Biometric Security’s Promise – andthe Challenges It FacesTuesday Mar 8th 2016 by Carl Weinschenk

Share:

Biometrics has to confront somesignificant challenges before it becomesthe security technology of the future.

Biometric Security’s Promise – andthe Challenges It FacesTuesday Mar 8th 2016 by Carl Weinschenk

Share:

Biometrics has to confront somesignificant challenges before it becomesthe security technology of the future.

Biometric Security’s Promise – and the Challeng…Saved to Dropbox • Mar 12, 2016, 7:16 AM

Reduce DataBreach Damageby ImprovingDetection andResponse

Biometrics is said bysome to be an answerto many securitychallenges. It mustconfront significantchallenges before itsupplants otherapproaches, however.

Advertisement

WirelessWeek offers aninteresting post byHector Hoyos, thefounder and CEO of Hoyos Labs. The bottom line isthat the security infrastructure supporting biometriccommunications is still a bit wobbly.

First, the good news:

There’s no doubt that biometric security hassignificant advantages over all other forms ofidentification, authentication and verification—hence why so many mobile device manufacturersare jumping on the ‘biometric bandwagon.’ It’sfast and easy to use, and unlike a login orpassword, which requires memorization and iseasily replicable, an individual’s fingerprints,irises, facial constructs and other biologicaltraits should be impossible to duplicate.

The bad news is that the biometric security sector stillhas a lot of work to do. There are a few problems. Thefirst is that the vector – the fingerprints, iris scans orother biometric data – is stored on the device. The

Reduce DataBreach Damageby ImprovingDetection andResponse

Biometrics is said bysome to be an answerto many securitychallenges. It mustconfront significantchallenges before itsupplants otherapproaches, however.

Advertisement

WirelessWeek offers aninteresting post byHector Hoyos, thefounder and CEO of Hoyos Labs. The bottom line isthat the security infrastructure supporting biometriccommunications is still a bit wobbly.

First, the good news:

There’s no doubt that biometric security hassignificant advantages over all other forms ofidentification, authentication and verification—hence why so many mobile device manufacturersare jumping on the ‘biometric bandwagon.’ It’sfast and easy to use, and unlike a login orpassword, which requires memorization and iseasily replicable, an individual’s fingerprints,irises, facial constructs and other biologicaltraits should be impossible to duplicate.

The bad news is that the biometric security sector stillhas a lot of work to do. There are a few problems. Thefirst is that the vector – the fingerprints, iris scans orother biometric data – is stored on the device. The

problem is obvious: If crackers physically take controlof the machine or install malware remotely, they canaccess the biometrics and gain access to themachine.

The second problem is virtualization. This attackfocuses on crackers creating a copy of applications towhich people submit their biometric profiles. Since thebad people control the app, they will then haveaccess to the data in the user’s device.

Hoyos says The Institute of Electrical and ElectronicEngineers’ (IEEE) Biometric Open Protocol Standard(BOPS) is working to create a system in whichbiometric data is not stored on devices. This wouldalleviate these problems.

Though it is promising, there are still issues withbiometrics that may slow its adoption by businesses.Barclay Ballard at BetaNews reports that mostfingerprint scanners have error rates of 1 percent to 3percent. Another issue is that some of a person’sbiometric markers can change over time andcomplicate his or her access. A third issue is thatpeople may be less willing to provide their fingerprintsand other highly personal information to an employer.Though these all seem solvable, Ballard suggests thatorganizations be aware of the challenges beforeadopting the technology.

These objections were echoed at Security SystemsNews. Forty-five percent of respondents to the site’spoll agree that biometrics has serious challenges toovercome. These include unreliability, fears ofsurrendering personal information, and personalhygiene, since some of these techniques rely on thetouching of equipment. The winner seems to be facialrecognition:

problem is obvious: If crackers physically take controlof the machine or install malware remotely, they canaccess the biometrics and gain access to themachine.

The second problem is virtualization. This attackfocuses on crackers creating a copy of applications towhich people submit their biometric profiles. Since thebad people control the app, they will then haveaccess to the data in the user’s device.

Hoyos says The Institute of Electrical and ElectronicEngineers’ (IEEE) Biometric Open Protocol Standard(BOPS) is working to create a system in whichbiometric data is not stored on devices. This wouldalleviate these problems.

