• Home
  • About
  • My Account
  • Blog
  • Success Stories
  • Contact
Bayometric Bayometric Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Bayometric Bayometric
  • Live Scan
    • Print to FD-258 Card – Background Check
    • SWFT Applicant System
    • FBI Fingerprinting – Live Scan
    • NFA Fingerprinting – Live Scan
    • FINRA EFS
    • FDLE Live Scan
    • Fingerprint Background Check
    • SWFT+ Compatible Devices
  • Fingerprint SDK
    • Touch N Go
    • Griaule Fingerprint SDK
  • Single Sign-On
  • Fingerprint Scanner
    • USB Scanners
      • SecuGen Hamster Pro
      • SecuGen Hamster Plus (HSDU03P)
      • Nitgen Fingkey Hamster DX
      • Lumidigm M301 (M30x)
      • Lumidigm M311 (M31x)
      • Lumidigm V302 (V30x)
      • Lumidigm V311 (V31x)
      • Nitgen Fingkey Hamster II
      • Nitgen Fingkey Hamster III
      • Verifi P5100
      • IB Curve
    • FBI Certified Readers
      • SecuGen Hamster Pro 10
      • SecuGen Hamster Pro 20 (HU20)
      • SecuGen Hamster IV (HSDU04P)
      • Unity 20 Bluetooth
      • Integrated Biometrics Watson Mini
      • Integrated Biometrics Columbo
      • Suprema BioMini Plus 2
      • Suprema RealScan-G1
      • Suprema BioMini Slim 2
      • Suprema BioMini Slim 2S
    • Ten Print Scanners
      • Integrated Biometrics Kojak
      • Suprema RealScan G10
      • Integrated Biometrics FIVE-0
    • Dual / Two Print Scanners
      • Suprema RealScan-D
      • Integrated Biometrics Sherlock
      • Integrated Biometrics Watson Mini
      • Nitgen eNBioScan-D Plus
    • Scanners + Card Readers
      • SecuGen iD-Serial
      • SecuGen iD-USB SC/PIV
      • SecuGen ID USB SC
      • Hamster Pro Duo CL
      • Hamster Pro Duo SC/PIV
      • Suprema BioMini Combo
    • OEM Modules
      • SecuGen SDU03P
      • SecuGen SDU04P
      • Lumidigm M300 (M30x)
      • Lumidigm M310 (M31x)
      • Lumidigm V300 (V30x)
      • Lumidigm V310 (V31x)
  • NFA Fingerprinting
Jul 01

Traditional Security vs. Biometric Security: A Comparative Analysis

  • Danny Thakkar
  • Biometric Security

Everyone needs security. It may not count as a basic human need, but sense of security is an essential element and even animals need it. We need security for ourselves, our physical belongings as well as digital security of information. Unfortunately security is not a measurable property and it can also depend on your state of mind. You may not have best home security system, yet can feel secure, vice versa is also true. However, we have to follow best practices of implementing security. We do many things to feel secure. Lock our doors, put passwords on online accounts, scan fingerprint or face to lock smartphones, etc.

The security measures we take can be largely divided into two major categories: Traditional security and biometric security. This article takes a comparative approach to discuss traditional and biometric approaches of security and tries to draw a conclusion which one can do a better job for you.

traditional security vs. biometric securityImage: Traditional security measures are in a tug of war with biometric security.

What is security?

Security is either the absence or the resilience against potential harm or unwanted change. Security often takes specific context when discussed. There is emotional security as well as financial security and it takes many more forms. However, our discussion will be focused on physical and information security, the two of crucial realms of today’s era.

Physical security is a strategy to protect facilities, assets, resources and people from the incidents or actions that may cause loss or damage these entities. Implementation of physical security makes use of several approaches and controls depending on the criticality of the event of loss or damage. Objective of physical security is to stop or deter physical access to the beneficiaries. For example, fencing, locks, security guards, security dogs, surveillance cameras, locks, fingerprint access control, etc.

