The study states that they are unreliable because human bodies and the features on them are not constant over time
Published on 09/30/2010 - 11:49:15 AM
By Arvind Sen
New Delhi: India's ambitious Unique ID project dubbed "Aadhaar", which aims to give every Indian citizen a unique number mapped to biometrics. The Aadhaar has imbibed all the latest technologies to make it the most advanced and tamper-proof citizen identity card in the world.
The card, which uses biometric authentication is soon going to be a hot topic of debate, as the findings of the study, spanning several years, by the United States-based National Research Council, states that biometric authentication is insufficiently reliable as a replacement to other authentication technologies.
The recently released report characterises biometric identification as "inherently probabilistic." That is, the match between sample and master record will always include some uncertainty no matter how good a sample, the sensor reading the sample and the information technology system matching the sample to a master record.
Among the reasons for that uncertainty is the nature of biometric identifiers themselves. Human bodies and the features on them aren't necessarily constant over time.
The report points out many technological problems with setting up a biometric authentication system, too. Sensor calibration and sensitivity to environmental factors, such as light levels, can affect a sample reading. Algorithms that extract features from the sample might not interface well with the methodology comparing the features to the master record.
The master record itself could become degraded or corrupted, whether through security breaches or mere data compression, the report notes. Also, the master record might become an inappropriate standard, should a low fidelity master be uploaded into a database utilized by a high fidelity comparison scoring mechanism.
Other downsides to biometric identification exist, too. Unlike something one knows or something one has, a biometric identifier is impossible to replace once it has been compromised.
Also, biometric identifiers, while difficult to duplicate on the body of another person, are still available for surreptitious collection through fingerprint gathering or a voice recording.
An imposter could be detected by a human operator administering the biometric authentication system, but that "significantly constrains remote or distributed applications of biometrics," the report states.
The report doesn't dismiss the possible usefulness of biometric authentication, however, noting that in combination with other methods, it can augment security at least in applications "where user cooperation can be inferred."
The report recommends more research into matter such as the stability of biometric traits and the improvement of feature extraction with matching mechanisms, as well as sensors.
The card, which uses biometric authentication is soon going to be a hot topic of debate, as the findings of the study, spanning several years, by the United States-based National Research Council, states that biometric authentication is insufficiently reliable as a replacement to other authentication technologies.
The recently released report characterises biometric identification as "inherently probabilistic." That is, the match between sample and master record will always include some uncertainty no matter how good a sample, the sensor reading the sample and the information technology system matching the sample to a master record.
Among the reasons for that uncertainty is the nature of biometric identifiers themselves. Human bodies and the features on them aren't necessarily constant over time.
The report points out many technological problems with setting up a biometric authentication system, too. Sensor calibration and sensitivity to environmental factors, such as light levels, can affect a sample reading. Algorithms that extract features from the sample might not interface well with the methodology comparing the features to the master record.
The master record itself could become degraded or corrupted, whether through security breaches or mere data compression, the report notes. Also, the master record might become an inappropriate standard, should a low fidelity master be uploaded into a database utilized by a high fidelity comparison scoring mechanism.
Other downsides to biometric identification exist, too. Unlike something one knows or something one has, a biometric identifier is impossible to replace once it has been compromised.
Also, biometric identifiers, while difficult to duplicate on the body of another person, are still available for surreptitious collection through fingerprint gathering or a voice recording.
An imposter could be detected by a human operator administering the biometric authentication system, but that "significantly constrains remote or distributed applications of biometrics," the report states.
The report doesn't dismiss the possible usefulness of biometric authentication, however, noting that in combination with other methods, it can augment security at least in applications "where user cooperation can be inferred."
The report recommends more research into matter such as the stability of biometric traits and the improvement of feature extraction with matching mechanisms, as well as sensors.
