Easy, fast and secure
September 2017, Residential Estate (Industry), Access Control & Identity Management, Integrated Solutions
Let’s face it, biometrics is no longer the big deal it was a few years ago when South Africa led the way in the adoption of fingerprint biometrics. Today the world has caught up with the release of biometrics on smartphones and some incredible developments in face recognition technology as well as other forms of biometrics.
Yet, while it may not be the magical cure-all that was going to change the world it was way back when, biometrics, specifically fingerprint biometrics, is still the staple diet for businesses, governments and estates looking to streamline access control while improving the security of who is allowed in or not.
The key to biometrics is that it is hard to fake. Of course, those who keep tabs on the media know that iPhones (among others) have been ‘hacked’ with fake biometrics, but if you cast your mind back, some very prominent biometrics brands had their readers starring on YouTube a few years ago as people hacked them with photocopied fingerprints. Since then, the technology has improved significantly and you won’t find it quite as simple to fool today’s readers from tier-1 brands that invest in their products.
The key to biometrics is that at the moment of entry to an estate or a building, while you can offer up a fake identity document or driver’s licence and get away with it (unless the document is scanned electronically), it is hard to hand over someone’s finger or a fake finger to scan in real time. Even the most exhausted guard would raise an eyebrow if you told him to wait while you kept trying to get the reader to accept your plastic finger.
So how do biometrics and secure estates go together? Hi-Tech Security Solutions asked a few biometric experts to tell us about the fit between modern biometrics and secure residential estates.
Biometrics and estates?
If you believe the marketing material, biometrics is perfect for the access control to your estate and there are many estates you can use as an example where these systems are working well. But how does an estate know if its particular environment would be an appropriate location to use biometrics?
Deon Janse van Rensburg.
Deon Janse van Rensburg from ViRDI South Africa says that virtually any environment is suitable for some form of biometrics. “However, it is very dependent on how the entry and exit gates were designed, i.e. is there provision for goosenecks, can multi-tier goosenecks be deployed for different sized vehicles, how were the contractors’ or workers’ entrances designed etc.”
He mentions the physical design as some, especially contractor and worker entrances, sometimes seem to be set up as an afterthought. Then the question is what type of barrier is being used and, critically, whether the estate is able to afford its chosen biometric solution. As is mentioned in many instances in this publication, Janse van Rensburg is not only referring to the capital cost or affordability of the hardware, but also the hardware maintenance costs and the maintenance of the databases, hosting (if required), the costs of designated employees to manage enrolment and the general management of the system.
Similarly, Walter Rautenbach from Suprema South Africa agrees that biometrics is beneficial in any gated estate to ensure that true identity is used to gain access to the environment. Of course, he notes that the implementation of the same where the estate is not enclosed with secured fencing or barriers will not serve any real benefits.
“The starting point is usually the implementation of biometrics for residents and employees, as this is normally much easier than implementing and enforcing the same for visitors,” Rautenbach adds. “The main benefits are seen as convenience as well as security, although the element of security is normally diluted by persons accessing the estate without biometrics, be it due to unwillingness or just the practicality of using biometrics for visitors or day-to-day deliveries.
“General visitor access is normally made more difficult by introducing pre-visit booking, real-time host authorisations for entry and visitor management systems which can also use biometric capture as part of the process, but which is not normally used for physical access.”
While Hendrik Combrinck, MD of ZKTeco South Africa agrees with the above, he also cautions that each estate has an ecosystem of its own that needs to be taken into account when considering biometrics. “Probably the most important factor is the logistics at the entrances and exits. The two main issues an estate needs to consider at these points are the speed and security they need.
“I always recommend that estates do a proof-of-concept before making the final decision. The main benefit of biometrics technology is that it replaces other technologies that can be lost, stolen or even passed on to people that must not have access to the estate.”
Weakening your security
This concept is expanded by Rautenbach, who adds that residents not participating, due to fear of sharing their biometrics or due to their being unable to use biometrics, introduce risks biometrics is supposed to avoid. “When issuing one person with a password or a PIN on a biometric controlled infrastructure, it can be argued that the whole security system is compromised as PINs or cards can be shared or lost. In this case, when a syndicate gets hold of your card, it can introduce risks to the entire estate.”
