Biometric authentication methods


Introduction

There are three methods for authentication. Most widely used is “what you know”, which requires to provide secret information like login and password, pin code or passphrase. The second method is “something you have”, which will require a magnetic card, card with RFID chip, flash card or smart card. The third method is “what you are”, these methods will require providing something which is unique for you and cannot be passed to someone else, it can be fingerprints, voice, retina or face geometry scans. “What you are” method is also called biometric method and based on biometrical characteristics which distinguish one person from another (Cavoukian, 1997).

Present

Let call “what you know” and “what you have” methods “traditional”. Traditional methods are about not to identify a subject as a such, and tools used for authentication are easy to forget and loos. The oldest and still used biometric authentication method is handwriting signatures, which is very weak authentication mechanism by itself, since there is no authentication device but a human factor which should visually confirm the sample signature with original one. Another method is face recognition based on photos printed in Passport or ID like driving license or bank card. This method also weak since based on human check and the experiment in Scottish bank is a good example (Baggot 1995). Biometric authentication is not so used in nowadays since implementation of it sometimes cost money and this method is more expensive than others. It is also not perfect and has problems with quality. Since biometric scanner is an input device and a material which should be scanned can be injured, wet or sick (V´aclav Maty´aˇs and Zdenˇek, 2010). Fingerprints authentication is widely distributed now. It is commonly used in airports, for visa registration and OS authentication. Almost all notebooks now have embedded fingerprint reader which can be used for authentication to unlock operating system. Also another disadvantage exists in some types of authentications like face and voice recognition, the factors can become old and from time to time should be refreshed.

Attacks

Biometric authentication if it is not based on human factor like handwriting signature of face identification has the most strength than traditional authentication methods. Definitely authentication process based on two factors will be more secure. It means that biometric authentication can be combined with traditional method and subject will need to provide fingerprint and password or smart card at the same time. Biometric authentication method is not the perfect one and has some vulnerabilities. Attacker can present fake biometric to a scanner like synthetic fingerprint, face or iris. Reply attack can be done by presenting intercepted biometric data. The attack on template database where new template can be inserted, and removed all edited an existing template. And there is always small percentage of error where fake biometric can be very close to original (Ratha, 2001).

Conclusion

Biometric authentication was used from ancient times and since technologies become cheaper we should expect to see more scanning devises based on different measures which will decrease human factor and increase security. Biometric passports already take part in our life where fingerprints and other measures will be stored and we spend less time in airport queues and in places where biometric authentication will be implemented (Melanie, 2012).

References

Cavoukian Ann, 1997, “Biometrics backgrounder: Fingerprints vs. Finger scans”, [online], available from http://www.ontla.on.ca/library/repository/mon/1000/10294135.htm (last accessed 06 July 2012)
V´aclav Maty´aˇs and Zdenˇek R´ıha, 2010, “Biometric Authentication-security and usability”, [online], available from http://www.fi.muni.cz/usr/matyas/cms_matyas_riha_biometrics.pdf (last accessed 06 July 2012)
M Baggot, 1995, “The smart way to fight fraud”, Scottish Banker, pp 32-33
N.K. Ratha, J.H. Connell, and R.M. Bolle,  2001, “An analysis of minutiae matching strength”, Proc. AVBPA 2001, Third International Conference on Audio- and Video-Based Biometric Person Authentication, pp. 223-228.
Melanie Gower, 2012, “Biometric passports - Commons Library Standard Note”, UK Parliament Library, [online], available from http://www.parliament.uk/briefing-papers/SN04126 (last accessed 08 July 2012)

Comments

Post a Comment

Popular posts from this blog

How to poll database using WCF-SQL adapter

Image
1. Create database and tables2. Create stored procedure 3. Create BizTalk project 4. Create orchestration 5. Consume WCF-SQL 6. Write received data to file share


First create TESTWCFSQL database from you SQL Management studio Run the script to create table:
USE TESTWCFSQL GO
IF OBJECT_ID('dbo.MainData', 'U') IS NOT NULL DROP TABLE dbo.MainData GO
CREATE TABLE dbo.MainData ( MainDataID int primary key identity(1,1), FirstName nvarchar(30), LastName nvarchar(30), Amount int ) GO

Run script in SQL management studio to create procedure
IF EXISTS ( SELECT * FROM INFORMATION_SCHEMA.ROUTINES WHERE SPECIFIC_SCHEMA = N'dbo' AND SPECIFIC_NAME = N'PollData' ) DROP PROCEDURE dbo.PollData GO
CREATE PROCEDURE dbo.PollData AS select MainDataID, FirstName, LastName, Amount from dbo.MainData delete from dbo.MainData GO
insert some sample lines executing
use TESTWCFSQL
insert into MainData (FirstName, LastName, Amount) values (N'Patrick', N'Cash', 1000), (N&#…
Read more

SQL query timeout from application but works fast from SSMS

Image
Recently faced very strange problem. Application which was working great during last two years just suddenly had timeout on one particular page. The page was always very fast and was showing just last 12 records from the table.

So I did what always was doing to check slow performing query, started SQL Profiler to trace the query. Query by itself is pretty complex and had a lot of parameters, Profiler is the best tool I think in that cases.

After I easily found long running query in Profiler I copy pasted it into SSMS and what a surprize query just run in 300ms. Meanwhile the query from UI (asp.net) was running almost 2 minutes.

The first to be different is session variables. To get info about sessions you can just select from the sys.dm_exec_sessions table.
more info about table https://docs.microsoft.com/en-us/sql/relational-databases/system-dynamic-management-views/sys-dm-exec-sessions-transact-sql

Easy way to compare between sessions:

SELECT
    session_id,
    [ansi_defaults],
    …
Read more