Planning for Biometrics Scenarios – Part 3

/in , /by

The previous two articles outlined three main biometric scenarios to plan for such as high security hosting, other Entry Access and Port of entry. In summary so far:

  • High security hosting – Mainly concerned with a high volume of people requiring access to a highly secure facility. A master list of authorized individuals is kept and a manual check of each incoming person’s identification (usually a photo ID) is also conducted. It is obvious that the manual checks are challenging even for the highly trained guards to remember every individual on the master list.
  • Other Entry Access – Mainly concerned with securing all the entry accesses to the facility including side entrances. Consider a building which has a lobby with a security guard, does it actually require a biometric entry control for the lobby? Or does it depending on the size of the company and the size of the building, the security guard may recognize everyone who has a legitimate need for access.
  • Port of entry – Mainly concerned with a high volume of people requiring access to a highly secure facility without the advantages of a master list for authorised individuals. Traditional port of entry system depends to a large degree on how hard it is to modify or create a passport without being detected.

This article focuses on the fourth biometric scenario known as biometrics limitation scenarios. Badly researched biometric solutions are likely to encounter scenarios where the chosen biometrics technology may not be suitable. Biometrics limitation scenarios will present itself sooner or later depending on the size of the user population and how long biometrics has been employed as a solution. There may be situations where the specific biometric been captured doesn’t apply to someone because the required body part is either missing or just doesn’t conform to the parameters that the biometric system expects. It is also common for biometrics to fail even if the required body part or biometric trait is available for a variety of reasons. The problem is that there’s a pretty broad variation across our species, and some measurements make a lot of assumptions that are based on statistical norms. In order to a biometric solution to work effectively and efficiently, it is important to make accommodations for individuals who are not able to use the system.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com

Planning for Biometrics Scenarios – Part 2

/in /by

The previous article outlined two main biometric scenarios to plan for, high security hosting and Other Entry Access. High security hosting has to deal with a high volume of people requiring access to a highly secure facility via a guarded access point which makes impossible for highly trained guards to remember every individual who should be allowed in the facility without the unnecessary delays. Remembering all the individuals on the master list is a big challenge for even the most qualified guards. Other Entry Access deals with the size of the organisation and the volume of people entering and accessing the facilities which impacts the decision processes for selecting a suitable security solution. Organisations must plan for all biometric scenarios as required by their organisation including side entrances and parkinglot elevators with no human supervision, so anyone who happens to know the door code from watching someone else punching it in would be able to gain access to the facility. This article focuses on the 3rd biometric scenario to plan for, Port of entry.

Port of entry scenarios are similar to high-security hosting, only on a massively larger scale and without the advantage of a master list of authorized persons. In general, traditional port of entry system utilises traditional passports which are relatively difficult to duplicate identification. Traditional passports employ manual biometrics whereby the officer at the gate compares the passport picture with the person presenting it. Traditional passport system depends to a large degree on how difficult it is to modify or create a passport without being detected. In addition, manual biometrics is prone high error rates especially when the officer is suffering from tiredness. The outlined challenge can easily be circumvented by biometrics by include electronics with the passport itself so it has these two features:

  • An electronic key to verify that the information on the passport was encrypted using a key belonging to the country of origin.
  • Encrypted biometric data that can be compared to the biometrics of the person presenting the passport.

Biometric based systems are not perfect, but make the data somewhat harder to forge and do not require a master database. Another port of entry concern is the identification of individuals on the watch lists or those who have been expelled from the country for some reason. With biometrics, it’s possible to collect biometric information from the subjects with or without their cooperation and then use that information to identify them as they try to cross the border. This scenario does require a master list of persons and their biometrics but it’s much smaller than the list of everyone on Earth who might decide to travel.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles. Are our borders equipped with the technology to monitor international watch list?

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.

Planning for Biometrics Scenarios

/in /by

Biometrics encompasses a large field of research and there are more interesting scenarios where biometrics can be employed. Biometrics may have associated possible pitfall scenarios. Examples of interesting uses of biometrics are as follows:

  • High-Security Hosting – A high volume of people requiring access per second to a highly secure facility via a guarded access point would make it impossible even for a highly trained guard to remember every individual who should be allowed in the facility without unnecessary delays. In addition, any delay in communication from the facility officials to the security guards can result in a significant delays and loop holes in the security of the facility. For example, suppose that an employee gets fired and the employee is not allowed back in the building. This will require efficient communication to all the guards to avoid any breach in security. The situation can easy become impossible if more employees are fired and new employees are hired simultaneously. The most common entry access control is to computer-network hosting facilities. In computer-network hosting facilities, a hosting company offers rack space, network connections, environmental controls and power to clients who want to host services at such a facility instead of building it themselves. The hosting provider is likely to have a lot of clients and therefore it will have to prove physical security to its clients. It is usual that each client submits a list of people who are allowed to enter the facility on their behalf, updating that list as people are hired and as they leave the company. The hosting company is expected to only allow authorized persons into the facility. The options available to the hosting company are either keep a list of authorized persons and manually check each incoming person’s identification or utilise biometrics and let the system sort people out.
  • Other Entry Access The size of the organisation and the volume of people entering accessing the facilities will impact the decision processes for selecting a suitable security solution. Many organisations fail to plan and implement a highly secure access control for side entrances where security guards are not utilised. Side entrances and parking lots are a different matter entirely. Most side entrances and parking-lot elevators have no human supervision, so anyone who happens to know the door code from watching someone else punching it in (or has a proximity card picked up from the parking lot) would be able to gain access to the facility.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.

Limitations of using a Single Biometric in applications

/in /by

In recent years, there has been a significant surge in the use of biometrics for user authentication applications such as electronic passports, electronic voting, etc because biometrics-based authentication offers multiple benefits over knowledge and possession-based methods such as password and PIN based systems. It is crucial that such biometrics-based authentication systems are designed to resist different sources of attacks on the system when employed in security-critical applications. Therefore this article outlines some of the inherent limitations of using a single biometrics-based authentication scheme.

Biometric data capture device – The environment in which biometric data is captured during the enrolment phase is usually different from the environment in which the biometric data is captured during the identification or verification phase. The captured biometric data might be noisy or deformed. The source of noise can be due to the followings:

  • Captured voice data can be altered by cold, acute laryngitis viral infection that leads to swelling of the vocal cord, Chronic laryngitis can be caused by acid reflux disease due to low grade infections such as yeast infections of the vocal cords in people using inhalers for asthma, voice misuse and overuse as speaking is a physical task that requires coordination of breathing with the use of several muscle groups, etc.
  • Captured iris data can be altered by wearing glasses and various infections to the iris.
  • Captured fingerprint data can be altered by scars, oily fingers, dry, wet or damaged temporally or permanently. It is also important to realise that some people might just have poor fingerprint quality.
  • Face data can be altered by environmental conditions such as variations in light, pose or illumination.

It is not surprising that noisy captured biometric data may be false matched with templates in database resulting in a false rejection or false acceptance.

Distinctiveness – Previous articles outlined the characteristics of a good biometrics such as

  • Distinctiveness: unique to every individual.
  • Universality: every individual must posses the biometric.
  • Permanence: invariant with time (hardly changes).
  • Collectable: the biometrics must be measurable.
  • Performance: high speed and accuracy.

It is easy to see how the performance of a biometric system can be degraded by noisy data and lack of distinctiveness.

Our researchers within Biometric Research Laboratory, BRL, at Namibia Biometric Systems will outline how a practical biometric system can overcome some of the limitations outlined above.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com.