Local tech firms remain focused on solving biometrical dilemmas
Jan. 15, 2006
For the past several years, the U.S. government has continued to work to secure the nation's borders by monitoring travelers through the use of high-tech methods such as digital fingerprinting, a form of biometric data.
That effort has led many security companies to invest in developing and tweaking their systems by incorporating more sophisticated forms of biometric data.
Story continues below ? advertisement
Click Here
"Customs and Border Patrol officers do use biometric technology," says Rick Pauza, a Laredo-based public affairs spokesman for U.S. Customs and Border Protection, which is part of the Department of Homeland Security. "There is the U.S. Visit System. It's another layer of security."
Pauza explains that the U.S. Visit System is a process whereby digital finger scans and photos are taken of those visiting the country. That data is then checked against the persons travel documents at border crossings for verification.
"If they have outstanding warrants, the system checks for that too," he says. "It makes it more secure because we can confirm the validity of the documents."
But just how reliable is this biometric-based technology?
Although fingerprinting is helping with border control, some local biotechnology officials say securing the borders completely with biometric data may never be possible.
Biometrics refers to technology or scientific processes used to identify the physical characteristics of a person. Such measures include fingerprints, voice, DNA or physical appearance -- such as facial image. Bruce Mather, Ph.D., chief technical officer of locally based OnBoard Software Inc., explains that there are two types of errors that can occur with biometric security systems: false positives and false negatives.
A false negative happens when a person attempts to access a system through a fingerprint scanner and the system says it is not them, when, in fact, it is. A false positive happens when the system allows access to an impostor.
"You always have to worry about those two errors," he says. "In an ideal world, those two would be zero. It's a balancing act and you will never get zero."
The reason, Mather says, is that the algorithms used have to be somewhat forgiving to deal with the real-life situations. Algorithms are abstract calculations used for accomplishing a given result by proceeding on a logical step-by-step basis.
Systems based on algorithms are designed to be very sensitive to things such as dirt, abrasions or the orientation of your finger on the scanner, Mather explains.
"It may be that your fingers are sweaty or you have a callous, or cut on your finger," he adds. "Those can all impact it and cause you to have a false negative."
Because the algorithms must be adapted to operate in the real world by allowing for some inconsistency, yet still ensure top security, the systems will never be 100 percent accurate. For that reason, Mather believes that it will be quite sometime before the government uses biometrics exclusively to protect highly sensitive and top secret areas.
Security options
The other issue Mather sees with using biometric technologies for security is that many people are not comfortable with having their biometric data stored at a remote location.
"In general, that is a concern people have, whether it is fingerprints, a picture or DNA on file," he says.
To get around centrally stored data, Mather says OnBoard has developed an identification card that holds the biometric data in the card, as opposed to within a central databank system.
With such a card, he says authentication can be measured via a radio frequency generated at an access point, such as a door. The person seeking access simply places his or her finger on the card, which then transmits the biometric data on the card to an access-point reader via a wireless signal.
If the person's fingerprint matches the data stored in the card, access would be granted. However, if another person tried to impersonate the user by using his or her card, the communications would fail and access would be denied.
Although the system is still being developed, Mather says the technology could be part of the answer to keeping biometric information more secure.
Another way to make biometric security effective, says Matt Scherer, communications manager for MDI Inc., is to use multiple layers of biometric technology.
"Some people think (with) just an access-control card ... you have a secure system," he explains. "But the reality is that people can steal (the card) or you can lose it."
A layered biometric system could include some combination of fingerprint, facial, voice or iris verification, for example. Two or more of those technologies together with access cards and/or pass codes can, Scherer says, provide top-level security.
"Biometrics is just another layer of security," he adds.
The human factor
Stephanie C. Schuckers, an associate professor of electrical and computer engineering at Clarkson University in New York, conducted a study recently that tested how easy it would be to fool a biometric security system with a fake sample.
Schuckers' research is funded by the National Science Foundation, the Office of Homeland Security and the Department of Defense.
"Digits from cadavers and fake fingers molded from plastic, or even something as simple as Play-Doh or gelatin, can potentially be misread as authentic," Schuckers states in a university-issued press release about her study. "My research addresses these deficiencies and investigates ways to design effective safeguards and vulnerability countermeasures."
The research team made casts from live fingers using dental materials and used Play-Doh to create molds. The team also assembled a collection of cadaver fingers.
"The machines (scanners) could not distinguish between a live sample and a fake one," Schuckers states in the press release.
Despite the concern that people might breach a biometrics system with fingers molded from clay and gelatin or the use of cadaver fingers, MDI officials say it is unlikely that could happen with more advanced systems.
Chris Wofford, MDI's team leader of test technicians, says fingerprint scanners are much more advanced now and can easily distinguish between a real finger and a fake.
"With my experience of testing with the biometric readers we use here (at MDI), they are very delicate," he explains. "As a finger biodegrades, it's not as accurate. I don't see how anything like that can happen."
Schuckers' research seems to prove that point, though not to perfection. After confirming the biometrics system could be fooled, her research team designed a computer algorithm that would detect the perspiration pattern when reading a fingerprint image. The team discovered with the new detection system that less than 10 percent of the fake samples were able to fool the machine.
Although a biometric system might be made secure to a high degree of certainty in terms of the technological components, Fernando Martinez, an MDI test and training technician, points out that there is always the threat of corrupt employees.
"The only way to actually breach a system would be through the system administrator," Martinez explains. "When there is a security breach, it's an inside job. You might have the top security system, but you still have the human factor."
Source: http://msnbc.msn.com/id/10873957/ |