How Biometrics are Used in Software Security
We’re no longer just monitored as faceless combinations of birth dates, names and contact information. Our data representation is becoming more complex with the help of biometrics such as fingerprints, eye scans, and voice and facial recognition. So, what are biometrics and how are its applications changing the face of software security?
What are biometrics?
Biometric literally translates from Greek to “measuring life”. It encompasses all the ways we can use physical and behavioural traits to identify a person. Biometric analysis itself is nothing new, as we’ve already been using fingerprints as a means of identification for many decades. But as technology has advanced, so have the ways in which we can use it for identification.
How is biometric software used?
Some of the most common ways we use technology to analyse biometrics include…
Many of us use biometric technology on a daily basis, in the form of a fingerprint scan for unlocking our phones or tablets. Fingerprint recognition software has become incredibly powerful as a means of authentication, but is not without its vulnerabilities. Biometrics researchers have shown that it’s possible to extract and duplicate a person’s fingerprint using a high-resolution image, and hackers have also been able to lift fingerprint residue from a device to create an artificial fingerprint, bypassing the login security.
- Facial recognition
As mobile cameras have become more advanced, it is now possible to ‘map’ someone’s facial features and compare them to a live image for authentication. Apple famously uses this feature in their mobile devices since the release of the iPhone X, where Face ID technology allows the user to log in to the phone with their face, as well as authenticate on-device purchases. In the public space, however, facial recognition has been used for many years at border controls and in police investigations.
- Retina scans
A retina scan measures the unique blood vessel patterns on a person’s retina, and is considered to be the second most reliable and precise biometric after DNA. These eye scans have been trialled in some high-security access scenarios, including banks, but they come with a generous helping of disadvantages. Scanning equipment is very expensive and requires a close proximity to the user’s eye. Some research also suggests that faulty or low-quality equipment can damage the eye. In addition, the reading accuracy can be affected by diabetes, glaucoma or astigmatism.
- DNA analysis
DNA technology is commonly used in law enforcement as a way of establishing a person’s unique identity – even based on extremely small samples such as a drop of saliva or a strand of hair. But the extended use, in medicine and genealogy for example, allows us to link people together as members of the same family, track the origins of our ancestors, and estimate the risk of certain diseases. DNA analysis is a highly accurate method, but it is not 100% fool proof. Any test samples must be correctly collected and analysed, or the results can be skewed. Also, the complexity of the analysis process means it is far from a commodity technology. In other words, it will be a long time before we will see DNA-locks on our smartphones!
- Voice recognition
Voice recognition isn’t quite as widely used as some of the biometrics mentioned above. Still, it has the potential of being a useful tool for supporting authentication as each voice has certain unique qualities such as tone, depth, speed, and patterns that are very difficult to mimic. Barclays Wealth was the first financial institution to launch voice recognition as part of its authentication process for incoming customer calls, and it is now rolled out as an option for biometric identification.
The legal quagmires of biometrics
While we see more and more technology solutions becoming available for tracking and recording biometric information, we are also becoming very vulnerable to things like identity exposure, identity theft and involuntary information sharing. While it may seem like a great safety measure to add retina scanners to certain office locations for example, it opens up a whole new horizon of data security (and integrity) considerations.
Questions we need to answer include:
- Where is the data stored?
- How is the data accessed, or shared with other applications?
- How long is the data kept after an individual leaves?
- How secure is the hardware, and how difficult is it to hack or deceive?
- Who is responsible for managing the data?
Biometrics may be a fast-track to a more convenient and reliable identification landscape for software users, but it does present a minefield of data privacy issues. Anyone embarking on a biometrics development journey needs to start with putting a healthy data security policy in place.