Biometrics Books

This is a great book about verification systems that use biometrics. It covers all the bases and provides insights that most of us would never think about when selecting a biometric technology. This book includes easy to understand explanations of how the technologies work and it also provides sections on deployment at an enterprise level. I don't think there is any form of verification here that the author didn't cover. Apparently there is bioverification technology in the works that will verify you based on your scent. I think this is less a "verification" technology and more so one of "surveillance". Perhaps a bit sci-fi, but it's good for a book to elucidate where technology is heading. So, the book is good in that respect as well as explaining clearly where things are today. My company is in the process of building a secured computer forensics laboratory area in our building that will control and monitor access, this book provided some very useful insights and raised my level of awareness with respect to intrusiveness or non-intrusiveness and the accuracy and speed of the different technologies. In my humble opinion, iris identification seems to be the best as a secured access control. But that is just my opinion and you'll have to read the book to formulate your own!

I like this book. The author did a great job covering the complete scope of biometric verification systems. This is a one-stop-shopping treatment of the state-of-the-art systems and gives the reader a perspective of not only the technologies, but the susceptibilities and emerging security risks and tradeoffs. Reading this book made me realize that not only will IT security analysts and engineers have interest, but that criminologists will find this extremely insightful and helpful. Written in concise, easy to read format. Highly recommended.

Security managers will welcome John Vacca's comprehensive, practical volume on biometrics, i.e., automated methods for identifying someone or verifying someone's identity, based on the person's physiological or behavioral characteristics. Biometric technologies offer reliable, accurate, and practical methods for the automated verification of identity. The applications include health and social service programs, passport programs, driver licenses, electronic banking, investing, retail sales, and law enforcement. As such, this book is sorely needed.

The use of biometrics to secure valuable information is a necessity. This book provides insight into the implementation of this incredible methodology.

Biometric Technologies and Verification Systems by John Vacca provides a great source of information on the latest physical recognition systems, committees and emerging standards. The book is rich in easy to comprehend discussions of the various recognition technologies and how they work. The book also describes deployment and implementation strategies along with social, privacy, economic and legal considerations. If you want to know about Biometric Technologies, this is the book to read.

Are you a biometrics application developer or system integrator? If you are, this book is for you. Editors Anil K. Jain, Ruud Bolle, and Sharath Pankanti, have compiled an outstanding edited book with contributions from dozens of expert authors in the field, that help disseminate the technological aspects and implications of biometrics.

Jain, Bolle, and Pankanti, begin with a brief overview of the biometric technology and the research issues underlying the biometrics-based identification applications. Next, leading experts and pioneers (Lawrence O'Gorman, John J. Weng, Daniel L. Swets, Richard L. Zunkel, John Daugman, Robert "Buzz" Hill, Vishvjit S. Nalwa, Joseph P. Campbell Jr., Francine J Prokoski and Robert B. Riedel) of biometeric technology, describe a particular biometric: its characteristics, the specific problems underlying the design of an identification/authentication system (based on that biometrics), performance evaluation of the existing systems, and open issues which need to be addressed. Then, the leading experts and pioneers (M.S. Obaidat, B. Sadoun, M.S. Nixon, J.N. Carter, D. Cunado, P.S. Huang, S.V. Stevenage, K.C. Persaud, D-H. Lee, H-G Byun, Mark Burge, Wilhelm Burger, Norah Rudin, Keith Inman and Gustavo Stolovitzky) describe biometrics which are not yet commercially available, but which are under active research for on-line identification: keystroke dynamics, dait, odor, ear, and DNA. Author Robert S. Germain continues by addressing the research issues underlying design of a large identification and authentication system. In addition, authors Lin Hong and Anil K. Jain, deal with biometrics integration issues. Author James L. Wayman, also describes issues underlying performance metrics and fair evaluations. Then, authors Nalini K. Ratha and Ruud Bolle, discuss related integration issues in the context of smartcards. Finally, author John D. Woodward, Jr., discusses privacy and security issues.

This excellent book encompasses the social, legal, and ethical issues, which are crucial to society's accepting the ubiquitous application of biometrics. Along the way though, most of the material covered in this book should be comprehensible to anyone with a moderate scientific background.

