printer friendly version

From the editor's desk: The good, the bad and the biometric

It’s always interesting to look back at the process of developing the Access & Identity Management Handbook and see what really has changed over the course of a year. Sometimes we find that the excitement around a new technology or solution has failed to play out as expected and it is simply another option the market can choose a year later.

Biometrics is a good example. We have been hearing about the potential and security of biometrics for many years, backed by a good growth rate both in South Africa and the world. This year is no different as we are seeing the biometric vendors looking excitedly ahead at future growth as this form of identity authentication becomes part of the general user’s everyday experience – and mobile technology is responsible for much of that as is the computer industry as we are already seeing more laptops with fingerprint authentication built in.

Readers will even see some comments in this issue about the Internet of Things (IoT). There is no doubt that the IoT is going to be a major part of our lives in future, although the first bits of it are already here and we’re using it without giving it a cool name. If you control a camera or your lights at home, you’re already using the Internet of Things.

Biometrics vendors see the IoT as a great opportunity since when everything is connected, accurately authenticating users becomes so much more important. The argument is that your biometrics is the optimal way to verify yourself. The problem is that the cheapies will probably gain a stronger foothold than quality biometric products. The cost factor always wins.

We’ve already seen mobile biometric technologies being ‘cracked’ in no time because the systems used are old and more cost effective. The same applies to laptops. The fact is cost will play a huge role in the IoT and most people see a fingerprint scanner as a fingerprint scanner, they have no idea there is a world of difference in how the data collected is used.

In a recent paper it was disclosed that some mobile biometric readers don’t store the user’s information in a secure location, among three other critical and common vulnerabilities. The paper is worth a read and is available at https://www.blackhat.com/docs/us-15/materials/us-15-Zhang-Fingerprints-On-Mobile-Devices-Abusing-And-Leaking-wp.pdf (short URL: https://goo.gl/qBXS5J).

In the world of biometrics, as in any other security field, it’s not enough to have one strong authentication mechanism on top of a host of vulnerabilities. In other words, it doesn’t matter how strong the lock on the door is if you leave the windows open. Which again leads us to the issue of integration.

Integration, whether it’s connecting your alarm at home to your smartphone or connecting everything via the IoT, is not simply connecting things together, it’s a matter of connecting things together securely. And in that there are enormous opportunities for the security industry, as well as enormous challenges.

Andrew Seldon

Editor

Share this article:

Further reading: