Today we are going to talk about a super trendy way of identification. New ways to increase security in companies is being created and this one has been around for a while, but we want to study how safe it actually is. We are talking about biometric identification systems. How does it work? How can it be improved? Which are the flaws? Francisco D’Agostino explains all about it so keep reading to learn more about this topic.
First, let’s define what biometric identification is. According to the National Security Cyber Centre, “Biometrics work in a slightly different way to something like a PIN or password. In these cases, an access control system will compare a stored password with the one entered by an individual. If they are identical, access will be granted.”
So, when talking about the term “biometrics”, the NCSC explains that “The ISO and IEC standards bodies have defined biometrics as, ‘the automated recognition of individuals based on their biological and behavioral characteristics.”
Now the trendy part is that a lot of companies are using either facial recognition or fingerprint recognition in order to increase their security. However, the question remains… is this system 100% sure?
Well, the answer is no. One of the reasons for this is that no two captures of biometric data will produce truly identical results. So, how do they actually work? Well, a biometric system must make an estimation as to whether two biometric samples come from the same individual.
Estimations can take time and we have to make a decision in terms of how fast we want this estimation to happen and more important, how accurate it needs to be. If we want comparisons to happen fast, then we must accept that more comparisons can be incorrect and this will have an impact in security breaches.
And this is one of the main differences that this system has in comparison to passwords. Passwords are not estimating anything. In fact, if the password doesn’t have an exact match, then it doesn’t grant access and this is an important aspect in pro of passwords.
Biometrics and attacks
Biometrics might look pretty safe, but as everything, it can be the subject of attacks from malicious criminals. Let’s see how biometrics can suffer attacks.
First of all are presentation attacks. In this case, a person that is not in the system will try to mimic one that is and since these systems are estimating results, then there is a high probability that this can happen to your company. In order to avoid this, one way is to make sure that you don’t compromise yourself by asking for fast recognition instead of an accurate one. Having accurate results no matter how much time it takes is safer.
The second type is by intercepting data. This one is a bit more technical and harder to prevent, however, is a possibility that needs to be discussed. An attacker may seek to modify or intercept the data output from the sensor. A previously captured sample might be replayed, or a captured biometric sample could be substituted with biometric data of a different individual at enrolment.
In the same line of intercepting data, there is another option in which the attacker may target data during transmission, or in storage by the biometric system. This means that a biometric reference in the enrolment database could be modified to include the biometric features of an impostor.
There is also the traditional IT attack, in which the attacker targets the software used to implement the biometrics. These are usually made when the company holds high-value items or information that can be hijacked. The answer to protect yourself from this one is to rely on traditional IT security methods which are not specific to biometric systems. Also, having an IT team ready to handle any attempts to breach security is vital to protect your assets.
Types of biometrics recognitions
There are several types of biometrics recognitions available. Some of these are:
Vein pattern recognition
Choosing the one that adjusts to your needs is vital to make sure you get the level of security that you desire to implement in your company and this should be done with the help of a professional team that helps you determine your needs and levels of security.
Passwords vs Biometrics
Now the main difference between passwords and biometrics is basically the human error. By having people setting up their own password, these can be really weak or they can be recycled from other sites. This represents a breach of security since it can easily be hacked.
However, as we explained above, biometric systems are not 100% sure and this has also an influence in the security standards of any company.
So, this leaves us the question… What is best? Passwords or biometrics?
Reality is that this depends entirely on your company’s needs. Depending on your necessity of security, you can rely on biometrics with a high-tech team that allows you to make it as bullet proof as possible.
But, if your needs for security aren’t that high and you can set up some conditions in terms of password settings, then continuing with secure passwords might be your way to go.
If you feel biometrics makes you feel secure just for being a trendy tech that several companies are using, we highly recommend you to study security breaches related to it first.
Remember that before choosing a biometric you should be aware of the likely threats and risks associated with its use and determine how these fits with your organization’s management of risk.
Francisco D’Agostino concludes explaining that just because there is a trendy technology that appears to be top security, it doesn’t mean that it actually is and this is very important in terms of studying your needs and your vulnerabilities before going for a new security system that can do more harm than actually helping in security.