Information security, on the other hand, is a strategy to protect information with digital security. Physical security can be deployed to implement information security, for example locking the door of a server room or installing a biometric recognition system to protect network access. The beneficiary in information security is the information that is being protected.

Biometrics is comparatively newer practice, which is being used to implement physical as well as information / digital security. It can lock / unlock your PC as well as the door of the facility it is kept in. Biometric has evolved steadily but have taken over the world very quickly. Let’s take a brief look at the journey of biometrics so far.

History of biometrics

Human beings have natural ability to recognize each other by distinguishing apparent physical and behavioural characteristics. Most animals do the same thing with smell. Facial characteristics, physical features, voice and many behavioural characteristics (e.g. gait, way to talk/behave) can help us recognize an already familiar person.

When this ability is given to information technology powered devices, it is called biometrics. Biometric technology, however, goes beyond human ability and can make use of many more physical and behavioural characteristics to identify them. It can identify individuals by their fingerprints, iris patterns, gait, keystroke dynamics and many more characteristics that remain unidentifiable to human eye otherwise.

Many associate history of biometrics with its usage for personal identification in forensic applications. However, history of biometrics is much older than that, as old as Babylonian age. Babylonians recorded business transactions on clay tablets and used fingerprints of the involved parties for authenticity of the transaction as well as to prevent forgery. Biometrics makes use of technology to identify individuals but Babylonian age did not have any technological advantage. This part of history is more about fingerprinting than biometrics.

bertillon anthropometric data sheetImage: Anthropometric data sheet of Alphonse Bertillon, the inventor of the system itself.

No systematic efforts for biometric identification took place until mid to late 1800s. Need of “absolute identification” led law enforcement to biometrics. During the ending years of 18th century, early attempts like Bertillon System took place, which used detailed measurement of physical characteristics and body parts to identify subjects.  Bertillon system was proposed by Alphonse Bertillon, a French police officer. This system, however, found to be undependable later.

By the end of 18th century, law enforcement agencies were experimenting with different approaches of identification, for trustworthy identification of criminals, which cannot be manipulated. Sir Francis Galton and Sir Edward Henry contributed in developing early classification systems for fingerprints in 1890s. In 1891, Juan Vucetich, a law enforcement officer in Argentina, started cataloguing criminal fingerprints.

Use of iris pattern for personal identification was first proposed by Frank Burch in 1936. He was an ophthalmologist by profession. By the end of 1960s, efforts to automate fingerprint and face recognition were underway with some success. In 1974, First hand geometry system became commercially available. However, deployment of first semi-automated facial recognition did not take place until 1988. In 1994, patent for first iris recognition algorithm was awarded to Dr. John Daugman.

In 2002, ISO/IEC standards committee on biometrics was established to standardize the different aspects of the technology. The first decade of 2000s saw early efforts of mobile biometrics and a couple of manufacturers introduced mobile phones with fingerprint sensors. However, true mobile biometrics breakthrough did not happen until 2013, when Apple introduced its mobile phone device with a fingerprint scanner. Later, mobile biometrics extensively levered iris, face and voice recognition for identity authentication, device security as well as convenience.

Introduction of biometrics on mobile devices has helped biometrics gain some level of ubiquity. After biometrics on mobile devices, face, voice and fingerprint biometrics is expected to become a norm in vehicles. Biometrics in automobiles will not only be a convenience features but will also patch the loopholes of current vehicle security measures.

Static vs. behavioural biometrics

There are many human body and behavioural characteristics that can be utilized for personal identification and authentication. Some of these characteristics stay “static”, while others are behavioural in nature, which are only visible in movements of the subject. Static biometrics makes use of these static characteristics to identify individuals. Fingerprint, iris pattern, facial structure, etc. count as static biometrics as these characteristics are static.

On the contrary, behavioural biometrics makes use of in behavioural patterns which are only visible during movements of an individual. Gait biometrics, signature dynamics, key stroke dynamics and even the way you use your touch screen mobile devices, are some of the examples of behavioural biometrics.

