue to search for a more reliable identification and authentication methods, biometrics has been the choice and considered the future.WHAT IS BIOMETRICS?Biometrics refers to the automatic identifications of a person based on his or her physiological or behavioral characteristics (Chirillo and Blaul 2003, p. 2). It is an authorization method that verifies or identifies a user based on what they are before authorizing access. The search for a more reliable authorization method to secure assets has lead to the revelation of biometrics and many organizations have shown interest in the technology.Two main types of biometrics have been used mainly physical and behavioral. A physical biometrics is a part of a persons body while, a behavioral biometric is something that a person does (Lockie 2002, p. 8). He added that although there are some more extraordinary biometrics which may be used in the future, including a persons unique smell, the shape of their ear or even the way they talk, the main biometrics being measured include fingerprints, hand geometry, retina scan, iris scan, facial location or recognition (all physical), voice recognition, signature, keystroke pattern and gait (Behavioral). However, it has been argued by Liu and Silverman (2001) that different applications require different biometrics as there is no domineering or best biometric technology.HISTORY OF BIOMETRICSAccording to Chirillo and Blaul (2003, p. 3) the term biometrics is derived from the Greek words bio (life) and metric (to measure). China is among the first known to practice biometrics back in the fourteenth century as reported by the Portuguese historian Joao de Barros. It was called member-printing where the childrens palms as well as the footprints were stamped on paper with ink to identify each baby. Alphonse Bertillon, a Paris based anthropologist and police desk clerk was trying to find a way of identifying convicts in the 1890s decided t o research on biometrics. He came up with measuring body lengths and was relevant till it was proved to be prone to error as many people shared the same measurement. The police started using fingerprinting developed based on the Chinese methods used century before by Richard Edward Henry, who was working at the Scotland Yard.Raina, Orlans and Woodward (2003, p. 25-26) stated references to biometrics as a concept could be traced back to over a thousand years in East Asia where potters placed their fingerprints on their wares as an early form of brand identity. They also pointed Egypts Nile Valley where traders were formally identified based on physical characteristics such as eye color, complexion and also height. The information were used by merchant to identify trusted traders whom they had successfully transacted business with in the past. Kapil et al also made references to the Bible, first pointing to the credit Gileadites had in their biometric system as reported in The Book o f judge (125-6) that the men of Gilead identified enemy in their midst by do suspected Ephraimites say Shibboleth for they could not pronounce it right. The second reference is to The Book of Genesis (2711-28) where Jacob pretended to be Esau by putting target skins on his hands and back of his neck so his skin would smell hairy to his blind, aged fathers touch. This illustrates a case of biometric spoofing and false acceptance. They finally wrote Biometrics as a commercial, modern technology has been around since the early mid-seventies when the first commercially available device was brought to market (p. 26).HOW BIOMETRICS SYSTEMS inclineA biometric system is essentially a pattern-recognition system that makes a personal identification by determining the authenticity of a specific physiological or behavioral characteristics possessed by the user (Blaul 2003, p.3). Biometrics has so far been developed to work in two ways mainly verification and identification.Verification sys tems are designed to give answer to the question, Am I who I claim to be? by requiring that a user claim an identity in order for a biometric comparison to be performed. The user provides data, which is then compared to his or her enrolled biometric data. Identification systems gives answer to the question, who am I? and do not require a user to claim an identity as the provided biometric data is compared to data from a number of users to find a match (Nanavati 2002, p. 12).An illustration of a scenario using an identifying biometrics system is condition below and thus gives an answer to the question Who am I?In October 1998 in the United Kingdom, Newham Council introduced face recognition software to 12 town centre cameras with the sole purpose of decreasing street robbery. Images are compared against a police database of over 100 convicted street robbers known to be active in the previous 12 weeks. In August 2001, 527,000 separate faces were detected and operators confirmed 90 ma tches against the database. Where a face is not identified with any in the database, the image is deleted if a match is found a human operator checks the result. The introduction of face recognition technology to Newham city centre saw a 34% decrease in street robbery. The system has not led directly to any arrests, which suggests that its effect is largely due to the deterrence/displacement of crime. The face recognition system has been widely publicised by the council and 93% of residents support its introduction (Postnote Nov 2001, p. 1).The case study below illustrates a verifying biometrics system and supply answers to the question Am I who I claim to