Though it is promising, there are still issues withbiometrics that may slow its adoption by businesses.Barclay Ballard at BetaNews reports that mostfingerprint scanners have error rates of 1 percent to 3percent. Another issue is that some of a person’sbiometric markers can change over time andcomplicate his or her access. A third issue is thatpeople may be less willing to provide their fingerprintsand other highly personal information to an employer.Though these all seem solvable, Ballard suggests thatorganizations be aware of the challenges beforeadopting the technology.

These objections were echoed at Security SystemsNews. Forty-five percent of respondents to the site’spoll agree that biometrics has serious challenges toovercome. These include unreliability, fears ofsurrendering personal information, and personalhygiene, since some of these techniques rely on thetouching of equipment. The winner seems to be facialrecognition:

problem is obvious: If crackers physically take controlof the machine or install malware remotely, they canaccess the biometrics and gain access to themachine.

The second problem is virtualization. This attackfocuses on crackers creating a copy of applications towhich people submit their biometric profiles. Since thebad people control the app, they will then haveaccess to the data in the user’s device.

Hoyos says The Institute of Electrical and ElectronicEngineers’ (IEEE) Biometric Open Protocol Standard(BOPS) is working to create a system in whichbiometric data is not stored on devices. This wouldalleviate these problems.

Though it is promising, there are still issues withbiometrics that may slow its adoption by businesses.Barclay Ballard at BetaNews reports that mostfingerprint scanners have error rates of 1 percent to 3percent. Another issue is that some of a person’sbiometric markers can change over time andcomplicate his or her access. A third issue is thatpeople may be less willing to provide their fingerprintsand other highly personal information to an employer.Though these all seem solvable, Ballard suggests thatorganizations be aware of the challenges beforeadopting the technology.

These objections were echoed at Security SystemsNews. Forty-five percent of respondents to the site’spoll agree that biometrics has serious challenges toovercome. These include unreliability, fears ofsurrendering personal information, and personalhygiene, since some of these techniques rely on thetouching of equipment. The winner seems to be facialrecognition:

recognition:

Almost half of respondents—47 percent—saidfacial recognition and iris scan technologies showpromise for gaining ground in the market. ‘Facialrec is the most sophisticated and versatilebiometric. It can be used for access control,threat alerts, concierge application inretail/hospitality, and law enforcement,’ saidanother reader.

Biometrics may indeed be the security technology ofthe future. That won’t happen, however, before anumber of concerns have been dealt with.

Carl Weinschenk covers telecom for IT Business Edge.He writes about wireless technology, disasterrecovery/business continuity, cellular services, theInternet of Things, machine-to-machinecommunications and other emerging technologies andplatforms. He also covers net neutrality and relatedregulatory issues. Weinschenk has written about thephone companies, cable operators and relatedcompanies for decades and is senior editor ofBroadband Technology Report. He can be reached atcweinsch@optonline.net and via twitter at@DailyMusicBrk.

Share:

Related Stories10 Best Practices for Sharing Sensitive

Information with Vendors

recognition:

Almost half of respondents—47 percent—saidfacial recognition and iris scan technologies showpromise for gaining ground in the market. ‘Facialrec is the most sophisticated and versatilebiometric. It can be used for access control,threat alerts, concierge application inretail/hospitality, and law enforcement,’ saidanother reader.

Biometrics may indeed be the security technology ofthe future. That won’t happen, however, before anumber of concerns have been dealt with.

Carl Weinschenk covers telecom for IT Business Edge.He writes about wireless technology, disasterrecovery/business continuity, cellular services, theInternet of Things, machine-to-machinecommunications and other emerging technologies andplatforms. He also covers net neutrality and relatedregulatory issues. Weinschenk has written about thephone companies, cable operators and relatedcompanies for decades and is senior editor ofBroadband Technology Report. He can be reached atcweinsch@optonline.net and via twitter at@DailyMusicBrk.

Share:

Related Stories10 Best Practices for Sharing Sensitive

Information with Vendors

Working Toward theEnterp...

Previous ArticleEyeing a Future

in Which ...

Next Article

10 Security Trends to Look for in 2016

10 Steps to Smarter IT Ticket Management

10 Surprising Ways Automation Can Simplify IT

HomeMobile Site | Full Site

Copyright 2016 © QuinStreet Inc. All Rights Reserved

Working Toward theEnterp...

Previous ArticleEyeing a Future

in Which ...

Next Article

10 Security Trends to Look for in 2016

10 Steps to Smarter IT Ticket Management

10 Surprising Ways Automation Can Simplify IT

HomeMobile Site | Full Site

Copyright 2016 © QuinStreet Inc. All Rights Reserved