mercredi 26 novembre 2008

The disadvantages of biometrics devices for organisations


Limitations of biometric devices and their system support.

Although biometric devices provide opportunities in organizational settings, organisations willing to implement a biometric system must face to its limitations. The first disadvantage of a biometric system is its high cost. Because a biometric system alone is not effective, it must be combined to a system supporting smart cards. The cost of implementation of both system together can reach sum of hundreds of thousands of dollars. In addition, the training cost of employees to the new system and the temporary loss of productivity due the training program are added up to the implementation of the new system. Secondly, organisations will have to deal with people aversion of using a new system. In term of privacy concerns, people will not likely be willing to accept a system which records and stores their physical and personal traits. Moreover, people often assimilate fingerprints and others physical records to criminal contexts. So common people are more susceptible to reject biometric system while real criminals would refuse it in the fear to be discovered.

Lack of reliability.
The last but not the least disadvantage of biometric system is the lack of reliability of some of its aspect. First, biometric devices can be fooled. As Russel Kay explains in his article Testing the limits of biometrics, "Japanese cryptographer Tsutomu Matsumoto at Yokohama National University found that by making moulds out of gelatine he could reproduce a fingerprint that would fool 80 percent of commercial readers". On the other hand, as fingerprints or any other physical traits are compromised due to falsification, they can not just be replaced like a password or smart card. Finally, a major inconvénient of biometric system is the lack of durability of biometric devices. After a fréquent use of biometric devices, readers lose their reliabilty and their accuracy leading to répétitive false rejection and false authorization

References:
  • Thalheim, Lisa.Body check :biometrics defeated. C’t Magazine.2002www.extremetech.com/article2/0,2845,13919,00.asp
  • Kay, Russel. Testing the limis of Biometrics. Computer&Internet Security Insight. Computerworld. 2005.www.techworld.com/features/index.cfm
  • Linnhoff, Stefan. The Emergence of Biometrics and Its Effect on Consumers. Journal of Consumer Affairs. 2005.www.allbusiness.com html



The advantages of biometrics devices for organisations


The advantages for organisations
.
Generally speaking, biometric devices provides many advantages to many kind of organisation in terms of software identification and authentication, time and attendance tracking, access control, and identity verification. Moreover, most biometrics devices are “PC software controlled” and support many others security tools such as smart cards and dial-up, which allows organisations to combine biometric technology with systems already existing. From a simple biometric device supporting , for example, the fingerprints identification technology, a company can develop its own biometric computer-based system according to its needs.

The security aspect of the advantages.
As security is of concern to all organisations, whatever the industry they belong to, biometric devices have widespread potential. For example, the control of physical entry to any restricted area ,which are vital for the corporate security, would be useful to many sectors such as manufacturing companies, laboratories, banks , high governmental institutions, and many others. Likewise, biometric devices would allow financial institutions to guarantee a better access control to the private information of their customers. Also, a reliable access control would allow company to protect their confidential information from external crackers. Finally, automated biometric system would allow government to speed up traveller processing, reduce counterfeits, and remove the subjective aspect of judgement at the borderlines.

Some specific cases.
Biometric devices have the potential to provide limitless advantages if one has the creativity to design a biometric system that meet his needs. Health care centres, social institutions, universities, or libraries could use fingerprints identification for their customers instead of using magnetic strip or chip cards as many do currently. Processing with fingerprints identification would be faster and more accurate. Moreover, people have always their fingers with them whereas it is easy to lose or forget a card. Likewise, manufacturing companies or any company using time sheets could use a biometric time clock hardware to track attendance of their employees. Using this process would reduce wasted paper, allow automated hours calculation, and prevent fraudulent behaviours from employees.

