Biometric Security

Published in

BiometricSecurity

3 min readNov 12, 2020

Biometric Security Overview

Biometric security devices play a crucial role in verifying a person’s identity by enforcing access control methods through their unique biological traits. In this lesson, we will cover optical, fingerprint, and voice recognition, which are used to identify and authenticate a person, as well as cover the pros and cons of using these devices.

Retina and Iris Recognition

Retina scanners use the blood vessels in the back of the eye for authentication. The blood vessel pattern in the back of the eye is unique to the individual. This method is very intrusive and is not widely accepted because it breaches a person’s medical privacy. For example, possible discovery of disease in the eye or other medical conditions may alert the company and can cause employment issues.

The iris scanner, which measures an individual’s iris pattern, is non-intrusive. Each person has a different color pattern in the iris, and therefore, the iris scanner is used to measure these characteristics. It is more popular within the security field.

Replay attack (also known as a playback attack) is when a person uses someone else’s credentials without their permission. The chances of replay attacks are very low on retina and iris scanners because it is nearly impossible to copy the retina and iris of someone else to use for impersonation. While retina and iris recognition systems do keep information and areas safe from intruders, these systems are very expensive.

A good way to remember that the retina scanner is the more intrusive of the two when it comes to medical privacy is: RetINa is INtrusive.

Fingerprint Recognition

Fingerprint scanners are the least intrusive out of the group because they only measure the fingerprint. They measure the whorl, loop, and arch patterns of the finger, which are unique to everyone. Fingerprint scanners are also the easiest to implement and are cost effective. Fingerprint scanners do not disclose any medical information; therefore, they are widely used in the industry in regards to access control. They are so popular and effective that fingerprint scanners are now being used on mobile devices and even on cars.

Although it is uncomplicated and inexpensive to implement, there are high chances for replay attacks since this type of system allows for easy impersonation. For example, if you press your thumb against the back of a gummy bear, you will be able to see your thumb print. The same gummy bear with the lifted fingerprint can now be used to fool a fingerprint scanner and gain unauthorized access.

Voice Pattern Recognition

Voice pattern analysis measures the tone and pitch in a person’s voice. The person who registers his or her voice is given an odd phrase to repeat several times in order to allow the voice recognition software to capture the authentication. For example, a person completing a voice registration process may have to say something like this — ‘blue mountains and teeny tiny strawberries.’ Can you tell that there are several tones and pitches used in this sentence?

The drawback to using voice recognition is that if a person becomes sick or loses his or her voice, the voice recognition software will not be able to tell if its the right person trying to authenticate. The upside to using voice recognition is that replay attacks are very unlikely. Voice recognition nowadays will display a phrase that is generated at random to the person who is trying to gain access. This prevents people from using audio recording devices to fool the system.

Lesson Summary

In this lesson, we learned about biometric security devices, which verify a person’s identity by enforcing access control methods through their unique biological traits. We also learned about replay attacks (also known as a playback attack), which are when a person uses someone else’s credentials without their permission.

We learned that fingerprint scanners are the most popular, easiest to implement, and cheapest biometric device because they only measure the fingerprint. The chances of replay attacks on fingerprint scanners are very high, and this system can be fooled. Although voice pattern analysis, which measures the tone and pitch in a person’s voice is pretty good, a person who is sick or has a strained voice may not be able to authenticate.

Finally, remember that the retina scanner, which uses the blood vessels in the back of the eye for authentication, is intrusive and can give away someone’s medical condition. The iris scanner, which measures an individual’s iris pattern, on the other hand, is very secure and does not give away a person’s medical status. Both eye recognition devices are expensive to implement but at the same time, the chances of replay attacks are very low.