Click here to receive your FREE subscription to Campus Technology

Home > Biometrics Revisited

Security :: Biometrics

Biometrics Revisited

1/1/2008

By Doug Gale

Two vulnerabilities are of particular concern. The first occurs if someone steals your biometric template, either from a local device while in transit over a network, or from a central database. The second vulnerability is from rogue biometric readers outside the control of the authenticator. For instance, how does an online store know that your digital fingerprint came from you and not from a hacker who had access to a restaurant's credit card and fingerprint reader? (For a description of how a local sensor can be hacked to intercept biometric data, see eWeek.com's "The Security of Biometrics: Two Screws and a Plastic Cover.")

A Real Hack

IS THIS WHAT we have to look forward to, if the biometrics trend takes off? Report from the BBC, Kuala Lumpur, Thursday, March 31, 2005: "Police in Malaysia are hunting for members of a violent gang who chopped off a car owner's finger to get round the vehicle's hi-tech security system. The car, a Mercedes S-class, was protected by a fingerprint recognition system".

Biometric advocates would respond that a skilled hacker could spoof some sensors but that the risk is much lower than that associated with password-based authentication. They would also point to a number of strategies that can be used to reduce the risk. One is to never transmit biometric templates over a network; another is to never store the templates in a central database where they could be compromised. This could be accomplished by authenticating against a template stored on the local hardware. For example, the biometric template could be stored on a TPM (trusted platform module) chip (becoming standard on new laptops), and compared to the output of a fingerprint sensor (also becoming standard on new laptops). Another strategy is to encrypt stored templates.

What's a Technologist to Do?

Indisputably, biometric identification has improved and now may be the time to get your feet wet with some pilot projects. I'd suggest some caveats, however. First, start out with a relatively small user population. If you have 50 employees, a 2 percent FRR means dealing with one exception (that is, one false rejection). On the other hand, if you are talking about the 200,000 airline passengers who travel through the New York City airports daily, a 2 percent FRR means dealing with 4,000 irate passengers every day. It is essential that your identification strategy include alternatives to biometric identification, to deal with the exceptions resulting from false rejections. Even more important, be very careful about how you transmit and store biometric templates (a conversation with your institution's legal counsel might be in order). Finally, you might consider biometrics in conjunction with another form of authentication, to provide two-factor authentication. Even in the age of biometrics, fail-safe is what we continue to strive for.

-Doug Gale is president of Information Technology Associates, an IT consultancy specializing in higher education.


Doug Gale is president of Information Technology Associates, LLC (www.it associates.org) an IT consultancy specializing in higher education. He has more than 30 years of experience in higher education as a faculty member, CIO, and research administrator.

Cite this Site

Doug Gale, "Biometrics Revisited," Campus Technology, 1/1/2008, http://www.campustechnology.com/article.aspx?aid=57063

copy text (above) for proper citation



Recommended Reading
  • Where the Risks Are

    Knowing what to spend on data protection and where to focus the effort isn't easy. Security assessments help eliminate the guesswork by identifying where your most critical risks lurk.

  • Technology Forever

    Who says classroom learning has to culminate with a formal degree? Tech-enabled lifelong learning programs are utilizing videoconferencing, vodcasting, and more to reach out to the 50-plus nontraditional student.

  • They Say They Want A Revolution

    As sustainability efforts ramp up on campuses, educators share eco-friendly dorm practices-- the ideal way to educate students about environmental issues.

  • Getting More out of Mobile

    Sure, cellular and handheld devices are quintessential communication tools, but savvy institutions are getting extra bang for their mobile tech bucks.

  • It's Bandwagon Time

    Colleges and universities worldwide are turning to the hosted SaaS model and saying goodbye to issues like patch management and server optimization.

  • Waiting It Out

    Have you given up trying to bring faculty into the world of emerging technology for teaching and learning?

Related Articles

send e-mail link to articleEmail this article

print this articlePrintable Format