Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

B U Y E R ' S G U I D E

Are Biometrics The Answer?

February 20, 2003
By Mike Fratto

	Issue TOC
	Print full article
	Print this page
	Download as PDF
	E-Mail this URL
	Discuss this article
	Flame the author

	In this article
	Introduction
	Enrollment & Integration
	More Information

The McGuffin in Minority Report is an eyeball. After our hero, John Anderton, is tagged as a murderer, his eye, removed from his body, is used to access a secure facility and network. It shows that biometrics can be fooled--one of the biggest drawbacks to this authentication technology.

Certain situations, however, lend themselves to the use of biometrics: If your helpdesk is suffering from too many requests for forgotten passwords (an estimated 40 percent of all helpdesk calls, according to Gartner), you might consider making the switch.

Strengths and Vulnerabilities

Biometric-security devices record a unique aspect of a person--such as a fingerprint--and use that record for comparison against later attempts to authenticate. Iris and retina scanners are the most reliable; fingerprints, face and handprint scanners follow close behind. These devices have a higher rate of reliability than voice or signature scanners, but a lower rate of reliability compared with passwords or authentication tokens.

Join other NWC readers in discussing this article.

Environmental conditions can affect biometric-authentication devices. Fingerprint readers and iris scanners are small and make sense on the desktop but may not cut it in a shop environment rife with dust, humidity and other contaminants. Dirt, smudges and improperly placed fingers, hands or faces can cause a false read. Glasses, contact lenses, ambient or overhead lighting and awkward camera placement can significantly affect the usability of iris and retina scanners. Background noises and changes in a person's voice because of illness or stress can cause errors with voice-recognition systems.

Additionally, all biometric devices have specific software and hardware requirements. Check that you can support the device and that the device works with your network software. Also determine if an external power source or USB port is required and available.

Fears and cultural- or religious-based beliefs may work against you as well. Survey your employees to determine how many will accept the idea. And try out the device to determine if your employees can accurately use it.

And, of course, security researchers have found ways to trick biometric devices. Fingerprints can be lifted off a glass surface, even from the fingerprint reader, using graphite powder and a piece of tape or a cube of gelatin. Iris scanners might be fooled with a high-resolution image of the user's eye. To counteract these tricks, newer devices look for "liveness" indicated by pulse or vascular movement.

Setting Thresholds

Biometric devices' acceptable-failure thresholds are based on a FAR (false acceptance rate) and an FRR (false rejection rate). The FAR shows the likelihood of a user being incorrectly accepted; the FRR indicates how likely a biometric device will incorrectly reject a user.

If the administrator sets the threshold too low, the system will be more lenient in matching a submitted biometric to the user's template and subsequently will be more likely to accept an invalid user. Set the threshold too high, and you increase the likelihood that valid users will be rejected. To make ongoing management easier, make sure the thresholds can be configured and adjusted in house.