A Look Into: Biometric Technology
With increasingly more sensitive and personal information being stored on devices nowadays, biometric technology has become more and more important for security, and to ensure that this information doesn’t fall into the wrong hands. The popularity of Apple’s iPhone 5s, with its Touch ID fingerprint scanning technology, should tell you that biometrics is definitely on the rise.
(Image Source: channelpro)
And it’s not just the iPhone 5s either: there were a lot of new tech devices featuring biometric technology at the recent Consumer Electronics Show (CES). And there’s definitely more to come. From smartphones to video game consoles to biometric wristbands, biometric technology is definitely going to make its way to more and more devices over the next few years. Here’s a quick look into the present, and future, of biometric technology.
Recommended Reading: Golden Rule To Internet Security: Change Your Passwords
What Is Biometric Technology?
Biometrics is a form of user identification and access control that uses physiological attributes such as a person’s fingerprints, face and retina in order to identify users. Biometrics can also identify users based on certain behavioral tendencies such as speech patterns and typing rhythm.
(Image Source: lockheedmartin)
Unlike normal forms of access control such as identity cards or PIN numbers, these physiological characteristics are difficult to fake, leading to increased security. These physiological characteristics are also pretty much impossible to misplace, unlike an access card.
Physiological attributes such as fingerprints and retina patterns aren’t just picked at random, though; each of these attributes has to fulfill a number of requirements to ensure that they’re suitable to be used in biometric identification. There are 3 particularly important requirements:
- Inimitable: The attribute must not be reproducible.
- Singularity: The attribrute must be singular and unique enough to diffrentiate one person from another.
- Convenience: The attribute must be convenient to measure and capture.
As far as security is concerned, there are few reasons to prefer traditional password or access card systems over biometrics, except for one problem. With current password systems, it’s easy to provide a new password if the old one is compromised.
However, if a user’s fingerprint or other biometric identifier is somehow compromised, there’s currently no way to "cancel" or "reset" biometrics; after all, there’s no way for a service to issue a user with a new face if their facial recognition data is somehow compromised.
Biometric Technology Today
The most appealing thing about biometrics has to be the way that they might one day replace passwords. Here’s a quick look into some of the ways biometrics are being implemented in consumer devices right now, plus the positives and negatives of each technology when it comes to replacing passwords.
Fingerprint scanning is currently the most common form of biometric technology and, according to Frost & Sullivan, should remain the leading biometric technology for at least the next few years. Fingerprint scanning works by scanning the ridges and valleys on a finger’s surface.
Notable uses of fingerprint scanning in consumer electronics are the fingerprint sensors on the iPhone 5S, HTC One Max and FingerQ’s Q-Case series of smartphone cases. In most of these cases, fingerprint scanning is used to unlock the phone.
Fingerprint scanning definitely fits the criteria for convenience and singularity, but it’s not as inimitable as other forms of biometrics. A perfect example is, of course, how Germany’s Chaos Computer Club managed to beat Apple’s Touch ID.
As the Club pointed out, it’s entirely possible to create a fake fingerprint, as long as a clean fingerprint can be lifted off of a surface. Since we leave hundreds, if not thousands of fingerprints a day, obtaining a fingerprint for this purpose probably isn’t as hard as most of us would like to think.
Iris And Retina Scanning
Retina and iris scanning work on roughly the same principle; iris and retina patterns are unique and this makes them suitable for biometric identification. But where a retinal scan goes deep into the eye to identify users based on their retina pattern, iris scanning identifies users based on their iris pattern, which is visible without deep scanning.
Eyelock’s Myris is an upcoming device that will let you log in to sites and apps simply through iris scanning. Apple also seems to have an interest in iris scanning; if a couple of recent hires are anything to go by, so we may just see iris scanning in an upcoming Apple device.
(Image Source: bluesheepdog)
Both the iris and retina are very much inimitable and singular, with very low false positives and negatives. For instance, Eyelock claims that the chances of a false match with Myris are 1 in 2 trillion. Retina scanning is not particularly convenient, as it requires users to have their eyes extremely close to a dedicated scanning device. This, plus the high cost of retina scanners, makes retinal scanning less desirable for consumer electronics devices.
Iris scanning is a lot more convenient, since it only requires a much more common infra-red camera and can be performed at a distance. One potential issue, though, with both of these methods that the identification accuracy can be effected by medical conditions, eye surgery and alcohol consumption (in the case of iris scanning).
Facial recognition software identifies individuals based on nodal points such as the distance between a person’s eyes, the width of the nose and the shape of cheekbones. Facial recognition is already being used on Facebook, where it’s used to automatically identify people in photos.
It’s also recently made an appearance in both Microsoft’s Xbox One and Sony’s PlayStation 4, both of which use facial recognition to automatically sign users in. Android versions 4.0 and above also come with a Face Unlock feature, which allows users to unlock devices using their face.
