Biometrics: Authentication Not Using Passwords
Some sophisticated authentication
devices are now available. These devices include handprint detectors, voice
recognizers, and identifiers of patterns in the retina. Authentication with
such devices uses unforgeable physical characteristics to authenticate users.
The cost continues to fall as these devices are adopted by major markets; the
devices are useful in very high security situations. In this section we
consider a few of the approaches available.
Biometrics are biological
authenticators, based on some physical characteristic of the human body. The
list of biometric authentication technologies is still growing. Now there are
devices to recognize the following biometrics: fingerprints, hand geometry
(shape and size of fingers), retina and iris (parts of the eye), voice, handwriting,
blood vessels in the finger, and face. Authentication with biometrics has
advantages over passwords because a biometric cannot be lost, stolen,
forgotten, lent, or forged and is always available, always at hand, so to
speak.
Identification versus Authentication
Two concepts are easily
confused: identification and authentication. Biometrics are very reliable for
authentication but much less reliable for authentication. The reason is
mathematical. All biometric readers operate in two phases: First, a user
registers with the reader, during which time a characteristic of the user (for
example, the geometry of the hand) is captured and reduced to a template or
pattern. During registration, the user may be asked to present the hand several
times so that the registration software can adjust for variations, such as how
the hand is positioned. Second, the user later seeks authentication from the
system, during which time the system remeasures the hand and compares the new
measurements with the stored template. If the new measurement is close enough
to the template, the system accepts the authentication; otherwise, the system
rejects it. Every template is thus a pattern of some number of measurements.
Unless every template is
unique, that is, no two people have the same measured hand geometry, the system
cannot uniquely identify subjects. However, as long as it is unlikely that an
imposter will have the same biometric template as the real user, the system can
authenticate. The difference is between a system that looks at a hand geometry
and says "this is Captain Hook" (identification) versus a man who
says "I, Captain Hook, present my hand to prove who I am" and the
system confirms "this hand matches Captain Hook's template" (authentication).
Biometric authentication is feasible today; biometric identification is largely
still a research topic.
Problems with Biometrics
There are several problems
with biometrics:
Biometrics are relatively
new, and some people find their use intrusive. Hand geometry and face
recognition (which can be done from a camera across the room) are scarcely
invasive, but people have real concerns about peering into a laser beam or
sticking a finger into a slot. (See [SCH06a]
for some examples of people resisting biometrics.)
Biometric recognition devices
are costly, although as the devices become more popular, their costs go down.
Still, outfitting every user's workstation with a reader can be expensive for a
large company with many employees.
All biometric readers use
sampling and establish a threshold for when a match is close enough to accept.
The device has to sample the biometric, measure often hundreds of key points,
and compare that set of measurements with a template. There is normal
variability if, for example, your face is tilted, you press one side of a
finger more than another, or your voice is affected by an infection. Variation
reduces accuracy.
Biometrics can become a
single point of failure. Consider a retail application in which a biometric
recognition is linked to a payment scheme: As one user puts it, "If my
credit card fails to register, I can always pull out a second card, but if my
fingerprint is not recognized, I have only that one finger." Forgetting a
password is a user's fault; failing biometric authentication is not.
Although
equipment is improving, there are still false readings. We label a "false
positive" or "false accept" a reading that is accepted when it
should be rejected (that is, the authenticator does not match) and a
"false negative" or "false reject" one that rejects when it
should accept. Often, reducing a false positive rate increases false negatives,
and vice versa. The consequences for a false negative are usually less than for
a false positive, so an acceptable system may have a false positive rate of
0.001 percent but a false negative rate of 1 percent.
The speed at which a
recognition must be done limits accuracy. We might ideally like to take several
readings and merge the results or evaluate the closest fit. But authentication
is done to allow a user to do something: Authentication is not the end goal but
a gate keeping the user from the goal. The user understandably wants to get
past the gate and becomes frustrated and irritated if authentication takes too
long.
Although we like to think of biometrics as
unique parts of an individual, forgeries are possible. The most famous example
was an artificial fingerprint produced by researchers in Japan [MAT02]. Although difficult and uncommon, forgery
will be an issue whenever the reward for a false positive is high enough.
Sidebar
4-5: Using Cookies for Authentication
On the web, cookies are often used for
authentication. A cookie is a pair of data items sent to the web browsing
software by the web site's server. The data items consist of a key and a value,
designed to represent the current state of a session between a user and a web
site. Once the cookie is placed on the user's system (usually in a directory
with other cookies), the browser continues to use it for subsequent interaction
between the user and that web site. Each cookie is supposed to have an
expiration date, but that date can be modified later or even ignored.
For example, The Wall Street Journal 's
web site, wsj.com, creates a cookie when a user first logs in. In
subsequent transactions, the cookie acts as an identifier; the user no longer
needs a password to access that site. (Other sites use the same or a similar
approach.)
It is important that users be protected
from exposure and forgery. That is, users may not want the rest of the world to
know what sites they have visited. Neither will they want someone to examine
information or buy merchandise online by impersonation and fraud. However, Sit
and Fu [SIT01] point out that cookies were not designed for protection.
There is no way to establish or confirm a cookie's integrity, and not all sites
encrypt the information in their cookies.
Sit and Fu
also point out that a server's operating system must be particularly vigilant
to protect against eavesdropping: "Most HTTP exchanges do not use SSL to
protect against eavesdropping; anyone on the network between the two computers
can overhear the traffic. Unless a server takes strong precautions, an
eavesdropper can steal and reuse a cookie, impersonating a user
indefinitely."
Sometimes overlooked in the
authentication discussion is that credibility is a two-sided issue: The system
needs assurance that the user is authentic, but the user needs that same
assurance about the system. This second issue has led to a new class of computer
fraud called phishing, in which an unsuspecting user submits sensitive
information to a malicious system impersonating a trustworthy one. Common
targets of phishing attacks are banks and other financial institutions because
fraudsters use the sensitive data they obtain from customers to take customers'
money from the real institutions. We consider phishing in more detail in Chapter 7.
Authentication is essential for an operating
system because accurate user identification is the key to individual access
rights. Most operating systems and computing system administrators have applied
reasonable but stringent security measures to lock out illegal users before
they can access system resources. But, as reported in Sidebar 4-5, sometimes an inappropriate mechanism
is forced into use as an authentication device.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.