Biometrics is said by some to be an answer to many security challenges. It must confront significant challenges before it supplants other approaches, however.
WirelessWeek offers an interesting post by Hector Hoyos, the founder and CEO of Hoyos Labs. The bottom line is that the security infrastructure supporting biometric communications is still a bit wobbly.
First, the good news:
There’s no doubt that biometric security has significant advantages over all other forms of identification, authentication and verification—hence why so many mobile device manufacturers are jumping on the ‘biometric bandwagon.’ It’s fast and easy to use, and unlike a login or password, which requires memorization and is easily replicable, an individual’s fingerprints, irises, facial constructs and other biological traits should be impossible to duplicate.
The bad news is that the biometric security sector still has a lot of work to do. There are a few problems. The first is that the vector – the fingerprints, iris scans or other biometric data – is stored on the device. The problem is obvious: If crackers physically take control of the machine or install malware remotely, they can access the biometrics and gain access to the machine.
The second problem is virtualization. This attack focuses on crackers creating a copy of applications to which people submit their biometric profiles. Since the bad people control the app, they will then have access to the data in the user’s device.
Hoyos says The Institute of Electrical and Electronic Engineers’ (IEEE) Biometric Open Protocol Standard (BOPS) is working to create a system in which biometric data is not stored on devices. This would alleviate these problems.
Though it is promising, there are still issues with biometrics that may slow its adoption by businesses. Barclay Ballard at BetaNews reports that most fingerprint scanners have error rates of 1 percent to 3 percent. Another issue is that some of a person’s biometric markers can change over time and complicate his or her access. A third issue is that people may be less willing to provide their fingerprints and other highly personal information to an employer. Though these all seem solvable, Ballard suggests that organizations be aware of the challenges before adopting the technology.
These objections were echoed at Security Systems News. Forty-five percent of respondents to the site’s poll agree that biometrics has serious challenges to overcome. These include unreliability, fears of surrendering personal information, and personal hygiene, since some of these techniques rely on the touching of equipment. The winner seems to be facial recognition:
Almost half of respondents—47 percent—said facial recognition and iris scan technologies show promise for gaining ground in the market. ‘Facial rec is the most sophisticated and versatile biometric. It can be used for access control, threat alerts, concierge application in retail/hospitality, and law enforcement,’ said another reader.
Biometrics may indeed be the security technology of the future. That won’t happen, however, before a number of concerns have been dealt with.
Carl Weinschenk covers telecom for IT Business Edge. He writes about wireless technology, disaster recovery/business continuity, cellular services, the Internet of Things, machine-to-machine communications and other emerging technologies and platforms. He also covers net neutrality and related regulatory issues. Weinschenk has written about the phone companies, cable operators and related companies for decades and is senior editor of Broadband Technology Report. He can be reached at [email protected] and via twitter at @DailyMusicBrk.