Biometric Technologies and Applications
Discuss About The Implications Biometrics For Authentication.
Biometrics are used as unique identification and access control parameters in information systems. Incorporation of biometrics as security measure have been prompted by increase in insecurity related to passwords. Since biometrics are unique human identifiers that are used to identify a group of people under surveillance, their human metrics characteristics have to be used. Instead of using what individual possess, human metrics and characters are used to provide access controls in many information systems (Bianchi & Oakley, 2016). In this regard, biometrics are used to compare two sets of data when providing access controls. The first set of data is owned by system and device owner while the matching data is provided by the visitor requiring access to the system. When the system detects a near match of the data under comparison, the system provides access controls requested (Alizadeh et al., 2016). Important to note in biometric access control privileges is that the biometric match does not need to be uniquely 100% due to some variations that might cause minor similarity differences. There are different biometric authentication mechanisms but the most used one are fingerprint scanners. Fingerprinting makes use of optical data scanning, capacitive means and ultra sound to compare all sets of data (Thavalengal & Corcoran, 2016). To adhere to the security and privacy of the biometrics, many of the organizations that capture biometric data such as Google and Apple stores them on the device itself rather than their servers. Collected data is not stored in its natural form, in many cases the data is stored as a series of mathematical representation. Despite mathematical conversion, the collected data is encrypted to make it unreadable.
There are various technological applications that are widely used in the market today. With implementation of logical access control, various system users have been suffering from denial of services. This has been facilitated by the fact that employees have been losing their passwords to unauthorized persons who compromise the system (Carpenter et al., 2018). To eliminate such scenarios, organizations have turned their efforts on securing systems through use of biometrics. Through use of fingerprint or iris scanning systems, users are able to gain access to their system without using manual passwords. With this type of security implementation, users cannot claim to have lost the passwords. To gain access to the system, application devices are attached to the system to facilitate scanning. Logical access is mainly used to gain access to specific organizational network at workplace or through use of remote connection (Olalere et al., 2016). Similarly, biometrics authentication systems are being used to provide physical access to the buildings. In this case, individual bio-data have to be captured in advance to help in comparing already stored data and individual data when access is required. Once bio-data matches, the secured lock opens automatically providing required access to the secured room (Mustafa, Abidin & Rua, 2018). Currently, organizations are implementing this technique to provide required access in buildings to specific groups of authorized employees. A good example is observable in data centers and server rooms where there is limited number of employees authorized to access the rooms. To provide the access, the scanning device has capability of operating in server mode or as a stand-alone device. Apart from implementing single device security measure, it is possible to install multimodal biometrics by having both fingerprint and hand geometry scanners running at once (Stergiou et al., 2018). Interesting enough, the biometric security combinations can also work in conjunction to non-biometric security measures.
Challenges/ Problems in Biometrics Authentication
Additionally, surveillance techniques is used to monitor organizational employees while on duty or away from the organization. In surveillance, the mostly used part of the body is facial recognition (Souza, Cunha & Oliveira, 2018). This techniques is not preferred by employees because it is possible to capture personal individual through facial recognition. The modalities of surveillance are different in relation to how it is being used. First, it can be used to keep track of an individual with suspicious activities within a group of people. In this case, CCTV cameras are used to capture still image or video which is then used to identify suspected person through facial recognition (Varadharajan & Bansal, 2016). Next, surveillance can be used to watch some people on a list. Primarily, it is used to keep track of known people but their whereabouts is completely unknown. Through use of watch list, a good example of surveillance is used when looking for terror suspects which is usually done at international airports worldwide. The last biometric surveillance is time and attendance which is used in organizations to keep track of how employees report to work. Various biometric technology can be used for this purpose but mostly used one are fingerprinting and Hand Geometry Recognition (Theodorakis, 2018). Recently, ability to use vein pattern recognition as well as iris recognition are slowly being rolled out for security use in the industry. All these technologies are being developed in such a way that it is possible to operate as a stand-alone system or in server mode. Once attendance data is recorded, it is used by organizations to roll out monthly payrolls without conflicts with employees on the number of days worked.
