Acceptability Of Biometric Security System Information Technology Essay

Published Date: 23 Mar 2015

Various systems need to uniquely identify its users and also to verify their identity. Example of such system is secure access in buildings, data centre, personal computers and laptops, mobile phone and ATM machines etc. To accomplish the task, the systems need a method that can be based on 'what the user knows', 'what the user has' or 'what the user is'. Traditional password based authentication system is based on 'what the user knows'. And biometrics authentication system or biometrics is based on 'what the use is'. The main goal of this paper is to find out the acceptability of biometrics over traditional password based authentication method.

1 Introduction

This chapter presents the reader with an over all idea about the contents of the whole research paper. A precise background about the research topic is discussed here. A description of the related research area is also discussed with the purpose of the research as well as the goal and audience.

1.1 Background

Security is always considered as an important issue of every system. People have always felt the necessity to have a method to uniquely identify an entity which will be permanent and provide better performance than existing ones, which have acceptability to all. And obviously the method will provide hundred percent security. Pursuing these necessities, different methods have been developed at times. Some of them have been accepted and some became extinct. While talking about secure system professor Eugene H. Spafford said that, "The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." [6]. But that could not stop people from trying to make the systems absolutely secure.

For a security system to work properly it is necessary that authentication is performed accurately. Matt Bishop defined authentication as, "binding of an identity to a subject". Information provided by the entity makes the system confirm its identity. This information may be based on 'what the entity knows', 'what the entity has', 'what the entity is' or even on 'where the entity is' [1]. Among all the stated sources 'what the entity is' is little bit different, as here the entity itself is the means of its authentication. And here comes Biometrics as a means of authentication method. Biometric recognition, or simply biometrics, can be defined as a means of automatic recognition of individuals based on their physiological characteristics, behavioural characteristics or combination of both [2]. Some examples of Biometric methods are finger print, hand geometry, retina pattern, voice recognition, keystroke and pointing pattern.

1.2 Description of the Research area

The word Biometrics is derived from two Greek words 'bio' which means life and 'metric' which means to measure [7]. Ross Anderson defined Biometrics as a method of identifying people by measuring some aspects of their physiological characteristics, behavioural characteristics or even combination of the both [8].

The use of biometrics as an authentication technology is definitely not a new one. People have been using handwritten signatures for hundreds of years. History says in 14th century merchants in China used stamped handprint and footprints of children to distinguish them from one another [9]. And now, as the technology is developing day by day, the biometric technology is also getting more and more updated. Numbers of new biometric methods have been introduced in the market over the last couple of decades. All of the different Biometrics methods have some pros and cons of their own which has been discussed in detail elsewhere [8].

1.3 The purpose of the Research and its role within the research area

The purpose of the research was to assess the acceptability of Biometrics Security System to general people. Our findings will help to resolve some issues of different biometrics methods regarding user acceptability and will also help to make it more effective and useful.

1.4 Goal and Audience

Our main goal was to assess the acceptability of Biometric Security system over the traditional personal identification system. Our audiences are the people who want to work with biometric security system for the general people. People who want to know about the acceptability of Biometric security system are also in the range of our audience.

2 Materials and Methods

To accomplish our research work and to achieve the goal we have divided our work into some steps. First of all we have prepared a research question. Then we have carried out a literature study. We have studied a number of research papers, journals, publications and some related books. The purpose of the study was to acquire a clear understanding about Biometrics, the level of security and reliability provided by Biometrics over other available authentication methods and to be familiar with different Biometric techniques. From our reading and observation we formulated a hypothesis. Then we developed a questionnaire and distributed it among people from different backgrounds.

2.1 Research Question

What is the acceptance level of biometrics security system over the traditional 'what the user knows' based authentication system?

2.2 Literature Review

Security Engineering, A Guide to Building dependable distributed systems, by Ross Anderson: Basically we started our study with this book. And found it as a bible of not only Biometrics but also for many other security aspects. Our research supervisor Louise Yngstrom referred us the book as a good source of information.

Biometrics, Identity verification in a Networked world, by Samir Nanavati, Michael Thieme and Raj Nanavati: This book also helped us to make a good foundation of our knowledge about Biometrics. We searched and collected the book from KTH library.

An Introduction to Biometrics Recognition by Anil K. Jain, Arun Ross and Salil Prabhakar: We have found this paper from IEEE. We found it interesting because without just discussing about different Biometric methods they made a comparison among them from different perspective like Universality, Permanence, Performance and User Acceptability.

Perceived Acceptability of Biometric Security Systems by Frank Deane, Kate Barrelle, Ron Henderson and Doug Mahar: We found the paper by searching through Google. It was published by Elsevier Science Ltd. This paper was helpful in a sense that the authors basically tried to assess the acceptability of physiological and behavioral characteristics based biometric methods and we got knowledge about how to conduct a comparison between two systems.

Usability and Acceptability of Biometric Security Systems by Andrew S. Patrick: We found the book by searching through Google. It was published by the National Research Council (NRC) Canada. In this paper the author discussed about the challenge of designing a usable and acceptable biometric system. This paper helps us to know the potential of Biometrics over traditional password based authentication system.

2.3 Observation and Primary Hypothesis

From our literature reading we found that Biometric security system is getting a lot of attention because of its huge potential to increase the accuracy and reliability in the field of identification and authentication. A number of factors are working behind the increased usability of different biometric methods. The manufactures are manufacturing chips to use in biometric security devices which are smaller, cheaper and durable. The biometric devices are now designed with better ergonomic features. Its necessity is gradually being realized in the military applications also [4]. Not only that, Biometrics is going to be used in the Passport system in European Union [11]. For the last couple of years the use of Biometrics in consumer products (e.g. Computer mouse, keyboard, and mobile phone) is noticeable. Besides a lot of research is going on to improve the Biometric Algorithms. Over all we found from our study that to make a seamless access control and authentication environment there is no alternative to Biometrics [4].

From our literature reading we also found that Biometrics is now considered more secure than the password based authentication system or even using smart cards [10]. Biometrics is resolving the problems of passwords and PIN codes, which are considered as the most frequently used authentication technology. Biometrics security system introduces increased security, convenience and accountability compared to traditional password based authentication systems. When passwords have a threat to be guessed easily, Biometric data cannot be guessed in that way. Biometrics relaxes the users from memorizing a huge number of passwords and managing them. And as a result of these some big organizations have already moved to Biometrics system leaving the password based system behind [5]. These issues are discussed in more detail in [3].

We also saw that a lot of research has been conducted about the assessment and evaluation of the performance of different biometric systems. But few pieces of research have been done on the acceptability of the systems even though they are being used by general people. So we became interested about the acceptability of the Biometrics security systems as compared to the most frequently used password based authentication systems. And from our readings we hypothesized that - as having more reliability and excellent features the Biometrics security system will be more acceptable to the general people than the traditional password based authentication system.

2.4 Testing the Hypothesis by real life survey

2.4.1 Subjects

In our survey total participants till date are 68. 87% are male. Most of the participants are in the age range of 26 to 30 years and that is 51% of the participants. 98% of the participants are computer savvy. 65% of the participants are students and 32% are jobholders. All the participants have at least minimum knowledge and/or experience about biometrics. And 99% use computers in their daily work.

2.4.2 Measures

Participants were given a questionnaire to complete. They were asked to provide their biographical data (e.g. age, sex) and level of computers usage. There was a question to assess their satisfaction level of using biometrics. A 5-Point-Likert-type scale was used to do that. There was a question to assess whether the presence of Biometrics have ever influenced them to buy a product or service. They were asked about their preference among different biometric authentication methods and traditional password based identification methods. There were also questions to assess which authentication method they think most secured.

2.4.3 Procedure

We conducted a field-based survey. Participants were met in groups and they were given a briefing about the research topic and purpose of the survey. All their confusions and questions were resolved on spot. They were informed that the survey is anonymous, voluntary and that they are not bound to answer all the questions. They were requested to provide unbiased opinion. They were asked to provide their email address if they want to know the result of the survey as well as the project and it was definitely kept optional.

3 Result

The objective of our research work was to assess the acceptability of different biometrics methods to general people. To find out the research answer we have conducted a survey. From the survey we have obtained some interesting findings which will be presented here.

There are many biometrics methods available now-a-days, among them we have chosen voice recognition, facial recognition, pointing, finger print, hand geometry and retina scan as because these are the most well known methods. Now Figure: 1 shows that 41% of the total participants think finger print is the most secured method than any other authentication methods. Retina scan has been supported by 26% of the total participants. Position of the password based authentication method is 3rd and only 23% people think it

is a secured method than the others.

Fig: 1. Authentication method that participants think most secured.

Again in figure: 2 we can see that 60% of the total participants think that 'password' would not be sufficient where they have used 'biometrics' for authentication. But 25% participants think that 'there was no need of biometrics, password was sufficient'. 15% participants had no comments about it.

Fig2: Participants' opinion whether password would be sufficient over existing biometrics system.

Password is frequently used to login to a system. But while the people have been asked whether they think biometrics would be more suitable than password, 69% of the participants gave positive response. Only 25% participants think that 'biometrics would not be more suitable where they use password for authentication'. Figure 3 shows the opinion comparison graphically.

.

Fig3: Participants' opinion whether biometrics would be more suitable than password based system.

Figure 4 shows an interesting thing. While the participants were asked about which authentication method they would like to prefer, surprisingly 59% of the participants said that they prefer traditional password based system. Here the closest competitor from biometrics side was fingerprint and 24% participants chose it.

Fig4: Shows the preferred way of login to a system by the participants.

From our study we hypothesised that the user acceptability of biometrics will be higher than the traditional password based authentication systems. Now, Figure 1 shows that biometrics technology such as fingerprint is considered more secure than password based system. Fig2 shows that users' do not think password would be suitable or should replace the existing biometrics systems; also Figure 3 shows that people thinks biometrics authentication method would be more suitable where they use password. User response in Fig2 and Fig3 respectively makes it clear that they consider biometrics as a trusted system and password based method an insufficient and inefficient system. All these facts demonstrate the user's trust and willingness to use biometrics authentication technology. But Figure 4 shows some variation in the user's opinion, which says that for login to a system users still prefer traditional password based method, despite having their trust and willingness to use biometrics systems. This will be discussed at latter chapter.

4 Analysis of the results

In the endeavour to find which authentication method users consider secured, we found that they have chosen biometrics system more secured than the traditional password based authentication system. There are several reasons behind such choice. First of all, we noticed that most of the users don't want to use long and complex passwords as they feel it too tedious to memorize such words, rather they use simple words those consist of their name, pets name or some dictionary words. These can be guess easily. Passwords can also be hacked. There is also a possibility to disclose the passwords by some form of social engineering. One interesting finding is that in password based systems it is very easy for the system administrators to know the passwords of the users in his system, so he/she can misuse the information, for example in case of after being fired from job. But in biometrics system, the possibilities of such incidents are almost absent. Here the user can authenticate him without having additional knowledge or gadget that can get abused, lost or guessed.

Within several biometric methods, 41% participants have considered Fingerprint method as most secured. One of the main reasons behind such high value of Fingerprint may be most of our participants have dealt with fingerprint than any other methods. They feel well protected with fingerprint authentication system and thus consider it as most secured system.

In the response to the questions whether users think password would be sufficient where they have used biometrics for authentication majority of the participants (60%) responded with negative support towards password based system. The noticeably high support for biometric may be because people feel more protected by using biometrics and they don't consider password efficient to conduct their tasks, particularly in systems where users deal with sensitive data and do money transaction. This shows that beside security they also have found this system reliable to use.

An interesting thing came out from the survey that though users consider biometrics system more secure, reliable and wishes to have biometrics features in their personal devices; they prefer password based authentication system for login rather than biometrics authentication system. It might be because of the insult rate that biometric devices provide sometimes. The insult rate compels a user for several attempts for successful login. The adverse effects of biometrics makes user hesitant at frequent using of biometrics authentication system. For that reason users are still depended on password based system, despite the fact that they strongly believe that biometrics authentication system is more convenient, personalized and provides greater security. AuthenTec Inc. has conducted a survey on US consumers in 2008 and they have also found similar results [12].

5 Conclusions and discussion

5.1 Conclusions

From the analysis of our survey result we can conclude that, biometrics has acceptability among users in term of security. But biometrics authentication system has not gain popularity in day-to-day use in portable devices, because of behaviourally unfavourable response of biometric devices. We can thus conclude that users have interest on using biometrics authentication systems but due to lack of accuracy users still have not accepted it as their preferred authentication method.

5.2 Discussion

The use of Biometrics for person identification is definitely not a new buzz. The use of hand print and foot print is found in the history of 14th century china [9]. In his book 'Life on the Mississippi' Mark Twain mentioned thumbprints in 1883 [8]. History says London police started using finger print in 1900 [8]. Besides the use of password for authentication is also an ancient method as the use is found in ancient roman military. But the first use password in computers is found in MIT's Compatible Time-Sharing System (CTSS) in 1961 [13].

