8. The Means of Cybersecurity: Access Control 193 If the biometric system’s acceptable range is too narrow, this increases the insult rate. On the other hand, large acceptable ranges means that more nearby measurements are accepted, maybe even including other people’s recognition samples, leading to a higher fraud rate. For a given biometric the level of specificity where the fraud rate and the error rate are set equal to one another is called the equal error rate. If the equal error rate is .1% for a given system, this means one out of a thousand times the right person will be denied access (i.e., insulted), and one out of a thousand times an imposter will be granted access (i.e., fraud will occur). This measure is a good way to make an apples-to-apples comparison between competing biometric systems—the smaller the equal error rate, the better that system performs in the distinguishability category. For a given biometric installation, an organization may not calibrate to the equal error rate given their risk tolerance. For example, if they believe that the loss of availability would cost more than the risk of fraud, they may decrease the insult rate to .01% (one in ten thousand), which might raise the fraud rate to .2% (one in five hundred). 8.1.2.2 Permanent Permanence is another important category for biometric authentication. Ideally, users should only have to be enrolled once. If the biometric characteristic being measured changes over time, then people would need to be re-enrolled to collect updated samples. This is one reason why weight would be a poor biometric! A person’s weight fluctuates with age and even with the seasons. Therefore, weight measurements would become outdated and enrollment samples would need to be updated regularly. Faces change over time, but there are facial features that are stable for long periods of time. Good facial recognition algorithms home in on these stable characteristics. By focusing on specific dimensions such as the distance between facial features, facial recognition systems can tolerate changes in weight and facial hair, and can even work when the subject is wearing glasses or a hat. Facial recognition systems have become highly accurate and do a better job than humans in recognizing faces. They are even capable of telling identical twins apart. Some other biometrics rate higher on the permanence scale than facial recognition. For example, iris patterns in the human eye do not typically change from adolescence through old age. This makes iris recognition a good candidate for a biometric. In theory, children could be enrolled and they could still be authenticated as an elderly person—that would not be true for facial recognition or many other biometrics. The most permanent biometric of all is DNA—it is set at the moment of conception and never changes! However, DNA does not make for a good biometric for other reasons, as discussed below.
RkJQdWJsaXNoZXIy MTM4ODY=