X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
When I mention computer security, the first thing that comes to mind for many people is a password. Passwords are easy to deploy and can be effective, but they’re flawed. Working in technology support for legal professionals, I’ve witnessed people undermine security measures by using something easy to figure out for a password, like their child’s or pet’s name. I’ve even seen people use the current month or their birth date. Even technology professionals are guilty of leaving the default password as “password” on important computer systems just because it’s too much of a bother to change it. DEFINING BIOMETRICS Theoretically, a password serves to identify you, the same as a PIN or a security card. However, a computer system only recognizes the password, like an ATM only recognizes your PIN, as opposed to your person. The computer or ATM doesn’t care about who’s typing, just as long as the secret code is correct. In computing, biometric security allows for the recognition of a person based on a unique, personal attribute rather than a string of letters and numbers. Of all the billions of people in the world, no two people have the exact same set of grooves on their fingers. Biometric systems strive to identify people based on their voice, fingerprints, palm prints, irises, faces, ears, vein structure, handwriting and even body odor. At a basic level, we use biometrics everyday. We recognize the voices of people we know, and even our signature is a unique biometric identifier. On a Hollywood level, we’ve seen biometrics used in everything from face scanners to voice recognition programs to lasers that can detect the minute distinctions of your eye’s iris. Reality is still very far away from Hollywood’s vision. PUT YOUR RIGHT THUMB IN AND SHAKE IT ALL ABOUT A biometric security system must cycle through a handful of essential steps in order to be successful. Consider the example of a fingerprint scanner. First, a person must “enroll” in the system by scanning his finger so that a record is made and stored in a database with the individual’s information. The initial capture of that fingerprint is analyzed for various unique features and patterns. Those qualities are translated into digital bits for the database. When a person scans his finger again, it is compared against the database until a match is found. That process is referred to as “verification.” Only after the system has authenticated your unique fingerprint are you allowed to continue. I AM WHO I SAY I AM All of this biometric stuff is fascinating, but the truth is, it’s difficult to implement related security measures in a professional work environment. To analyze and identify a fingerprint takes a lot of processing. Early computer systems were unable to tackle the task, and we have only recently started to see consumer machines in the last few years that are up to the job. The only real successes in biometric security for the business world is in fingerprint scanners, and depending on whom you talk to, we still have a long way to go. My first exposure to biometric security was several years ago, with an HP iPaq Pocket PC, the predecessor to today’s hx2755 model. The PDA had a small strip of a sensor at the bottom that I could slide my finger over. Depending on how I had it set up, sliding my finger on that strip would unlock the PDA, or input a password for an application. Today you’ll find similar fingerprint scanners on products like laptops (IBM ThinkPad X41) and external hard drives (MicroSolutions LockBox). Microsoft even offers a USB Fingerprint Reader and has embedded the technology into a keyboard. HACKING BIOMETRIC SYSTEMS As with any security system, biometric measures can be attacked. Most people only consider the actual sensor or scanner as the weak point, but there are other vulnerable places. At the recent Defcon “hacker” convention in Las Vegas, the crowd was actually encouraged to think deeper and attack biometric security systems’ backend networks. “Attack [them] like you would Microsoft or Linux” was the advice from a security analyst who calls himself “Zamboni.” Have a look at his PowerPoint presentation, Attacking Biometric Access Control Systems. The Internet offers numerous stories about how creative minds have fooled biometric security systems, many of them reportedly discussed at the Defcon conference:

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.