The password system rapidly became popular due to its ease of use, flexibility, performance, distinctiveness and most of all it is not costly. But it has a lot of problems. So, people tried to find out an alternative method and then biometrics got the attention as it solves most of the problems of password based authentication systems. Biometrics got the attention in the IT industry. Giant IT companies and manufacturers started investing after it. And the result has been reflected by the development of the technology in Biometrics today. The manufacturers are now developing biometric products focusing the general people. As a result, finger print and face recognition method for login to laptop is in market since last couple of years. And mobile phone with finger print sensor is now not only seen in the Hollywood movies [14]. But after all of these there are some issues those are acting as obstacle to the rise of acceptability and popularity of these biometrics methods over traditional authentication methods.

From the result of our survey it is clear that the users can feel the essence of Biometrics and they think that it is necessary also it is more secured than the traditional password based authentication methods. But due to some problems they are avoiding or bypassing using Biometrics. We have found out some interesting issues like - despite having finger print recognition based login system he/she is using password prompt only because he is scared whether the finger print module get damaged due to frequent use. Some users think that using Biometrics for log in to his pc is a slow process. Some users are also scared to stand in front of retina scanner. Most of the users are avoiding facial recognition as it requires adequate light. And they do not want to disturb his/her root mates by switching the light on of his room while login to their laptop.

While talking about pros and cons of Biometrics in large and in small systems we can discuss from two different perspective - positive recognition and negative recognition [2]. Biometrics can be used for user identification as well for user verification.

In case of positive recognition PIN code, Password, ID card etc are usually used for user verification. But all these methods have a lot of problems. For example, passwords are easy to use but it can be guessed easily. Though it is always suggested to use long password and change it frequently but as it suffers the users to memorize they try to use simple passwords. "A survey of 1,200 British office workers in year 2001 found that almost half chose their own name, the name of a pet, or that of a family member as a password" [2]. It has also maintenance cost. "According to the Gartner Group, between 20% and 50% of all help desk calls are for password resets. Forrester Research states that the average help desk labour cost for a single password reset is about US $38" [2]. Besides, ID card or token can be stolen or shared and in these cases the system has no way to trace that whether this is a real user or not. Biometrics solves all these problems. It cannot be lost, shared or forgotten. It also solves the problem of false repudiation. In this case it is just needed to calculate whether the biometrics is cost effective then the existing user verification process.

In case of negative recognition, where a system want to identify an user or check for his background information Biometrics faces some problems, though "traditional personal recognition tools such as passwords and PINs are not at all useful for negative recognition applications" [2]. Ross Anderson has discussed the problem of using biometrics in large systems. He considered two systems: banking system and issuing citizens with as ID card that includes machine readable fingerprint or iris scanning [8]. In banking system the main application of biometric would be to identify its clients while they are committing transactions or are accessing their account profile. Here the problem is 'High Error Rate'. As a typical fingerprint scanner get wrong about 1% of the time. Now to reduce false alarm the amount of missed alarm will increase. It is called 'fraud'. Again problems remain the same for issuing national ID card including biometrics features. Moreover it is involved with mass people, their cultural belief and religious constraints should also be kept in mind. Sometimes people also don't want to use iris scanning about being scared of damaging their eyes. Another thing that is applicable for both the large systems is slow processing time. Here needs a large number of complex comparisons for person identification. So, the query time becomes much higher than that for password system that makes the whole system slow. An interesting comparison can be shown between the FMR (False Matching Rate) and FNMR (False Non Matching Rate) for a system in identification mode and in verification mode. To find out 100 people from a database (database size 100) FNMR and FMR rate for fingerprint system in verification mode is 01% and 0.001% respectively. But the rate of FNMR and FMR for the same system in identification mode is 1% and 100* 0.001%=0.1% respectively. So it shows that in identification mode the value of false matching rate increases noticeably [2].

5.3 Suggestions for future Research

While conducting our research work we were confined mostly on students. We could not include the opinion from people who are working in corporate and in sensitive areas of an organization. So it might be interesting to see what they think about the acceptability of biometrics. Besides, we have conducted our survey in a developed country. So, it might also be interesting to see what people from under-developed and developing countries recon. It will also be interesting to see an acceptability comparison between the Unimodal and Multimodal biometrics system.