Industrial application of biometric authentication has been facing many challenges. Some of the problems faced range from; data integrity which can be manipulated through several means such as data transformation or corruption resulting to possibility of data breaches (Smith, Mann & Urbas, 2018). On the same note, it is possible that collected data is used in other ways rather than its primary purpose. Some of the organizations collect data which is later sold to third parties without consent of the affected individuals. Similarly, there are many variations that have been noted in the use of biometric data. The distinctiveness and use of data among various groups and individuals vary greatly since there is no distinct biometric characteristics which can be said to be stable and unique among the groups (Olakanmi & Oluwaseun, 2018). Important to note is that individual biometric data have distinct characteristics with outstanding degrees of stability which are exhibited both at physiological and environmental conditions. Consequently, biometric distribution and properties in a given set of populations are only observable through filters which are based on measurement processes, available instruments and extraction of biometric features. Additionally, Al-Sudania et al., (2018) argues that, biometric data requires authentic decision making under some uncertainty through use of recognition automated systems and available human interpretation. When using the system to determine possibility of data match, there is no exact match that can be found but just a possibility of having a close set of data.
Moreover, biometric present problems of human variations in a sense that data captured through biometric devices are immune to changes. Such changes might be triggered by occupational factors, prevalence to diseases, age and environmental conditions (Braun et al., 2018). As a result of these changes, anytime the prospect individual interacts with the system, high chances are that there will be different association of biometric data. Despite system challenges, there are possibilities that individuals from whom the data is being collected from tries to thwart system recognition by providing uncertain data to the systems. In such cases, individuals may intentionally interfere with their body parts which they believe would be used to capture required authentication data (Toli & Preneel, 2017). This is mainly used to gain access to the system as well as learn the system for various purposes. Further, sensors present data collection and retrieval issues such as device calibration and its age. The device in use to capture required data may be defective resulting to poor data which in turn presents authentication problems during data matching. The other system aspect that affect quality of data collected is system interface at the time of its use. System interface can affect system performance with exposure to some environmental factors such as light and temperatures (Morosan, 2017).
Finally, biometric data extraction features and matching of algorithm in use has been a major challenge. In this regard, it is important to understand that it is not possible to have a direct comparison of biometric characteristics as it requires stable and unique working features to extract it into working sensors (Ami, Elovici & Hendler, 2018). At times, differences in algorithm used when extracting data may affect system performance. Some of the effects are escalated by the need to achieve system interoperability. A good example can be deduced from several fingerprint images taken from one finger. The difference in angle of presenting the finger, the pressure when pressing the finger, notable difference in sensors as well as moisture content have great impact on the quality of image captured by the system (Sepczuk & Kotulski, 2018). Therefore, one individual finger can present many diversity in type of image captured which in turn presents number of challenges when accessing the system.
Information systems need to be protected from malicious activities such as hacking and malware. As a result, security measures need to be implemented in order to make sure systems are free from attacker and compromise by unauthorized individuals. The main objectives of securing information system is to maintain data integrity in order to make sure data consistency is met. Through biometric authentication, it is possible to keep track of which user access a certain terminal (Vielhauer, 2017). In this regard, each terminal is dedicated to a specific authorized user to whom biometrics are used to secure the system. In case malicious activities are detected from a certain terminal, it is possible to trace because no possibility of lost passwords as it was with non-biometric security. To enforce data integrity, biometric helps to monitor systems by making sure the person allocated to the specific terminal is the one responsible for activities that are done over that terminal. Similarly, biometric provide strong and reliable system authorization and authentication (International Conference on Ethics and Policy of Biometrics and International Data Sharing, Kumar & Zhang, 2010). Biometric authentication is used to provide required access to the system which is secured with biometric features such as fingerprint. In order to gain access to the system, users are required to provide corresponding biometric data through attached bio-data reader. Since authentication is done uniquely when dedicated user provides bio-data, possibilities of data being exposed to unauthorized users is eliminated. System authentication can be done through server or device mode. In most cases, According to Gritzalis, Kiayias & Askoxylakis (2014), biometric data is channeled to a specific device to minimize possibilities of losing personal data. Important to note is that loosing of biometric data is quite detrimental and organizations making use of biometric data considers such data as personal. Therefore, it is wise to attach such bio-data to a specific device so that when organizational network is compromised, such data is secure.
In cases where organization stores biometric data in its servers or in the cloud, it should be encrypted. There are different means through which data encryption is done to prevent unauthorized persons from using the data (Pato, Millett & National Research Council, 2010). Data encryption varies depending on level of security offered to the data. Organization can decide to change row bio-data collected into mathematical formulas or into binary digits which are difficult to decipher without application of the right key. Similarly, data encryption can be done on folders where bio-data is stored. In this case, the collected bio-data is stored in its raw form. The only protection provided is on both system level and folder level. To gain access to the system, proper authentication has to be done which is followed by specific folder protection (Nemati & Yang, 2011). All required authentication has to be done through use of biometrics in order to make sure access is done by the authorized persons only. Further, system authorization is of important because it is used to grant access privileges to the system. Once system authentication is done, authorization to access some set of data has to be given required priority. Not all users who gain access to the system should be given equal privileges to access, view or modify some data. System authorization is done depending on the sensitivity of data to the organization and the level of seniority in the authority. Ami, Elovici & Hendler (2018) argues that, the importance of the system authorization is to limit access to data which is mainly used in making success decisions in the organization. Finally, biometric authentication is meant to offer organization operational privacy. Due to competitive nature of the industry, any organization’s operational strategy need to be kept secret to avoid exposing its success factors to competitors. As a result of this, organizational data should be kept securely and in an encrypted form to prevent it from being compromised (Subramanian, 2008). To achieve data privacy, system authentication, authorization and data encryption should be enforced in order to secure data.