Biometrics vs. passwords

“I have to confess, I used to use a crib sheet, I don’t think I’m guarding any great secrets.”
Fernando J. CorbatóFormer computer science professor at MIT and inventor of the passwords, who engaged himself in poor practice of using a crib sheet to remember the passwords.

Passwords, PINs, secret codes, etc. have been widely used for protecting digital information since the inception of modern computing. Be it your home PC, phone, online account, or mobile apps, PINs and passwords are already ubiquitous and they have attained this ubiquity a long ago. Even physical access control in many cases (e.g. door locks with numeric code) have been laid with PINs.

Passwords are great, an easy and straight forward way to implement information security. Implementing password security does not require any additional hardware and can be done all in the code.

When people engaged in practice of using simple passwords for the sake of remembering them, developers pushed password policies to avoid the risk. It not only made passwords hard to crack but also hard to remember, adding more friction to already rough authentication process.

Biometrics came to rescue, first on mobile devices it proved its usefulness, now on PCs and even for cloud and web applications, biometrics is on its way to improve authentication and patching security loopholes. People can just touch the sensor or perform a quick face scan to unlock their device or login into an app or even perform a financial transaction.

Biometric authentication security: What is stopping it?

If biometrics is so good then why we still have passwords?
Why your fingerprint or face-unlock is still backed with a PIN or password on smartphones?

Passwords are hanging on past the expiration date because biometrics still has many shortcomings to address. Security issues in biometric authentication are discussed in subsequent sections. This is not to say that biometric authentication security is inadequate. It can be as good as passwords, even better, but fraudsters always find their way to play around the systems and completely replacing passwords with biometrics will happen gradually.

One of the major difference between password and biometric authentication security and password based security is that complexity is a matter of choice with passwords, while with biometrics, complexity is predetermined.

However, biometrics makes more sense in today’s fast paced connected world.  We are about to enter in Internet of Things era and 5G, the fifth generation of cellular networks and connected-everything is soon to become a reality. These connected systems, devices, appliances and vehicles will need to perform authentication and identification several times a day (we are already doing it on mobile devices). In such an environment, will you be trying to recall your password before starting your internet car’s engine?

What would you do if being in continuously authenticated state is a necessity? In such connected and high paced world, your unique physiological and behavioural characteristics will be enough to prove your identity. Identity authentication will become completely frictionless, where you will not have to spend even a second. Frictionless continuous authentication with biometrics is already a reality in mobile apps, which is expected to expand even further to IoT and more.

Now when biometrics is being considered as the future of authentication and IoT systems are knocking the door. Day is not far when your car and even refrigerator will be able to identify you as you hold the handle to open the door.

Problems with biometrics security

No security system can be 100 percent secure. Technology based systems can be vulnerable to flaws and loopholes as people keep coming with new methods to circumvent their security. On the other hand, digital security systems update more rapidly. For example, a system software update can fix a few vulnerabilities but can also introduce new ones and biometric authentication security systems are no exception to it.

Following are the major problems with biometric security:

Human dignity and social issues

In traditional personal identification applications, say in an ID card based approach, the ID card can be distributed to everyone in target population regardless of condition of his physical or behavioural traits. But in case of biometrics, not everyone in the target population can be fit for biometric identification, which will lead to discrimination and exclusion.

Biometrics perceives human being as subjects of biometric data collection, which offends human dignity. Biometrics not only dehumanizes the person, it also infringes bodily integrity, leading to human indignity. Deploying biometric recognition can also lead to discrimination and exclusion.

Fingerprint recognition has been and still used for forensic, law enforcement applications and criminal identification applications, making people suspicious about government organization biometric data collection campaign like voter registration of biometric national ID.

Privacy issues

Mass surveillance and state sponsored tracking of citizens is another problem with biometric security. There are biometric recognition systems that can track you in public places with face and gait recognition techniques. Face recognition systems deployed for mass surveillance can identify a subject without his/her knowledge, which infringes the privacy. Use of these systems by the government for mass surveillance is a concerned often raised by the privacy advocates. However, governments keep on tracking people on the name of security.

