Biometric authentication methods
Introduction
There are three methods for authentication.
Most widely used is “what you know”, which requires to provide secret
information like login and password, pin code or passphrase. The second method
is “something you have”, which will require a magnetic card, card with RFID chip,
flash card or smart card. The third method is “what you are”, these methods
will require providing something which is unique for you and cannot be passed
to someone else, it can be fingerprints, voice, retina or face geometry scans.
“What you are” method is also called biometric method and based on biometrical
characteristics which distinguish one person from another (Cavoukian, 1997).
Present
Let call “what you know” and “what you
have” methods “traditional”. Traditional methods are about not to identify a
subject as a such, and tools used for authentication are easy to forget and
loos. The oldest and still used biometric authentication method is handwriting
signatures, which is very weak authentication mechanism by itself, since there
is no authentication device but a human factor which should visually confirm
the sample signature with original one. Another method is face recognition
based on photos printed in Passport or ID like driving license or bank card.
This method also weak since based on human check and the experiment in Scottish
bank is a good example (Baggot 1995). Biometric authentication is not so used
in nowadays since implementation of it sometimes cost money and this method is
more expensive than others. It is also not perfect and has problems with
quality. Since biometric scanner is an input device and a material which should
be scanned can be injured, wet or sick (V´aclav Maty´aˇs and Zdenˇek, 2010).
Fingerprints authentication is widely distributed now. It is commonly used in
airports, for visa registration and OS authentication. Almost all notebooks now
have embedded fingerprint reader which can be used for authentication to unlock
operating system. Also another disadvantage exists in some types of
authentications like face and voice recognition, the factors can become old and
from time to time should be refreshed.
Attacks
Biometric authentication if it is not based
on human factor like handwriting signature of face identification has the most
strength than traditional authentication methods. Definitely authentication
process based on two factors will be more secure. It means that biometric
authentication can be combined with traditional method and subject will need to
provide fingerprint and password or smart card at the same time. Biometric
authentication method is not the perfect one and has some vulnerabilities.
Attacker can present fake biometric to a scanner like synthetic fingerprint,
face or iris. Reply attack can be done by presenting intercepted biometric
data. The attack on template database where new template can be inserted, and
removed all edited an existing template. And there is always small percentage
of error where fake biometric can be very close to original (Ratha, 2001).
Conclusion
Biometric authentication was used from
ancient times and since technologies become cheaper we should expect to see
more scanning devises based on different measures which will decrease human factor
and increase security. Biometric passports already take part in our life where
fingerprints and other measures will be stored and we spend less time in airport
queues and in places where biometric authentication will be implemented (Melanie,
2012).
References
Cavoukian Ann, 1997, “Biometrics backgrounder:
Fingerprints vs. Finger scans”, [online], available from http://www.ontla.on.ca/library/repository/mon/1000/10294135.htm
(last accessed 06 July 2012)
V´aclav Maty´aˇs and Zdenˇek R´ıha, 2010,
“Biometric Authentication-security and usability”, [online], available from http://www.fi.muni.cz/usr/matyas/cms_matyas_riha_biometrics.pdf
(last accessed 06 July 2012)
M Baggot, 1995, “The smart way to fight
fraud”, Scottish Banker, pp 32-33
N.K. Ratha, J.H. Connell, and R.M.
Bolle, 2001, “An analysis of minutiae
matching strength”, Proc. AVBPA 2001, Third International Conference on Audio-
and Video-Based Biometric Person Authentication, pp. 223-228.
Melanie Gower, 2012, “Biometric passports -
Commons Library Standard Note”, UK Parliament Library, [online], available from
http://www.parliament.uk/briefing-papers/SN04126
(last accessed 08 July 2012)
Comments