Biometric technologies have been used as a means of authentication for millennia. But how could the technologies of the present evolve, and what forms could biometric authentication take in the future? In this blog series we aim to explore the current potential, the possible future, and potential inspirations found in popular entertainment and the growth of AI.
What biometrics are available today?
All authentication relies on having an approved list of credentials against which a user can be checked for a match. Having a multitude of markers or complex markers that need to be matched creates safer and better secured authentication, which biometric credentials can provide.
Traditionally, biometric data has been limited by the relatively simple comparisons or checks made by humans for authentication, and only recently have computers been part of the process. With the rise of artificial intelligence and machine learning, the biometrics we can measure has increased considerably. This has made forgery or spoofing harder to get away with.
What are the current forms of biometric credentials, and what are their strengths and weaknesses?
According to the UK National Cyber Security Centre (NCSC), the five most common types of commercially available biometric recognition systems are fingerprint, voice, iris, vein pattern, and facial.
Fingerprint biometrics
Fingerprint biometrics use analysis and comparison of the tiny skin ridges that form each person's fingerprint pattern. This can be done with contact sensors, photographs or impressions, or even capacitive sensors detecting changes in an electric field when pressed. While fingerprints are unique, it is not impossible to create a forgery, and fingerprints are sometimes left on surfaces that are touched. These could be obtained covertly and used to undermine the original credentials. You can read more about the history of fingerprinting in our blog.
Speaker or Voice biometrics
Voice and Speaker biometrics are either text dependent or independent. Simply put, a text dependent system relies on knowing the correct password or phrase, while a text independent system uses vocal patterns and pitch. Unfortunately, these could be imitated by mimicking the speech of a known user, or a recording could be made and replayed to fool authentication. These methods can be made more secure by implementing complicated or frequently changing passwords and phrases.
Text dependent passwords were used in ancient times, with a literal word to pass a guard or gate. More recently they have evolved into a password requiring a response word to authenticate. During the D-Day landings in 1944, the Allied forces, especially paratroopers, used the phrase 'flash' with the response password 'thunder'. This was in case they encountered isolated or out of position units, which was expected due to the scale and unpredictability of a paradrop. The word 'thunder' was also chosen due to the difficulty of pronouncing the 'th' sound by German speakers — this sound does not appear in the German language — creating an added level of security.
Text independent passwords rely on the cadence and inflections of speech rather than the actual words spoken, although certain complex phrases may be chosen to provide more markers to check against. Last year, HMRC implemented voice biometrics to streamline call centre security checks and enhance security.
Iris biometrics
Iris recognition bypasses eye colour melanin and relies on iris patterns. By using infrared light which makes iris melanin transparent, the patterns become much clearer. Recognition algorithms can provide precise analysis of the pattern and is often used where there are large populations as it gives a very low rate of false matches. Initially, early systems could be fooled with photographs of eyes, but more advanced modern systems use a liveness detection feature which detects changes in the eye, such as pupil movement, dilation, or reflections. This biometric is often considered the most accurate due to the unique structure of the iris, and the markers that can be created from it. In 2022, Professor John Daugman's pattern recognition algorithm, which has been used by most publicly deployed iris recognition systems, has over 1.5 billion people enrolled onto iris recognition databases.
Vein Pattern biometrics
An infrared light is shined on a body region such as fingers, wrists, palms, or the back of the hand. The internal vein patterns are then recorded by photographing the reflected light, or by photographing the infrared light as it passes through the body tissue. This works because blood vessels absorb the infrared light more than the other body tissue, so it appears darker. These systems are believed to be very secure due to two main factors:
- The vein patterns of the user are unique, like fingerprints and irises.
- The difficulty of fabricating a fake vein pattern biometric marker of someone else. This is because vein patterns are not immediately obvious and aren't left on surfaces as they are beneath the skin.
However, there is limited data about this type of system due it being a relatively new technology without the reliability of other techniques. For example, the American Federal Bureau of Investigation (FBI) and Central Intelligence Agency (CIA) use vein matching techniques, but only as part of or as supporting evidence to other existing techniques.
Face biometrics
Facial recognition is an older form of authentication that has been given a new lease of life thanks to AI. Traditionally, a visual comparison between an individual and a photograph on documents such as a passport or driving license has been one of the most common methods to prove credentials. However, with advanced recognition algorithms and high-definition video capture, facial recognition systems like Tensor's are becoming increasingly advanced. Complex calculations measuring distances between facial features can now be done on live video footage, with results and matches displayed in real time. While it may have been possible to fool a human by disguising yourself as a person in a photograph, this is much harder to do to a computer analysing multiple image captures against specific markers.
Are biometrics the credentials of the future?
Biometric authentication has been on the rise in line with advances in technology. Common biometrics used today are unlocking phones or accessing apps via fingerprint or facial recognition, police live facial recognition cameras, call centre voice biometrics, and, increasingly, ePassports and eGates. Tensor's facial recognition systems work for our Access Control and Time & Attendance solutions and have been well received by many of our customers, including Euroglaze.