Sunday, June 10, 2007

The Biomass Downside Of Biometrics

Silhouettes representing healthy, overweight, and obese. Image Credit: Wikipedia via FDA

The Biomass Downside Of Biometrics

Many security systems use a confirmation “second entry” in order to verify the clearance of an individual through a specific pass gate in a secure environment.

In a biometric secure system, however, a “growing” problem is coming of age here in North America.

It seems that the incidents of false positive readings on biometrics devices where a “biometrics only” confirmation verification are on the rise and the reason is a little surprising.

These false acceptances are being triggered through weight creep against many DOD biometric databases.

This item excerpted from TechInsider Blog (Allan Holmes, Bob Brewin and Daniel Pulliam on what's happening and what's being discussed in the world of federal information technology.) -

The Risk of Using Biometrics: People Get Fat
By Allan Holmes Wednesday, June 06, 2007 11:34 AM

The following item was posted by Bob Brewin.

DISA has develop a new guide detailing how individuals gain access to Defense Department computers and networks, which contains pages of cautionary warnings about the use of biometric identifiers.
But the guide, which goes by the bureaucratic title “Access Control in Support of Information Systems Security Technical Implementation Guide (STIG),” also warns that current and planned biometric identification systems carry more than their share of risks.

“A compromised password can simply be changed, however once a biometric is compromised there is no going back or changing it,” according to the STIG. “For information systems that currently accept Biometrics-only for authentication, this must be combined with another authentication method such as a password.”

“The central risk of the verification process is that the technology will mistakenly verify a user’s identity when that person is actually someone else – a phenomena known as false acceptance,” according to the guide.
Poorly designed biometric-recognition systems can be tricked into verifying someone else’s identity, the STIG reports. For example, with a poorly designed facial recognition system, an imposter may simply show the capture device a life-sized photograph of a valid user or, in the case of voice recognition, a tape recording of the valid user’s voice.

The DISA guide added: “For any biometric, one can devise a potential substitute to mimic the real user, though certainly some biometric characteristics are more susceptible to this than others. To mitigate this risk, robust biometric solutions have ‘liveness’ checks that validate the sample as coming from a live human being and not a facsimile.”
I obtained the above information from a draft copy of the STIG, which is OK to write about because someone at DISA stamped the document “For Office Use Only,” instead of “For Official Use Only.”
Reference Here>>

No comments: