The term ‘biometrics’ applies to a broad range of electronic techniques that use the unique physical characteristics of human beings as a means of authentication. Optical scanning and voice pattern analysis are usually considered the domain of James Bond films or ultra-sensitive military installations. However, with more and more organisations doing business over the Internet, the need for positive identification of end users is growing quickly. This article will outline the current range of biometrics technologies and applications to date, and review the market’s dynamic future growth prospects.
Market overview
The biometrics market has existed for approximately 15 years, and according to a recent IDC report the worldwide market size was approximately US$166 million in 1999 and is expected to expand rapidly to $1,8 billion by 2004. The vast majority of this revenue falls into two main categories: law enforcement (government, border control and police forces) and building access. There are five principal types of biometric technologies on the market today: hand/finger scanning, optical (retina/iris) scanning, facial scanning, voice pattern recognition and signature verification. The pros, cons and application types for each category are summarised in Table 1 below.
While all types of biometrics are likely to grow as costs are reduced, technology improves and demand increases, fingerprint scanning will continue to hold the largest market share and offers the best trade-off between cost and reliability/user-friendliness. Larger IT and technologies companies are also expected to make a move into the biometrics arena, with PC, mobile phone and PDA manufacturers embedding readers into their devices.
Pros and cons of biometrics
One of the primary drivers for biometrics is its ability to provide a viable alternative to the ubiquitous password. Passwords are now widely recognised as an extremely weak form of authentication. In fact, up to 50% of costly help desk calls are from users who have forgotten or misplaced their passwords. However, passwords have a high convenience and portability factor, not to mention they are the most common form of authentication in the world. However, the promise of biometrics combines both security and convenience because the user does not have to carry any additional device or remember a static PIN.
Examples from specific vertical markets have shown significant demand for biometrics. In financial services, it is faster and simpler for traders on a hectic trading floor to log into the network with a fingerprint scanner than having to remember or enter a 6-digit password. In healthcare, the primary objective is to enable clinicians to quickly access electronic patient records in campus-type environments. The quicker they are in and out of the network, the sooner they can care for patients.
Historical inhibitors such as cost and user acceptance are all improving rapidly. Enhancements in form factors are making readers more mobile and usable, and scanners are increasingly being incorporated into other devices such as PCs, laptops, keyboards, mobile phones and PDAs. Accuracy can still be an issue, as matching between a user's registered set of measurements and the reading on any given occasion is an approximation, not a guaranteed match. Plus, most solutions are vulnerable to hacking. For instance, fingerprint readers have no built-in means of determining whether or not a subject is alive. Even though the technology is advancing all the time, currently an inanimate object such as a rubber stamp in the shape of a fingerprint can pose a potential threat to the security of such a solution.
Technology challenge
The single biggest technology challenge for the biometrics market is secure storage of the biometric template. The template is the term used to describe any digital/electronic representation of an individual's physical characteristics. Once a user has been 'enrolled' his or her template is passed to the server for authentication on each usage. It is therefore susceptible to interception and vulnerable to replay attacks. The situation is analogous to the protection of a private key being fundamental to the security and value of a public key infrastructure (PKI). The issue of compromise is perhaps more critical for a biometric solution because the user's template is a part of their physical or behavioural makeup. Unlike a private key or hardware token that could be stolen and easily replaced, there is no easy way to revoke and re-issue a biometric template. Moreover, that template is tied to a user's finger, which is not a dynamic variable data element (and limited to a maximum to 10 digits).
The most pressing technical challenge for biometrics is the inevitable trade-off between security and convenience. Many people continue to believe the initial promise of biometric technology as a single-factor authentication solution. But the ability to provide both a highly accurate and secure authentication based on a person's biometric identifier alone has proven problematic for biometric vendors, who make security trade-offs to increase usability and the overall usefulness of the system. The result is that adequate security remains an elusive goal when biometrics are used alone.
Therefore, the best approach may be a multifactor authentication solution that incorporates biometrics as a component used with another method, such as a hardware token or smartcard. One such example is a biometric solution that replaces the 'PIN' on the smartcard, providing the security of a smartcard with the convenience of biometrics.
Conclusion
Biometrics continue to offer significant promise as an 'ease of use' differentiator for leading-edge authentication solutions and is likely to gain widespread adoption in the B2B, B2C and extended enterprise markets only when combined with other, proven authentication solutions such as hardware tokens and smartcards.
For further details contact: Peter Burgess, Territory Manager: sub-Saharan Africa, RSA Security on tel: (011) 258 8696, e-mail: pburgess@rsasecurity.com
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version