be?The US Immigration and naturalisation Service Passenger Accelerated Service System (INSPASS) has been introduced at eight airports in order to provide a quick immigration bear on for authorised frequent flyers entering the US and Canada. On arrival at an airport, a traveller inserts a card that carries a record of their hand geometry into the INSPASS kiosk and places their hand on a biometric reader. A computer cross-references the information stored on the card at registration with the live hand geometry scan. The complete process takes less than 30 seconds. If the scans match, the traveller can proceed to customs if not, travellers are referred to an Immigration Inspector. There are more than 45,000 active INSPASS users with, on average, 20,000 automated immigration inspections conducted each month (Postnote Nov 2001, p. 1).Verifying system is practicallytimes referred to as a one-to-one process and generally takes less bear upon time compared to the identifying systems. This is due to the fact that in identifying systems, a user is compared to all users in the database (one-to-many). Verifying systems are also more accurate since they only have to match a users data against his or her stored data and do not need hundreds, thousands or even millions of comparisons like the identifying systems. Howe ver, it is important for an organization to decide the type appropriate for the applications.RESEARCH METHODOLOGYThe research methodology designed for this dissertation is mainly the qualitative approach. A quantitative approach has been overlooked due to limited time as designing surveys, scattering take time and response time could not be predicted. Therefore, my effort will be concentrated on critically reviewing previous literatures in order to acquire an overview of, and intakes on the topic. For more details, Journals, Books, Publications, Documentaries and previous dissertations related to the topic will be reviewed, compared and analyzed. The objectives will be achieved by purely reviewing literatures and previous researches and the literatures critically analyzed by comparing information obtained from different sources. Findings, recommendations and conclusions will be made from the analysis.OBJECTIVES OF THE STUDYThe aim of this research is to critically psychoanalyse bi ometric security as an emerging and booming industry by examining the positives and negatives and providing ways of improving the method effectively and most importantly efficiently. Since biometrics applies to many applications, access control will be the main focus of this dessertation. Also, issues such as privacy, laws governing biometrics and standards will be examined.The main objectives of this research areTo review biometric security and issues related to it.To evaluate the threats, advantages and disadvantages of biometrics.To propose ways of improving the effectiveness and efficiency of biometrics from previous researches.CHAPTER 2 literature REVIEWThis chapter is aimed at critically reviewing and analysis of numerous works of researchers in the area of biometrics, threats to biometrics, advantages and disadvantages and ways of improving biometrics efficiency in access control. The effect of privacy (human rights) and the need to conform to biometrics standards will also b e examined and reviewed.DEFINITION OF BIOMETRICSAccording to Jain, Ross and Pankanti (2006, p. 125), one great concern in our vastly interconnected society is establishing identity. Systems need to know Is he who he claims he is, Is she authorized to use this resource? or simply who is this?Therefore, a wide range of systems require reliable personal recognition schemes to either verify or identify of an individual seeking access to their services. The purpose of that scheme is to ensure that the rendered services are accessed by only the authorized and not any intruder or imposer (Ross 2004, p. 1).Biometric recognition, or simply biometrics, refers to the automatic recognition of individuals based on their physiological and, or behavioral characteristics (Jain, 2004 p. 1).Woodward (2003, p. 27) cited biometric industry guru Ben Millers 1987 biometric definition Biometric technologies are automated methods of verifying or recognizing the identity of a living person based on a physic al or behavioral characteristic.Shoniregun and Crosier (2008, p. 10) provided several definitions of biometrics which includeBiometrics is the development of statistical and mathematical methods applicable to data analysis problems in the biological science.Biometrics = identification/verification of persons based on the unique physiological or behavioral features of humans.Biometrics is the measurement and matching of biological characteristics such as fingerprint images, hand geometry, facial recognition, etc.Biometrics is strongly linked to a stored identity to the physical person.Nevertheless the various definitions, it can be seen that the science of biometrics is based on the fact that no two people are the same and this has a significant influence on its reliability and success factor.THE BIOMETRICS INDUSTRYAccording to Lockie (2002, p. 10), the biometric industry did not really get established until the middle of the twentieth century. The researchers at that particular time were investigating whether various human split and characteristics, such as the iris or the voice, could be used to identify an individual. This was made public by publishing papers and as a considerable number of these strands of research began to form a piece, the biometrics industry