References:
  • www.hawkbiometrics.com/solutions.aspx
  • Baron, Williams. Volpe Engineers Use Biometrics to Help Ease Border Crush. Volpe Journal. Spring 1997.
  • www.btinternet.com/~arayltd/abio.htm
  • Businessgyan editorial team. New biometric device for multiple office applications.Businessgyan.2002.<www.businessgyan.com/content/view/503/424/
  • www.biometricaccess.com/Default.aspx

mardi 25 novembre 2008

Biometric devices competitors



Previous computer-based security tools

Until now, the most common category of tools used to guarantee a secure authentication have been passwords. A password refers to what somebody knows. It is a combination of words and numbers arbitrarily chosen by a person in order to limit access to external users. However, unsophisticated passwords, which is often the case, can be easily guessed, stolen, or cracked by some external parts. The second category of tools that have been developed to control access are physical devices called “tokens”. Tokens refer to what somebody has and knows. A token, combined with its corresponding password, has to be connected to the appropriate computer-based receptor in order to be granted access. The most widespread tokens in the market today are the “magnetic strip card” and the “smart card”. The first one is equipped with a magnetic strip containing confidential information to be used with a personal password where as the latest has a built-in microchip able to store and process information.

Does biometric technology have the potential to replace them?
Many argue that biometric devices are the security tools of the future. Because they require the physical presence of the user, biometric devices refer to what somebody is. However, biometric recognition system are not infallible. Indeed, authorized users can be rejected while unauthorized users can be accepted. Therefore, an FRR ( false rejected rate) and a FAR (false acceptance rate) is associated with each biometric device to evaluate its degree of reliability. Biometrics devices alone do not provide a perfect level of security, so they do not have the potential to replace passwords and tokens. Instead, a combination of passwords, tokens, and biometrics all together, which refers to what somebody knows, has, and is, allows to increase the level of security. For example, a smartcard requiring a corresponding password can hold a biometric fingerprint sample of the card owner.

References:
  • www.fdic.gov/consumers/consumer/idtheftstudy/technology.html#part5
  • www.interpol.int/Public/TechnologyCrime/CrimePrev/ITSecurity.asp
  • www.answers.com/smart%20card
  • Merkert, Robert. Smart card and physical access control system. Opening the digital word. Biometric consortium 2005 conference. SCM Microsystems.<www.biometrics.org/bc2005/presentations/conference/wednesday%2520september%252021/wed_washab/merkert_smartcards_and_biometrics.pdf+smart+cards+and+biometrics+in+physical+access+control+systems&hl=fr&ct=clnk&cd=1&gl=c

Biometric devices


What are they?
Biometric devices are tools of authentication or identification of a person based on his physiological and physical traits. Biometric technology allows to recognize many personal traits such as fingerprints recognition, facial structure, iris configuration, retinal configuration, voice tone, hand geometry, or again blood pressure through the analyse of the vein on the back of the hands.
Biometrics devices recognize unique characteristics to each individual and work as a security system, for which the individual himself is the key, to verify the identity of the user.

How do they work?
Before using biometric devices, a process called “enrollement ” is required to make it effective. Enrollement is the phase of registration of people characteristics in a biometric database. Theses data are then converted into mathematical model called “templates” and stored in the memory. As a person uses the scan feature of the biometric device, his characteristics are compared with the templates stored in the memory. If the person’s characteristics match up with one of the templates stored in the memory, access will be authorized.

What is Fingerprints recognition?
Fingerprints recognition is the biometric technology the most commonly used and familiar to people. It is an analyse of an individual fingerprints through which the precise data of their global pattern are collected and stored. Fingerprints patterns, which are very complex and detailed, considerably vary from a person to another. Moreover, fingerprints patterns never modify over the time. As a result, identification through fingerprints recognition is considered as one of the most reliable and accurate biometric technology.

References:
  • www.assaabloyfuturelab.com
  • www.globalsecurity.org/security/systems/biometrics-fingerprint.htm
  • www.globalsecurity.org/security/systems/biometrics.htm
  • www.webopedia.com/TERM/B/biometrics.html
  • www.fdic.gov/consumers/consumer/idtheftstudy/technology.html#part8