Dr. Stephanie Schuckers is the Paynter-Krigman Endowed Professor in Engineering Science in the Department of Electrical and Computer Engineering at Clarkson University, U.S.A. and serves as the Director of the Center of Identification Technology Research (CITeR), a National Science Foundation Industry/University Cooperative Research Center. We interviewed Dr. Schuckers to gain her insight about how the biometrics industry can effectively support the evolution towards convenient and secure user experience in our increasingly digital lives …
We have never been more digital than we are today, what are the benefits/challenges of this digital transformation?
Dr. Stephanie Schuckers: Yes we are living in an increasingly digital world and, for both our professional and private lives, expectations are correspondingly increasing to do everything easily through the digital domain. Achieving this connection between the human and the computer seamlessly depends on a key factor – trust. With so many high profile security breaches that we regularly hear about, this really impacts the trust that people feel, leading to frustration and poor user experience. As an industry we recognise this problem and are working on advancing the technology through many facets, including identity and authentication, so that consumers are not let down. One way of making technology better for the purpose of improving trust for users is that of moving away from simple passwords to enhanced security with multi factor authentication incorporating biometrics.
What is your view of how biometrics can support the increased usage of digital identity and the importance of protecting it?
Dr. Stephanie Schuckers: If we consider how we currently identify and authenticate ourselves, it’s fair to say that a significant proportion of our identity is based on biographic information such as names, addresses, identifiers and other information we may have built up over time. This type of information is important of course and while I don’t think we’ll completely get away from this, it’s clear that this kind of information isn’t necessarily enough anymore to ensure identity. This is because it is text based. As long as somebody else can get hold of it – an attacker – it’s very simple for them to provide that information even though it isn’t them. This is exactly where I believe biometrics can play a role.
How, in your opinion, will new technologies and regulations support authentication and satisfy the greater demand for security and trust?
Dr. Stephanie Schuckers: Industry is pushing very hard to advance authentication through standards for incorporating technology into our devices to satisfy the greater demand for security and trust. There’s a lot of innovation and it’s a really exciting time, particularly for biometrics as this is one of the factors in advancing the security of these systems. One of great value propositions of biometrics is that it’s easy for people to use. This simple user experience can then be combined with strong authentication that incorporates biometrics as part of a multifactor system to achieve a powerful solution to deliver both security and convenient authentication, hand in hand rather than in conflict with each other.
How does combining multiple biometric technologies affect the security of authentication solutions?
Dr. Stephanie Schuckers: There’s a lot of interest in step-up authentication with several unique and novel ways to combine multiple biometric technologies to enhance security. You can for instance use one kind of authentication for a very simple type of transaction or step. Then, for a higher value type of transaction, you can layer or add solutions as needed. Multiple biometrics also enables greater user experience as each person has a different preference on how they might want to layer things together. I choose to use my fingerprint at certain times and my iris at other times depending on what I’m doing at that time.
The question then is about how the industry can encourage the adoption of biometrics so we can all benefit from these solutions. There are concerns regarding secrecy and that biometric data cannot be changed. The problem I think we are facing here is that many are thinking about biometrics in the same context as a password –that a biometric is similar to a password. Yes it is similar in the sense that it can be used for authentication, but it is not similar in how it works as a technology. The difference is that for biometrics you have a sensor. A password doesn’t have a sensor, it has a text box. So it’s the sensor that must accept the biometric data as well as reducing fraud through liveness technology to ensure the individual is present when a biometric measurement is taken.
How important is liveness detection for new authentication solutions?
Dr. Stephanie Schuckers: Now of course it’s important that the full biometric pipeline is secure but this is really standard for any authentication – the whole pipeline needs to be secure in order to be effective. Any authentication would be impacted by a security breach along the pipeline so that is just an underlying ‘must’. Attacks such as brute force attacks on the biometrics sensor are addressed through usual processes such as the false accept rate, limiting the number of attempts or increasing the time between attempts. The last hole you want to plug is how the information is inserted into the sensor and liveness has a key role here. Liveness ensures the biometric was just captured from the individual and prevents spoofing or use of artificial biometrics. Recently, distrust has been further caused by new synthetic biometric generation techniques through deep learning. Liveness also effectively recognizes synthetic biometrics because any synthetic information would need to be inserted into the sensor itself. Approaches like the false accept rate, limit the number of attempts and of course incorporating liveness means that the security risks are minimized, even against synthetic biometrics.
So with all of this, technology solutions are addressing concerns users may see in the media and we can look forward to a safer and more convenient digital future.