This book covers the whole field of biometrics in 19 articles. The articles I read are very well written and have lots of references for further study. I highly recommend the book for those who want a medium depth introduction or details about some specific biometrics.

Este excelente libro contiene un amplio compendio de todas las tecnologías biométricas existentes actualmente. Se dedica todo un capítulo por cada biométrico y estos fueron escritos por diferentes autores. Contiene algunos algoritmos de cada tecnología. La biometría, identificación automática por medio de algún rasgo físico o de comportamiento único de cada individuo, será la llave del siguiente milenio. Ya hacia falta un libro con toda esta información.

As the IT Director of a manufacturing company, I need to understand the implications and uses of Biometrics. This book clearly explains what Biometrics is, in an esay to understand format without it over simplifying the subject.
I would (and have) recommend this book to anyone.

This book offers a very good technically accurate and in depth description of current biometric research in palmprinting. Not only is the author's writing style easy to understand, but the overall structure of the book follows naturally. Because of this, this book can be read and understood with ease by any high school and university students wishing to broaden their understanding of palmprinting. The author starts of with a very nice and straightforward introduction to biometrics, relating back to history, and moving forward to palmprinting and its significance in today's society. The best part is that the author explains in such details and starts from such basics that there is no way that the reader could get lost in some difficult to understand concepts or unintelligible mathematical formulas. Overall, this book is great and deserves a high rating and a recommendation.

Under the guise of National Security we are slowly giving up our freedoms. Certain rights that we let carelessly, steathly slip away..until now, when the disappear! Overnight...This is only fiction...right?

As part of the Real ID Act of 2005, the National Identification System is created for American citizens as an anti-terrorism measure. The government goes into overdrive, collecting personal information to be stored in a highly secured database. Another part of the law mandates the injection of a RFID (radio frequency identification) chip in all American citizens, and all visitors to America, where that information will be stored. There are all sorts of safeguards in place to prevent misuse of the system, headquartered in a secure portion of O'Hare Airport in Chicago.

The system also has a much more evil, and extremely Classified, purpose, one which is accidentally discovered by mid-level systems analyst Brian Warburton. He copies the information on to a CD-ROM, and manages to get rid of it, just before he dies of a "stroke." This happens on the day before the law, and the mandatory RFID injection, is supposed to take effect. It falls into the hands of Jacob Reed, local TV reporter. Along with Anna Tabor, a young woman who flew in that day from Poland, and into whose luggage Warburton put the CD-ROM, he keeps one step ahead of police and federal agents looking for them. Can Jacob and Anna get this information on TV to warn the American people in time?

This book certainly gives new meaning to the phrase "ripped from today's headlines." It's a very spooky, and very well-done, story that will give the reader plenty to think about. It is recommended for everyone, but especially for those who think that implanting people with RFIDs, as an anti-terrorism measure, or as the next step in personal information storage, is a good thing.

Rebeccasreads highly recommends THE CATTLE as a disturbing tech thriller for anyone who has pondered the issue of a national identity sytem.

Even though this book is badly in need of an editor whose first language is English, the premise of THE CATTLE overcomes any & all its shortcomings.

As with all good science fiction, it may only be fiction, but the truths within it cannot be denied.

The War on Terror, launched immediately after the terrorist attacks on September 11, 2001, has certainly had one unintended consequence: it has forced writers of contemporary thrillers to stay on their toes. You can't, for example, remain relevant if you're still writing a story about a smallpox plague unleashed on America's cities by Al-Qaeda sympathizers. That time came and went with the anthrax scare back in 2001 (if you still want to read a great fiction novel about terrorism and smallpox, however, check out Thomas Hopp's "The Jihad Virus".) Now the latest sensation revolves around invasion of privacy concerns, thanks in no small part to the NSA telephone records debacle. Our government is spying on you, American citizen! Well, not really--they're targeting terrorists despite all the blather to the contrary pumped out by the media. But that time may well come if the elites feel that their privileged position in our society is in danger. Then you'll likely see the most draconian measures enacted against both terrorists and "internal subversives," with the full backing of the national security organs, Congress, and the Supreme Court. Perhaps then what we see in Greg M. Sarwa's "The Cattle" will become a frightening reality.

