Writing for Semiconductor Engineering, Ernest Worthman notes that Hollywood films have long portrayed a wide range of futuristic biometric security procedures. In addition, a number of mobile devices now offer optional fingerprint scans instead of a traditional password login.
However, current biometric technology will have to further evolve if it is to meet the security challenges associated with a rapidly expanding Internet of Things/Internet of Everything.
“Biometrics has been touted as the successor to the clumsy password technology that is currently the mainstay of security. It can be used for identification and authentication for any number of cases, from logging on to a computer to premise access to ultra-high safekeeping for homeland security,” Worthman explains.
“At present, government agencies are the largest and primary implementer of biometrics—mostly the DoD, homeland security, FBI and other agencies within the government secret security wheelhouse. Of late, consumer electronics has come under the biometric umbrella, especially in light of the IoT. There also is interest in financial, healthcare and the business enterprise markets.”
Although biometric security platforms may seem promising, there are still some fundamental challenges the industry needs to address.
“One of them is that there is not really anything secret about someone’s biometric attributes,” says Paul Kocher, president and chief scientist at the Cryptography Research Division of Rambus. “You are constantly displaying your face, eyes, other physical traits, as well as leaving your fingerprints everywhere. [In addition], there is really no way to ‘revoke’ a fingerprint.”
Dimitrios Pavlakis, research analyst for digital security at ABI, also notes that the biometrics playing field isn’t level, with salient differences remaining between government and consumer systems.
“It [isn’t] that the consumer systems are not secure, but the government systems have to be more fail-safe—especially in areas such as their automatic fingerprint identification system (AFIS), which is used by law enforcement worldwide,” Pavlakis opines.
“If a biometric system doesn’t work on a smartphone, the manufacturer will lose a few clients and come back with a fixed version. But in the governmental sector, it is usually a matter of national security, even life and death, so they have to be extremely accurate and reliable.”
In addition, writes Worthman, not all experts agree on just how deeply a role biometrics will play in the IoT, or how secure the industry can make it. Indeed, while current biometric technology works fairly well on a basic level, there are still lingering issues with the revocation or reissuance of attributes.
“[True], there are claims made by vendors that they can prevent people from making prosthesis or duplicating biometric images. [However], those claims have not, generally, held up,” adds Kocher.
Interested in learning more? The full text of Ernest Worthman’s “Get Ready For More Biometrics” is available on Semiconductor Engineering here.