Biometric authentication methods


Introduction

There are three methods for authentication. Most widely used is “what you know”, which requires to provide secret information like login and password, pin code or passphrase. The second method is “something you have”, which will require a magnetic card, card with RFID chip, flash card or smart card. The third method is “what you are”, these methods will require providing something which is unique for you and cannot be passed to someone else, it can be fingerprints, voice, retina or face geometry scans. “What you are” method is also called biometric method and based on biometrical characteristics which distinguish one person from another (Cavoukian, 1997).

Present

Let call “what you know” and “what you have” methods “traditional”. Traditional methods are about not to identify a subject as a such, and tools used for authentication are easy to forget and loos. The oldest and still used biometric authentication method is handwriting signatures, which is very weak authentication mechanism by itself, since there is no authentication device but a human factor which should visually confirm the sample signature with original one. Another method is face recognition based on photos printed in Passport or ID like driving license or bank card. This method also weak since based on human check and the experiment in Scottish bank is a good example (Baggot 1995). Biometric authentication is not so used in nowadays since implementation of it sometimes cost money and this method is more expensive than others. It is also not perfect and has problems with quality. Since biometric scanner is an input device and a material which should be scanned can be injured, wet or sick (V´aclav Maty´aˇs and Zdenˇek, 2010). Fingerprints authentication is widely distributed now. It is commonly used in airports, for visa registration and OS authentication. Almost all notebooks now have embedded fingerprint reader which can be used for authentication to unlock operating system. Also another disadvantage exists in some types of authentications like face and voice recognition, the factors can become old and from time to time should be refreshed.

Attacks

Biometric authentication if it is not based on human factor like handwriting signature of face identification has the most strength than traditional authentication methods. Definitely authentication process based on two factors will be more secure. It means that biometric authentication can be combined with traditional method and subject will need to provide fingerprint and password or smart card at the same time. Biometric authentication method is not the perfect one and has some vulnerabilities. Attacker can present fake biometric to a scanner like synthetic fingerprint, face or iris. Reply attack can be done by presenting intercepted biometric data. The attack on template database where new template can be inserted, and removed all edited an existing template. And there is always small percentage of error where fake biometric can be very close to original (Ratha, 2001).

Conclusion

Biometric authentication was used from ancient times and since technologies become cheaper we should expect to see more scanning devises based on different measures which will decrease human factor and increase security. Biometric passports already take part in our life where fingerprints and other measures will be stored and we spend less time in airport queues and in places where biometric authentication will be implemented (Melanie, 2012).

References

Cavoukian Ann, 1997, “Biometrics backgrounder: Fingerprints vs. Finger scans”, [online], available from http://www.ontla.on.ca/library/repository/mon/1000/10294135.htm (last accessed 06 July 2012)
V´aclav Maty´aˇs and Zdenˇek R´ıha, 2010, “Biometric Authentication-security and usability”, [online], available from http://www.fi.muni.cz/usr/matyas/cms_matyas_riha_biometrics.pdf (last accessed 06 July 2012)
M Baggot, 1995, “The smart way to fight fraud”, Scottish Banker, pp 32-33
N.K. Ratha, J.H. Connell, and R.M. Bolle,  2001, “An analysis of minutiae matching strength”, Proc. AVBPA 2001, Third International Conference on Audio- and Video-Based Biometric Person Authentication, pp. 223-228.
Melanie Gower, 2012, “Biometric passports - Commons Library Standard Note”, UK Parliament Library, [online], available from http://www.parliament.uk/briefing-papers/SN04126 (last accessed 08 July 2012)

Comments

Popular posts from this blog

How to poll database using WCF-SQL adapter

SQL query timeout from application but works fast from SSMS