Biometric Authentication

What is Biometric Authentication?

With biometric authentication, people identify themselves using their unique physical, biological traits. Things like a fingerprint, a retinal (eye) pattern or simply overall appearance are used to grant access to a resource.

Biometric is an adjective that relates to the measurement of body characteristics. By extension, Biometric authentication, refers to the practice of using those measurements to determine the authenticity of a user or a request. Biometric authentication can be used in addition to- or instead of- conventional approaches to authentication (like username and password).

With widespread implementation of fingerprint readers and facial recognition technologies in modern mobile devices, biometric authentication is now more common than ever.

Examples of Biometric Methods

  • Fingerprint authentication on mobile phones and notebook computers
  • Automated facial recognition on a device that has a camera
  • Retinal scanners that capture and compare a user’s “eye-print”

Characteristics of Biometric Methods

Authentication methods are often evaluated for appropriateness in any given application based on six key characteristics: their universality, uniqueness, permanence, collectability, acceptability and [the opportunity for] circumvention. Let’s look at each of these as they apply to biometric authentication.

Universality: Biometrics score well for universality. Security engineers can be reasonably sure that most users will have a finger or a face with which to form and verify and identity profile.

Uniqueness: Well-designed biometric authentication mechanisms provide a high degree of uniqueness. For example, the chance of a portion of two different fingerprints being alike enough to register as a match in Apple’s Touch ID system is 1 in 50,0001) Other biometric systems and methods (like retinal recognition systems) may provide even higher degrees of unique profiling for use with authentication.

Permanence: Most biometric authentication systems rely on biological measurements with a high degree of permanence. Fingerprints and eye prints, for example, are unlikely to change significantly even over long periods of time. Modern facial identification technology is designed to identify disinct facial features and adapt to differences from style, aging and weight changes that develop in facial characteristics over time.

Collectability: To be effective and easy to use, biometric authentication systems need to use a trait that can be easily and accurately measured. Fingerprint and facial recognition schemes are examples of biometric traits with high collectability. DNA matching, on the other hand, while very unique, is difficult to collect and measure (low collectability).

Acceptability: Because of the sensitive nature of biometric data, acceptability is another important consideration. Many users may be comfortable and willing to provide their identity data using facial recognition or a fingerprint ID. However, many users would like object to submitting a tissue, blood or fluid sample to identify themselves.

Circumvention: Well-designed authentication systems include measures that make it difficult for potential attackers or intruders to forge, substitute or otherwise circumvent authentication schemes. For biometric authentication, this may include the use of false or lifted fingerprints, facial images and similar techniques.

Effectiveness & Performance

Three metrics are commonly used by security engineers when evaluating the effectiveness of Biometric Authenticaion methods.

False Acceptance Rate (FAR): Also known as False Match Rate (FMR). This is the rate at which the system improperly accepts an improper identifier as valid.

False Rejection Rate (FRR): Also known as Flase Non-Match Rate (FNMR). This the rate at which the system does not recognize and denies an authorized identifier.

Equal Error Rate (ERR): Also known as Cross-over Error Rate (CER). This is the rate at which both acceptance and rejection errors are equal.

Additional Resources

References   [ + ]


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.