Subscribe to Windows IT Pro
January 17, 2001 12:00 AM

Biometric Identification

Tom Iwanski
Windows IT Pro
InstantDoc ID #16440
Rating: (0)
Your body is your password

Most administrators don't need to look beyond an end user's workstation to find a potential security breach. I'm amazed at how easily I can discover a user's password when I'm seated at that person's workstation. When the user hasn't prominently displayed the phrase on a Post-it Note, I can usually figure out the password by glancing around the cubicle. My attempts to use account policies to tighten password requirements invariably lead to howls of user disapproval—not to mention a rash of locked-out accounts and forgotten passwords.

Until now, I've taken a typical approach to an intractable problem—I've ignored it, hoping a better solution would come along. And I might be in luck. Because of improved technology and lower prices, biometric identification is emerging as a viable alternative. Biometric solutions use unique biological or behavioral characteristics to verify identification, so a person's body literally becomes the password. Such characteristics can't be forgotten, and most are nearly impossible to reproduce, so the biometric method provides a potentially high level of security.

Biometric identification has become somewhat common in areas such as entry-access control. Now, several types of biometric- identification methods are available to secure network access. In most cases, these methods use a combination of hardware and software to identify biologically unique traits such as a user's fingerprint, voice, face, iris, or typing rhythm. (Other methods, such as retina and vein identification, have yet to cross over from securing a door to securing a network logon.)

Fingerprint solutions are the most numerous in today's market. These methods require a hardware device that scans a user's finger or thumb, as well as a software component that compares the scan to a stored image for positive identification. Voice-recognition systems use a sound card, microphone, and software to record and store voice patterns. To thwart intruders' attempts to use a digitally recorded voice, one of these products prompts the user to repeat a set of random digits. Face-recognition systems use a digital camera to capture an image of the user's face, then compare specific dimensions to a previously saved image of that user. Iris scanning uses a similar process but relies on the uniqueness of each person's iris to verify the user's identity.

The only biometric-identification method I've discovered that doesn't rely on additional hardware is Net Nanny Software International's BioPassword. This product recognizes a user's keystroke rhythms as the user types his or her username and password. Even if a password falls into the wrong hands, an intruder must exactly emulate the original user's typing rhythm to gain access.

Although biometric technology is still developing, it's already viable, and some organizations are deploying it. You need to answer several questions to determine whether this solution is right for your company. The most obvious question is whether your organization is willing to spend an additional $100 to $400 per seat—plus separate costs for deployment and training. Administrative overhead is also an unknown: Will biometric systems truly reduce Help desk calls or just change the nature of the calls? (For example, a forgotten password is easier to deal with than a buggy sound card that can't recognize a voice pattern.) What fallback procedure will you implement for logons in the event of hardware failure? Will that fallback procedure present a potential security breach? Can you integrate biometric solutions into the Windows security architecture to permit easy, centralized administration?

Biometric identification shows great promise for patching internal holes in our security fabric. As the technology improves and prices continue to drop, this method will surely become more attractive to more organizations.

Related Content:

ARTICLE TOOLS

Comments
Add A Comment
  • HH Wieck
    11 years ago
    Feb 15, 2001

    Interesting. How, many points will the scan read and on voice what happens with a cold, pull tooth. Same with a photo. Security is good the best is not to have net work until it is required.

    Yes, the network is the business world and in some homes. But security is a good firewall, password and not changing to the newest at the first drop a hat. I still use W95 and NT 3.X with the security patches. Cost mostly time and arhiving.

  • Mikael Johannisson
    11 years ago
    Feb 07, 2001

    I want to implement fingerprint identifiction. But the big problem is that my company has an centralized IT department that supports 200 users in 15 diffrent places in the country. We use SMS 2.0 for remote viewing of users workstations and servers. Today, if the user is not loggen on I click the "send Ctrl+Alt+Del" button, but how is this done if my authentication is my thumb that is 100 miles away?

  • Bert T. Skaletski
    11 years ago
    Feb 06, 2001

    Marcel I was not suggesting that the problem is in the comparing of live fingerprint to storage. I meant something to the effect of what is explained here at http://homepage.ntlworld.com/avanti/authenticate.htm Quote "Take for example the biometric template matching process. When the user enrols into the system, a biometric template (the data describing their biometric) is created and stored either in a database to be held somewhere on the system, or on a portable token such as a chip card. Upon verification, this template is retrieved and compared against the live sample within a predefined matching tolerance level. If the templates match, then a 'true' message is generated by the matching system, to be used as applicable elsewhere in the process. The degree of possibility that this 'true' message could be discovered, captured, artificially injected or otherwise compromised, might affect our confidence in the authentication process. The overall systems architecture plays a strong part here, in that the biometric matching engine may reside on a back end server, on the client, or perhaps an intermediary. It's precise relationship with directory information and the communication between client (or point of live biometric capture) and host will be important from the overall security perspective. We need to be sure that we are really 'authenticating' the user and not 'authenticating' a message." My concerns are over the whole of the system. With all the damn security holes in present and FUTURE systems I am not will to place my trust in the "solution to end all problems!" After long exsistance our long trusted DNS servers running BIND have fallen to security holes. In the end, it is all about Risk Assessment. How much can you afford to lose? And for the rest there is insurance! LOL

  • Marcel Wiedemeier
    11 years ago
    Feb 04, 2001

    I do not agree with the comments of Bert and Bob regarding biometric data. The major key attribute of a fingerprint reader is, that it does not store a picture of a fingerprint, instead vectorized minutiae, that cannot be used the re-genereate the originial print. Authentication is made by pattern matching. Typically "electronic signatures" or certificates or not created using ones fingerprint or even the patterns, but by using the same algorithms used in smartcards. The Sony FIU-710 is a good example of a slim, fast and usable fingerprint reader with reasonable amount of RAM to store certificates, CRLs, and so on. Smartcards lack of three things: speed, capacity and the most important one: it has plenty of space for the user to write the PIN on it. Today, a 16KB smartcard can only store the pattern of one single finger along with a certificate.

  • micheal hodgson
    11 years ago
    Feb 01, 2001

    i have come up a key smart solution that combines biometic finger print reader and digital cylinder that operates on the CE platform to work with my new server system for home user's and small retailer's, but still a lot work to done before i finally develop this solution.

    you can check it out at www.ibillboard.com.au

You must log on before posting a comment.

Are you a new visitor? Register Here

advertisement

advertisement

Dev Pro Left-Brain SharePoint Pro SQL Server Pro SuperSite for Windows Windows IT Pro

© 2012 Penton Media, Inc.

Home About Us Advertise Customer Service Privacy Statement Subscribe/Renew Terms Of Use

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.