Biometric authentication methods


Introduction

There are three methods for authentication. Most widely used is “what you know”, which requires to provide secret information like login and password, pin code or passphrase. The second method is “something you have”, which will require a magnetic card, card with RFID chip, flash card or smart card. The third method is “what you are”, these methods will require providing something which is unique for you and cannot be passed to someone else, it can be fingerprints, voice, retina or face geometry scans. “What you are” method is also called biometric method and based on biometrical characteristics which distinguish one person from another (Cavoukian, 1997).

Present

Let call “what you know” and “what you have” methods “traditional”. Traditional methods are about not to identify a subject as a such, and tools used for authentication are easy to forget and loos. The oldest and still used biometric authentication method is handwriting signatures, which is very weak authentication mechanism by itself, since there is no authentication device but a human factor which should visually confirm the sample signature with original one. Another method is face recognition based on photos printed in Passport or ID like driving license or bank card. This method also weak since based on human check and the experiment in Scottish bank is a good example (Baggot 1995). Biometric authentication is not so used in nowadays since implementation of it sometimes cost money and this method is more expensive than others. It is also not perfect and has problems with quality. Since biometric scanner is an input device and a material which should be scanned can be injured, wet or sick (V´aclav Maty´aˇs and Zdenˇek, 2010). Fingerprints authentication is widely distributed now. It is commonly used in airports, for visa registration and OS authentication. Almost all notebooks now have embedded fingerprint reader which can be used for authentication to unlock operating system. Also another disadvantage exists in some types of authentications like face and voice recognition, the factors can become old and from time to time should be refreshed.

Attacks

Biometric authentication if it is not based on human factor like handwriting signature of face identification has the most strength than traditional authentication methods. Definitely authentication process based on two factors will be more secure. It means that biometric authentication can be combined with traditional method and subject will need to provide fingerprint and password or smart card at the same time. Biometric authentication method is not the perfect one and has some vulnerabilities. Attacker can present fake biometric to a scanner like synthetic fingerprint, face or iris. Reply attack can be done by presenting intercepted biometric data. The attack on template database where new template can be inserted, and removed all edited an existing template. And there is always small percentage of error where fake biometric can be very close to original (Ratha, 2001).

Conclusion

Biometric authentication was used from ancient times and since technologies become cheaper we should expect to see more scanning devises based on different measures which will decrease human factor and increase security. Biometric passports already take part in our life where fingerprints and other measures will be stored and we spend less time in airport queues and in places where biometric authentication will be implemented (Melanie, 2012).

References

Cavoukian Ann, 1997, “Biometrics backgrounder: Fingerprints vs. Finger scans”, [online], available from http://www.ontla.on.ca/library/repository/mon/1000/10294135.htm (last accessed 06 July 2012)
V´aclav Maty´aˇs and Zdenˇek R´ıha, 2010, “Biometric Authentication-security and usability”, [online], available from http://www.fi.muni.cz/usr/matyas/cms_matyas_riha_biometrics.pdf (last accessed 06 July 2012)
M Baggot, 1995, “The smart way to fight fraud”, Scottish Banker, pp 32-33
N.K. Ratha, J.H. Connell, and R.M. Bolle,  2001, “An analysis of minutiae matching strength”, Proc. AVBPA 2001, Third International Conference on Audio- and Video-Based Biometric Person Authentication, pp. 223-228.
Melanie Gower, 2012, “Biometric passports - Commons Library Standard Note”, UK Parliament Library, [online], available from http://www.parliament.uk/briefing-papers/SN04126 (last accessed 08 July 2012)

Comments

Post a Comment

Popular posts from this blog

XML debatch in pipeline

Image
Last month I had a post were described how to debatch XML message in orchestration using XPath. http://biztalk.kirakosyan.com/2010/02/debatching-records-from-wcf-sql-using.html How I wrote it is not the best solution , in case if you will have hundreds of records the debatching using XPath will consume too much memory and processor. In this post I am going to show how to debatch using pipeline. The sample will fetch multiple records from MS SQL database and after debatching put them to folder. How to create simple WCF-SQL ports and SQL polling you can read in my old post http://biztalk.kirakosyan.com/2010/02/how-to-pull-database-using-wcf-sql.html I will use the same procedure and table to generate Schemas and PortTypes In generated schema change envelop type to yes Next click on TypePolling which is the root for schema In properties find Body XPath and edit it as in picture is Then change the last node to have Max Occurs = 1 Now we should remove hidden stones :-) When you
Read more

How to poll database using WCF-SQL adapter

Image
1. Create database and tables 2. Create stored procedure 3. Create BizTalk project 4. Create orchestration 5. Consume WCF-SQL 6. Write received data to file share First create TESTWCFSQL database from you SQL Management studio Run the script to create table: USE TESTWCFSQL GO IF OBJECT_ID('dbo.MainData', 'U') IS NOT NULL DROP TABLE dbo.MainData GO CREATE TABLE dbo.MainData ( MainDataID int primary key identity(1,1), FirstName nvarchar(30), LastName nvarchar(30), Amount int ) GO Run script in SQL management studio to create procedure IF EXISTS ( SELECT * FROM INFORMATION_SCHEMA.ROUTINES WHERE SPECIFIC_SCHEMA = N'dbo' AND SPECIFIC_NAME = N'PollData' ) DROP PROCEDURE dbo.PollData GO CREATE PROCEDURE dbo.PollData AS select MainDataID, FirstName, LastName, Amount from dbo.MainData delete from dbo.MainData GO insert some sample lines executing use TESTWCFSQL insert into MainData (FirstName, LastName, Amo
Read more

Testing Azure Functions locally with automated integration test

Image
I am investing more and more time and efforts into building Azure Functions and using serverless instead of WebApps. Greater stability and balancing makes it my first choice when need high quality API. Being big fun of automated testing, faced some issues when coding tests and could not find any useful/working examples. Sources can be found here Some steps here Create function with HTTP trigger using template, dont need anything fancy there. Base it on .Net Core 3.1, you can change it, but then check the path in Test project Create MS Test project Folder structure Project structure Important step, install Azure Function tools from command line, just run npm i -g azure-functions-core-tools after that you can test if it is available from command line The idea is to start functions engine from test project. In local environment you can start it from your command line using Func utility, same can be done from Test project. From command line it will look like this F
Read more