As good as current biometric systems are, they can still miss the forest for the trees. They know a person’s fingerprints, but not how they use those fingers. They know what your iris looks like, but don’t have a clue what’s behind those eyes. They know your voice, but not the things you would say, would never say, nor how you would say it. Biometrics knows the minutiae, but not the big picture, and as a result, they can be fooled.
Compare that with the ways in which you know a person. It’s unlikely you know their fingerprints or the patterns of their irises, but you know a lot more — how they talk, how they walk, sit or stand and how they handle things. And if it’s someone you’re close to, you probably know how they smell. When you know someone, you’re not going to be fooled as to who they are.
Biometrics is moving in that direction, with government, private sector and academic researchers exploring ways to incorporate multiple biometric factors into a bigger picture of whether a person is who he or she is supposed to be.
The Defense Information Systems Agency, for instance, is looking into using a combination of biometrics to build what DISA Director Lt. Gen. Alan Lynn called an “identity score,” putting together elements such as face and voice recognition with behavioral traits such as a person’s gait and speech patterns.
“Your identity score will determine how much access you have to the network” or to a building, Lynn said last year at a symposium in Baltimore.
Aside from the familiar forms of biometrics such as fingerprint, iris, voice, palm and the increasingly popular face recognition (which also can be fooled), what other kinds of traits can add up to a more complete picture of you?
A potential step beyond mere fingerprints, researchers at Rutgers University and the University of Alabama at Birmingham have developed a system called VibWrite that identifies the singular bone structures and vibrations in fingers and could, they say, be applied to any building door, car door handle, or device — anything with a flat surface — to confirm a person’s identity.
“Everyone’s finger bone structure is unique, and their fingers apply different pressures on surfaces, so sensors that detect subtle physiological and behavioral differences can identify and authenticate a person,” Rutgers professor Yingying Chen said.
The Way You Walk
Gait identification is one of the factors Lynn mentioned as potentially being part of an identity score, saying it’s as individual as a fingerprint. And while it might not be perfect either, it does have an advantage of working in low-resolution environments, according to University of Southampton researchers, making it useful for surveillance and building access.
What’s in Your Heart
Researchers at the State University of New York at Buffalo have developed a heart biometric system that uses Doppler radar to get a read on a person’s unique heart rate signature. It’s continuous and unobtrusive, requiring no action on the user’s part. It can identify users, and also shut a system down when they walk away.
The Smell Test
Body odor is just as unique as any other feature, as long as sensors are fine tuned enough to detect the differences. Researchers at the Polytechnic University of Madrid have been researching the field for several years, and have reported a consistent accuracy rate of 85 percent. That might not be up to the level of bloodhounds or cadaver dogs, but it’s promising. But it might prove to be intrusive or inconvenient if it requires close contact.
Ears also are unique identifiers and could be used, for example, to identify someone when talking on a phone. But the technology has some limitations, including the fact ear shapes can change over time (earrings are just one factor), are easily covered by hair or glasses, and could be manipulated with plastic surgery.
It turns out a person’s posterior is as good an identifier as anything, as long as the seat has the sensors. Japanese researchers have tested a car seat with 360 sensors and came up with a 98 percent accuracy rate. Carmakers are developing smart seats that adjust to a person’s physique and monitor his or her health. On the other hand, it would require a pretty substantial investment in the seat, and fingerprints or irises don’t change after you fall off a diet.
Every smartphone user has a particular way of handling the device, and researchers at Russia’s Institute of Cyber Intelligence Systems have developed a continuous monitoring and authentication system that could be less annoying than constantly entering passwords, and less hackable than fingerprint or face recognition systems. The system is based on parameters such as how users they hold their devices, interact with the touch screens, and use its functions.
Interestingly, the behavioral biometric system hinges on machine learning, neural networks and advanced data analytics — something that also would be essential to combining multiple biometric factors into an identity score. Separately or together, systems that gather biometric information and behavioral patterns need a system on the backend to interpret all the data.
DISA has taken this into account with a contract awarded this month to Qualcomm Cyber Security Solutions to set up a pilot program using multiple factors for “actionless authentication” of mobile users. Qualcomm’s solution includes machine learning and analytics, along with its secure Snapdragon Mobile Platform, for authentication into mission-critical systems, according to the company.
Organizations have always looked toward multifactor authentication, with biometrics (when used) as one factor along with, say, passwords or fingerprints. A biometrics-only system would need to take the same approach. No system is perfect, but together they could combine for a more precise way of confirming an identity. As that old biometrician Abe Lincoln might have said: Hackers can fool all of the biometrics some of the time and some of the biometrics all of the time, but they cannot fool all of the biometrics all the time.