Biometric Authentication Abstract
Basic authentication is based around one of the three basic ‘pillars’ of authentication: something the
user knows, something the user has, or something the user is. Biometrics fall into the latter category of
user is. Biometrics can further be broken up into two categories. Physical biometrics
includes fingerprints, iris scans, hand geometry, etc. Behavioral biometrics include handwriting analysis,
speech analysis, keystroke analysis, and gait analysis.
etically, biometrics can be used to uniquely identify an individual. However, as with any system of
authentication, weaknesses exist. Some biometric authentication devices can be spoofed rather easily.
Other devices are much more resistant to
attacks. Many device manufacturers are
beginning to employ live
ness detection with their devices to attempt to test that the subject being
analyzed is actually a live person.
How useful are biometric authentication devices and techniques? In general, bio
techniques can be evaluated based on two major criteria categories: Security and Feasibility.
Security criteria for a given biometric authentication technique are mainly concerned with the false
positive and false negative rates. Cle
arly, mistakenly authenticating an unauthorized subject is not
desirable. Conversely, rejecting an authorized user is also bad.
Feasibility criteria govern the ease of use and the scalability of a particular technique. Ease of use is
important when conside
ring biometric authentication strategies. If the biometric authentication
significantly hinders the operation of the asset in question, a different authentication technique may be
called for. Additionally, while implementing biometric authentication for a
small group of users may be
quite easy, enforcing this type of authentication across a large company or agency may prove to be too
costly to implement.