Biometrics severely infringes privacy. It is way more complicated that tracking your online activity or placing cookies on your phone or computer. Business organizations have already been collecting biometric data of its users and fate of this data remains uncertain without strong biometric privacy laws.

Dependence

Standalone systems (like employee identification systems) can work without this dependence, however, large scale identification and portable scanners like police scanners depends a lot of other systems like cellular connectivity, backend servers, database servers and many more systems to be up and running. Any system or sub-system going down will render inability to perform biometric identification or authentication.

Biometrics is a technology based identification and authentication approach, which may require several other systems work together to stay operational. Despite all technological advancement, downtimes and system failures are still a reality.

System performance

Today’s biometric systems are faster, better and more efficient than ever. They are more tolerant to environment conditions as well as user behaviour, but they are still not perfect. They have their own set of shortcomings which may come on the way when you will least expect them. Cases of false positives and false negatives (FRR and FAR) on today’s biometric systems are lower than ever, but they are still not zero.

Population coverage

Not all individuals in the target population may have their biometric identifiers in usable condition. For example, distorted voice, worn off fingerprint due to heavy work, facial deformity may lead to failure in enrollment. In this case, use of multi-modal biometric approaches can offer help.

Robustness

Your old school physical lock can get wet, take abuse and still function perfectly, but that is not the case with most biometric systems. Biometric systems can be delicate and may not be ready to be deployed in harsh environments; a little improper handling can adversely affect their performance and can even leave them unusable. For example, a few scratches on your fingerprint door lock sensor surface can make you look for your backup key.

Security issues in biometric authentication

It is important to remember that absolute security does not exist. Given funding, will, and the proper technology, nearly any security system can be compromised and biometrics is not an exception.

Following are the potential security issues in biometric authentication system:

System weaknesses

Biometrics systems are based on technology and like other IT systems, they are a combination of hardware and software. Programs and algorithms used in a biometric systems may not be perfect and can have unfound or unidentified vulnerabilities. On the other hand, these systems keep evolving and coming up with their newer versions. New versions and updates may have bugs and vulnerabilities which can be exploited a potential intruder with technical knowledge of the system.

Spoof attacks

Spoofing or imposter attacks are one of the issues in biometric authentication security, which is not found in password based systems. Password based systems can be attacked with password guesses (like brute force attacks) but there is nothing like attacking the system with a replica.

This issue is specific to biometric authentication security. An unauthorized individual may try to bypass the biometric authentication security by presenting an image or replica of the biometric characteristics of an authorized individual. For example, a fingerprint pattern of an authorized user engraved on a flexible material (like silicone, latex, etc.) presented to a biometric authentication system is a spoof attack.

Unalterable nature of biometric identifiers

Unlike passwords, IDs or any possession or knowledge based identification or authentication factors, which can be reset or reissued if compromised, biometric identifiers cannot be changed. Biometrics identifiers are stored in secured encrypted digital format in most biometric security systems, but in the world where hackers keep looking for system vulnerabilities, nothing can be certain.

Permanence is considered to be feature of a biometric identifier. Longer a biometric feature can persist, better it is. A biometric feature has to be unalterable so that a subject, whose identity has been established, cannot alter it. However, this unalterable nature of biometric identifiers becomes a problem if your biometrics is compromised or stolen.

Conclusions

Traditional ways of physical as well as information security have been doing their job since a very long time. They are proven methods, which have been deployed in all sorts of applications. Traditional ways of implementing physical and information security are largely based on possession or knowledge based authentication factors. However, now they seem overstrained to match today’s expectations of authentication and security.

Owing to its efficiency and speed, biometric authentication security is being seen as a potential solution to the many shortcomings associated with traditional security.

Biometric security patches many loopholes of traditional security but also introduces its unique flaws such as spoofing. Be it traditional or biometric, no security can be perfect, however, in today’s fast paced digital era, biometric security makes more sense.

