Ingenium Biometrics and the UK’s Center for Protection of National Infrastructure (CPNI) have jointly released a new report to help formalize the process for organizations to ensure their security systems are effective.
The report explores applications of biometric authentication in automatic access control systems (AACS) with the aim of encouraging “knowledge sharing in the pursuit of increasingly secure and resilient systems.”
The document begins by describing the different types of AACS and their traditional components, including devices such as tokens, readers, and keypads, as well as biometric sensors and processing applications that fall under the category of control systems. automatic biometric access (BAACS).
The second section of the report presents the operational requirements that must be considered when selecting and evaluating the use of a biometric system. These include access control boundary choices, biometric system performance, as well as user usability, cost, and compatibility.
In this section, Ingenium and CPNI also specify that biometric authentication can be single-factor (biometric only) or multi-factor (token and biometric). The report covers various biometric modalities used for access control and explains the basics of multi-factor authentication for additional security.
“For low security environments, it might be sufficient to use biometrics alone (single factor solution),” the document reads. “For higher security environments, biometrics should be used in conjunction with other authentication factors such as a smart card token (multi-factor solution).”
Among the strengths of using a biometric system to authenticate with an AACS, the report highlights the fact that biometric information cannot be shared (except via a presentation attack), lost or stolen, like a physical token can be. Nor can it be forgotten or guessed at how a knowledge-based authenticator can and is unique to the person.
Additionally, Ingenium and CPNI claim that biometrics is the “only way to be certain of the physical presence of the enrollee.”
However, the report also explores the challenges of using biometrics for authentication, for example, that the process is “inherently probabilistic”.
“This means that the biometric comparison is not between two things that should be the same (like authentication using a password or a cryptographic key stored in a smart card), and it introduces an underlying error in the system.”
These errors can, however, be minimized by following a series of steps, the report says.
These include ensuring that good quality data is captured and a high quality model is created, training the user population on how to present their biometrics to the sensor, understanding the trade-off between security and performance and to ensure that an appropriate biometric system is selected for the operating environment.
The second section of the report also explores threats to biometric systems, with a particular focus on presentation attacks.
“To mitigate this, the biometric system must have liveness and presentation attack (PAD) detection capabilities. The performance of the PAD capability should be part of the performance evaluation.
Section 3 of the CPNI report covers the process of designing a biometric AACS and preparing the system for implementation.
It considers the key components needed to create a biometric AACS, including enrolling biometric characteristics, selecting a multi-factor solution, determining operating conditions and managing enrollments, storing templates, and data security.
This is followed by a section dedicated to choosing a biometric modality, which analyzes the recognition of the face, fingerprints, iris and the veins of the palm and fingers. This part of the report also explores privacy and data protection legislation designed to ensure the security of biometric data, as well as exception management practices.
Finally, the CPNI ends with two sections on the installation and maintenance of an AACS including biometrics.
The report of collaboration between CPNI and Ingenium Biometrics comes nearly a year after the company was selected as one of the providers of trial assistance services for the immigration self-registration program of the UK.
access control | authentication | biometric liveness detection | biometrics | CPNI | Ingenium Biometrics | multi-factor authentication | presentation attack detection