INVITATION TO CYBERSECURITY 192 Numerous biometric candidates have been explored in the cyberspace era. The most common ones are facial recognition and fingerprint recognition. Call centers sometimes use voice recognition to help ensure they are talking with the correct customer and not to an identity thief. In biblical times, “accent recognition” was used to distinguish Gileadites from Ephraimites (see quote at the beginning of this subsection). Many other biometrics exist such as gait recognition—how a person walks. In this section we will explore what features make for a good biometric. 8.1.2.1 Distinguishable The most important feature of a biometric is how well it distinguishes people from one another. For example, height would not make a good biometric because most people fall into a relatively narrow range of heights. For biometric authentication to work reliably, there need to be many more measurement possibilities than there are users to make it improbable that any two people share similar measurements. With height, even if measurements could be taken to a fraction of an inch (which would be prohibitively difficult to do), multiple people would still share the same measurement making it impossible to distinguish between them. For this and other reasons, height is a poor biometric candidate. A biometric that rates much higher in distinguishability is fingerprints. It is well-known that no two people have the same fingerprints, not even identical twins even though they share the same DNA. And people’s fingerprints differ widely enough that it does not require microscopic measurements to distinguish them from one another. Historically fingerprints were mostly used for identification, like in crime scene investigations, not for authentication. Identification compares a single fingerprint to many different ones to try to identify a person among many possible people. Authentication compares a single fingerprint to a fingerprint on record to see if it is the same person. In fingerprint authentication in computer systems, the fingerprint on record is collected during the enrollment phase, and many fingerprint samples are collected over time during the recognition phase to be compared with the fingerprint on record. Regardless of the biometric, distinguishability is affected by the precision of the measurements taken. The more precise the measurements the more measurement possibilities and the bigger average distance between measurements. However, there are limits to the level of detail that sensors can collect and their costs increase as they become more sensitive. For biometrics the probability of false positive authentications is called the fraud rate because it permits fraud to occur—an imposter is authenticated as a legitimate user. The probability of false negatives is called the insult rate because the authentication mechanism blocks the right person—thus “insulting” them by not believing they are who they say they are. These two rates are in tension because they are based on how closely the recognition sample is compared to the enrollment sample. A person’s recognition samples will never exactly match his enrollment sample, but they should fall within a small range.
RkJQdWJsaXNoZXIy MTM4ODY=