Biometric Technologies: Balancing Security And Convenience
An overview of biometric technologies and how they can be measured for accuracy
Around the world, we’re experiencing a massive response to the novel coronavirus Covid-19 as it spreads rapidly and unexpectedly across the globe. Everyone is concerned about hygiene, afraid to touch anything, and often wearing surgical masks.
Because of this, a lot of my friends are having technological issues — they can’t unlock their mobile phones because their iPhone with FaceID won’t work properly when they’re wearing a mask. And it’s very inconvenient to take them off over and over again.
It makes one wonder, what parts of the face do biometric technologies use to identify users? How does wearing a mask impact biometric technology?
Interesting questions! But before we can answer them, let’s build a basic understanding of biometric tech.
In this article, I will answer the following questions:
- What are biometric technologies?
- How do we measure the accuracy of biometric technology?
- What is the ideal balance between security and convenience?
What Are Biometric Technologies?
Generally speaking, biometric technologies refer to technological methods for identifying a person based on some part of their biologies — such as a fingerprint, eye, or face.
The world’s first biometric application dates back thousands of years, to when people stamped their thumbprints on agreements in place of a signature.
In algorithms, biometric technologies can be traced back to the 1800s when Sir Francis Galton developed a method to classify fingerprints. And when Apple launched the iPhone 5s with TouchID (fingerprint sensor) in 2013, biometric technologies took a place in our daily lives.
Nowadays, biometric technologies exist in a variety of places, such as door access, video surveillance, payment methods, mobile phone security, and time clocks for recording attendance.
Biometric technologies can be classified into two main categories: physiological and behavioral. Here are some examples of each:
How Do We Measure The Accuracy Of Biometric Technology?
The next question we need to ask is: When you use biometrics such as using your fingerprint or face to unlock your iPhone, how can we measure the accuracy of the identification?
The two most common measurements of biometric technologies are the False Acceptance Rate (FAR) and False Rejection Rate (FRR).
- False Acceptance Rate (FAR): The percentage of instances that the biometric technologies will incorrectly accept an unauthorized person.
- False Rejection Rate (FRR): The percentage of instances that the biometric technologies will incorrectly reject an authorized person.
If we increase the security level of biometric systems, the system will reject a lot of “similar” users to avoid a high false acceptance rate. On the other hand, if we lower the security level, the system will accept a lot of “similar” users, which will increase the false acceptance rate but decrease the false rejection rate.
The above graph shows the relationship between the security level and FAR/FRR. Whenever we adjust the security level, FAR and FRR will move in opposing directions. But there will be a point where they are equal: the Equal Error Rate (EER).
EER is used to measure the accuracy of biometric systems. The lower the equal error rate value, the higher the accuracy of the biometric system.
Finding The Balance Between Security And Convenience
Many movies depict advanced biometric technologies protecting items of great value or confidential information in high-security areas. Just think of the Mission Impossible or James Bond series. But in real life, what level of security is enough?
Let me give you a very simple example. If you want to secure your home, you may need to install a lot of door locks. The consequence is that whenever you want to open a door, you have to spend time selecting the right key and opening each lock.
More security, less convenience. And the opposite would be true if there were fewer locks.
In short, we always need to find a way to balance “Security” and “Convenience”.
Here’s another example:
Here are two fingerprints. Do you think they are the same or different?
Well, it depends on how you compare them. If you compare them just like this orientation, they are obviously not the same. But, if we rotate Fingerprint B by180 degrees, Fingerprint A and Fingerprint B are identical.
If you have a mobile phone with a fingerprint sensor, you can test this by trying to rotate your finger to any degree to see if you can still unlock your phone without issues.
Mobile phone manufacturers have made it this way by choosing a balance: more convenience, less security (lower FRR). They can apply lower FRR because they think the chance of someone having a similar fingerprint and having your phone is very low.
In Summary
Now you’ve got a basic understanding of how we measure the accuracy of biometric technologies with FAR/FRR/EER and how biometric system manufacturers balance security and convenience.
I’ll leave you with a few questions. Can you explain why the FaceID can’t recognize a person when they’re wearing a mask? How could you improve this? How could you fool biometric technologies?
And, since biometric technologies utilize pattern recognition and classification technologies, can machine learning help improve them?
Leave your answers in the comments!
Follow me here and on social media to make sure you don’t miss the next installment! If you found this article useful, a share and some claps would mean the world to me and help fuel the rest of my series.
Questions or comments? I’d be more than happy to answer them here or via email.
You can also find me on LinkedIn, Facebook, Instagram, and my personal website.
