Biometric authentication methods


Introduction

There are three methods for authentication. Most widely used is “what you know”, which requires to provide secret information like login and password, pin code or passphrase. The second method is “something you have”, which will require a magnetic card, card with RFID chip, flash card or smart card. The third method is “what you are”, these methods will require providing something which is unique for you and cannot be passed to someone else, it can be fingerprints, voice, retina or face geometry scans. “What you are” method is also called biometric method and based on biometrical characteristics which distinguish one person from another (Cavoukian, 1997).

Present

Let call “what you know” and “what you have” methods “traditional”. Traditional methods are about not to identify a subject as a such, and tools used for authentication are easy to forget and loos. The oldest and still used biometric authentication method is handwriting signatures, which is very weak authentication mechanism by itself, since there is no authentication device but a human factor which should visually confirm the sample signature with original one. Another method is face recognition based on photos printed in Passport or ID like driving license or bank card. This method also weak since based on human check and the experiment in Scottish bank is a good example (Baggot 1995). Biometric authentication is not so used in nowadays since implementation of it sometimes cost money and this method is more expensive than others. It is also not perfect and has problems with quality. Since biometric scanner is an input device and a material which should be scanned can be injured, wet or sick (V´aclav Maty´aˇs and Zdenˇek, 2010). Fingerprints authentication is widely distributed now. It is commonly used in airports, for visa registration and OS authentication. Almost all notebooks now have embedded fingerprint reader which can be used for authentication to unlock operating system. Also another disadvantage exists in some types of authentications like face and voice recognition, the factors can become old and from time to time should be refreshed.

Attacks

Biometric authentication if it is not based on human factor like handwriting signature of face identification has the most strength than traditional authentication methods. Definitely authentication process based on two factors will be more secure. It means that biometric authentication can be combined with traditional method and subject will need to provide fingerprint and password or smart card at the same time. Biometric authentication method is not the perfect one and has some vulnerabilities. Attacker can present fake biometric to a scanner like synthetic fingerprint, face or iris. Reply attack can be done by presenting intercepted biometric data. The attack on template database where new template can be inserted, and removed all edited an existing template. And there is always small percentage of error where fake biometric can be very close to original (Ratha, 2001).

Conclusion

Biometric authentication was used from ancient times and since technologies become cheaper we should expect to see more scanning devises based on different measures which will decrease human factor and increase security. Biometric passports already take part in our life where fingerprints and other measures will be stored and we spend less time in airport queues and in places where biometric authentication will be implemented (Melanie, 2012).

References

Cavoukian Ann, 1997, “Biometrics backgrounder: Fingerprints vs. Finger scans”, [online], available from http://www.ontla.on.ca/library/repository/mon/1000/10294135.htm (last accessed 06 July 2012)
V´aclav Maty´aˇs and Zdenˇek R´ıha, 2010, “Biometric Authentication-security and usability”, [online], available from http://www.fi.muni.cz/usr/matyas/cms_matyas_riha_biometrics.pdf (last accessed 06 July 2012)
M Baggot, 1995, “The smart way to fight fraud”, Scottish Banker, pp 32-33
N.K. Ratha, J.H. Connell, and R.M. Bolle,  2001, “An analysis of minutiae matching strength”, Proc. AVBPA 2001, Third International Conference on Audio- and Video-Based Biometric Person Authentication, pp. 223-228.
Melanie Gower, 2012, “Biometric passports - Commons Library Standard Note”, UK Parliament Library, [online], available from http://www.parliament.uk/briefing-papers/SN04126 (last accessed 08 July 2012)

Comments

Post a Comment

Popular posts from this blog

How to poll database using WCF-SQL adapter

Image
1. Create database and tables2. Create stored procedure 3. Create BizTalk project 4. Create orchestration 5. Consume WCF-SQL 6. Write received data to file share


First create TESTWCFSQL database from you SQL Management studio Run the script to create table:
USE TESTWCFSQL GO
IF OBJECT_ID('dbo.MainData', 'U') IS NOT NULL DROP TABLE dbo.MainData GO
CREATE TABLE dbo.MainData ( MainDataID int primary key identity(1,1), FirstName nvarchar(30), LastName nvarchar(30), Amount int ) GO

Run script in SQL management studio to create procedure
IF EXISTS ( SELECT * FROM INFORMATION_SCHEMA.ROUTINES WHERE SPECIFIC_SCHEMA = N'dbo' AND SPECIFIC_NAME = N'PollData' ) DROP PROCEDURE dbo.PollData GO
CREATE PROCEDURE dbo.PollData AS select MainDataID, FirstName, LastName, Amount from dbo.MainData delete from dbo.MainData GO
insert some sample lines executing
use TESTWCFSQL
insert into MainData (FirstName, LastName, Amount) values (N'Patrick', N'Cash', 1000), (N&#…
Read more

XML debatch in pipeline

Image
Last month I had a post were described how to debatch XML message in orchestration using XPath. http://biztalk.kirakosyan.com/2010/02/debatching-records-from-wcf-sql-using.html How I wrote it is not the best solution , in case if you will have hundreds of records the debatching using XPath will consume too much memory and processor.
In this post I am going to show how to debatch using pipeline. The sample will fetch multiple records from MS SQL database and after debatching put them to folder.
How to create simple WCF-SQL ports and SQL polling you can read in my old post http://biztalk.kirakosyan.com/2010/02/how-to-pull-database-using-wcf-sql.html I will use the same procedure and table to generate Schemas and PortTypes
In generated schema change envelop type to yes


Next click on TypePolling which is the root for schema
In properties find Body XPath
and edit it as in picture is
Then change the last node to have Max Occurs = 1
Now we should remove hidden stones :-)
When you added adapter metadata f…
Read more

Debatching records from WCF-SQL using LOOP and XPath

Image
I will continue on my sample which demonstrated records polling from SQL using WCF-SQL adapter
How I wrote in my last post it is not the best solution , it will be much slower then disassembling data in pipeline (which I will post in 2-3 days)
So what I want to do. First I will count the number of records retrieved from SQL then using LOOP shape I will iterate through records and send each to a file adapter
If you did not read my two last posts , read them and create BizTalk project , install SP and create table in MSSQL , create application and ports in BizTalk
I will continue on the same orchestration

Add new variable in orchestration and set Identifier: RecordsCount Type: System.Int32
After Send shape insert Expression shape Set expression :
RecordsCount = (System.Int32)(xpath("count(/*[local-name()='TypedPolling' and namespace-uri()='http://schemas.microsoft.com/Sql/2008/05/TypedPolling/ID1']/*[local-name()='TypedPollingResultSet0' and namespace-uri()='http://…
Read more