Then there’s the annoying "password maintenance," in which password protected systems hound us to come up with yet another set of characters. But while businesses, governments and organizations are working to make sure that traditional password systems remain strong and secure, a new kind of digital authentication is coming - one that may solve these problems altogether. New biometric identification programs are getting a lot of attention these days. And for good reason - they may just drive future commerce and civic life.
What is Biometrics?The definition of biometrics might seem simple, but a technical description is actually a little involved. While biometrics just refers to the collection of any kind of information about any biological organism or system, the term has come to be used almost exclusively for specific kinds of programs within many parts of the IT world. These programs use data about humans to identify specific individuals. They are used for various kinds of security in different applications. To make things more clear, most of us agree to restrict discussions about biometrics to these kinds of projects.
New Biometric Designs: We Know Who You AreMost of those who don’t work in biometrics or a related area of IT usually think of biometric programs as either based on fingerprint data or iris scanning. While these (as well as computer image processing of facial features) have been the mainstays of biometric security advances, they are not the only ways to collect and use data about a specific person. Some new biometric programs are now using information that’s more abstract, what you might call "physical-behavioral" information, to pick someone out of a crowd.
A great example is the new development of a seat that can tell who is sitting in the seat by measuring the weight balances and other signals that come from a sensor-equipped pad showing data related to spinal alignment, body mass and balance and positioning tendencies. While the "intelligent seat" might sound like a joke, it’s really an idea that can help us to explore new ways to make biometrics work. Just imagine if a seat in a car or airplane could adapt the environment based on your physiological responses!
Limitations of Conventional BiometricsWhile some of the downsides and limitations of established biometric methods like fingerprint ID or iris scanning are evident from a cursory look at Tom Cruise in "Minority Report" (and the plastic baggie where he keeps a set of eyeballs to scan for security purposes), impersonation is only one of the many problems that come with some of the most common biometric methods. Some of these relate to privacy.
Despite all of the new advances in the field, fingerprints remain the most common type of biometric identifiers, partly because of their essential uniqueness and permanence, and partly because, even before modern biometric technologies were available, law enforcement kept fingerprint identifiers on file.
For a look at how biometrics pioneers are dealing with privacy issues in fingerprint identifier programs, we consulted the team at James Madison University’s Infosec program. Xunhua Wang, Brett Tjaden and M. Hossain Heydari study biometrics and their applied uses at JMU. Wang noted that although fingerprints are useful for a range of crime investigation, immigration and heavy security projects, they do have some inherent challenges. One is the issue of partial fingerprints; the other is security and privacy and how likely it is that a fingerprint record can be compromised in any given application. Wang said this is a significant issue in industries that use these products, since a fingerprint does not change much over time.
As an example of this risk, an abstract on a paper co-authored by Wang and a graduate student, Benjamin Rodes, includes an interesting description of hacking a fingerprint-protected USB drive through "black-box reverse engineering and manipulation of binary code in a DLL."