Biometrics For Dummies Cheat Sheet
Biometrics are used for both authentication (to show that a person matches a presented ID) and identification (to select an ID for validation, using only a presented biometric sample). To understand biometrics, become familiar with the basics and understand some of the issues surrounding privacy and biometrics. You can also find websites that provide the latest updates and information on biometrics.
Biometrics isn’t the stuff of science fiction. You can find close to a dozen more-or-less effective ways to use biometrics to identify someone, all of which fall into two classes:
Physiological biometrics measure a specific part of the structure or shape of a portion of a subject’s body.
Behavioral biometrics are more concerned with how you do something, rather than just a static measurement of a specific body part.
Basic Biometric Type Depends on . . . Effectiveness Includes . . . Behavioral Users performing well-known tasks (such as writing or walking)
in very similar ways every time.
The more a behavioral biometric is used, the more accurate it
will be as an authentication or identification tool.
Signature, voice, keystroke, gait Physiological Detailed information about parts of the body to uniquely
identify or authenticate a person.
The best physiological biometrics are those that change very
little over time and are protected from damage, such as those based
on the iris or hand veins.
Fingerprint, hand scan, iris scan, retina scan, facial
Biometrics Acceptance, Privacy, and Law
Biometric technology is nowhere near universally accepted by all users. There are a number of social and legal considerations that give every organization some pause before taking the jump headlong into implementing a biometric system.
People are most comfortable with biometric collection systems that are the least intrusive. Retinal scanners and electronic noses are a bit too intrusive; iris imaging and touch-free hand-vein scanners are more comfortable.
Commonly, the information stored by biometric systems could not be used to recreate an image, but re-creating a fingerprint (or other biometric) from stolen data is a common fear.
Touch-based biometric sensors (such as fingerprint, palm print, and hand geometry) can be disease vectors unless sanitary precautions are taken. Oddly, they are no less sanitary than doorknobs, but doorknobs are better accepted.
Stolen biometric data can typically be used only if the attacker can inject that data directly into the information flow of an authentication transaction via the network or wires from the sensor.
Some kinds of biometric data (such as fingerprints, facial images, and gait characteristics) are exposed to attackers’ attempts to collect them from such sources as drinking glasses, camera phones, and video cameras.
Some kinds of biometrics, such as those obtained from the retina, iris, and hand veins, can potentially reveal medical data to the organization (in particular, health changes when the system detects changes in these readings).
In the United States, few laws actually offer direct protection for the privacy of biometric information — and companies that collect such information are typically not under any obligation to disclose the loss of it (usually a result of hacking or theft).
In the European Union, privacy laws protect the collection and subsequent use of personal information, including biometric information.
5 Biometrics Websites to Explore
There are quite a lot of biometrics websites and other sites out there with good biometrics information. Here are five helpful sites from several categories to provide a wider view of biometrics sites on the Internet.
Electronic Frontier Foundation
The Electronic Frontier Foundation (EFF), a strong advocate for citizens’ rights in the digital age, provides information, advocacy, and (in some cases) legal support to people whose electronic freedoms or privacy are at risk.
United States Department of Justice
The U.S. Department of Justice (DOJ) has a keen interest in biometrics and generally being able to identify and authenticate people — as well as a duty to the people to protect privacy and freedoms. To this end, the DOJ doesn’t tend to take a stance on biometrics directly, but it does publish a lot of information about the laws of the land — and which are used to interpret how our privacy and freedoms are protected.
The DOJ website is a gigantic place to go looking for stuff, even if that stuff is sometimes nearly impossible to interpret simply. Here are multiple links to privacy and biometrics-related links at the DOJ (and one from the department of defense):
National Institute of Standards and Technology
The National Institute of Standards and Technology (NIST) is an enormously helpful resource for just about any information-security-related questions you may have.
Because the U.S. national government has a keen interest in biometrics and the applications of biometrics technologies, the NIST has devoted an entire section of its website to the topic at the Biometrics Portal.
This section of the NIST website rather broadly covers standards in biometrics including some of the interoperability and data interchange standards and testing. The site, however, also talks about test tools and applications that the NIST has developed as reference standards.
International Center for Disability Resources on the Internet
The International Center for Disability Resources on the Internet (ICDRI) web page on biometrics focuses generally on the equalization of opportunities for persons with disabilities. The ICDRI sees biometrics as a potential enabling technology that will allow disabled people to interact with society on a more equal basis, if applied correctly.
It’s really a launching point for links to other resources that describe how biometrics can be used to enhance a disabled person’s access to society and in some cases how to avoid impairing that person’s access when biometric systems are contemplated.
The Biometrics channel on the SecureIDNews website is in a very simple blog form, and focuses entirely on biometric news. The articles are short and to the point, developed like it would appear from press releases and other sources.
The site is owned and operated by AVISIAN, a company that makes its money primarily from consulting in the area of identity management, and uses their various publications in this topic area to promote the companies consulting practice.