Bookmark with:

              

We all have heard of this term as the new security frontier in Technology world. It is a section that is applied on unique human characteristics to identify and authorize access to sensitive area or data, by matching them to an existent database. Those security mechanisms are close to be characterized ,as full proof , since they are based upon our unique life “specifications” , as previously mentioned.

According now to human biology, the parts of our body, which could not exist as identical to someone else’s physical body, are:

1) Iris

Iris is the part of our eye which is used by us to locate and follow images, along with countless functions, regarding our sight. It’s unique form, is used because it is parted by small veins, differently located and formed for every human. It can not be changed, (unless there is a serious injury) and can not be duplicated, by any way (at least until today). Some say, not even by cloning, but this can not be proved due to many reasons, legal and moral. Iris scanning mechanisms now exist in high security places, protecting mostly, access to isolated areas rather than physical or other access to software. They are building by several parts of hardware, but their basic structure is formed from:
• Optic reader which is using a light scanning device, that takes a kind of “snapshot” of the human eye.
• Server, usually with *NIX or IBM software capable of handling “heavy duty” databases.
• Networking participation with electrical and electronic devices, like alarms and electrical switches.

Procedure is rather simply. Human walks into the eye-scanner device. Sets the eye to the reader, as to be read by the device. Command to start procedure is usually given by a switch or a keyboard. Right after the scanning procedure, there is a time delay which is occurred due to the matching procedure of the database. In most machines, there are also simultaneously entries, by the human, by keyboard, with his credentials which could be name or some user account along with a password. If matched, electrical or electronic signal is send to according device to allow access or trigger some kind of alarm.
Although iris scanner sounds like a sci-fi item, it is applied today, as to protect with a maximum level of security, places, data, even buildings. It can be applied to personal machines, though the cost of it is somehow forbidden to common people.

2) Fingerprint

Fingerprint is the “trail” that our fingers leave while we grab or touch in any way things with our hands. It is considered to be unique for every person and can not be altered in any way. In true sense, they are nothing more than wrinkles, caused by our skin and small veins of blood, in our hands. The scanning and identifying method is similar to the one Iris mechanisms have, but software and hardware is far more limited for this mechanism to function. That alone is a benefit to personal users, since it can be used on a personal computer. Recently Microsoft and IBM have created a keyboard with such interface, for both desktops and notebooks. However they are not 100% accurate and they are not blocking access enough, as they need their own drivers and software. As a consequence then, user needs system to fully startup and then uses it. So it can be bypassed easily with a boot disk or some other way that will not need system to run, in order to access a hard drive.
Although now fingerprint is considered to be unique and is also used as an additional security feature in new passports all over the world, they have been duplicated with remarkable precision, by tech guys, who used retina material and an original snapshot or imprint of a fingerprint. Security experts, although they have confirmed this information, they indicate that fingerprint is an additional security measure, which will be used combined to several other measures. Truth is though that this protection could be characterized as “tampered”.

3) Voice Recognition.

Even though voice could not be characterized as unique, it is though, a very good way to set an additional security feature for their sensitive data. Voice recognition, is no big news. There are today, text editors, and text-to-speed and speech-to-text technologies, for almost every system today. Office suite of Microsoft has that feature, and can be applied to almost any computer that has a microphone and a sound card installed.
It uses audio files, characterized by frequency tone and stores them to a special file, which is located, usually, under the program files directory, with no special rights. Same procedure is being followed by recent security software that use voice recognition to id and authorize access to machines or data. It is cheap to get, but it is also considered easily to bypass, especially if you can imitate voices of other people, like mimes and actors do. Known bug of that security measure, is that even a simple cold of the owner might lead to his lock out from the machine. Unfortunately, computer software is not able to id changes in voice, based upon tones.

Ways to bypass it? too many… from recorded voice of the owner, to imitation of his voice, can easily give unauthorized access to an intruder. It is though an additional security measure that could, give a malicious person a hard time, if combined with other protection measures.

4) DNA

This is indeed considered to be a strong asset for security experts all over the world. DNA is a sum of chromosomes, nucleic acids, proteins and enough other biological elements that define our physical form, from hair to type of blood. It is considered to be the blueprint map of a human’s body. It is unique, not able to be duplicated in any way (not even by cloning), and can not be altered by even heavy diseases.
Scientists, think that DNA should be protected, under the personal data, international laws, about privacy. Security experts and in general governments all over the world , think that it should be like that, but central information agencies, need to have records of them , for ALL people, in order to identify possible criminal or terrorist activity. Until today, we had no final decision, from USA or E.U.
How hard is to use DNA as and I&A (identification & authorization) method? It is quite hard, since even today, if a person asks a DNA test, results will not come out, faster than a week’s period. This alone , shows that we are not ready to use it as a security measure today for IT section, due to tech reasons.
I do not think that a user would want to wait , access authorization , after a week. This though, is not banning , intentions, as we know that our technology is advancing constantly and maybe , we will be able in the future to have instant I&A , by using DNA scanning methods.
How is that going to be? …Who knows?.. DNA is contained in every part of our body. It can be scanned on a hair, in fingernails, all “liquid” coming from our body and our skin. Combined now with a smart card or some other security feature, I think , that Security will take a new course , directed to provide even more accurate and full proof methods, against any kind of attacks. It might be done , even by nanotechnology , since it will, too, advance in the future. Nanotechnology, now , even it is not considered to be a “pure” IT department, it can be useful as it will provide huge assistance , as to apply biometrics and especially when it will come on DNA scanning.

Biometrics, even though are not widely applied today , they are gaining ground day by day , and it is sure that , it will be an essential foundation , in the future for IT security. What is even more paradox, is that it will be considered the “strong asset” where today security is blaming all. An the weak link , called “human factor”.

Things remain to be seen....