"The Cattle" takes the reader to a disturbing place, a place in which the American government has passed "The Real ID Act of 2005" in an effort to provide greater security for the populace. What's it mean? Simple: everyone in the country must receive a Radio Frequency Identification microchip in order to move around in society. The chip will store personal information and act as a fraud proof identity card. Neat. One hopes they have ironed out all the kinks or else a lot of those annoying beepers will go off at department stores and libraries around the country. Seriously, the idea sounds good on the surface, and the technology and agencies exist to implant and monitor the chips. What a minute--IMPLANT? Yep, that's the catch. The RFID chips are implanted in the user's skin. Hmmm. There is sure going to be a lot of talk about the mark of the devil and all that nonsense. Also on the menu for discussion should be concerns about invasion of privacy. Too late. In Sarwa's book, the act has already passed and the process is just hours away from full implementation. The fat lady has, sadly, already sung. It's all over except for the totalitarianism.

The warning bells go off when a worker at O'Hare airport in Chicago accidentally stumbles over several highly classified government documents detailing some sinister goings on over at the Department of Homeland Security. He copies the files onto a CD and, before he perishes from a very convenient stroke, manages to stick the disc in the luggage of one Anna Tabor, a Polish immigrant just arriving in the United States. Also involved in the mix is Jacob Reed, a big shot reporter who learns about the odd event at the airport from a local cop. Soon, the cop dies in a similar way. Reed's investigation eventually leads him to Anna and the race is on to figure out exactly why government agents are dropping out of trees all over Chicago. Trevor Clifton, a high level bureaucrat working out of Homeland Security, understands the full implications of what's on that CD, and he'll stop at nothing to plug all the leaks before the truth shows up on the front page of the evening newspaper. You see, the RFID chip is more than an identification marker. It's more than a storage site for personal information. It's far, FAR more sinister than we can ever imagine.

I loved this book, but I always love stories full of conspiracy, action, and evil government bureaucracies run amok. Sarwa's book delivers on every cylinder in this respect, and he gives us the goods in a short read full of lean prose that gets to the point in a hurry. The best part of the novel is its overall plausibility. It's not difficult at all to believe this could happen. The technology exists, as any visit to a department store that uses RFID chips to track and protect merchandise will attest. You don't think the American public would ever endorse the implantation of a chip for "security" reasons? Think again, especially if the terrorists hit us hard with chemical, biological, or nuclear weapons in the near future. Two towers fell in New York and they were already trotting out plans for a national identification card. Heck, I've heard stories about some employers wanting to implant chips in workers for various reasons. Believe me, when you see people around you dropping like flies from dirty bomb fallout or smallpox, most of your fellow citizens will willingly go along with the chip implants if they think doing so might prevent further carnage.

"The Cattle" will have you thinking long and hard about what the future may hold for us if further attacks occur. The novel will also make you question just how much we ought to rely on our friendly big brother, the government, to save us from the world's ills. Lastly--and I just have to throw something in about this--Sarwa's little gem of a story will leave you gasping for breath thanks to its nihilistic conclusion. Have you ever seen the films "My Little Eye" or "Fallen"? If you have, you know that both pictures end on a downbeat note where no hope for salvation exists from an all-encompassing and powerful evil. The reader will find something very similar at the conclusion of "The Cattle." Sarwa obviously believes the country has already gone too far down the path to ultimate servitude. Perhaps he's right. In my darker moments, I agree with him. I hope and pray we're both wrong.

I had big hopes for this book. It sounded like it would be a great story. However, it fell flat quickly and never got up.
It is obvious that English is not Mr. Sarwa's first language. Not that there is anything wrong with that, but the dialog suffers because of it. To say that the dialog comes across as cheesy would be an understatement. The dialog is just too forced and unnatural.
The book is too short and everything happens before you even get a chance to know your characters.

I don't know where all these 4 and 5 star reviews came from. Did they read the same book? Maybe I got shipped only half of the book?

I think had Mr. Sarwa spent more time on this book it would have been a great read.