Biometric security authentication has been explored and its application is quite recommendable. As there is every reason to embrace biometric implementation in the security of information systems, it is important to realize need for further research. Intensive analysis of the biometric implementation in the security of information system shows some areas that have been explored while other remain untouched (Al-Sudania et al., 2018). Currently, the following areas in biometrics have been worked on. First, it is possible to provide access to the system through use of fingerprint scanning. System user’s biometric data is collected prior so that matching of the data can be done when access is required. Next, biometric implementation is being used in banking sector during PIN replacements to eliminate impersonation of account owners (Ami, Elovici & Hendler, 2018). The traditional mechanism of comparing an individual to the documents presented has been overtaken by biometrics with aim of advancing banking security. Additionally, instead of using usernames and passwords to login to the systems, fingerprint sensors have been implemented in organizational systems to grant faster system access to the network and other applications in use. According to Olalere et al., (2016), apart from using fingerprint direct to sensor, biometrics have been implemented on smart cards for the purpose of providing a wide range of users. One card can be shared by many users provided they present themselves with authentication cards. Consequently, use of biometrics have been extended to registration of persons in various institutions and organizations. Many countries have automated registration of persons and to make it more accurate, fingerprinting is being done in order to capture ideal count.
Though many aspects in biometric authentications have been implemented, there are some instances that need to be implemented. In near future, it is expected that application of biometric would be rolled out in MasterCard in order to offer strong authentication in any remote services required by customers (Mustafa, Abidin & Rua, 2018). Similarly, biometric authentication would be required in any device enabled transactions such as mobile devices. In banking, the new move has been driven by the need to introduce biometric Identification (ID) which would be used to uniquely identify individual customer. On the other side, customers would like to see an improvement in the banking security to make sure their transactions and accounts are secure in all forms of money transfer. The last aspect in biometric authentication is the use of veins structure in the implementation of biometric security. These are demanding aspect of biometric that remains misery to human but it is expected to be thing of the past in the near future since all biometric experts are working towards them (Toli & Preneel, 2017). The future research need to focus on the development of biometric devices which can capture unique bio-data from other parts of the body such as heart and ears. In this regard, some aspects such as ear and heart distinctiveness may sound like a myth but it has been proved to have some uniqueness that can be captured in biometrics.
In regard to biometric authentication, privacy of the collected data has been a subject of debate. All forms of data are immune to hacking despite strict measures put in place. As technology grows, counter security measure is rolled out with aim of out-doing the technology advancement (Morosan, 2017). Important to note is that loosing biometric data is quite dangerous since it does not change for entire individual’s life. Once such data has been lost, it means the affected individual stops using the subject biometric data for security purposes since it can be used by unauthorized persons to commit crime. The methodology of biometric data storage should be implemented with encryption measures that are very difficult to crack. With strong encryption measures, when hackers gain access to organizational network, it is very difficult to make use of the data. Therefore, data privacy in biometric is paramount aspect that need to be implemented at all cost. To make biometric data secure, its collection and storage should be governed by rules and regulations that are formulated with aim of enforcing biometric data privacy (Ami, Elovici & Hendler, 2018). Some aspects are; make sure no biometric data is stored in the cloud due to security reasons that makes cloud storage unsecure. Any biometric data should be stored device wise but not in the servers.
Conclusion
Biometrics data collection can be done through use of various technology such as fingerprinting, iris and facial recognition. The most used form of biometric recognition is fingerprint as it has been rolled out in several applications in the security industry. Biometric recognition works by capturing required set of biometric data in advance so that it can be used for matching when access to the system is required. The system user has to be present in person when authentication is being done. Biometric application have been used to provide access to buildings with aim of regulating who access the building and at what time. Next, biometrics are being used to provide access to information systems through use of scanners attached to them. Besides benefits that have been realized in biometric implementation, they have been coupled with challenges such as data privacy. This is a challenging issue on biometric data storage because it is sensitive data that should not be accessed by third parties. The other issue is uniformity in data collection which is caused by device problem or intentionally by the person from whom the data is being collected. Though a lot has been done on biometric authentication on data collection and storage, some aspects have been left unexplored which creates the need for further research. Lastly, some of the aspects that need attention when it comes to biometric data collection and storage is the privacy of the data and its use by the organization.
