An expert panel discusses how technologies such as iris and facial recognition are ushering in the post-password era.
Biometric authentication, where physical characteristics like fingerprints or iris recognition are used to establish identity, is a rapidly growing area of development. The Engineer caught up with some leading voices in the sector to find out the latest trends, as well as gauging how the technology stacks up against traditional authentication methods.
Meet the experts
Mohammed Murad – vice president, global sales and business development, Iris ID
Dr Sarah Morris – senior lecturer in digital forensics at Cranfield University
Tugberk Duman – biometrics expert and head of innovation at Futurice
What is currently the most exciting technology trend in your area of biometrics?
SM: In digital forensics, one of the big things we are always asked is “who was at the keyboard?” This has often been a question we have not been able to answer as we can say what the digital device was doing, and what user interaction occurred, but often had no definitive way of linking that to a person. Biometrics such as facial recognition and fingerprint locks are therefore very exciting to us. They enable us to start to identify who was likely at the keyboard as their biometric data allowed access to the device, and therefore give us more information in an investigation.
MM: Probably the biggest game changer is the ability of iris recognition systems to serve as an end to end security solution for almost any organisation. This, in effect, may provide one solution for both physical and logical security needs.
As an example, if an employee arrives at work, she looks into an iris reader. If there’s a match the access control system is instructed to open the door. Once inside, an iris reader integrates with the elevator operating system making sure she gets to her restricted floor. Finally, another reader integrated with software on her workstation ensures only she may access the computer and its data. This is a good step toward bringing physical and logical security into one silo, as opposed to the separate silos we continue to see.
TD: I don’t think any particular technology alone is particularly exciting. What excites me are the new experiences technology can unlock. So with that, I focus on biometrics technologies that imitate human intuition, facial recognition, behavioural biometrics and voice recognition. These technologies identify the users similar to how we humans do it, by how we look, by how we behave, and by how we sound. They have the immense potential to make our interaction with technology much more natural and intuitive.
How will biometrics integrate with existing technology and what are the key challenges around this?
MM: Biometrics integrate well with many existing technologies. Virtually all major access control solution providers integrate seamlessly with leading biometric technologies. This enables an organisation to migrate toward a biometric solution as time and budgets permit.
Our systems are based on open standards. So, it’s simply a matter of working closely with the developers of other solutions to ensure the systems are well integrated.
TD: Biometrics technologies are coming to our lives in two ways. They are first integrating into the existing infrastructure as a new shiny layer to the same process of authentication. Replacing passwords is a good example.
Second, they will completely revolutionise and alter certain processes beyond recognition in the long run. We are seeing signals of this already. The retail industry is being populated with new shopping experiences like Amazon Go and Smart Vending Machines, the aviation industry is talking advanced passenger processing, where people with valid tickets won’t be stopped anywhere thanks to the invisible authentication process with facial recognition.
SM: I think standardisation of integration is likely to be a long way off. Due to this, integration is likely to be varied for some time depending on how core the biometrics are to the intended functionality of the device. The key challenge is around ensuring the privacy and security of the biometric data to ensure that individual users have knowledge their personal data is safe and being used in a manner they agree to.
How secure is biometric technology compared to current security solutions?
TD: First of all, biometric systems, are much more accurate in identifying individuals than the human-operated systems that we have in airports for example. When using biometrics, there are three main aspects to consider: cost, security, and convenience. More high-risk, security-sensitive applications can use iris recognition, whereas a retail application aiming for convenience would go with face recognition.
SM: Like everything in technology the answer is ‘it depends’. Security doesn’t just come from the technology, but the combination of the hardware, operating system, software and updates on the device. Of course, users and environment can also impact on security. Therefore it’s not about how secure this one type of technology is but its potential to add additional security in the context of a larger system.
MM: Security is one of the strongest selling points of biometric technology. Let’s look at a traditional access control system. An employee’s access card can be borrowed, lost or stolen. There’s no guarantee that the person using a card has been authorised to use it. There’s no doubt about an employee’s identity when authorisation is based on a physical characteristic unique to each person.
Biometrics are also highly resistant to cyberattacks. For example, when a person is enrolled in an iris-based biometric system, algorithms convert the iris patterns into small encrypted digital templates that cannot be re-engineered or reconstituted to produce any sort of a visual image capable of spoofing a system reader. There is no way a hacker can successfully steal these images.
When will we see biometric solutions adopted en masse and become part of everyday life?
MM: Biometric solutions are already a part of our everyday lives. Our smartphones use an iris, fingerprint or facial pattern to unlock the device. Many banks’ ATMs include biometric readers to identify a person without the need for a card or PIN. Medical facilities are using biometric systems to identify patients prior to beginning treatments or prescribing drugs. Law enforcement and border officials take portable biometric devices into the field to enrol and identify potential suspects. Many employers use biometrics as part of an overall time and attendance solution.
SM: Phones already have options to take advantage of facial and fingerprint-based locking. I think at the moment there is still too much uncertainty and concern about how the data is stored, who will have access and how it will be used for it to become part of everyday life. However, like all technology it often only takes one device or platform for the shift in what users are comfortable with or want to change!
TD: Biometrics have been around for a very long time, but the cost and limited availability have made them exclusive to law enforcement and forensic use cases. However, as these technologies become more affordable and available, we’re already starting to see applications in the mass market for consumer use. Airports, cars, our smartphones, our homes even with the smart assistants are full of biometrics enabled solutions already.