Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 145

Regardless of the specific technology that is used, biometric techniques all involve the same stages of preparation as any other authentication method. First, the user must be enrolled, and the characteristics that will be used for authentication are captured and recorded as part of the registration process. This creates a reference profile to which comparisons can be made. Preparations must be made for the secure storage of reference profiles and their retrieval in a timely way. A method must be available to verify, promptly and within specified accuracy limits, whether a person claiming an identity should be authenticated. A final requirement is a secure method of updating the reference profile when the characteristics to be compared change (due to age or illness, for example) or revoking the reference profile when it is no longer needed, has expired, or can no longer be trusted to be accurate.

Let the specific information security and risk mitigation needs of each system and situation dictate how you specify, design, configure, and maintain your choice of biometric access authentication technologies. Situations that involve high levels of risk to life and limb, such as safety of aircraft flight or medical laboratory information systems in a major hospital, demand that you tolerate extremely low false acceptance rates, and as a result, you'll have to ensure that users and other team members appreciate the risks and the concomitant need for more extreme security measures.

If, on the other hand, you are responsible for adjusting the office badge reader at a newspaper office, you will want to consider trying to keep the false rejection rate reasonably low—if only to avoid reading flaming editorials complaining about how security has run amok in modern society.

In selecting a set of biometric tools for authentication, it is certainly important to be aware of the error rates. There is more to be considered, though, besides the accuracy and reproducibility of a potential biometric technique.

First, of course, you want the measurements taken to be unique to an individual. While many (not all—think body weight) biometric tools will succumb to impersonation by an identical twin, uniqueness of the measure is important. After all, depending on the precise nature of the tool, you may find yourself with a degraded reading. Fingerprints can smudge, voice recordings may have a lot of background noise, and poor lighting or infrared interference may cloud a photographic record. A good biometric will have the attribute that the copy to be compared to the registered base will vary minimally and predictably as it degrades in quality.

Consider, too, that it is not only the measurement taken for comparison that may be degraded. Fingers, palms, and faces may be scarred by accident (or, alas, intentionally). Aging, illness, and injury must all be anticipated and compensated for. Sometimes, this may include having to redo the reference measurements.

Another factor to consider is the accessibility of the part of the body that must be registered. It is not a coincidence that fingers, at the end of our extensible arms, were employed as the first widely used biometric.

Further, one wants biometric measurements to be noninvasive, passive, and safe. Individuals to be vetted will vary in general health; in dexterity; in their ability to see and hear; in their alertness and the ability to follow instructions; and in their physical and psychological tolerance to being prodded, scanned by various rays, or enclosed in an examination compartment. Many individuals will be concerned about electromagnetic irradiation. Some women to be authenticated by your biometric device may be pregnant at the time or may become pregnant later. All of these individual conditions should be anticipated and respected with due concern for the examined individual's health, well-being, privacy, dignity, and legal rights.

As with all security measures, when selecting a biometric for deployment in your enterprise, you must consider the cumulative costs of setting up the system, registering each person, taking each measurement such as a fingerprint, and storing and retrieving the candidates' measurements.

Note that biometric sensors can produce data that indicates the subject may be suffering from a variety of illnesses, injuries, substance abuse, or other medical conditions. Depending upon the technologies you're using, the data you collect may cross the fuzzy boundary between what is personally identifying information (PII), nonpublished personal information (NPI), and protected healthcare information (PHI). Each category, of course, comes with its own compliance and regulatory requirements for data protection. As medical technologists discover even more ways to use noninvasive sensing to learn more about the condition of their patients, this frontier between identification and medical data will only become more complex to navigate.

Finally, be sure to consider the likelihood and effectiveness of antibiometric tactics by potential attackers.

If you are using facial recognition, attackers might wear masks.

If you rely on fingerprints, you had better anticipate and test the effectiveness of fake finger casts made out of silicone, rubber, or even ordinary wood glue. Japan's National Institute of Informatics even found that fingerprints can be copied by a digital camera from 10 feet away and then easily reproduced with simple technology. Depending on just how low you need to drive down the false acceptance rate, you might want to select a vendor for fingerprint sensors that can supply “liveness detection,” sensing temperature, pulse, and even body capacitance as a means of detecting fake fingers.

In the age of 3D printers, security architects need to think creatively about the technology relied upon by their biometric tools.