  • Facebook
  • Twitter
  • Reddit
  • Pinterest
  • Google+
  • LinkedIn
  • E-Mail

About The Author

Mary Clark is Product Manager at Bayometric, one of the leading biometric solution providers in the world. She has been in the Biometric Industry for 10+ years and has extensive experience across public and private sector verticals.

Comments are closed.

Have any questions? We will be happy to answer.

Sidebar Contact

Shop online for high quality fingerprint readers

Hamster Pro 20

hamster pro 20
Buy Online

Unity 20 Bluetooth

unity 20 bluetooth
Buy Online

Hamster Plus

hamster plus
Buy Online

Columbo

columbo
Buy Online

Fingerprint applications we offer

Fingerprint SDK

Simple and Intuitive API, NO biometrics programming experience required. Get sample code in C++, C#, VB, Java etc.
Take a Tour

Live Scan

Live scan fingerprinting allows quick and cost effective background checks of individuals.
Take a Tour

Computer Logon

Logon to Windows, Domain, Websites and Applications using fingerprints & create a ”password free” environment.
Take a Tour

Search the Blog

Categories

  • Access Control
  • Archive
  • Automotive Biometrics
  • Background Check
  • Big Data
  • Biometric ATMs
  • Biometric Authentication
  • Biometric Data Security
  • Biometric Device
  • Biometric Identification
  • Biometric Immigration
  • Biometric National ID
  • Biometric News
  • Biometric Passport
  • Biometric Payment
  • Biometric Research
  • Biometric Screening
  • Biometric Security
  • Biometric Spoofing
  • Biometric System
  • Biometric Technology
  • Biometric Terminology
  • Biometrics as a Service
  • Biometrics Comparison
  • Biometrics Examples
  • Biometrics in Banking
  • Biometrics in Education
  • Biometrics in School
  • Border Control
  • BYOD
  • Cloud Communication
  • Cloud-based Biometrics
  • Covid 19
  • Cyber Security
  • Facial Recognition
  • Finger Vein Recognition
  • Fingerprint Attendance
  • Fingerprint Door Lock
  • Fingerprint Recognition
  • Fingerprint Scanner App
  • Fingerprint scanners
  • Fingerprint SDK
  • Fingerprint with Phone
  • Future of Biometrics
  • Guest Blog
  • Hand Geometry
  • Healthcare Biometrics
  • Home Security
  • Hospitality Industry
  • Integration Guideline
  • Internet of Things
  • Iris Recognition
  • Law Enforcement
  • Live Scan Fingerprinting
  • Mass Surveillance
  • Membership Management
  • Multi-factor Authentication
  • Multimodal Biometrics
  • Network Security
  • NFA Fingerprinting
  • Palm Vein Recognition
  • Patient Identification
  • Privacy
  • Public Safety
  • Retail POS
  • Retinal Scan
  • SecuGen RD Service
  • Secure Data Center
  • Signature Verification
  • Single Sign On
  • Smart Card
  • Time and Attendance
  • Two-factor Authentication
  • Vascular Biometrics
  • Visitor Management
  • Voice Authentication
  • Voter Registration
  • Windows Biometrics
  • Workforce Management

About Bayometric

Bayometric is a leading global provider of biometric security systems offering core fingerprint identification solutions. Learn more

Products We Offer

  • Touch N Go
  • Single Sign-On
  • Biometric Access Control
  • Biometric Security Devices
  • Fingerprint Scanners
  • FBI Certified Readers
  • Live Scan Systems
  • OEM Modules

Contact Us

Footer Contact
Sending

Recent from Blog

  • How Does NFA Obtain Your Criminal History Record? February 4, 2023
  • ATF Final Rule (2021R-08F) – Attached Stabilizing Braces January 30, 2023
  • Can Live Scan Detect Masked Fingerprints? January 5, 2023
© 2007 - 2022 by Bayometric | All Rights Reserved.
  • Best Seller
  • Cart
  • Checkout
  • Policies
  • Industries
  • Knowledge Base
  • Sitemap