He notes that the new trend of using mobile credentials, such as NFC or Bluetooth Low Energy (BLE) opens up new ways of reducing these risks. With mobile credentials, the ‘secure credential’ is loaded on the user’s mobile and acts as the card for access. The reason why this improves security is the fact that the card is specific to the mobile device, and in today’s mobile-dependent society, one will definitely realise if your phone has been lost, and one does not easily share it with someone else. Standard insurance requirements to block a mobile device if it is stolen also means that the card becomes null and void.
“Although criminals and syndicates will continue to find flaws in security systems, biometrics does make it more difficult when managed correctly, and the deterrent alone does help reduce breaches in security,” Rautenbach says. “The measure of controlling employee, domestic and contractor access through biometrics on its own enhances the safety of the estate without a doubt. For me personally, however, the convenience is enough to win me over.”
Given the publicity around other forms of biometrics, Janse van Rensburg notes that it is important to note that certain biometric technologies are just not mature or robust enough for use in estate applications. “Facial recognition and iris or retina systems, for example, are not optimal for estates as they are not designed for external applications and are reliant on the user being face-on or in the same position every time they transact, which is almost impossible as the biometric system will more than likely be deployed on vehicle access points.
“Basically, this leaves fingerprint biometrics, which has its own set of challenges, but if the correct product is used then the system works wonderfully well. Once again, dependent on the product being used, fingerprint biometrics are secure and it allows the management of the estate to keep a better handle of who has access and who doesn’t. The challenge with any estate access system is always how to handle contractors and workers, as this tends to be fluid once the right biometric technology is chosen and installed and managed properly.”
How to handle refusals
No matter how you promote the benefits of biometrics, whether it be speed or security, there will always be those who can’t or won’t use it. On the one hand, people may see it as an invasion of privacy and refuse to enrol because they don’t know how biometrics works and nothing you say will dissuade them. Then there are those who will balk at fingerprint technology due to, shall we say, a less than sterling past they fear will catch up with them if their fingerprints are checked against a law enforcement database or are ‘out in the wild’, as some people believe will happen when scanning a finger on a biometric reader.
Then there are those whose fingerprints just won’t be read. Elderly people can often fall into this category as their prints are worn, as can people who are involved in manual labour.
The list of people who can’t be fingerprinted, as well as those who should not includes children younger than 7, which Janse van Rensburg explains have little or no friction ridge definition. Additionally, he says children between 7 and 18 have friction ridges that constantly evolve, while people over the age of 65 start losing friction ridge definition due to the skin losing its structure.
Moreover, he says people with diseases such as psoriasis have awful friction ridge definition and people undergoing chemotherapy often have issues with friction ridge details constantly changing. He adds that the Multispectral Response Imaging technology ViRDI uses addresses many of these challenges and has a usability rate of about 98%.
To handle these and other ‘no-read’ scenarios, estates will need to make another plan. Fortunately, Combrinck explains, multi-biometric terminals are becoming a popular option at estates. This can allow a combination of biometric recognition, such as fingerprint and facial recognition combined, or it can also include additional verification modes, be it a type of card reader or PIN pad people can use to access the estate.
At the same time, Rautenbach notes that while there used to be a significant percentage of people who could not be ‘read’, technology has advanced and “over the past 10 years we have seen a 90% decrease in these cases.
“Alternatives that exist include multi-modal biometrics, where either one or the other can be used, such as facial recognition. In the past facial recognition did not work in direct sunlight or fluctuating light conditions, but once again technology has shown that these hurdles can be overcome.”
He adds that not every estate can afford to implement multi-modal systems and therefore the go-to solution is issuing cards or PINs. “Once again the utilisation of mobile credentials does offer some benefits over standard cards.”
Another option would be to use combined fingerprint and finger vein readers, which are more popular today. This technology reads the unique patterns of the veins in your finger, even if your fingerprint is unreadable. Combrinck suggests that an option would perhaps be to use finger vein readers at vehicle entrances and facial recognition at the employee entrances and turnstiles.
He adds that one can’t force someone, such as an employee, to use biometric access systems, but it can be made mandatory depending on the rules of the estate. If the written policy is that all employees need to be vetted, for example, they will have to agree to being fingerprinted at least once if they want the job. Naturally this is a sensitive subject in this country and should be handled with care.
