|

BUILDING BIOMETICS

Does biometric authentication hold the key to a bright future or Pandora’s box?

by

Staff Writer

Forgot your password? Maybe that won’t be an issue in the near future.

As an alternative to traditional digital authentication that requires individuals to input numbers or phrases to prove their identity, biometric authentication, which uses people’s physical traits, has become an increasingly common feature, particularly in popular mobile devices.

Because of its convenience and high degree of accuracy, the government believes such technology may be used to identify the holders of integrated circuit (IC) chip-equipped My Number cards, which will be distributed from January.

But will biometric authentication replace passwords? This week’s FYI looks at the issue.

What is biometric authentication?

Biometric authentication is a digital identification method using the physical traits or behavioral habits of individuals to unlock devices or access personal information, according to the Information-technology Promotion Agency (IPA), a government-affiliated IT security firm.

By preregistering personal information on a computer database, individuals can verify their identity later by scanning a part of their body or demonstrating other personal traits, such as voice and walking style. As individuals do not have to carry keys or IC cards to verify their identity, biometric authentication can lower risks such as the loss or theft of keys.

What are the major types of biometric authentication?

The most well-known, cheapest biometric identification is fingerprint authentication, which is scanning the shape of a fingerprint pattern, according to the IPA.

Other identification points include bifurcation (scanning the point in a finger image at which two ridges meet), dots, pores, ridges and islands.

In all cases, a computer can compare the scanned image with information stored on its database to identify the user.

Facial recognition is another increasingly popular ID method. It was recently introduced for the Windows 10 operating system as an option to log into a computer if the camera supports the feature.

Users of facial recognition can verify their identity just by having a camera capture an image of their face. The image will allow a computer to identify the user based on information such as the distance between facial parts, shape of a face and skin color.

Other types of biometric authentication include identifying a user’s iris, vein, voice, keyboard typing habits or even odor recognition.

Is biometric authentication better than a password?

Biometric authentication is more convenient than a password, but it’s not as safe as people might think.

The biggest advantage of using biometric identification is it frees individuals from the burden of memorizing complicated passwords, said Rie Yamaguchi, a project associate professor at the University of Tokyo who researches digital security.

Many people sacrifice security for convenience by setting simplistic phrases for their passwords.

According to the latest “worst passwords” list released by U.S. security application company SplashData, compiled from 3.3 million leaked passwords in 2014, the most frequently used password was “123456,” followed by such simple phrases as “password,” “qwerty” and “baseball.”

But in terms of security, “biometric authentication is not as secure as people think,” Yamaguchi said, adding it was actually easy for intruders to steal the biometric personal information stored on computer servers.

For example, Tsutomu Matsumoto, a professor of information security at Yokohama National University, proved once that biometric fingerprints can be copied. He himself demonstrated how to do this by making fake fingers from gelatin and copying and pasting someone else’s fingerprints on them. The fake fingers passed the authentication test.

Yamaguchi said is was therefore important to use different methods of identification for various situations, rather than just relying on one method.

What does the future hold for biometric authentication?

The market for biometric authentication technology is expected to grow rapidly in the next decade, as it has become increasingly popular among smartphone users.

According to a forecast by American IT market intelligence firm Tractica announced in August, the global market for biometric technology will grow from $2.0 billion in 2015 to $14.9 billion by 2024.

Although the technology itself is not new, biometric authentication became rapidly popular after it began to be installed on popular smartphones, Yamaguchi said.

What are the concerns about biometric authentication?

Privacy is a major concern.

Mitsuru Kuroda, an adjunct lecturer at the Osaka University of Economics who teaches municipalities how to use IT, says leaks of biometric information could bring more harm than password breaches, because, unlike passwords, it is virtually impossible to change biometric information. Once an individual’s personal information falls into the hands of criminals, that person’s privacy will be permanently breached and the risk of identity theft increases, he added.

Kuroda said it seemed contradictory to use such important private information to protect other private data, such as My Number.

If the government decides to collect everyone’s biometric information for authentication purposes, this could result in “the ultimate surveillance society,” in which all individual activities can be recorded and monitored by the government, he warned.

  • Worldlyfigure

    The more we depend on technology, the greater risk of being enslaved by it which not good at all.

  • Hitoshi Anatomi

    Relying on biometrics unwisely could end up pleasing criminals.

    Whether voice, face, iris, fingerprint, typing, gesture, heartbeat or brainwave, biometric authentication could be a candidate for displacing the password if/when (only if/when) it has stopped depending on a password to be registered in case of false rejection while keeping the near-zero false acceptance.

    Threats that can be thwarted by biometric products operated together with fallback/backup passwords can be thwarted more securely by passwords alone. We could be certain that biometrics would help for better security only when it is operated together with another factor by AND/Conjunction (we need to go through both of the two), not when operated with another factor by OR/Disjunction (we need only to go through either one of the two) as in the cases of Touch ID and many other biometric products on the market that require a backup/fallback password, which only increase the convenience by bringing down the security.

    In short, biometric solutions could be recommended to the people who want convenience but should not be recommended to those who need security. It may be interesting to have a quick look at a slide titled “PASSWORD-DEPENDENT PASSWORD-KILLER” shown at
    http://www.slideshare.net/HitoshiKokumai/password-dependent-passwordkiller-46151802