Passwords are passé, brace for biometrics

For quite some time now, employees in many offices have been using biometric systems to mark attendance. Educational institutions like colleges too are adopting them to mark attendance in classes. More recently, biometric authentication has been integrated into our electronic devices like smartphones and laptops, giving us more secure control over them.
Not just devices, even services are being integrated with biometric systems. All new mobile phone connections need to be linked with Aadhaar, a process that will need biometric verification. Even older phone connections will need to be authenticated with Aadhaar. You may have already got a reminder from your telecom operator to link your phone number with Aadhaar.
“In the near future, passwords could potentially be eliminated and biometrics may become the key element for authentication along with presence of a device such as a mobile phone or smart watch,” said Amit Jaju, executive director, forensic technology and discovery services, EY LLP.
Going forward, we would see our electronic Aadhaar Pay transactions at commercial establishments being authenticated using just our fingerprints.
But biometric entail more than fingerprint scans. It also includes iris scans and facial recognition. “That is where I see greater possibilities. Imagine being able to simply walk out of a retail store, while an iris-recognition camera captures your iris information, knows your Aadhaar number (as you are a frequent shopper) and as the Aadhaar account is connected to your bank, simply deducts the amount of the goods you are carrying in a bag,” said Saket Modi, co-founder and chief executive officer, Lucideus Tech. “The banking industry is already seeing an upsurge in use of biometric for authenticating a transaction. It could further be used for identity verification such as at airport immigration,” Jaju said.
We take a look at how these biometric systems work.

How it works

Biometric authentication uses some form of unique biological characteristic—such as fingerprints, retinal scan, facial recognition or voice detection. Fingerprint and retinal scans have been more popular forms of identification, but face recognition is also gaining popularity as most devices these days have high resolution cameras.
“A device reads (biometric reader) the biological characteristic and uses an algorithm to convert the readings into a digital hash (numbers and digits). The algorithm and design of the device ensures that the digital hash cannot be converted back into the source (such as the fingerprint). This hash is then authenticated with a server which has a similar hash generated at the time of registering the user (master copy),” Jaju said. If both the hashes match, then authentication is granted.
A fingerprint reader, for instance, reads the fingerprint and coverts it into a digital hash and the underlying software sends the hash—securely in an encrypted manner—to the server for authentication. “A biometric reader without the underlying software has no utility. The software itself has security mechanism to be able to interact with the authenticating server,” Jaju said.

Safety issues

“Biometric authentication tends to be much safer than sharing your documents and physical signature on a form,” Jaju said. Using biometrics, a user can instantly get alerted, by SMS or email, regarding the status and source of the authentication and can take immediate action, if needed. When a someone uses biometric authentication in place of physical copies of documents, she can be sure that her documents’ copies cannot be forged or misused for data or identity theft. Modi said that devices and scanners that adhere to the standards set by Unique Identification Authority of India (UIDAI) are perfectly safe to share one’s biometrics on.
“One key change that’s going to come in the next few months is the enforcement of having the Aadhaar encryption key at device level itself. Currently, there is still a channel where the device sends the raw biometric data to the phone where encryption is applied. So technically, the wire that’s connecting the phone with the device can today be tapped to capture the biometric data. Although there are some checks and balances in place to counter this too,” Modi said.
A regular fingerprint reader, like the one used by representatives of telecom companies for Aadhaar authentication, does not have a memory of its own, said Atish Saoji, vice president sales (information technology) at BioEnable Technologies Pvt. Ltd, a company that manufactures biometric devices.
“Other forms of devices—like the ones used for attendance in offices or access control devices—have a memory of their own,” he said.