One of the biggest issues with facial recognition is that it’s not 100% inimitable. Certain systems are reasonably easy to spoof by simply using a photo of the target. Not all systems suffer from this same weakness though: Google, for example, have patented a liveness test for facial recognition.
Singularity and convenience aren’t huge problems for facial recognition, but the important thing with facial recognition is the recognition software itself. More specifically, it’s important that the software is able to recognise faces under various lighting conditions and when wearing accessories such as glasses or hats.
Voice-based biometric identification isn’t widespread at the moment, but the market is expected to grow within the next few years. Voice recognition, not to be confused with speech recognition, works by identifying characteristics of a person’s voice.
Last year, Authentify launched a mobile security app called Authentify xFA, which links digital credentials with a biometric voice print. In addition, GEO Semiconductor, SpeechFX and VoiceVault launched Granta, a home automation system with voice recognition capabilities.
Voice recognition is certainly a very convenient and low cost form of biometric identification, since the technology to collect speech data is readily available in the devices we use daily, such as smartphones. In addition, the voice is indeed inimitable and singular enough to be used for user identification purposes.
There are a few weaknesses to voice recognition, though. Firstly, background noise can affect the accuracy of the analysis. In addition, illnesses such as a cold or sore throat may affect a person’s voice enough to make recognition less accurate.
Using vital signs, specifically the heartbeat, to identify individuals is not an entirely new idea. An individual’s heartbeat, or electrocardiogram (EGC) wave, is unique and remains constant even when heart rate increases as a result of excitement or exercise.
Bionym’s Nymi armband is one of the few consumer devices to implement this form of biometric identification to identify users. When the Nymi identifies you, it lets you take control of all the devices linked to your Nymi, which can include your smartphone, computer and even your car.
The heartbeat might be one of the most secure physiological attributes that can be used for biometric identification. A person’s ECG wave is unique, not to mention inimitable and hard to reproduce. ECG scanning is quite convenient, too, as it doesn’t require any invasive scanning procedures or bulky specialised hardware.
The Nymi, after all, is a compact armband, and if future heartbeat scanning devices follow the Nymi’s lead, then heartbeat scanning will probably be one of the more convenient forms of biometric identification.
Biometrics in The Future
There’s always a lot of research and development going on in biometrics, be it looking into new physiological attributes to be used for biometric identification or research focused on improving currently-available forms of biometric identification. There’s a lot to look forward to when it comes to new forms of biometric identification.
Gait analysis, the analysis of how a person walks, is quite an interesting prospective method of biometric identification. There are two general methods used in gait biometrics. The first method uses camera footage which is then analyzed and processed by computers using a variety of different algorithms.
The second method, discovered by researchers from Carnegie Mellon University, uses a smartphone’s accelerometers to identify a person according to their gait with up to 99.4% accuracy. This method is particularly interesting, as it could conceivably be used to automatically shut a smartphone down if it detects a gait that’s different from that of the owner.
(Image Source: Ordnance Survey)
Quite recently, researchers from the Universidad Politecnica de Madrid announced that they were making progress on the use of body odor as a biometric identifier. According to the researchers, certain characteristics of a person’s body odor are consistent throughout their lives, which would allow body odor-based biometrics to identify individuals with up to an 85% accuracy rating. It remains to be seen how this might be integrated into consumer electronics, but the high accuracy rating is promising.
The next frontier in biometrics, however, has to be DNA, which is possibly the most accurate way to identify an individual. Admittedly, testing for DNA is nothing new and has been used in law enforcement for a while, but DNA testing in everyday biometrics is still a ways away.
The problem is that DNA testing doesn’t return instant results, and anyone who’s seen episodes of CSI will know that it requires specialised equipment. Even a "rapid" DNA testing machine such as the IntegenX RapidHIT cost $245,000 in 2012, and is definitely too inconvenient for use outside of law enforcement.
(Image Source: NIST)
While DNA-based biometrics will probably never be cheap or convenient enough for use in portable consumer electronics, researchers are constantly looking for ways to make DNA testing quicker and cheaper. It’s not impossible that, one day, the technology currently being used in law enforcement will make its way into the home, allowing home owners to secure their homes with DNA-testing biometric security.
There’s no denying the fact that biometric technology is here to stay. The variety of methods and implementations that are currently available and coming soon is proof enough of this, but the fact that research is still ongoing, looking for new and improved methods of biometric identification, definitely reinforces that fact.
Biometrics aren’t perfect, and there will definitely be teething problems, notably the aforementioned issue with biometrics being uncancellable, but a future where we won’t have to remember a myriad of different passwords for all the devices and accounts in our ever-connected lives is definitely on the horizon.
Author: Azzief Khaliq
Azzief is a writer for Hongkiat.com. He is also a musician, Android user and all around nerd. He loves his tea and spends far too much time thinking about video games.