What is Biometrics?

"Biometrics is the development of statistical and mathematical methods applicable to data analysis problems in the biological sciences

With regard to technology Biometrics is the term given to the use of biological traits or behavioural characteristics to identify an individual. Their traits may be fingerprints, hand geometry, facial geometry, retina patterns, iris patterns, voice recognition, handwriting recognition. A Biometrics system is basically a pattern recognition system, including all the hardware and associated software and the interconnecting infrastructure, enabling identification by matching a live sample to a stored pattern in a database. When resolving an individual’s identity there is a distinction between verification and identification and different Biometric systems fall into these two categories. Each sub-category resolves a different question. The first, verification, involves confirming or denying an individual’s claimed identity - ‘Am I who I claim I am?’ The second, identification, involves establishing an individual’s identity - ‘Who am I?’ By resolving these questions using biometrics these systems go beyond traditional security methods, by insisting that the person trying to log on is the actual person. Biometrics is irrevocably tied to the individual.

With regard to computer networks, Biometrics can be used to automatically authenticate an individual using their distinguishable traits. This security offers increased confidence levels for users of the network, providing the system is correctly implemented and utilized. The Network can be exploited fully without fear of a security breach. Biometric secure Systems on the web would make the popular targets of banking data, business intelligence, credit card numbers, medical information and other personal data transactions on the web more secure and thus increase the populations confidence in using these methods, increasing e-commerce confidence and thus enabling it to reach its full potential.

Biometrics is also being called upon in the Cellular phone industry, where the companies are vulnerable to cloning, where new phones are created using a stolen number, and new subscription fraud, where a phone is obtained using a false identity. Here Biometrics could be used on the handheld set to recognise ownership, and a biometric trait could be taken at authentication.

Biometrics can be used to secure transactions at automatic teller machines, no longer requiring the presentation of an ATM card (a biometric is hard to steal). It could also be used for transactions at point of sale. Other markets include telephone banking and Internet Banking. Biometrics can be used in any Network where the utmost security is needed. It doesn’t just provide security because the physiological traits between people are unique (PIN numbers should also be unique), but also because these traits cannot be interchanged between people.
The fundamental argument for using Biometrics for Network authentication is the increase in security while eliminating the extras such as PIN, passwords and smart cards, which can get into the wrong hands and do a lot of damage to a network, which is then not able to run at its full capacity until the security breach has been amended.

In the workplace passwords and logins are often passed between co-workers, written down for convenience or reused multiple times for different networks. Biometric logins would make it unfeasible for anyone, other than the intended login, to login to the network. So for every worker, if they were to use the network an account must be set up for them. The workers cannot forget their password, which may be one of several passwords, because their password into the system is a physiological trait.

There are of course security issues with Biometrics that must be addressed. Where will the data be stored? Are you authenticating an actual live sample or just authenticating a message? Can the same Biometric be used for multiple different systems? Will the system be securely implemented? These questions will be addressed in this paper. If Biometrics for network authentication is accepted into society, in the future we may be paying for our groceries at the supermarket on credit with a laser scan of the iris - physical method of access and payment may become a thing of the past.

How are biometrics used in networks

The most obvious use of biometrics for network security is for secure workstation logons for a workstation connected to a network. Each workstation requires some software support for biometric identification of the user as well as, depending on the biometric being used, some hardware device. The cost of hardware devices is one thing that may lead to the widespread use of voice biometric security identification, especially among companies and organizations on a low budget. Hardware device such as computer mice with built in thumbprint readers would be the next step up. These devices would be more expensive to implement on several computers, as each machine would require its own hardware device. A biometric mouse, with the software to support it, is available from around $120 in the U.S. The advantage of voice recognition software is that it can be centralized, thus reducing the cost of implementation per machine. At top of the range a centralized voice biometric package can cost up to $50,000 but may be able to manage the secure log-on of up to 5000 machines.

The main use of Biometric network security will be to replace the current password system. Maintaining password security can be a major task for even a small organization. Passwords have to be changed every few months and people forget their password or lock themselves out of the system by incorrectly entering their password repeatedly. Very often people write their password down and keep it near their computer (on a post-it note attached to the underside of the keyboard is a frequently seen favourite). This is of course completely undermines any effort at network security. Biometrics can replace these. For example the city of Glendale in Los Angeles county California replaced its password system with fingerprint scanners that use biometrics. The cities employees had the usual password problems. The passwords had to be changed every 90 days and no dictionary words were allowed, only 8-digit alphanumeric strings. The vast majority of users failed to change their passwords and as a result got locked out of the system. The only way for them to get back in the system was a call to the IT helpdesk, which became swamped with calls. The help desk staff ended up spending a disproportionably large amount of time fixing problems with passwords. This is the hidden cost of using passwords, the helpdesk admin costs that always result when people get locked out of the system. The use of biometric identification stops this problem and while it may be expensive to set up at first, these devices save on administration and user assistance costs.

email to Shravan.1258@yahoo.com