Difference between revisions of "Behavioral biometrics"

From SI410
Jump to: navigation, search
Line 68: Line 68:
 
[[Category: Software]]
 
[[Category: Software]]
 
[[Category: Services]]
 
[[Category: Services]]
 +
[[Category:2020New]]
 +
[[Category:2020Concept]]

Revision as of 13:44, 17 March 2020

Behavioral Biometrics refers to the study of measuring analyzing patterns in human activity to identify individuals with an exceedingly high degree of accuracy. Patterns include keystroke, speech, gait, signature and cognition, helping capture an array of human interactions between a device and an application. By measuring how consumers hold phones, swipe screens, use keyboard or gestural shortcuts, software algorithms build a unique user profile, which is then used to confirm an individual’s identity. Hence, behavioral biometrics focuses on how an activity is performed rather than its accuracy in order to test it authenticity. For example, despite a user’s password being entered correctly, the system tests the user’s typing speed or transitions between keys to determine validity. [1]

Behavioral biometrics is currently used on several platforms including online banking, e-commerce, and high-security authentication. [2] It helps create an additional and continuous layer of identity assurance and security. As greater number of applications progress to the online space, there is higher consumer demand for the ability of functions in their digital worlds to match their physical worlds, resulting in its growing popularity. However, behavioral biometrics faces several ethnical challenges with regards to confidentiality and privacy concerns.


Key biometrics for consumer applications

History

The initial use of behavioral biometrics to measure patterns in human activity dates back to the 1860s with the invention of the telegraph. In World War II, allied forces would use the telegraph to verify legitimacy of messaged received by testing the method of transmission. In the 1960s, the advent of computers allowed for the first model of acoustic speech production followed by the earliest signature recognition system. Today, behavioral biometrics extends beyond signature, voice and speech, as modern systems are able to identify an array of data and end-point interactions. [3]

Mechanics behind Behavioral Biometrics

Though computer algorithms for biometric technology are complex, the base process is relatively straightforward, as laid out by the following steps: [4]

Simple diagram showing the main logical block of a biometric system
  1. Data acquisition module – an individual’s raw unique biodata (face scan or fingerprint) is collected through a sensor and stored alongside information such as name or identification (ID) number.
  2. Rescanning – once an individual is placed in the system and they try to access the locked application, they must rescan the feature.
  3. Feature templates – the computer algorithm performs a one-to-one comparison of the captured scan sample and the previously stored data.
  4. Identification – the system performs several comparisons with the extracted data and feature templates existing in the data base to find a match. The result then validates the claimed identity, hence unlocking or restricting access to the task.

Recent developments in advanced technology such as deep learning enable the process to become more user-specific, allowing artificial intelligence to identify and model aspects of a user’s behavior that are most unique. This leads to better differentiation between users resulting in better performance of the overall system.[5]

Use cases and benefits

Continuous Authentication

The nature of data capture in behavioral biometrics ensures persistent or continuous authentication. In comparison, legacy authentication, referring to protocols using basic one-step authentication, only verified user’s identity at one point of time and not thereafter. Continuous authentication provides assurance of an individual’s identity at all times, thereby fulfilling a crucial gap in many current security systems. Continuous authentication provides a layered security system through PINs, card access, two-factor authorization, and periodic forced password changes. [6]

Risk-based Authentication

Behavioral biometrics is key in increasing risk-based authentication particularly in web-based transactions and mobile platforms. Risk-based authentication ensures the data retrieved is analyzed in conjunction with other relevant authentication methods. For example, when a smartphone user accesses a banking application through username and password information, authentication mechanisms also investigate:

  • Behavioral qualities of the data (typing speed, touchscreen interactions etc.)
  • Supporting contextual factors (IP address, geolocation etc.)
  • Historical behavioral factors (typical timing of user access, prior access patterns etc.)

The combination of these factors ensures the individual accessing the platform is an authorized user. Hence, behavioral biometrics provides several tiers to existing ID techniques to ensure maximal certainty for identity decisions.

