Planning for Biometrics Scenarios – Part 4

This article focuses on malicious software, malware, on a server that contains biometrics sensitive information. This scenario happens hundreds or thousands of times each day around the world. The impact of malware on a biometric server can be devastating. It is therefore critical to plan for this scenario. Planning for this scenario must consider at least the followings:

  • Clear definition of what is a malware.
  • Clear guidelines on the use of biometric systems.
  • Clear action plan to follow in an emergency situation.

The problem in this scenario is what you don’t know: Suppose you discover that a program with some sort of ill intent has been installed on a system containing your biometric database and you don’t know for sure what that program code may have done or had access to. In the worst-case scenario, it granted hackers direct access to that server (and possibly the rest of your network) and the hackers downloaded all the information to see what they could do with it. All the information on that system may be in the hands of someone that intends to do you harm. The biometric data on the database could have been compromised. The action plan to follow will depend on what action the malware performed on the database. If the biometric information was not compromised, all you need to do is eliminate the malware. On the other hand, if the biometric data was compromised, a strict action plan is required to ensure that the impact to the system and users is minimal.

Any action on the biometric database must address the followings:

  • What are the security requirements for the installation?
  • What is the legal, regulatory and public relations environment for the organization?
  • If the malware is well known to the antivirus/antispyware community, do you also know what it really does?

The other biometric scenarios to plan for are (i) high security hosting which focuses on a high volume of people requiring access to a highly secure facility and access is granted if you are on a master list of authorized individuals. (ii) Other Entry Access which focuses securing all the entry accesses to the facility including side entrances. (iii) Port of entry which focuses a high volume of people requiring access to a highly secure facility without the advantages of a master list for authorised individuals. (iv) And biometrics limitation scenarios which focuses on situations where the chosen biometrics technology may not be suitable.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com

Planning for Biometrics Scenarios – Part 3

The previous two articles outlined three main biometric scenarios to plan for such as high security hosting, other Entry Access and Port of entry. In summary so far:

  • High security hosting – Mainly concerned with a high volume of people requiring access to a highly secure facility. A master list of authorized individuals is kept and a manual check of each incoming person’s identification (usually a photo ID) is also conducted. It is obvious that the manual checks are challenging even for the highly trained guards to remember every individual on the master list.
  • Other Entry Access – Mainly concerned with securing all the entry accesses to the facility including side entrances. Consider a building which has a lobby with a security guard, does it actually require a biometric entry control for the lobby? Or does it depending on the size of the company and the size of the building, the security guard may recognize everyone who has a legitimate need for access.
  • Port of entry – Mainly concerned with a high volume of people requiring access to a highly secure facility without the advantages of a master list for authorised individuals. Traditional port of entry system depends to a large degree on how hard it is to modify or create a passport without being detected.

This article focuses on the fourth biometric scenario known as biometrics limitation scenarios. Badly researched biometric solutions are likely to encounter scenarios where the chosen biometrics technology may not be suitable. Biometrics limitation scenarios will present itself sooner or later depending on the size of the user population and how long biometrics has been employed as a solution. There may be situations where the specific biometric been captured doesn’t apply to someone because the required body part is either missing or just doesn’t conform to the parameters that the biometric system expects. It is also common for biometrics to fail even if the required body part or biometric trait is available for a variety of reasons. The problem is that there’s a pretty broad variation across our species, and some measurements make a lot of assumptions that are based on statistical norms. In order to a biometric solution to work effectively and efficiently, it is important to make accommodations for individuals who are not able to use the system.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com

Planning for Biometrics Scenarios – Part 2

The previous article outlined two main biometric scenarios to plan for, high security hosting and Other Entry Access. High security hosting has to deal with a high volume of people requiring access to a highly secure facility via a guarded access point which makes impossible for highly trained guards to remember every individual who should be allowed in the facility without the unnecessary delays. Remembering all the individuals on the master list is a big challenge for even the most qualified guards. Other Entry Access deals with the size of the organisation and the volume of people entering and accessing the facilities which impacts the decision processes for selecting a suitable security solution. Organisations must plan for all biometric scenarios as required by their organisation including side entrances and parkinglot elevators with no human supervision, so anyone who happens to know the door code from watching someone else punching it in would be able to gain access to the facility. This article focuses on the 3rd biometric scenario to plan for, Port of entry.

Port of entry scenarios are similar to high-security hosting, only on a massively larger scale and without the advantage of a master list of authorized persons. In general, traditional port of entry system utilises traditional passports which are relatively difficult to duplicate identification. Traditional passports employ manual biometrics whereby the officer at the gate compares the passport picture with the person presenting it. Traditional passport system depends to a large degree on how difficult it is to modify or create a passport without being detected. In addition, manual biometrics is prone high error rates especially when the officer is suffering from tiredness. The outlined challenge can easily be circumvented by biometrics by include electronics with the passport itself so it has these two features:

  • An electronic key to verify that the information on the passport was encrypted using a key belonging to the country of origin.
  • Encrypted biometric data that can be compared to the biometrics of the person presenting the passport.

Biometric based systems are not perfect, but make the data somewhat harder to forge and do not require a master database. Another port of entry concern is the identification of individuals on the watch lists or those who have been expelled from the country for some reason. With biometrics, it’s possible to collect biometric information from the subjects with or without their cooperation and then use that information to identify them as they try to cross the border. This scenario does require a master list of persons and their biometrics but it’s much smaller than the list of everyone on Earth who might decide to travel.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles. Are our borders equipped with the technology to monitor international watch list?

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.

Planning for Biometrics Scenarios

Biometrics encompasses a large field of research and there are more interesting scenarios where biometrics can be employed. Biometrics may have associated possible pitfall scenarios. Examples of interesting uses of biometrics are as follows:

  • High-Security Hosting – A high volume of people requiring access per second to a highly secure facility via a guarded access point would make it impossible even for a highly trained guard to remember every individual who should be allowed in the facility without unnecessary delays. In addition, any delay in communication from the facility officials to the security guards can result in a significant delays and loop holes in the security of the facility. For example, suppose that an employee gets fired and the employee is not allowed back in the building. This will require efficient communication to all the guards to avoid any breach in security. The situation can easy become impossible if more employees are fired and new employees are hired simultaneously. The most common entry access control is to computer-network hosting facilities. In computer-network hosting facilities, a hosting company offers rack space, network connections, environmental controls and power to clients who want to host services at such a facility instead of building it themselves. The hosting provider is likely to have a lot of clients and therefore it will have to prove physical security to its clients. It is usual that each client submits a list of people who are allowed to enter the facility on their behalf, updating that list as people are hired and as they leave the company. The hosting company is expected to only allow authorized persons into the facility. The options available to the hosting company are either keep a list of authorized persons and manually check each incoming person’s identification or utilise biometrics and let the system sort people out.
  • Other Entry Access The size of the organisation and the volume of people entering accessing the facilities will impact the decision processes for selecting a suitable security solution. Many organisations fail to plan and implement a highly secure access control for side entrances where security guards are not utilised. Side entrances and parking lots are a different matter entirely. Most side entrances and parking-lot elevators have no human supervision, so anyone who happens to know the door code from watching someone else punching it in (or has a proximity card picked up from the parking lot) would be able to gain access to the facility.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.