Will biometrics measure up to the future?

As public perception grows, scientists look for new form factors -- even tongue scanning

Recent progress on most face recognition, voice recognition or speech recognition algorithms has been made and proved in laboratories," says Professor Hanseok Ko, director of the Intelligent Signal Processing Laboratory at Seoul's Korea University, "but the deployment of such products has been limited to criminal investigations, as opposed to individual personal identification. Commercial products are still primarily limited to fingerprint ID technologies applied to door locks and PC/laptops."

Taking it further one step at a time, electronics manufacturer Fujitsu is selling peripherals such as the PalmSecure PC Login Kit with functional mouse, which authenticates users' identity by analyzing the veins under their palm.

Meanwhile, Motorola, an active developer of Automatic Fingerprint Identification Systems (AFIS) for over 30 years, is now marketing its own Mobile AFIS device, which captures both fingerprints and facial images, connects to wireless networks to upload data, runs on Windows Mobile, integrates bar code scanners, a smart card reader/writer, GPS, phone, and can be held in the palm of a hand.

Security in numbers

So it is only natural that the protection of this highly personal data is taken very seriously. While biometrical identity theft is much more challenging than forging a credit card signature, illegally accessing and copying archived prints, which can then be used to produce artificial models, is still possible.

"In general, those systems where biometric data is readily obtained (stolen) are expected to be more vulnerable, since the availability of such data increases the number of ways in which a system may be attacked," says Moeller at the Biometrics Institute.

"We have tested face and fingerprint systems, which fall into this category. Speaker recognition, which we are testing at present, is also of this type. It is slightly more difficult to 'steal' biometric data from hand geometry, iris and DNA, and more difficult still for palm/finger vein and retinal scans, so we would expect decreasing vulnerability for these biometrics."

With the aim of applying research to real situations, the Biometrics Institute recently announced its proprietary Biometrics Vulnerability Assessment Service (BVAS).

"The customer submits the system to us for independent testing," explains Moeller. "The testing will be conducted in an independent laboratory where biometric devices can be sent to have their vulnerabilities investigated, assessed and reported. The laboratory will then collaborate with the contracting organization to work out how any vulnerability uncovered could be addressed through appropriate countermeasures."

One method of increasing security is to ensure that the data is transferred and stored with a strong encryption. Another technique is to use multimodal biometrics (using more than one biometric system simultaneously to confirm identification).

At the Biometrics Research Center, Zhang says they are working hard to make counterfeiting as difficult as possible: "We have already developed a 3-D palm-print system, which has a much higher anti-counterfeit capability than the 2D palmprint system. We also have developed the near-infrared palmprint system, which can do liveness detection."

"Anti-hacking techniques are being introduced in the form of laboratory algorithms," adds Professor Ko at Korea University. "For example, impersonation by using fingerprint/palm molding in plastic form can be prevented by tying it to a heat sensor to confirm that an actual human specimen is being presented for verification."