Behavioral biometrics technology offers robust anti-fraud measures to protect users against violations by providing a holistic picture of a biometric identifier. The system’s flexibility, convenience, efficiency and security allow for identity verification and protection without interrupting user’s experience. [7]

Privacy concerns and ethical implications

The convenience of unlocking your phone with facial recognition or purchasing an app with the double-click of your finger is undeniable. One of the biggest benefits of biometric signatures is that it is unique to each individual and cannot be altered over time. Ironically, the unchangeable nature of the system is also one of behavioral biometrics’ biggest vulnerabilities because if a user’s biometric data has been breached, it is comprised forever.

Privacy implies that users are predominately in control over how and when they are represented to others. However, behavioral biometrics infringes on that fundamental principal as users do not have control over the collection, storage or use of their identity. Hence, though field of behavioral biometrics exemplifies numerous benefits, it also faces several outstanding ethics and privacy questions and concerns. [8]

Storage

Secure data storage is vital for behavioral biometrics given the level of personal and unique information collected from each individual. The hacks of Chipotle and LinkedIn highlight that despite high-level secure measures taken to protect user’s information, data breaches can occur. Despite the security of the system, biometrics sensors can be deceived, making readings inaccurate. For example, DeepMasterPrint, created by machine learning technique, highlighted that it is possible to exploit biometrics’ systems by hacking cellphone fingerprints with an error rate of one in five. Since biometrics is a fast-growing form of authentication, the method of data storage is essential to protect user’s privacy. [9]

Exposure to third parties

The storage of large amounts of data in databases makes biodata more exposed to access by malicious third parties. An example of this is the Aadhaar card in India, one of the world’s largest biometric databases consisting of 1.2 billion enrollments. The system is a 12-digit unique identity number issued to all citizens, requiring the collection of citizens’ fingerprints, retina scans as well as their face photos. Originally, it was originally meant to be an optional program for citizens, but it is now a standard in order to receive school meals or open bank accounts, making its participation a mandatory function in society. Several non-governmental agencies were able to access the database for purposes without user’s consent. [10] Though its use as a substitute for photo-ID is beneficial, it introduces several dangers including threat to privacy, unethical use of data for AI software development and potential to turn the system into oppressive surveillance. Hence, behavioral biometrics allows for the unauthorized use of personal data that can be manipulated and used for private purposes. [11]

Regulation

As behavioral biometrics is a novel technology that is rapidly growing across several industries, the government is struggling to enforce regulation, which comprises user’s security. There are regulations specifying how biometric data can be recorded but limited laws surrounding its storage and protection. Furthermore, there is lack of clarity of what falls under biometrics and if all forms of biometric data should be evaluated the same. As a result of loose regulation, technology companies are using the freedom to introduce new ethnically contentious technologies with concern of user privacy. [12]

Biometric technology has the potential to become more efficient, but its ethical implications also need to be considered. The obscure methods of biodata storage, vulnerability to abuse by third parties and lack of regulation leads to greater potential for violation of user’s personal information. Behavioral biometrics delivers technological advancement in the identification and security industry but with that power comes the vital need for accountability and close ethical inspection.

See also

Artificial Agents

Artificial Intelligence and Technology

Face Recognition

References

  1. Introduction to Behavioral Biometrics - Article by the International Biometrics Identity Association 2005
  2. Applications of Behavioral Biometrics - Article by Stacy, Cowley, New York Times 2018
  3. History of Behavioral Biometrics -1858 - 2013
  4. Behavioral Biometric Authentication and Recognition Process
  5. AI in Biometrics and Security
  6. Continuous Authentication Using Behavioral Biometrics, article published 2013
  7. Online Risk-Based Authentication Using Behavioral Biometrics, published in 2013 (Springer)
  8. Ethical Issues in Biometrics – published by Isaac Cooper, M.S.; Jimmy Yon, M.S. in 2019 pg. 1 - 7
  9. The Aadhaar Card: Cybersecurity Issues with India’s Biometric Experiment (May 2019)
  10. The Biometric Threat, CPO Magazine (2019)
  11. Ethical Issues in Governing Biometric Technologies by Margit Sutrop pg. 102-114