as we know it these days was established.As organization search for more secure authentication methods for user access, e-commerce, and other security applications, biometrics is gaining increasing attention (Liu 2001, p.27).Higgins, Orlan and Woodward (2003, p. xxiii ), emphasized that even though biometrics have not become an essential part of all systems requiring controlled access, the emerging industry has come a long way from its modern founding in 1972 with the installation of a commercial finger measurement device on Wall Street. He made reference to the highly respected MIT Technology Review called biometrics one of the top ten emerging technologies that will change the world.The growth in biometric industries is reflected in the numbers. The trio cited Rick Noton, the decision maker director of the International Biometric Industry Association (IBIA), who reported in the Biometrics 2002 Conference in London, United Kingdom, that the industrys trade association has indicated the surge in biometric revenues over recent years. From $20 million in 1996, it has increased to $200 million in 2001 and Norton believes they will increase as the years pass on significantly in 5 years time.Also, a bespeak made by the International Biometric Group (IBG), which is a biometric consulting and integration firm located in New York City, estimate that biometric revenues totaled $399 million in 2000 and will increase to $1.9 billion by 2005. Both IBIA and IBG believe that the private sector will be responsible for much of the growth. These give test of the relevance of biometrics in organizations in modern times.BIOMETRICS AND ACCESS CONTROLOver the years, biometrics has evolved rapid ly and many vertical markets such as governments, transport, financial sectors, security, public justice and safety, healthcare and many more have adopted biometrics. Due to this wide range of users, biometrics has been deployed to many applications.Biometrics has been of high benefit to organization as they seek a reliable security method to safeguard assets. Fully understanding how biometrics work, it can be said that the ultimate aim of applying biometrics in the vertical markets listed above is to control access to a resource irrespective of the system used whether a verifying or an identifying processIt has been stated by S. Nanavati, Thieme and R. Nanavati (2002, p. 14), that biometric systems are deployed for two primary purposes which are physical and logical access.LOGICAL VERSUS PHYSICAL ACCESSPhysical access systems monitors, restricts, or grant movement of a person or object into or out of a specific area (Thieme 2002, p. 14). This could be implemented to control entry i nto rooms or even the main building. Popular examples are control towers, bank vaults, server rooms and many other sensitive rooms requiring controlled access. In physical access, biometrics replaces the use of keys, PIN codes access cards and security guards although any of these could be combined with biometrics as a complementation. Common physical access application is time and attendance.Thieme also gave a definition of logical access systems as one that monitor, restrict or grant access to data or information listing examples such as logging into a PC, accessing data stored on a network, accessing an account, or authenticating a transaction. In this case, biometrics replaces and can be designed to complement PINs, passwords and also tokens.Basic biometric functionality precisely acquiring and comparing of biometric data is often identical in both physical and logical systems. For example, the same iris scan data can be used for both doorway and desktop applications. Thieme exp lained that the only difference between the two is the external system into which the biometric functionality is integrated. The biometric functionality is integrated into a larger system. This applies for both physical and logical access system and actions such as access to any desktop application or access to a room via a doorway are effected by a biometric match.However, not every system can be classified as physical or logical access as the end result does not indicate access to data or a physical location and the result therefore may be to investigate more. An ATM secured by biometrics allows access to money, a physical entity. This is made possible by allowing the user logical access to his or her data. In the example above, the application is even difficult to tell as either physical or logical.Thieme (2002, p. 15) suggested that the distinction between physical and logical access systems is a valuable tool in understanding biometric. He noted that key criteria such accuracy , fallback procedures, privacy requirements, costs, response time and complexity of integration all vary effectively when pitiful from logical to physical access.WHAT ARE BIOMETRIC STANDARDSStapleton (2003, p. 167) defined a standard in a general term as a published document, developed by a recognized authority, which defines a set of policies and practices, technical or security requirements, techniques or mechanisms, or describes some other abstract concept or model. The growth of the biometric industry has been relatively slowed by the absence of industry wide standards and this has also impeded various types of biometric deployment. Nanavati (2002, p. 277) stated that the relative callowness of the technology in use, coupled with the disunified nature of the industry, has impacted the developments of standards resulting in a sporadic and frequently redundant standards. Nanavati also noted that the live-scan fingerprint imagery is the only segment of biometric industry with wid ely accepted and adopted standards. Due to this absence of biometric standards, some institutions have been concerned of being tied into technologies they actually believed as not mature or even developmental.However in an effort to actively address the standards issue, the biometric industry has finalized some blueprints and the process of getting industries to accept these standards is ongoingWHY IS STANDARDIZATION NECESSARY?The high rate of biometric development and rapid growth in adoption of biometric technologies in recent years has resulted in ever-increasing levels of what is expected in terms of accuracy, adaptability, and reliability in an ever-wider range of applications. Due to the adoption of biometric technologies in large-scale national and international applications, involving a potentially unlimited range of stakeholders, Farzin Deravi (2008, p. 483) stated that it has become essential to address these expectations by ensuring agreed common frameworks for implement ation and evaluation of biometric technologies through standardization activities.Majority of biometric systems, including both the hardware and software are made and sold by the owner of the patent at this stage in their development. They are being proprietary in numerous aspects including the manner in which biometric devices and systems as a whole communicate with applications, the method of extracting features from a biometric sample, and among many more, the method of storing and retrieving biometric data. This resulted in many companies in most cases, being unify to a particular technology, once they agree to implement that particular technology. Nanavati (2002, p. 278) stated that in order to incorporate a new technology, the companies are required to rebuild their system from scratch upward, and in some cases duplicating much of the deployment effort.Deravi (2008 p. 483) noted that the need for interoperability of biometric systems across national boundaries has implied a r apid escalation of standardization efforts to the international arena, stating that the sense of urgency for the need for standardization has been the priority of internal security concerns.The industry wide or universal adoption of biometric standard will not make biometric technology interoperable at least, to the state where an old device can be replaced by a new device without rebuilding the system. However, Nanavati (2002 p. 278) argued the core algorithms through which vendors locate and extract biometric data are very unlikely to be interoperable or standardized, the reason being that these algorithms represents the basis of most vendors intellectual property.Numerous reasons are responsible for the penury towards standardization. These include the desire for reducing the overall cost of deploying biometrics technologies and optimise the reliability of biometric systems, to reduce the risk of deploying solutions to biometric problems, to ensure in the area of encoding and file format, that the basic building blocks of biometric data management have been developed based on best practice by industry professionals.Nanavati (2002 p. 278) concluded that standards ensure that, in the future, biometric technology will be developed and deployed in accordance with generally accepted principles of information technology.EXISTING BIOMETRIC STANDARDSShoniregun and Crosier (2008 p. 22) stated that the evolving interest and developments have made developments of standards a necessity with the sole aim of allowing compatibility of different systems. The detailed standards in the Biometrics Resource Centre (2002) report are summarised belowCommon Biometric Exchange File Format (CBEFF)The Common Biometric Exchange File Format (CBEFF) sets a standard for the data elements essential in supporting biometric technology in a common way irrespective of the application involved or the domain in use. It makes data interchange between systems and their components easier, whil e promoting interoperability applications, programs as well as systems based on biometrics.INCITS MI-Biometrics Technical CommitteeThe committee which was established by the administrator Board of the International Committee for Information Technology standards (INCITS) with the responsibility to ensure a focused and reasonably comprehensive approach in the United States for the rapid development and approval of previous national and international generic biometric standards (Shoniregun ad Crosier 2008, p. 22)BioAPI Specification (Version 1.1)The BioAPI standard defines the architecture for biometric systems integration in a single computer system. (Deravi 2008, p. 490). The Bio API specification has been one of the most popular standards efforts since it was formed in April 1998 according to Nanavati (2002, p. 279). Nnavati stated that the standard was formed to develop an API that is both widely accepted and widely available while being compatible with various biometric technolog ies.Other general standards available are Human Recognition Module (HRS), ANSI/NIST-ITL 1-2000, American Association for Motor Vehicle formation and American National Standards Institute (ANSI) which specifies the acceptable security requirements necessary for effective management of biometric data especially for the financial services industry.BRITISH BIOMETRICS STANDARDSThe British Standards Institution (BSI) commenced work in June 2004 on biometrics standards and since then, has published according to Shoniregun and