References
Alizadeh, M., Abolfazli, S., Zamani, M., Baharun, S., & Sakurai, K. (2016). Authentication in mobile cloud computing: A survey. Journal of Network and Computer Applications, 61, 59-80.
Al-Sudania, A. R., Zhoub, W., Liuc, B., Almansoorid, A., & Yange, M. (2018). Detecting Unauthorized RFID Tag Carrier for Secure Access Control to a Smart Building. International Journal of Applied Engineering Research, 13(1), 749-760.
Ami, O., Elovici, Y., & Hendler, D. (2018). Ransomware Prevention using Application Authentication-Based File Access Control.
Bianchi, A., & Oakley, I. (2016). Wearable authentication: Trends and opportunities. IT- Information Technology, 58(5), 255-262.
Braun, T., Fung, B. C., Iqbal, F., & Shah, B. (2018). Security and privacy challenges in smart cities. Sustainable Cities and Society, 39, 499-507.
Carpenter, D., McLeod, A., Hicks, C., & Maasberg, M. (2018). Privacy and biometrics: An empirical examination of employee concerns. Information Systems Frontiers, 20(1), 91- 110.
Gritzalis, D., Kiayias, A., & Askoxylakis, I. (2014). Cryptology and Network Security: 13th International Conference, CANS 2014, Heraklion, Crete, Greece, October 22-24, 2014. Proceedings.
International Conference on Ethics and Policy of Biometrics and International Data Sharing,Kumar, A., & Zhang, D. (2010). Ethics and policy of biometrics: Third International Conference on Ethics and Policy of Biometrics and International Data Sharing, ICEB 2010, Hong Kong, January 4-5, 2010: revised selected papers. Berlin: Springer.
Morosan, C. (2017). Information Disclosure to Biometric E-gates: The Roles of Perceived Security, Benefits, and Emotions. Journal of Travel Research, 0047287517711256.
Mustafa, M. A., Abidin, A., & Rúa, E. A. (2018). Frictionless authentication system: Security & privacy analysis and potential solutions. arXiv preprint arXiv:1802.07231.
Nemati, H. R., & Yang, L. (2011). Applied cryptography for cyber security and defense: Information encryption and cyphering.
Olakanmi, O., & Oluwaseun, S. (2018). A Trust Based Secure and Privacy Aware Framework for Efficient Taxi and Car Sharing System. International Journal of Vehicular Telematics and Infotainment Systems (IJVTIS), 2(1), 34-47.
Olalere, M., Abdullah, M. T., Mahmod, R., & Abdullah, A. (2016). Bring Your Own Device: Security Challenges and A theoretical Framework for Two-Factor Authentication. International Journal of Computer Networks and Communications Security, 4(1), 21.
Pato, J. N., Millett, L. I., & National Research Council (U.S.). (2010). Biometric recognition: Challenges and opportunities.
Sepczuk, M., & Kotulski, Z. (2018). A new risk-based authentication management model oriented on user’s experience. Computers & Security, 73, 17-33.
Smith, M., Mann, M., & Urbas, G. (2018). Biometrics, Crime and Security. Routledge.
Souza, A., Cunha, Í, & B Oliveira, L. (2018). Nomadikey: User authentication for smart devices based on nomadic keys. International Journal of Network Management, 28(1), e1998.
Stergiou, C., Psannis, K. E., Kim, B. G., & Gupta, B. (2018). Secure integration of IoT and cloud computing. Future Generation Computer Systems, 78, 964-975.
Subramanian, R. (2008). Computer security, privacy, and politics: Current issues, challenges, and solutions. Hershey: IRM Press.
Thavalengal, S., & Corcoran, P. (2016). User authentication on smartphones: focusing on iris biometrics. IEEE Consumer Electronics Magazine, 5(2), 87-93.
Theodorakis, N. (2018). Secure and Privacy-Preserving User Authentication Using Biometrics.
Toli, C. A., & Preneel, B. (2017). Privacy-Preserving Biometric Authentication Model for e-Finance Applications. In 4rth International Conference on Information Systems Security and Privacy, ICISSP 2018 (pp. 1-8).
Varadharajan, V., & Bansal, S. (2016). Data security and privacy in the internet of things (iot)environment. In Connectivity Frameworks for Smart Devices (pp. 261-281). Springer, Cham.
Vielhauer, C. (2017). User-centric privacy and security in biometrics.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
