Biometric IDs: The Right Solution?

Like any type of technology, biometric controls are only useful if they are able to provide a specific solution to a specific problem, such as access control. (All via Consult Hyperion)

The use of biometric ID checks remains a divisive subject for many people, says John Elliott from Consult Hyperion, an independent consultancy.  But does this technology help to make our airports more secure?

Like any type of technology, biometric controls are only useful if they are able to provide a specific solution to a specific problem, such as access control. (All via Consult Hyperion)

With airport security now a regular part of our travelling lives, a lot of attention is being paid to how we can make the processes and procedures in this area more effective and efficient.  A large part of this challenge centres on the ability to accurately ID people, whether they happen to be passengers, airport staff or anyone who needs to work on-site at the airport.
The truth is, biometrics will only play a small – albeit important – part in achieving this overall objective.  Additional security tools and a raft of operational procedures will also be essential in order to determine who should have access to certain areas and/or permissions.  In reality, knowing whether someone has permission to be somewhere – or to do something – is much more important than who they actually are.
To understand how biometrics can be used to determine these permissions, it’s useful to begin by looking at how we identify people without the use of biometrics.  Let’s consider a secure entry system – whether it’s for airport staff or bank employees or for use at the post office – that is controlled by entering a Personal Identification Number (PIN) code onto a keypad.  Using a PIN code in this way is actually a very black-and-white process: if all the digits are entered correctly in the exact order required, then the PIN is accepted.  There is not a ‘nearest-match’ paradigm with PIN, ie, if the PIN is 2486, then 2487 will not be accepted.
The drawbacks of using this kind of technology to provide authorised access to a secure area are clear: not only can PIN numbers can be forgotten, they can also be stolen.
This is where biometrics can offer a compelling solution.  Consider for a moment if access to a restricted area were controlled by the use of face recognition technology in place of a PIN.  By using this technology, the image of a face can act as a very large and complex PIN – known as a template within the biometric industry – that can be entered and compared against the stored Facial PIN for that particular person.  Unlike a conventional numeric PIN, it is not possible to forget your face of course, and one could argue that it would be much harder to steal a Facial PIN than a conventional four-digit numeric one.  The same rationale is equally true for other biometrics such as fingerprint, iris or palm, although the complexity of the ‘PIN’ – or template – will differ depending on the biometric being used.
In reality, knowing whether someone has permission to be somewhere – or to do something – is much more important than who they actually are.

To see how such a system would work in an airport setting, let’s return to our earlier example: the need for certain employees to gain access to a secure area within the airport.  For biometric applications, the critical first step to set up such a system would be an enrolment process.
For the purposes of this article, I am assuming that the airport/airline has already performed checks on their employees to ensure that they are bona fide.  For this example, we shall stay with facial recognition technology, but other biometrics will have similar enrolment processes.  This one involves taking a couple of photographs of the employee’s face.  Yes, photographs; not facial scanning.  At Consult Hyperion, we would always recommend complying with relevant international standards wherever possible; for example, ISO 19794-5 for Image Capture.
These photographs are then transformed into a template.  Here is an example of how a small change in a process can have a large and positive benefit, because at this stage a quality control (QC) step is introduced.  The QC step performs a quick verification of the employee by taking several photographs and comparing these against the template as well.
If the verification returns a very high match-score, then you know you have a good template representing the employee.  If the verification returns a match-score below a pre-determined threshold, then additional photographs are taken, and the process loop is repeated until the match-score is above the threshold.  The cost of doing this quality control step at this stage is a fraction of the cost of recalling an employee to do the enrolment again at a future date, if it was found in deployment that the template was less than optimal.
Once the template is deemed acceptable, it can then be stored and linked to either the employee’s name or a unique identifier such as an employee’s reference number.  This process continues until all of the employees who are cleared for access to the secure area(s) have been enrolled.

The basic sequence of events within a biometric system.

This may all sound very simple, and yet – regardless of the biometric being used – an obvious security question remains:  what happens if one person matches someone else’s template?

Well, thanks to the rigorous quality control implemented earlier, the access control system now contains a complete set of employee templates and photographs.  Therefore a verification matrix can be used to cross-verify all of the employees’ photographs by all of the employees’ templates.  Any near-matches can then be displayed to the enrolment operator in order to address this issue, and to prevent dual enrolments (for example applying twice for an ID card, using two different names).
For the purposes of this article, we are considering a system in which the employee’s template is stored on a smart card, rather than stored in a central database.  That means that we now have two-factor authentication: something the employee has (their smart card) and something that is part of them (their face).  The employee walks up to the secure-area entry point, inserts his or her smart card, and waits a moment while a couple of photographs are taken (to ISO specification, ideally).  The verification process then compares the photographs against the template from the smart card.
Some will argue, however, that two-factor authentication (2FA) is not comprehensive enough for a high security setting.  After all, Chip and PIN is a form of 2FA, and most people would want something a bit more secure than that when it comes to authorising access to a secure area.
For this reason, an employee can also be asked to enter his or her unique PIN code, as well, in order to provide three-factor authentication (3FA).  This added layer of security would need to verify something that the employee has (a card), something that he knows (a PIN), and something that is part of him (his face).  At this stage, if the face, smart card and PIN all deliver a positive match, then – and only then – will the door open.  This use of 3FA also helps to address the issue of having two (or more) employees that look like each other.  With this approach, the two employees who look similar enough to fool the system would also need to swap or steal smart cards, and also know each other’s PIN in order to gain access.

This diagram shows the various points of contact governments have with people. When someone is encountered, it cannot be assumed that the individual has a single identity that he or she always uses. Therefore, it might be best to treat all persons as ‘unknowns’ and derive their ‘identity’ from fundamental principles such as biometrics. However, this is not always practical due to a variety of constraints such as the desire to avoid incurring unreasonable delays; or perhaps the demands of international legislation. Additionally, it must be remembered that some people may be physically unable to provide a particular biometric sample.

Even with all of this information, airport security managers will still want to know whether there a real business case for having this kind of system.  Airports are, after all, just like any other business, and are therefore concerned with both operational efficiency and profitability.  The answer is: it depends.  Security managers would of course need to undertake a rigorous Risk Assessment programme before proceeding with any kind of new security system, and would need to ask themselves the following:
 
·   What, if anything is wrong with the current access control system?
·    What specific standards does the government require for biometric security, and who can help to ensure that compliance in this area is achieved?
·    Does important airport information cross with vulnerable system components?  If so, how can the attacker’s gain be reduced to make the cost of attack prohibitive?
·    Would biometrics lower the total cost of ownership compared with other security systems?
·    Can biometrics provide additional performance benefits, such as faster ID processing or greater accuracy?
·    Will biometrics facilitate compliance with industry-specific regulations, new rules or changes to legislation?
 
Like any type of technology, biometric controls are only useful if they are able to provide a specific solution to a specific problem, such as the access control example that we have used here.  Although the technology to support this kind of system already exists, the first step for airport security managers is to seek out high-level specialist advice in this area.  Even so, security managers would still need to overcome any negative perception of biometrics, manage change internally, and to understand the limitations of the technology.  If they can achieve these goals, however, then they will be one step closer to maximising the benefits of a very powerful way of ensuring an accurate – and instant – way of identifying people, and ultimately making our airports more secure.