‘Keeping an eye’ on biometric security

‘Keeping an eye’ on biometric security

Case Studies

Alongside incredible advancements in medicine and science, innovative methods of accessing systems using the human body have led to an explosion in biometric security solutions. Here James Kelly, Chief Executive of the British Security Industry Association (BSIA) discusses the current market and future trends worth keeping an eye on.

What is biometric security?

All biometric systems essentially work by unobtrusively matching patterns of live individuals’ data in real time against enrolled records. Data is initially read with an ‘enrolment’ reader and the data is then ‘encoded’ into a template which is usually stored in an access control database or on a smartcard for later use. The encoding process ensures that the data cannot be reproduced from the template, only compared against a recent read sample for a pass or fail result.

Biometrics have been recorded and used within society since the late 19th century, with fingerprint identification being utilised by police agencies around the world to identify both suspected criminals as well as the victims of crime. Since then, approaches have extended to vein, iris, face, hand geometry and more recently the heart.

Advances in technology

In an era where personal information leaks from major organisations like the recent Equifax debacle[1] appear to be increasingly common, security has had to evolve far beyond traditional physical lock and key measures. Scientists and engineers have come together to develop innovative ways of using unique identifiers within the human body to create access control systems that are unhackable to even the most tech-savvy criminals.

Just this year (2017), researchers at the University of Buffalo, New York announced that they have developed a security method that uses the measurements of an individual’s heart to identify and authenticate a user.[2] The futuristic sounding method makes use of low-level Doppler radar to determine the heart's dimensions. With the initial scan taking roughly eight seconds, the system can then continuously monitor the heart of the user to make sure another user hasn't stepped in to work on the machine. Beyond making it much easier to log in and log out, the method makes it incredibly difficult (if not impossible) for criminals or imposters to infiltrate a system as every user's heart dimensions are unique.

Fingerprint technology has also developed in recent years in order to thwart criminals from counteracting their security by taking impressions of fingerprints. With fake finger tips capable of mimicking human skin available to criminals,[3] advances in optical sensor implementation has made it possible for fingerprint readers to look beyond the surface of the print to the subcutaneous layers, such as the capillaries under the skin, which would not be as easily replicated.

Iris recognition is another area of biometrics that has raised the bar for accuracy. In comparison to fingerprint-based systems, when they were first introduced, iris systems were producing hundreds, or potentially thousands, fewer false acceptances. These systems take an image of a person’s iris and apply pattern recognition algorithms, as such, the next time the iris is presented to the recognition reader, a comparison can be made with the stored pattern.

Iris systems tend to be seen most regularly in airports; but with the introduction of biometric passports they are becoming less common. However, due to their abilities, they do still have a place in specialist high security applications.

Like Iris systems, facial recognition technology has been widely available in recent years. Tech giant Apple have made use of the technology in the creation of its new ‘Face ID’ feature available on the new iPhone X which is due to be released in November 2017. According to Apple, the new system is 20 times more secure than Touch ID, the fingerprint based system previously used.

With Face ID, Apple has implemented a secondary system that exclusively looks out for attempts to fool the technology. Both the authentication and spoofing defence are based on machine learning, but while the former is trained to identify individuals from their faces, the latter is used to look for tell-tale signs of cheating. According to Apple, “An additional neural network that’s trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks,” the company says. If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice – as a human would. Apple’s Face ID is not without restrictions however, the company has reported that it is not suitable for users under the age of 13 or those with identical twins[4].

Advantages of biometrics

Biometric technology can be extremely advantageous in terms of playing a fundamental role in an extensive security strategy. In regards to access control, the technology is attractive to users for a number of reasons, primarily because information cannot be passed along to another person in the same way an access card or PIN can be. This can also be useful in terms of human resource management, reducing identification fraud amongst employees during the clocking in process. The technology can also help to eliminate security threats that may arise when cards or PINs are lost or borrowed, not to mention the cost savings made by removing the management of lost, stolen or forgotten access cards.

This is not to say that biometric technology does not have its disadvantages, with readers sometimes taking slightly longer to identify users than card-based systems, particularly as users normally have to stop and properly identify themselves to the biometric readers for verification. Not everyone can use biometric systems as well; they rarely suit an external or exposed location and in extreme cases, finger print readers can fail to identify users with damaged, dirty or worn fingerprints. Systems should also be designed carefully, considering how many users need to enter or exit an area at any time. Additionally, it is important to note that the correct management of biometric systems is critical in ensuring that any data protection concerns are alleviated.

Sourcing a supplier

As technology continues to advance, it is crucial that the importance of quality is not forgotten within the fast-paced environment. Members of the BSIA are heavily involved in driving standards and all comply with the relevant British and European standards for their product, ensuring that they will offer a reputable service.

For more information on biometric technology, download the BSIA’s helpful guide entitled: ‘Access Control – Biometrics User Guide’ which provides an invaluable overview of the main types of biometrics, system architecture, the advantages and disadvantages, as well as the factors to be considered when choosing the right solution. Download the guide here: http://www.bsia.co.uk/web_images//publications/181_Accesscontrol_biometrics_user_guide.pdf

To find a BSIA member near you, visit: http://www.bsia.co.uk/find-a-local-security-company

[1] https://www.fastcompany.com/40466204/equifax-transunion-forgotten-password-social-security-number

[2] http://www.techrepublic.com/article/why-your-heart-could-be-the-next-biometric-security-feature-for-your-smartphone/

[3] https://www.computerworld.com.au/article/627662/scientists-give-biometric-security-systems-fake-finger/

[4] https://images.apple.com/business/docs/FaceID_Security_Guide.pdf