Choosing the right biometric methods
Biometrics security is a broad term that covers a wide landscape of options. Choosing the right biometric method is important and requires an understanding of not only what’s available but also what specific biometric application serves what purpose the best. And if there are any environmental factors that may affect the performance and effectiveness of the biometric system.
For instance, different biometric devices are impacted by different conditions such as background noise, lighting and humidity. And some applications work better with different sections of the population. For example, fingerprint software hates dry, humid conditions and is very tricky to capture on young people, whilst face recognition can be trickier in outdoor lighting.
Another important question to ask is what is the security asset that the biometric systems need to protect and who is responsible for protecting it? Plus, how willing will your end users be to use the biometric application you are considering? For instance, there is sometimes an emotional resistance to fingerprint sensors, as some users do not like the association they have to criminality and being arrested.
It’s a horses for courses thing. But understanding the information will allow you to back the right runner for your particular track. Biometrics is still the most secure and sophisticated way to manage your business security needs. Considering the right solution and using internationally experienced security experts such as Arana Security, only reinforces this.
So, let’s start with fingerprint recognition, a system that analyses the junctions of the friction ridges on the pad of your finger. The fingerprint, unique to every human. Biometrics can use optical, ultrasound or capacitive sensors to match the right fingerprint to the one stored in the database. Arana uses touchless technology by IDEMIA, when the finger is held away from the sensor, which offers COVID secure entry as well.
Security infringements can be attempted through non-enrolled users (or data subjects) simply placing their fingers on the sensor and hoping to get through. Very rarely succeeding, however. To more sophisticated attempts that involve the real data subject being complicit or by real fingerprints obtained covertly.
It is possible to obtain a fingerprint left by an unsuspecting user on a surface and create an artefact- a false fingerprint, however, this is more difficult then some would suspect as getting a clear full fingerprint is not that likely.
Palm or vein authentication is in many ways a natural extension to fingertip recognition. This technology requires an infrared light taking a photograph of vein patterns. Products are normally designed to work on parts of the body that can be easily scanned, such as the palm or wrist. This type of biometrics is one of the newest and offers a high degree of protection against attack. This is due to the sophistication and hardware needed to obtain the pictures and the cooperation of the authenticated individual.
Speaker recognition is another security validation option. This biometric device uses the sound of voice to differentiate a person. Either through uttering a specific password, code or phrase through free speak. Voice biometrics assess both the vocabulary, intonation and accent/ rhythm of a speaker plus the depth and shape each individual sound makes (the physical characteristics) to match to the enrolled person.
Unfortunately, speaker recognition can be particularly vulnerable to attacks. In part because imitation of voice either by computer (speech synthesisers) or humans is possible. Although unless the subjects were siblings, humans can find it difficult to adequately mimic the physical characteristics, i.e., the size of larynx etc. But state of the art speech copying systems are a real threat. Another risk is the ability to record a voice and play it back to gain verification. However, voice recognition and AI technology is now advancing offering better security.
There are many options to reinforce this security, such as to use the voice identification technology throughout the call and not just at the early clearance stage. This means that any imitation attempts will likely be picked up, as the veil will slip. Similarly randomising the passcodes/ pass phrases each time, will stop the use of pre-recorded voice verification.
Arana Security will always advise on the best extra layers for your businesses needs to reinforce effectiveness.
They say the route to someone soul is through their eyes. Well in biometrics it’s also a useful verification tool. Iris recognition takes images of the eye using infrared light. Iris recognition is recognised as a very robust biometric tool, with very high level of differentiation between individuals and thus making it harder to attack.
However, there is still some risk, predominately through the presentation of a photo or video sequence of a face or eye region of a legitimate user. These attempts can be thwarted with the use of liveness detection, which can tell if a real person is present or not. Another issue can be caused by patterned contact lenses, which can lead to false matches.
Overall, iris recognition, due to the proximity to the face and the vast differences between irises, is a strong biometric authentication solution.
Despite the attack risks, Biometrics is still the only way to tackle security smartly in the 21st century. Whether you use fingerprint, iris, palm or voice, or a combination of all, Arana Security will guide and support you with our bespoke and advanced solutions, before, during and after implementation.