This is primarily an algorithms book, though perhaps the authors might resist such a characterisation. By this I mean that there are detailed descriptions of how various biometric systems do pattern matching. These vary from iris recognition systems to fingerprint matching systems and face recognition methods.

The iris and fingerprint methods seem well established. Certainly, fingerprint matching is now a mature discipline. Where automated methods not only speed up searching of millions of fingerprints, but they also remove a lot of subjectivity.

Face recognition is still a work in progress. Much harder. The idea of a "face space" arises - the set of all possible images of faces. Where these might be three dimensional. Though much effort is expended on two dimensional images, since these are what the vast majority of cameras produce.

Considerable space is devoted to testing the above methods. Important in order to assess efficacy of new methods and to measure any progress in these fields.

Biometric Authentication has become a first-class, full-fledged, field of study with its own diverse composite of foundational technologies at its core. As is the case with any "highly-interdisciplinary" field, the challenge for textbook authors is to present a body of work which provides an adequate scope of material while at the same time providing adequate detail for that body of knowledge.. Wayman and company with this current work have met that challenge admirably.

This book provides a wealth of pertinent information, results, and lessons learned along the way in the research, development and deployment of biometric systems worldwide. The contributors include researchers and practitioners who have been involved in the field since the very beginning. All of the popular person recognition modalities are examined including fingerprint, face, speaker, and iris, as well as large scale system design and integration issues. Also covered are evaluation, testing, and the all important societal privacy issues from both the US and European perspective. The text comprehensively and coherently addresses the material at a surprisingly accessible level; the majority of the material can be readily understood without an advanced background in higher mathematics or computer science.

I highly recommend this book for beginning and intermediate level biometrics professionals requiring comprehensive knowledge of this relatively new field. It also provides a wonderful jumping-off point for further study and exploration.

This book provides a good coverage of the technology,
methods, and the core ideas of four leading biometric
systems. The various real-world applications for these
systems, the performance, current state of art are also
described in details. It also discusses the benchmarks
for comparing the performance and for system
improvements.

This book is easy to understand for readers who are
completely new to world of biometrics. It provides
user an overview of each system, their practical
drawbacks, providing the reader an idea of what
technology to choose for a particular type of
application and enough information where he can
relatively make a choice of which technology to invest
in taking into consideration the time of deployment,
cost etc.

There is a lot of mystery and myth concerning biometrics and the authors did a good job of exposing the facts and revealing the truth. "Implementing Biometric Security" breaks down the various forms of biometric technology into easily understandable blocks of information. Very few books breakdown the different forms of biometrics to the point that this one does. This is a true guide in helping you choose between biometric authentication systems. I'd recommend it a must read prior to investing time or money into a biometric business solution. The book is chock full of data. I found myself learning something new on almost every turn of the page. The good news is that I found it a fairly easy read and a great reference book. As a bonus, there is a companion site that has some readily available programs to get your biometric effort up and running. An excellent book for your work or personal IT library.

This is an immensely informative and practical reference, which is pleasantly surprising - at first appearance it looks like an academic (i.e. theoretical) work.

The authors' premise is that biometric systems, relying on fingerprints, retinal scans, speech patterns and facial thermography, are a highly effective solution for the problems of network security and authentication. He then explains how to assess the most effective form of these biometric methods which will meet an organisations' needs, how to implement such systems and understand their overall strengths and weaknesses.

Although security is a highly-important issue, the contents are of value to those interested in biometric systems in general - for example, this is a technology of interest to labour-hire organisations. Such companies may place many hundreds of casual employees on remote client worksites and need verifiable means to determine the employee's attendance and hours worked - in short, an unfoolable version of the old "time clock" punch-card system.

The authors detail at length the foundational mathematics or principles behind each biometric system covered, and spend equal time describing genuine implementations - using readily available (commercial) hardware and software. Helpful screenshots, tables and diagrams accompany these practical components and give full confidence that the reader can reproduce the results themselves (with the appropriate hardware and software, of course). For software developers, sample source code is also provided showing how the biometric devices can be managed from within Visual Basic programs.

Completing the book is a companion Web site with updated source code, articles and case studies.

