Book

Generally, the study of measurable biological characteristics. In computer ​security​, biometrics

refers to ​authentication​ techniques that rely on measurable physical characteristics that can be
automatically checked.

Biometric devices normally capture information about a person the first time she uses it. That
information is linked to her and other information such as driving license details, weapon license
detail etc., creating a file.
For example, a person may need to enter a premises that grants access upon fingerprint verification.
The first time, the person’s fingerprint will be recorded and attached to her name and photo. It is
also possible that other information, such as the make, model, and registration number of her
vehicle, can be linked to that fingerprint.
The two primary uses for biometric devices are identification and verification. These may sound as
if they are the same but they can actually be very different. A facial recognition device may be used
to identify a person who enters a building and is granted an access pass. The captured information
may only be useful thereafter if it is necessary to identify who the access pass was given to. If that
person ever returns, he may be subjected to the same process again.

Verification generally involves reidentifying someone using a biometric device. An example of

such a case would be an iris scan that grants access to classified areas in a building. In this case, a
person will use the device numerous times to confirm her identity and deem her qualified for entry.
There are many important factors to be considered with biometric devices. One, which leads to the
use of these devices being controversial, is security. Many people have argued against using
biometric devices because the information captured is so sensitive. If it is not properly protected and
is accessed by people with bad intentions, a great deal of harm can be done.
Accuracy is also important. This is one area, however, that can present challenges to the use of
biometric devices. Many are designed to capture a person’s characteristics exactly as they are
without the ability to allow for potential changes. If, for example, a facial recognition system is
used and a person is in an accident that damages his face, serious problems can arise. It may be
difficult or impossible to get the system to accept the change.
Capacity is another issue. Biometric devices are generally linked to some type of storage
mechanism that stores the captured data. These usually have limits. It is important for sufficient
storage space to be considered when plans are made to utilize biometric devices. How long a
person’s information is stored generally depends on the design of the system.

When referring to computers and security, ​biometrics​ is the identification of a person by the
measurement of their biological features. For example, a user identifying themselves to a computer
or building by their finger print or voice is considered a biometrics identification. When compared
to a ​password​, this type of system is much more difficult to fake since it is unique to the person.
Below is a listing of all known biometric devices.
Other common methods of a biometrics scan are a person's face, hand, iris, and retina.
vein​: the analysis of pattern of veins in the back if the hand and the wrist
 ● Face scanner​ - Biometric face scanners identify a person by taking measurements of a
person face. For example, the distance between the persons chin, eyes, nose, and mouth.
These types of scanners can be very secure assuming they are smart enough to distinguish
between a picture of a person and a real person.
● Hand scanner​ - Like your finger print, the palm of your hand is also unique to you. A
biometric hand scanner will identify the person by the palm of their hand.
● Finger scanner​ - Like the picture shown on this page a biometric finger scanner identifies
the person by their finger print. These can be a secure method of identifying a person,
however, cheap and less sophisticated finger print scanners can be duped a number of ways.
For example, in the show Myth Busters they were able to fake a finger print using a Gummy
Bear candy treat.
● Retina or iris scanner​ - A biometric retina or iris scanner identifies a person by scanning
the iris or retina of their eyes. These scanners are more secure biometric authentication
schemes when compared to the other devices because there is no known way to duplicate the
retina or iris.
● Voice scanner​ - Finally, a voice analysis scanner will mathematically break down a person's
voice to identify them. These scanners can help improve security but with some less
sophisticated scanners can be bypassed using a tape recording.
●

Uses:
Thumb scanner: Door locks, airports, entries, attendance system, Fingerprints can be lifted off of
biometrics

Advantages of using biometric systems:

Time saving, effortless security (no password saving), database hackable, employee can

One disadvantage of biometrics is cost. Different biometric technologies need the use of different
devices that have a range of costs. Also the use of these biometric devices may cause delay in
people’s day. People are concerned they will have to wait in line to get scanned or finger printed to
gain access to a building or school.

More disadvantages deriving from using the finger-scan are, “some users cannot be enrolled
because of unreadable fingerprints, whether due to damage, age or ethnicity”

A second disadvantage is the fact that people are concerned they might have to touch a device that
someone else has to touch which could cause the spread of germs.
Disadvantages from the iris-scan are some individuals are difficult to capture. Also the iris can be
easily obscured by eyelashes, eyelids, lens and reflections from the cornea. There is also a lack of
existing data which deters the ability to use for background or watch list checks.

Face recognition also has disadvantages that come along with it. The face can be obstructed by hair,
glasses, hats, scarves, etc. Also changes in lighting or facial expressions can throw off the device. A
third disadvantage related to face recognition is that people’s faces change over time. In order for
face recognition to be accurate “images are most accurate when taken facing the acquisition camera
and not sharp angles. The users face must be lit evenly, preferably from the front,” (SANS Institute,
2003). This is not always possible and can be very hard to do in some environments.

More biometric technologies that have disadvantages linked to them include voice, signature, and
hand geometry verification. With voice verification there needs to be as little background noise as
possible or the spoken phrase will not be registered accurately. With signature verification the
problem happens when people’s signatures change over time and are not always consistent. And
lastly, hand geometry verification is a high cost service and needs device of a large size to carry out
the task.

