Adaptive Behavioral Biometrics A Critical Security Layer
We are on the cusp of a global shift to change how we identify the individual. Smart devices including mobile phones, wearables and global access to cellular services have pushed biometrics as the new paradigm in user authentication and security — the ability to identify a user via fingerprints, the eye retina and iris, face structure, voices, hand geometry and other traits that make them unique.
Although effective for security and convenience, there are still some significant pitfalls that must be overcome: risk of privacy breach. The recent OPM hack has shown us that even the government managed data isn’t safeand much of the concern rests with the permanent nature of fingerprints and the uncertainty about just how the hackers intend to use them. Unlike a Social Security number, address, or password, fingerprints cannot be changed — once they are hacked, they’re hacked for good. And government officials have less understanding about what adversaries could do or want to do with fingerprints, a knowledge gap that undergirds just how frightening many view the mass lifting of them from OPM.
Organizations of all sizes including financial institutions, healthcare providers, and governments are all looking at using different implementation of biometric solutions from cloud-based to on-device as there does not seem to be a universally agreed upon standard to build on. If cloud-based central repostiories are subject to attacks as in the case of the OPM hack, there have been instances where researchers have demostrated how they could remotely steal fingerprints on Android devices without the owner of the device ever knowing about it — and that too at “mass scale”.
This is where adaptive behavioral biometrics on mobile devices will start to become a more important modality because this can provide continuous authentication while a person is naturally using their device. By analysing how a person implicitly uses their device it is now possible to recognise users. The technology can be combined with other multi-modal biometric modalities and authentication factors to create an authentication risk scoring that has the ability to reduce fraud. Its ability to integrate into fraud and risk management solutions makes it an ideal technology for financial services and enterprises. As behavioral biometrics is a form of dynamic biometric based on user muscle memory — it cannot be compromised the same was as static biometrics and promises a higher degree of user privacy.
Zighra behavioral biometric solution leveraging the latest in machine learning and sensor intelligence, supports multi-modal biometric authentication modalities including fingerprint, voice and facial recognition.
Originally published August 2015 at www.zighra.com.