For those who see value in biometric systems within their organisation - whether for secure authentication or other purposes - this book is a welcome and useful reference, replete with expert advice and guidelines. It is definitely a "must read".

I read the book from front to back and tested myself on all the questions. Passed it earlier today. My test version was SYO-101 (2007 Edition). There is a lot information to digest for this exam. The 5 Domains of Security were covered well and easy to read. Not an exam for someone just starting out in IT. I currently have my CCNA, A+, and Network+, with 9 yrs of experience in the field.

Read book cover to cover and watched the video training and passed the test with a 872

In general when studing for any certification, no one book should be considered as the only source of information. If one book, however, is going to be the source for studying for the Security+ Exam, I would recommend reading this one cover-to-cover and take each of the practice questions very seriously as some questions are very close to the ones actually given in the exam. I found the Video Training that is included was not really worth watching. In addition to being a study guide for the Exam, I would recommend keeping it is a reference for the future. The granularity of detail goes beyond that which is needed for the Exam but can be a great help down the road as a Security+ professional.

This book is covers the topic of Security in depth. It is very methodical in how it presents the material and it was a huge part of my success during the exam. I passed with an 813

Pros - Go to the publishers site Syngress and check the price nine bucks. Very thorough and concise with very few errors. Helped me pass the Exam

Cons - 720 + pages, The DVD is worthless.

Recommendations - get the Exam Cram in addition to this book and MAKE SURE you buy the Exam Cram Practice Questions Book. It contains 700 questions from Measure up that is money well spent!!

This was the 3rd book I used to study for the Security+ exam. I started with the Mike Meyers book for security+, which was a good starting point for anyone just starting out on the subject and it's concepts. I then moved to the Sybex book.

The last book I picked up was this book. I found it to be very informative and interesting. The one great thing about this book is how in depth they get into the subject of Security.

I think this book goes past the scope of the exam. This book is not meant for those who are study for just the Security+ objectives. I think this book is for those who are more interested in the subject on a larger scale.

The last thing about this book I can say is that this is not a book to start with. If you are just starting out with security concepts and have no experience or study of any other kind then I would suggest you start with a different book and work your way up to this one.

In regards to the DVD... I watched the first 3 chapters and I was bored to tears. I thought (from what I had seen) that the DVD was a waste of time.

Luke - A+, Network+, Security+, MCP, CST, CNST

This book benefits from the fact that the field of biometrics is new and immature, with very few published books that explain the technology from a laypersons point of view.

This book is written for IT novices. It is NOT written for engineers. People that are interested in deeply technical descriptions of how the technologies work will be disappointed by this book. It is as simple as that.

This book takes a very complex subject and makes it easy to understand. It provides a solid understanding of the various biometric technologies, how well they work, and how they can and should be used. However, the best part of the book is its extensive and balanced treatment of biometric privacy issues - an often misunderstood topic that has generated much controversy.

Since 9/11, biometrics security, once relegated only to pages in magazine such as Security Management, is now a prime-time subject. While biometrics is not the cure-all many have made it out to be, it is an important area within information security.
The Wiley Tech Brief Biometrics: Identity Verification in a Networked World is an in-depth (but not too overbearing) and effective introduction to biometrics The book gives the reader a solid base on what they need to know about the technology, the biometric industry and the many challenges involved with implementing a biometric solution.

The book is an in-depth look at biometrics, focused on critical issues such as accuracy, privacy, technology capabilities, and cost-effective deployment. The book shows why organizations are looking at biometrics for user and consumer authentication. The book provides a broad conceptual understanding biometrics, and ends with a look at the factors involved when designing and deploying biometric-based systems.

This books is for IT novices. It is NOT for engineers. If you want a book that gives a high level overview, this book is OK for that. If you want technical details about how the technology works, this book is not for you.

The guys from IBG (International Biometrics Group) did their best to create an introduction to biometrics and their applications.

I'd say they did a reasonable job. There's not many books out there, so if you want to dip your toes in the biometric waters, this might be a good place.

Network security has become the latter-day equivalent of oxymoronic terms like "jumbo shrimp" and "exact estimate."

Newspaper headlines are routinely peppered with incidents of hackers thwarting the security put forth by the government and the private sector.

