For millions of others, the price of admission is biometric — their fingerprint, their voice or the iris of their eye, characteristics believed to be unique to each individual. Yet, even biometric security barriers aren’t foolproof. A facsimile fingerprint, for instance, has sometimes allowed hackers to beat the system.
Opposing the hackers are biometric security specialists such as Stephanie Schuckers, associate professor of electrical & computer engineering. “Our role is to plug the vulnerabilities in biometric security,” she says. She now works on the development of biometric systems for fingerprint, facial and iris recognition.
“Someone can create a fake fingerprint from a real fingerprint and spoof the system,” Schuckers says. “But there are ways you can add additional security measures. We use software to analyze the fingerprint image. Even though it looks like a fingerprint, there are characteristics that allow me to tell the difference between a live print and a fake.”
One difference is sweat. Living fingers perspire, creating moisture patterns that phony fingerprints do not. Working with a National Science Foundation grant, Schuckers and her research team made phony fingerprints from dental materials and Play-Doh, and then tested them on fingerprint-ID machines. The machines couldn’t tell the difference. Then the researchers created a computer formula to look for tell-tale signs of perspiration and other characteristics of live images. When they added the new formula to the system, fewer than 10 percent of the phony fingerprints were able to fool the machine.
The science of biometrics has evolved from forensics, where fingerprints are used to solve crimes, for instance. In recent decades, these crime-fighting tools have found a home in the cyber world. “You want to log onto your computer, so you give a fingerprint,” says Schuckers. “Or you want to gain access to your bank account, a locked car, or get into a secured site, such as a nuclear power plant — the list is endless.”
Biometrics also plays a key role in border security, where it’s used to screen for terrorists. But most of us know biometric security for its growing role in safeguarding computer systems. “The more we interface with the electronic world, the more biometrics will become important,” says Schuckers. “So much of what we do involves our electronic identities.”
As biometric methods evolve, so do hackers’ attacks. Sometimes their techniques are masterful; other times they are crude. “There was a case in Malaysia where someone cut off a finger to steal a car,” says Schuckers. Overall, though, the trend has been toward smarter villains. “It’s not always your everyday criminal. It may be somebody who is really sophisticated.”
When hackers gain the upper hand, experts such as Schuckers up the ante. To gain an edge, these specialists have joined forces through the Center for Identification Technology Research, an industry-university-government collaboration in which Clarkson is playing a growing role. Such joint efforts are needed in part because the cost of failure grows as the world becomes increasingly wired for computers.
Schuckers came to biometrics through her research in biomedical engineering. “The fundamentals of biometrics are very similar to what I have done in biomedical engineering,” she says. “In each case, you’re trying to measure something in the human body and extract important information. In the medical world, this work has to do with disease. In biometrics, the issue is — ‘Is it a match?’”
The term biometric comes from two Greek words — bio (life) and metric (measure). But the roots of biometrics as a method of identification stretch into our ancient past. One of the best forms of biometric identification is the human face — we use facial recognition to distinguish people we know from those we don’t.
Biometrics as a formal science dates from the last two decades. But early systems of biological identification can be found in the 19th century, according to the National Science and Technology Council. For instance, the first system to capture hand images was created in 1858. The fingerprint classification system was developed in 1896. The 20th century brought further refinements. The idea of using the iris was proposed in 1936, and by the 1960s, semi-automated systems for facial recognition had been developed. The field really took off as computers spread throughout society. In the 21st century, biometric security has become increasingly commonplace.
Each new layer of security “raises the bar in terms of what must be done to beat the system,” says Schuckers. “When hackers beat the system, we try to figure out how they did it. If you don’t understand what they’ve done, you can’t add a speed bump. It’s a never-ending battle.”