On this topic, Rautenbach adds that most employers require criminal clearances as part of the screening process, and this applies to estates as well where failure to do so can cause harm to the residents and everyone else on the estate. “Employees are therefore well aware of biometrics, and employers using it for access control are not frowned upon in South Africa.”
The privacy question
Although many raise their eyebrows when questioned about the safety and privacy aspects of using biometrics, and in this instance we focus on fingerprint biometrics, it is a concern for many. The standard argument is that when using a PIN, password, card or mobile credentials to gain access, if your identity is compromised you can block the access and issue a new one. With fingerprints, if someone does manage to copy your prints and somehow manages to use it to identify themselves as you, what can you do? You certainly can’t be issued with a new fingerprint, and the same applies to other biometrics, be it face or finger vein etc. How do the biometrics vendors counter this?
“Your system is only as good as the installation,” says Combrinck, “and this is very true in this context. All the manufacturers take these points very seriously and go out of their way to secure the whole experience, from the hardware, communication protocol and the database storing all the information. This is the same with ZKTeco.”
It all comes down to the product being used, says Janse van Rensburg. “There are some biometric products that will keep a physical image of the fingerprint on the database and these are the ones that are prone to hacking. Most tier-1 products, however, only keep the fingerprint template as a hexadecimal string in the database. These templates only carry information in regards to minutiae points and not the complete fingerprint, so even if the database does get hacked, the complete fingerprint is not there.
“Think of it as GPS coordinates without a map. Add to this that tier-1 vendors encrypt this template to a proprietary AES standard and the whole trope about stolen fingerprints falls apart.
“Many systems are vulnerable to ‘spoofing’ where fake fingerprints can be manufactured from household items such as bathroom silicon or candle wax and it is important that the product being chosen have LFD (Life & Fake Fingerprint Detection) technologies as part of the product specification. It must be noted that in instances where spoofing is involved, the fingerprint was stolen not from the system, but physically – in other words, lifted from glass etc.”
It also helps putting the whole issue in context. Rautenbach counters, “It is far easier to steal your neighbour’s fingerprints off a glass after an invitation for sundowners or for a stranger to do the same while ‘collecting recyclables’ from a dustbin, than trying to hack a fingerprint reader.
“Fingerprints are so widely used because it is what you leave behind at a crime scene, or at your neighbour. If you have concerns such as this you should ensure your fingerprint provider uses certificate-based, industry-recognised encryption and live finger detection, which is now the standard against spoofing, and it counters the fear of your finger being chopped off to get access.”
Fortunately, all the interviewees in this article represent tier-1 biometric vendors, meaning that their products will incorporate the latest in terms of security and privacy technologies.
When asked what would be his recommendation for using biometrics on estates, Combrinck says he always recommend a robust and cost-effective solution. “Since the launch of the ZKBioSecurity system, which includes access control, visitor management and camera integration modules, we have seen a dramatic uptake by estates because of the ease of use. This system dramatically cuts costs for estates by integrating to our inBio controllers that only need slave biometric readers to provide access.”
Janse van Rensburg’s recommendations include IP65 rated products that have the necessary user count required for the estate. “From a ViRDI perspective, I would only use our AC2200H and AC5000Plus units for estates. If the user count exceeds the user count capability of the terminal, we can always revert to network authentication (this is a built-in capability on all ViRDI terminals), however, the network infrastructure being used must be of the highest quality and exceed ISO and IEEE standards.”
Products offering speed, suitable for outdoor implementation and offering live finger detection to ensure your identity is not stolen by hackers is Rautenbach’s advice. “Suprema’s BioEntry W2 is a prime example, offering 1 to 150 000 matches in less than a second, an IP67 rating that exceed outdoor requirements, multi-dynamic range optical technology that works in direct sunlight and which is suitable for extreme finger conditions.
“The IK08 vandal resistant rating guards against drunken neighbours and begrudged staff, while multi-card reading allows you flexibility when using cards, and it supports secure mobile credentials if you feel your environment should be secured by multifactor authentication. With simplicity and a beautiful design it seamlessly blends with modern design to suit any lifestyle that demands high security and most of all, convenience.
For more information contact:
Suprema, +27 (0)11 784 3952, firstname.lastname@example.org, www.suprema.co.za
ViRDI Distribution, +27 (0)11 454 6006, email@example.com, www.virditech.co.za
ZKTeco (SA), +27 (0)12 259 1047, firstname.lastname@example.org, www.zkteco.co.za