As with any new technology, the next evolution of network security has long languished in the realm of science fiction and spy novels. It is now ready to step into the reality of practical application.

In Biometrics for Network Security , biometrics security expert Paul Reid covers a variety of biometric options, ranging from fingerprint identification to voice verification to hand, face, and eye scanning. Approaching the subject from a practitioner's point of view, Reid describes guidelines, applications, and procedures for implementing biometric solutions for your network security systems.

Coverage includes:

- An introduction to authentication technologies and biometrics

- Dealing with privacy issues

- Biometric technologies, including finger, hand geometry, handwriting, iris, retina, voice, and face

- Security concerns related to biometrics, including attempts to spoof or fake results

- Deployment of biometric security systems, including vendor selection and roll out procedures

- Real-life case studies

For security, system, and network administrators and managers, as well as anyone who is interested in the application of cutting-edge biometric technology, Biometrics for Network Security will prove an indispensable addition to your library!

A very good and readable book about biometrics for network security. Note the network security part - the coverage is limited to systems that can be used in an everyday business environment. The book could be read by just about anyone, although it does help knowing a little bit about biometrics to start with. There are basically two main parts - the first one describes the different biometric technologies and their strengths and weaknesses. The second part discusses actual testing and deployment using real life examples of what to do and what not to do. I would certainly recommend this book to anyone who is actually going to implement a biometric system. Just knowing how the biometrics work is not enough to have a successful deployment. If you want to know the full details of how different biometric algorithms work, this book is probably not for you. The level of detail is just what you would take away from reading the detailed description, which I actually liked. I would recommend this book to anyone interested in network security.

This book is meant for just about anyone who has any interest in biometric security. The geek speak is minimal and the examples are those which just about anyone with network experience can understand. In essence, it's meant to be read by anyone from the network administrator to the CIO.

Each chapter deals quite well with the various biometrics including the options by which each biometric can be measured, the types of variances that can be expected, how each biometric can be spoofed, and how spoofing can be thwarted. I'm not going to go into any great detail on them because that's the purpose of the book, but I found it fascinating to learn how many different kinds of authentication can be done. Facial biometrics alone have three different authentication methods from which to choose!

The book also goes into the statistics of using biometrics and how to determine various acceptance and rejection rates as well as accuracy rates. This section is clearly for the mathematically adept, but it was an interesting read - for me anyway.

The last several chapters of the book deal with the preparation and roll-out of a biometric security model - defining the business need, developing a proof of concept, inviting vendors, preparing proof-of-concept, rolling out the pilot project, and finally rolling out the project itself. For anyone with management experience or anyone who is familiar with project planning, these sections are for the most part a reiteration of common sense; however, for someone who has never performed to extravagant a project these chapters are a good foundation.

This book is not light reading, but it doesn't require a Masters degree to understand either. It's a good balance of technical information and real-world examples and usage. Fortunately, the author avoided the I'm trying to impress you language that too many other technical authors attempt to employ in order to increase their self-esteem.
There are a few things about this book, however, that made it difficult at times for me to read without rolling my eyes.

One is the section about return on investment. When it comes to network security, you really cannot place a dollar value on security; and associating "investment" with "security" is truly a misnomer.

"Security" is an insurance policy meant to prevent loss, whereas "investment" is meant to gain wealth. With security, you pay for it even when you don't need it for no reason other than having it there for the unlikely time when you do need it. That is an expense, not an investment. I had a very difficult time accepting the author's comparison between why one type of security had a higher ROI than other.

What really irritated me about this book, however, is the author's continual pushing throughout the book of user right to privacy and user acceptance of a security system.

Being the employee of a company is a privilege, not a right. When you voluntarily accept employment by a company, you are bound by their rules and their regulations. I found it somewhat arrogant of the author to push user acceptance and user rights to privacy as a strong consideration of whether or not a particular security measure should be implemented.

Yes, efficiencies need to be taken into account. The security method must be efficient, effective, and provide the adequate amount of security. If the security is too cumbersome to be effective or if the security is simple but doesn't provide the security that other methods provide, then the security plan should be rethought.

