Biometrics in Information Security

From Computing and Software Wiki

By registering their biometric data ahead of time, travelers at Heathrow Airport in London, UK can go through an automated check in, using [IRIS]^[2]

The word biometric originally comes from ancient Greek, “bios” – life + “metron” – measurement^[1]. The classic definition of biometrics refers to the measurement of biological traits (i.e. the growth rates of bacteria) however this field of study is now referred to as Biostatistics. The contemporary field of biometrics refers to measurements of unique physical or behavioral traits in humans. In the vernacular of information security, biometrics falls mainly under confidentiality and availability because of its applications in identification and authentication.

In the process of biometric authentication, a mathematic model of a measurable trait (see Types of Measurements below) is converted into a unique signature, similar to the checksum of a file. This process refers to the identification phase of authentication, where an identity is bound to a subject. When the physical trait is measured again, the same signature should be produced and authentication of the subject is successful.

Despite its wide use as a quick and fairly reliable means of identification (see Applications below), there remains some criticism over biometric systems. Problems include susceptibility to replay attacks, and identity theft with more permanent consequences than a compromised password (see Problems with Biometric Systems below).

Types of Measurements

Applications

Problems with Biometric Systems

References

[1] http://en.wikipedia.org/wiki/Biometrics

[2] http://edition.cnn.com/2007/BUSINESS/07/25/biztrav.iris/index.html

See Also

--Goesc 22:52, 2 December 2007 (EST)