The password method is the cheapest and simplest technology, because it only requires elementary
software resources.
On the other hand, this system is easily attackable, since he is quite simple to obtain the data from a
person, either extracting the information to the person itself using deceits, or attacking the software
of the system. For example, it can be easily installed in the computer, a program that simulates the
“user name and password” window, so that when the user introduces his data in that window, that
will be collected by the “Spy” program. Immediately after this, it appears the true window,
identical, and the user will simply believe that he has been mistaken. So, this method, in spite of
being usually used, for example, to access banking accounts, is not at all the most indicated if we
want a safe system, and in a short-time future is tried to be changed by most immune methods.

The Smart Cards are very useful since they can be easily combined with other authentication
systems, serving as storage system. Self-containment of smart card makes it resistant to attack as it
does not need to depend upon potentially vulnerable external resources. But its small size and bend
requirements (which are designed to protect the card physically), limits the memory and processing
resources. And used like the only identification system, is not excessively trustworthy, since it can
be easily stolen, lost or simply forgotten at home. Besides, sometimes they are combined with
cryptography methods, which makes them more difficult (more expensive) to implement.

The Digital Signature is very difficult to falsify, since is encrypted by complicated mathematic
operations. It is considered that is even less falsifiable than the manual signature recognition
(although this last is already enough trustworthy).

The advantage that Biometrics presents is that the information is unique for each individual and that
it can identify the individual in spite of variations in the time (it does not matter if the first biometric
sample was taken year ago).The pillars of e-learning security are: authentication, privacy (data
confidentiality) authorization (access control), data integrity and non-repudiation. Biometric is a
technique that can provide all this requirements with quite lot reliability.

Although biometrics is considered the most effective and safe method (is very difficult to falsify),
we have to bear in mind its disadvantages, for example, that since it is a relative new technology, it
is not still integrated in PC, so IT departments need to make a conscious decision before making the
purchase and change its structure.
We also have to consider the advantages and disadvantages of each individual system. In the next
paragraphs, we will make an enumeration of the problems that these techniques can present:
 Facial recognition:

Advantages:

a. Non intrusive
b. Cheap technology.

Disadvantages

a. 2D recognition is affected by changes in lighting, the person’s hair, the age, and if the person
wear glasses.
b. Requires camera equipment for user identification; thus, it is not likely to become popular until
most PCs include cameras as standard equipment.

Voice recognition:

Advantages:

a. Non intrusive. High social acceptability.

b. Verification time is about five seconds.
c. Cheap technology.

Disadvantages:

a. A person’s voice can be easily recorded and used for unauthorised PC or network.
b. Low accuracy.
c. An illness such as a cold can change a person’s voice, making absolute identification difficult or
impossible.

Signature recognition:

Advantages:
a. Non intrusive.
b. Little time of verification (about five seconds).
c. Cheap technology.

Disadvantages:

a. Signature verification is designed to verify subjects based on the traits of their unique signature.
As a result, individuals who do not sign their names in a consistent manner may have difficulty
enrolling and verifying in signature verification.
b. Error rate: 1 in 50.

DNA:

Advantages:

a. Very high accuracy.

b. It impossible that the system made mistakes.
c. It is standardized.

Disadvantages:

a. Extremely intrusive.
b. Very expensive.

Retinal scanning:

Advantages:

a. Very high accuracy.

b. There is no known way to replicate a retina.
c. The eye from a dead person would deteriorate too fast to be useful, so no extra precautions have
to been taken with retinal scans to be sure the user is a living human being.

Disadvantages:

a. Very intrusive.
b. It has the stigma of consumer's thinking it is potentially harmful to the eye.
c. Comparisons of template records can take upwards of 10 seconds, depending on the size of the
database.
d. Very expensive.

Iris recognition:

Advantages:

a. Very high accuracy.

b. Verification time is generally less than 5 seconds.
c. The eye from a dead person would deteriorate too fast to be useful, so no extra precautions have
to been taken with retinal scans to be sure the user is a living human being.

Disadvantages:

a. Intrusive.
b. A lot of memory for the data to be stored.
c. Very expensive

Fingerprint:

Advantages:
a. Very high accuracy.
b. Is the most economical biometric PC user authentication technique.
c. it is one of the most developed biometrics
d. Easy to use.
e. Small storage space required for the biometric template, reducing the size of the database
memory required
f. It is standardized.

Disadvantages:

a. For some people it is very intrusive, because is still related to criminal identification.
b. It can make mistakes with the dryness or dirty of the finger’s skin, as well as with the age (is not
appropriate with children, because the size of their fingerprint changes quickly).
c. Image captured at 500 dots per inch (dpi). Resolution: 8 bits per pixel. A 500 dpi fingerprint
image at 8 bits per pixel demands a large memory space, 240 Kbytes approximately →
Compression required (a factor of 10 approximately).

Hand Geometry:

Advantages:
a. Though it requires special hardware to use, it can be easily integrated into other devices or
systems.
b. It has no public attitude problems as it is associated most commonly with authorized access.
c. The amount of data required to uniquely identify a user in a system is the smallest by far,
allowing it to be used with ​SmartCards​ easily.

Disadvantages:
a. Very expensive
b. Considerable size.
c. It is not valid for arthritic person, since they cannot put the hand on the scanner properly.

Some interesting information regarding the uses of biometric technology:

Keyboard That Knows Who’s Typing On It