However, a user's right to privacy and acceptance of a security method are non sequitur. The employee has only those rights that the employer gives to him as per the terms of hire and continued employment. The employer is within his rights to alter or remove all rights to privacy as is necessary to protect the company.

Overall, however, the book is quite good. A security method that does what it's supposed to do is priceless. You can't put a value on it. But if you're looking to harden your network, you could do a lot worse than lay down the money for this book, just as long as you recognize that you are responsible for implementing network security as you - not griping employees - see fit.

Even though I am well aware of the problems of "simple" passwords, quite frankly I have no choice but to use them. Like nearly everyone else, keeping even a small number of strong passwords in my mind is close to impossible and I rarely remember them. Most people in this situation write them down and place them near their terminal, effectively rendering the strong password weaker than the simple one. Since the lack of an appropriate password ceases your activity on that system, it is a case where the cure of strong passwords is probably worse than the disease. The best solution is to have a single sign-on system, where one data point is used to grant access to all computer systems.
In this environment, the use of a biometric, or unique characteristic of our bodies as a logon authentication mechanism is very attractive. Clearly, it is most unlikely, although not completely impossible, for anyone to be without a particular biometric. Furthermore, in certain circumstances, our society is comfortable with using biometrics as an identifier. The fingerprint has been accepted as evidence in a court of law for decades and DNA is regularly used to overturn convictions and set the innocent free. While biometrics is not yet a mature technology, the purpose of this book is to examine the current state of the art, describe how they can be used and the weaknesses still present in the technology.
There are some problems with the use of biometrics, some are technical, others are social and some are biological. In this book, the biometrics most commonly considered for authentication are examined and the problems detailed. The biometrics covered are fingerprints, face recognition, voice analysis and blood vessel patterns in the iris of the eye. Face recognition and voice analysis are the two most susceptible to biological changes. People age, some faster than others and as that happens, their face changes, sometimes rapidly and dramatically. There are some people whose face changes a great deal even from day to day depending on how much sleep they got the night before. We have all experienced a situation where we meet someone we have not seen for a few years and do not recognize them. Temporary illness can also alter a voice, rendering the voice recognition mechanism ineffective. These situations of a false negative would be difficult to avoid, unless the authentication data is periodically updated.
Fingerprints and patterns in the iris are the most permanent. However, they also have their problems. To get a precise fingerprint, the hand has to be very steady and most people in the United States equate the taking of fingerprints with a trip to the police station. This is a significant social barrier that will delay the implementation of any general identification system. Scanning the patterns of the iris requires close proximity to the sensor and it is necessary for a light to be focused on the eye. Many people are made uncomfortable with the light shining in their eyes and it generates fear of potential eye damage. The sections describing the problems with the current state of biometric recognition technology should be read by anyone pondering the implementation of such a system.
However, even if all of the social and biological barriers can be overcome, it still may be possible to spoof the recognition devices. Each chapter that describes a biometric has a section on how to fool the sensor. While some of it reads like to modern spy novel, in many cases no sophisticated technology was needed to perform the spoof. In the case of face recognition, simply taking a high quality digital picture may be all that is needed to get data that will be accepted by the face scanner. High quality digital recordings of your voice may also be enough to fool a voice recognition system. Fingerprints and iris patterns are harder to spoof, but we touch many surfaces during the day, and some keep fingerprints very well.
In the final analysis with biometrics, it comes down to what levels of false positives and false negatives are considered acceptable. These two must both be part of the analysis, as clearly a false positive will let a malicious entity in and if there are too many false negatives then legitimate users will be denied access and productivity will drop. There is a chapter on statistics where many of the critical questions concerning these areas are examined.
The book closes with a chapter detailing a scenario where a biometric system is implemented at a large company. Every step of process, from the proof of concept to the final rollout are examined. The emphasis is on dealing with the internal political and social conditions, as clearly that will be a significant barrier everywhere except in places such as the military.
Authentication methods based on biometrics are attractive, in that they apparently can be used to solve some of the most difficult problems in limiting access to secure systems. However, there are still many problems to be overcome and in this book you learn what those problems are. With that information, you will be able to make a reasoned decision whether such a system is appropriate for your business.