Intelligent CISO Issue 55 | Page 50

Biometrics represents the most convenient and easy form of Multi-Factor Authentication and is therefore very well placed to increase security .
FEATURE

Biometrics represents the most convenient and easy form of Multi-Factor Authentication and is therefore very well placed to increase security .

used to reinforce authentication , such as iris and fingerprint in conjunction , but biometrics paired with another form of authentication . Passports , for example , use facial biometrics (‘ something you are ’) as the first and primary form of identification , with the booklet itself (‘ something you have ’) as the second factor . These marry up to create a strong identification token that is widely regarded as sufficient to protect people ’ s unique identification data .
Biometrics represents the most convenient and easy form of Multi-Factor Authentication and is therefore very well placed to increase security . It ’ s easy to combine biometric patterns , fingerprint combined with facial , for example , and to complete it with other authentication method – as per FIDO Alliance standards for instance . However , even biometric technology does not ensure absolute cybersecurity – and can be subject to spoofing attacks , involving imagery or fake biometric data in order to try and gain access .
Liveness detection
Like many other cybersecurity topics , it ’ s a constant game of cat and mouse . Coupling biometrics with AI and Machine Learning is one way to combat these kinds of spoofing attempts . With AI you can reinforce the ‘ liveness detection ’ of the system , making it possible to determine whether it is a real person applying and not a photo , video , or a masked person trying to use someone else ’ s identity .
Liveness detection – a colloquial term for the rather technical expression ‘ Presentation Attack Detection ’ – in biometrics is the ability of a system to detect if a fingerprint , iris scan or facial ID is real and live . It uses algorithms that analyse data – after they are collected from biometric scanners and readers – to verify whether the source is coming from a fake representation .
The need for this is emphasised when you consider these other examples :
• IDENT , the Automated Biometric Identification System , is a cornerstone of the United States ’ border management and immigration . The central Department of Homeland Security system stores and processes over 200 million identities , including biometric ( 10 fingers and a portrait ) and associated biographic information .
• The FBI automated fingerprint recognition system – named initially IAFIS ( now NGI ) – is the world ’ s largest criminal history collection ( more than 154 million individuals ) at the end of October 2020 .
• The European Council also adopted in 2017 the ‘ Entry Exit System ’ ( EES ) – this biometric system improves the quality and efficiency of systematic checks and controls in the Schengen area , the EES ’ s common database
should help reinforce homeland security and the fight against terrorism and serious crime .
The importance of spoof detection was highlighted as early as 2013 by the European Commission ’ s TABULA RASA ( Trusted Biometrics Under Spoofing Attacks ) project . Perhaps unsurprisingly , it has also been a topic of research in the US since the launch of ‘ Odin ’ in October 2017 .
The Odin programme was initiated by the Intelligence Advanced Research Projects Activity ( IARPA ), an organisation of the US Office of the Director of National Intelligence . Its goal is ‘ to develop biometric presentation attack detection technologies to ensure biometric security systems can detect when someone attempts to disguise their biometric identity ’.
Organisations and governments alike are turning to biometrics to solve authentication challenges in a wide variety of contexts . As we continue to move beyond just passwords , biometric technologies will need to be accompanied by suitable attack detection to be as trustworthy and effective as possible . Biometric data is unique , highly sensitive and should not end up in the wrong hands – meaning it should be used in the most responsible and ethical way possible . Only world-class cybersecurity protection is good enough . u
50 www . intelligentciso . com