Changes

Jump to: navigation, search

Fingerprint Identification vs Password Authentication

8,775 bytes added, 14:26, 21 November 2010
Preliminary Research
= Research Notes =
==== Preliminary + Detailed Research ====***Fingerprint identification is the world's most widely used and trusted method of biometric identification. Fingerprint identification exploits the variability of the patterns formed by papillary ridges (the corrugated ridges that swirl around and across the fingertips). Historically, the two primary uses of fingerprint identification have been for criminal record-keeping and for forensic identification. Fingerprints are also used for civilian identification purposes, such as controlling access to entitlements (government benefits), keeping motor vehicle records, and immigration control. Due to recent innovations in fingerprints scanners, fingerprints are increasingly used for civil identification and security purposes.[Fingerprint identification]*** 
Overview, introduction, interesting facts/data on passwords and fingerprint identification:
<ul>
Thesis:
Fingerprint-based identification is an old but successful method of authorization. Passwords are currently the most common way of securing our data and personal information on our computers, web accounts, and networks nowadays, yet it is still open to many security risks. Would it be a better investment having the combination of fingerprint identification and the password technique than a simple or complex password for protecting our data online and offline?
 
***Identification is typically performed by logging in or entering a username. But after entering a name, a user may be asked to prove it, so that the system can be certain that one user is not trying to impersonate another. A user can authenticate an identity based on (1) what the user knows, such as a password, (2) who the user is, such as a physical characteristic (for example, a fingerprint), or (3) what the user possesses, such as a token. An authenticator must be something that cannot be easily forged, lost, forgotten, or guessed, while still making it easy for the legitimate owner to use. Techniques can use two or more approaches.
User passwords are commonly employed. Password guessing attacks use computers and actual dictionaries or large word lists to try likely passwords. Brute force attacks generate and try all possible passwords. To block these attacks, users should choose strong passwords.
Physical characteristics can be determined by biometric devices. In addition to fingerprints, voice recognition, retina patterns, and pictures are used. Although biometric authentication devices can be expensive, they are less susceptible to forgery and guessing than other methods, and they tend to be easy for users to adopt. [Computer security] ***
***Access control
Access to the computer system must be controlled both physically and logically.
Physical access
Physical access to the computer system means the access to input devices such as terminals, keyboards, communication lines, and disk drives. Where access must be monitored closely, employees are required to wear identification cards at all times. Physical controls might include the removal of outside knob hardware on all doors on the perimeter of the installation that are not to be used as emergency exit points, installation of panic-door opening hardware on all interior doors in place of knobs, attachment of audible exit alarms to all emergency doors, and control of the locks to rooms and devices with smart cards or biometric devices.
Logical access
Logical access to the computer system may be controlled and monitored through the use of auditing software. Security audit trails should be available to track and identify users who update sensitive information files. If the sensitivity of information stored on networked microcomputers requires audit trails, the host computer, not the terminal, is where the audit trails should be located. Auditing software should not be switched off to improve processing speed. Audit-trail printouts should be reviewed regularly.
Logical access to computer systems is often controlled through the use of identification systems and password systems. Users must identify themselves to the computer with some quantity known only to the system and the user. This is accomplished by using something that the user is (via biometrics), something the user has (smart card), or something the user knows (a password). These techniques demand that the computer have some method of storing securely the data necessary to identify each user. Each of these techniques has implementation difficulties and can be defeated. Access to networked and communicating computers is now also controlled by firewall approaches.
Firewalls
The firewall approach to restricting access to computer systems requires that the computer system be isolated from other computer systems or networks except for a communication channel that is under the control of a firewall. The firewall is a suite of hardware and software devices that monitor communication traffic into and out of the system it guards. The firewall is programmed to accept only traffic that meets criteria determined by the system owner. Often such criteria are based on a list of permitted addresses for incoming and outgoing message traffic. The firewall program must know both the sender and the receiver of a transmission to permit its passage. The firewall separates the inside and the outside computer world. Work is under way on incorporating many other parameters into the firewall suite to improve its functioning.
A fundamental flaw in firewalls is that the internal system must be completely isolated from the nonsystem components. Computer communication devices are now so inexpensive and so readily available that users of large systems often invalidate the firewall concept by establishing their own communications without passing through the firewall.[Computer security and privacy]***
Fingerprint identification:
Advantage:
***"With the introduction of computers into most large government record systems in the 1960s and 1970s, automated filing began evolving for the task of fingerprint identification in large collections. During the 1980s and 1990s, large fingerprint card repositories throughout most of the world began utilizing AFIS to greatly improve throughput for comparison and identification of fingerprint records. There was also an increase in accuracy for detecting duplicate records (previously undetected aliases). For latent prints collected from crime scenes or other evidence, AFIS enables identifications impossible in large manual (noncomputerized) finger and palm print databases. AFIS also links together unsolved crimes when the same (as yet unknown) person's prints are found. This creates additional leads for investigators.[Fingerprint]***
 
Inexpensive - ***Finger scanning biometric devices are now a viable alternative to password access software. We wanted to know whether these easily available and affordable devices provide better security than standard password protection schemes.
 
We'll start by explaining how fingerprint recognition works. An individual's fingerprints are unique physical characteristics composed of ridges and minutia. Minutia are the points where the ridges split or end. Based on these distinct physical characteristics, a finger scanner should automatically provide more secure access than passwords that can be compromised or guessed.
The devices we tested all use light to measure the ridges and nonridges, take an original fingerprint image, capture the minutia points, and create an identifying template from the minutia points. The system retains the template and uses that for verification of fingerprints.
 
We found that finger-scanning holds a solution to a number of access problems, including for individuals who need to access multiple PCs, multiple applications that require separate passwords, network access, and for business resumption after automatic time-out. [Let Your Fingerprint Be Your Password] ***
 
***The average office worker juggles a dozen or more passwords and user names for various e-mail accounts, Web sites, online banks and network log-ins. For some relief, IBM Corp. and Fujitsu Computer Systems are offering an alternative to password overload. The two companies have added fingerprint sensors to their notebook computer lines, giving users a more expedient method of entering passwords, replacing the recalling and typing in of a password with the swiping of a finger. [FINGERPRINT SECURITY]***
<ul>
<li>Strong password + fingerprint ID</li>
</ul>
Disadvantage:
Society acceptance - ***BIOMETRICS SHOULD BE booming. Technology is available today to identify a person by a fingerprint, eye scan, face or handprint, or voice pattern. And the increased emphasis on security in the wake of terrorist attacks, identity thefts, and computer crackers should be fueling huge growth in the sales of biometric technology.
 
But that hasn't happened-yet. A few businesses and government agencies are testing or have deployed biometrics. Skeptics, however, say the technology is still too expensive, isn't foolproof, can be hard to integrate with other systems, and requires changes in the way people work.
 
That may explain why interest in biometrics isn't growing as fast as many expected. In fact, only 9% of 300 business-technology executives surveyed for the InformationWeek Research Priorities 1Q2003 study say biometric deployment is a key business priority, down from 12% in the same quarter of 2002. [Slow acceptance for biometrics]***
<ul>
<li>Twins have identical fingerprints</li>

Navigation menu