Join Lisa Bock for an in-depth discussion in this video Understanding biometric security, part of IT Security Foundations: Operating System Security.
- We can provide authentication in one of three ways. What you know, in the form of a password, or pin. What you have, in the form of a smart card or token. And what you are, a biometric identifier such as a fingerprint. Biometrics authenticate by using an individual's unique attributes or behavior. Biometrics recognize an individual by matching the captured biometric with a stored biometric template in the system.
If we take a look at this illustration, biometrics are divided into two categories, a Behavioral Trait, which is based on a person's action. How you walk, talk, or sign your name and Physiological. Physiological Biometrics are based on measurements of parts of the body. Hand, face, fingerprint, or iris. Many times, it's used in a multifactor authentication system. For example, I would place my fingerprint on a sensor and then put my pin in and that would be multifactor.
Biometrics, however, are the most expensive way to prove identity. Also, we have some difficulties with user acceptance. Now let's take a look at some of those biometrics. In behavioral, we see Gait recognition. Gait is a newer biometric. This is the way someone walks and we can capture that gait from a distance. Gait recognition is ideal because it's noninvasive. They don't have to physically touch anything or get near a device.
Another Behavioral Biometric is signature. This is the way someone signs. The pressure of the stroke, curves. Another Behavioral biometric is Voice Recognition. Voice Recognition recognizes who is speaking, the inflection, and the patterns of their speech. Now, this is different than speech recognition which recognizes what is being said. Physiological includes hand geometry. Hand geometry is one of the first biometrics.
A hand is placed in a device and it measures each finger and the hands as a whole. Another physiological biometric is facial recognition. A camera scans the face and it identifies key indicators, the nose, the forehead, and the cheeks. Iris recognition identifies the colored portion of the eye. Patterns of an iris are very unique. This information is captured with a camera and is used also in border control and when you use your passport.
For example, going into a new country, you would place your passport in a device and stare at a camera and it would do a mini facial recognition. And fingerprint. This biometric was one of the first biometrics used. Now the fingerprint is very unique and it stays the same throughout most of your lifetime. When using fingerprint analysis, we're identifying the minutia which is the tiny details of the fingerprint. What are the minutia? Minutia are the tiny details including some of the following that you'll see here.
Now the ridges are the raised portions of the fingerprint and the valleys are the white portion. You see there a bifurcation where it splits off. And the island is a tiny dot. Now, there are many other types of minutia within a fingerprint, but again, it's looking at the tiny details of each fingerprint. How is the information obtained? We'll step through this. You place your finger on a sensor device. The features, for example, the minutia, would be pulled.
The features are extracted and then they're converted to computer code and they're stored on a template. Now biometrics are being used more and more. However, there are some concerns over privacy. Many states maintain fingerprints of all licensed drivers. Convicted felons also have prints on file and biometrics are now in place at border control. Biometrics have some disadvantages. One being, it's more expensive than a password. Some of the products don't work as expected and have high failure rates.
There's no common API or other standard and there is some hesitancy for user acceptance. However, we still see some more advantages. Including, biometrics can't be lost like a key, a smart card, or a token. Can't be forgotten like a password. Biometrics essentially lasts for a lifetime. And it simplifies access control on devices and networks and most likely, we'll be seeing more and more biometric use in the future.
Note: This training maps to a number of the exam topics on the Microsoft Technology Associate (MTA) Security Fundamentals exam (98-367). See https://www.microsoft.com/learning/en-us/exam-98-367.aspx for more information.
- Creating strong passwords
- Understanding biometric security
- Adjusting permission behavior
- Enabling auditing
- OS hardening
- Using the Microsoft Baseline Security Analyzer
- Protecting email