Crosier (2008, p. 24) a set of four new BS ISO/IEC 19794 STANDARDS, reported to have covered the science of biometrics, and using biological characteristics in identifying individuals. The objective of publishing these standards is to promote interoperability between the several products in the market.BS ISO/IEC 19784-22007This standard defines the interface to an archive Biometric Function Provider (BFP). The interface assumes that the self-contained biometrics dat a will be managed as a database, irrespective of its physical realization. Crosier (2008, p. 24) defined the physical realization as smartcards, token, memory sticks, files on hard drives and any other kind of memory can be handled via an abstraction layer presenting a database interface.)BS ISO/IEC 19795-22006According to Shoniregun (2008, p. 25), this standard provides recommendations and requirements on collection of data, analysis as well as reporting specific to two types of evaluation (scenario evaluation and technology evaluation). BS ISO/IEC 19795-22006 get ahead specifies the requirements in the development and full description of protocols for scenario and technology evaluations and also, in murder and reporting biometric evaluations.BS ISO/IEC 24709-12007ISO/IEC 24709-12007 specifies the concepts, framework, test methods and criteria required to test conformity of biometric products claiming conformance to BioAPI (ISO/IEC 19784-1). (www.iso.org). Crosier (2008, p. 25) s tated ISO/IEC 24709-12007 specifies three conformance testing models which allows conformance testing of each of the BioAPI components mainly a framework, an application and a BSP.BS ISO/IEC 24709-22007The standard BS ISO/IEC 247 defines a number of test assertions composed in the assertion language explicitly required in ISO/IEC 24709-1. The assertions allow a user to test the conformance of any biometric server producer (BSP) that claims to be a conforming implementation of that International Standard to ISO/IEC 19784-1 (BioAPI 2.0) (www.iso.org).BIOMETRICS AND PRIVACYThe fact that biometric technologies are based on measuring physiological or behavioral and archiving these data has raised concerns on privacy risks, and also raised raillery on the role biometrics play when it comes to privacy. As stated by Nanavati (2002, p. 237), increase in the use of biometric technology in the public sector, study and even at home has raised the following questionsWhat are the main privacy c oncerns relating to biometric usage?What kinds of biometric deployments need stronger protections to avoid invading privacy?What biometric technologies are more prone to privacy-invasive usage?What kinds of protections are required to ensure biometrics are used in a non privacy-invasive way?Woodward (2003, p. 197) cited President Clintons barbarism in his commencement address at Morgan State University in 1997 The right to privacy is one of our most cherished freedomsWe must develop new protections for privacy in the face of new technological reality.Recently, Biometrics has been progressively deployed to improve security and a very important tool to fleck terrorism. Privacy issue is central to biometrics and many people believe that deploying biometrics poses a considerable level of risk to human rights, even though some are of the opinion that biometrics actually protect privacy.Human factors influence the success of a biometric-based identification system to a great extent. Th e ease as well as comfort in interaction with a biometric system contributes to how people accept it.Jain, Ross and Prabhakar (2004 p. 24) stated an example of a biometric system being able to measure the characteristic of a users without touching, such as those using voice, face, or iris, and concluded that it may be perceived to be a more user-friendly and hygienic system by the users. They added that on the other hand, biometric characteristics not requiring user participation or interaction can be recorded without the knowledge of the user, and this is perceived as a threat to human privacy by many individuals.According to Sim (2009, p. 81), biometrics compared to other security technologies has significant impacts on users privacy (Civil Liberties). It can protect privacy when deployed in an appropriate manner but when misused, it can result in loss of privacy.ADVANTAGES OF BIOMETRIC OVER TRADITIONAL METHODSPassword and PINs have been the most frequently used authentication met hod. Their use involves controlling access to a building or a room, securing access to computers, network, the applications on the personal computers and many more. In some higher security applications, handheld tokens such as key fobs and smart cards have been deployed. Due to some problems related to these methods, the suitability and reliability of these authentication technologies have been questioned especially in this modern world with modern applications. Biometrics offer some benefits compare to these authentication technologies.INCREASED SECURITYBiometric technology can provide a higher degree of security compared to traditional authentication methods. Chirillo (2003 p. 2) stated that biometrics is preferred over traditional methods for many reasons which include the fact that the physical presence of the authorized person is required at the point of identification. This means that only the authorized person has access to the resources.Effort by people to manage several pas swords has left many choosing easy or general words, with considerable number writing the

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.