As the influence of biometrics continues, Christopher Brown, Programme Manager for Governance & Resilience at BSI, explores its growing role in modern society…
Biometrics can be defined as the identification of an individual based on biological (such as fingerprint, iris and facial) and behavioural (such as voice, gestures and gait) characteristics. Such information can be recorded by an electronic device or system as a means of distinguishing and confirming an individual’s identity.
Having an increasingly significant impact on a wide range of applications, biometrics is spreading its tentacles globally into many facets of everyday life.
As such, the UK needs to continue to invest in the development of biometrics standards to ensure that our current pre-eminent position in using biometric data is not eroded.
BSI committee IST/44 is responsible for developing British standards in this area and also providing input to international standards via its work with ISO IEC JTC1 SC37, which has dedicated expert working groups covering such diverse topics as ‘Harmonised biometrics vocabulary’, ‘Biometric data interchange formats’, ‘Testing & reporting’, and ‘Cross-jurisdictional and societal aspects of biometrics’. The use of a wide range of standards can therefore assist government in the creation and maintenance of effective national regulation.
Over the next 5 to 10 years there are a number of key areas likely to impose the biggest challenges to systems that are becoming increasingly dependent on biometric technologies. A familiar and universal trend is that of mobile biometrics. When the iPhone 5s was launched in 2013, its in-built biometric sensor represented the largest deployment of biometric devices ever, with reportedly over 9 million units sold on the first weekend alone. As Dr Peter Waggett, Chairman of IST/44 and Director, Emerging Technology for IBM UK Ltd exclaimed: “This sensor has done much to make the general public familiar and comfortable with the use of biometric technology. Since that launch more manufacturers have shipped devices with different biometric technologies and it is becoming the de facto security mechanism for mobile technologies.”
The sensor system was not only used to unlock the phone but also to access and authorise transactions on iTunes. It is likely that this technology will continue to progress as the interfaces to such devices are enhanced and more accurate biometric techniques (e.g. iris recognition) are developed for mobile use. “The systems in use are becoming increasingly sophisticated and this trend will continue”, adds Dr Waggett. “The uses for the technology are increasing. The interface has been opened up for general application and this wide-scale use has gained great public acceptance. New applications being developed should ensure that they take advantage of this technology.”
Another area primed for growth is that of Presentation Attacks. The increasing use of biometrics has led to sophisticated approaches to attempt to fool their successful operation. As Dr Waggett points out: “If we take face recognition technologies as an example, early systems could be fooled by simple photographs being presented to them.
“The ‘flat’ nature of these photographs was used to detect and counter this technique and this led to more sophisticated masks being used. This required more sophisticated counter techniques that used skin texture measures to ensure that they were not being attacked.
“Currently state of the art masks made from pig skin can fool most systems and these are likely to require liveness detection to ensure operation. Future measures will be required to counter increasingly sophisticated counter measures.”
The issue of privacy and particularly of enhancing biometric technologies in this area will always be under the spotlight. According to Dr Waggett, “public concern about the storage of biometric data can be reduced or eliminated by the use of techniques to ensure that their biometric data cannot be stolen or misused. One example of this is cancellable biometrics.”
In this instance a fingerprint is intentionally distorted in a repeatable manner and this new print is used. If, for some reason, an old fingerprint is stolen or lost, a new print can be issued by simply changing the parameters of the distortion process. This also results in enhanced privacy for the user since the true fingerprint is never used anywhere.
There are several other trends indicating that biometrics will have a significant impact on a range of applications affecting the general public. Examples include:
- Incorporating biometric technologies in debit/credit cards used for withdrawals at ATMs and making purchases. These could be extended for remote payment over the internet;
- Biometric algorithms are becoming more capable, making it possible to identify individuals using data sets that would have been considered as non-biometric data in the past (e.g. real-time analysis of signatures as they are written);
- Voice recognition biometrics which are now gaining favour in banking and financial institutions to provide additional security.
As with any fast moving technology, there will always be concern that the development, implementation and use of biometric systems are appropriate and respect the rights of citizens and consumers.
The challenge ahead is to ensure that this rapid pace is met with a marriage of robust solutions and practicality.
To see the current IST/44 scope and work programme, visit http://standardsdevelopment.bsigroup.com/Home/Committee/50087978 or to purchase standards in this sector, visit http://shop.bsigroup.com
Christopher Brown
Programme Manager for Governance & Resilience
BSI Group