Storing biometric info

Most secure biometric authentication mechanisms use two-factor authentication techniques, such as biometric plus SMS/email or biometric plus password.
“One should also check if the biometric authentication process would send an alert SMS or email confirming the authentication attempt. This can be valuable to identify potential fraudulent attempt for fake authentication. Always remember that a biometric authentication system is more secure if it uses an additional form of authentication such as a password or PIN,” Jaju said.
“In the worst-case scenario, if a hacker is able to impersonate someone else’s biometric data and enter their Aadhaar number along with it, they would still get notifications on the registered phone number about the transaction that is happening,” Modi said.
On the widespread and increasing use of biometric-based Aadhaar authentication, he said that most people still do not realise that your Aadhaar number is like your email Address. “You can give it to as many people you want and no one can do anything with just your Aadhaar number, as they will need your fingerprint with it to authenticate and impersonate you,” he said.
Moreover, Modi added, that most “so-called hacks of Aadhaar card data reported till now have been the leak of Aadhaar card numbers only, and not of the biometric data.”
Jaju said that not so long ago, passwords were considered safe and many industries depended on it. Now passwords are strengthened with additional two-factor authentications methods such as one-time passwords (OTPs) and device recognition.
“Biometric is one of the safest forms of authentication techniques available today, when clubbed with another form of two factor authentication. It tends to bridge the gaps that could be exploited for corruption such as identity theft for obtaining fraudulent loans and benefits,” he said.
While many experts insist that biometric identification is a secure process, the debate around use of biometrics has got polarised. We will keep updating this space with stories that go beyond the rhetoric.

Ref: http://www.livemint.com/Money/jP47td1gJ9U2nsv6GJ14BM/Passwords-are-pass-brace-for-biometrics.html

Comments

Post a Comment

Popular posts from this blog

Biometric attendance made compulsory in Rajasthan government hospitals

Tightening the noose on healthcare staff who are habitual late comers and early-leavers, the health department has made biometric attendance system compulsory in all government hospitals coming under the health directorate. Department officials said that they were frequently receiving complaints regarding irregular attendance of some doctors and healthcare staff. Health minister Kalicharan Saraf said that from February 15, the doctors and other healthcare staff, including nurses and lab technicians, will have to mark their attendance through biometric attendance system. Saraf also directed the officials to make arrangements of biometric attendance machines . He said that the respective officials of hospitals will have to arrange the machines using the funds from medical relief society. The directions have been issued to make the attendance compulsory through biometric machines in districts hospital, sub-district hospitals, satellite hospitals, community health centres an...
Read more

Biometric Vehicle Access Technologies Market 2017-2027

Forecasts & Analysis by Biometric System Type (Iris Recognition, Face Recognition, Fingerprint Recognition, Other (Retina Scan, Hand Geometry, Palm Vein Authentication)), by Vehicle Type (Passenger Cars, Light Commercial Vehicles (LCV), Heavy Commercial Vehicles (HCV)) and by Region plus Profiles of Leading Companies Developing Technologies. The latest report from business intelligence provider  Visiongain  offers comprehensive analysis of the global biometric vehicle access technologies market.  Visiongain  assesses that this market will generate revenues of  $614m  in 2017.     Now:  In early 2017, Synaptics Incorporated acquired Conexant Systems, LLC and the Multimedia Solutions Business of Marvell Technology Group. This is an example of the business critical headline that you need to know about - and more importantly, you need to read  Visiongain's   objective analysis of how this new will impact your c...
Read more

Technavio report forecasts global biometrics market in education to grow 26% CAGR from 2017-2021

Technavio has released a new report that forecasts that the global  biometrics market  in the education sector to grow at a CAGR of more than 26 percent during the forecast 2017-2021. In the report, “Global Biometrics Market in Education Sector 2017-2021”, Technavio covers the market outlook and growth prospects of the global biometrics market in the education sector for 2017-2021. Technavio further segments the market into three types, including fingerprinting technology, iris recognition technology, and facial recognition technology. Fingerprinting technology was found to have the highest market share of the three with more than 67 percent in 2016. “The emergence of multimodal biometrics is another factor increasing the use of biometrics in the education sector,” Jhansi Mary, a lead education technology research expert from Technavio. “The incorporation of multimodal biometrics will make it difficult for miscreants to access information of institutions or student, ...
Read more