APU Cyber & AI Original

Biometrics: A Useful Solution to IoT Security Problems

By Dr. John Rhome
Faculty Member, School of STEM

and Dr. Novadean Watson-Williams
Program Director, Information Technology Management,  Information Technology and Computer Technology

Over the course of this past decade, we have witnessed nothing short of an explosion in the advancements toward the use of various technologies. Today, the technologies associated with the Internet of Things (IoT) control our home entertainment systems, our climate control devices, all our appliances, and our indoor and outdoor lighting. Technology also controls our reception of news and information, our windows and doors, our security systems, and our professional devices.

Up until recently, the security associated with networking all of our devices relied heavily on two-factor authentication, such as a username and password. Although many people understand the importance of using strong authentication measures when setting up a network, most of them fail to establish and/or maintain a strong IoT defense system.

For instance, passwords are weak or never change, access controls are shared or stored in unsecured areas, and system updates are rarely applied. As a result, the security of IoT devices is severely diminished. To combat these current and past IoT security failings, biometrics has been introduced as a possible security solution.

What Are Biometrics?

Some people may wonder what is authentication and how biometrics relate to authentication. Michael E. Whitman and Herbert J. Mattord, authors of the book “Principles of Information Security,” define authentication as:

  • The validation of identity using methods such as a password or passphrase, focusing on what the user knows
  • Dumb or smart cards such as an ID card or an ATM card that uses a user’s personal identification number (PIN), capturing what the user has
  • Biometrics, taking advantage of what the user possesses

While Whitman and Mattord offered a fourth authentication option — requiring the user to perform or produce an action or activity — the general use of biometrics is becoming more attractive. Biometrics may include a user’s fingerprint, eye retina or iris, or the entire face.

Chief Security Officer writer Maria Korolov further explains biometrics: “Biometrics are physical or behavioral human characteristics to that can be used to digitally identify a person to grant access to systems, devices or data. Examples of these biometric identifiers are fingerprints, facial patterns, voice or typing cadence. Each of these identifiers is considered unique to the individual, and they may be used in combination to ensure greater accuracy of identification.”

According to biometrics expert Joseph Pugliese, biometric technologies are currently experiencing an extraordinary period of growth. Author Lisa Bock further notes that unlike two-factor authentication, biometrics can identify an attribute that is not only unique to an individual, but can also eliminate the possibility of duplication. However, biometrics comes with its own set of technical and behavioral challenges.

The Pros and Cons of Biometrics

Of the three most popular biometric technologies in use, fingerprint recognition is by far the most accepted and utilized. The uniqueness and acceptance associated with fingerprinting, coupled with the ease in which it can be taken and validated, currently makes it the biometric technology of choice for most people and companies.

However, what makes fingerprinting easy also makes it vulnerable. Fingerprints are nothing more than a stored image, and images are easily replicated.

Additionally, our fingerprints are everywhere. With nearly everything we touch, we leave a trace of our fingerprints. Biometric security company Recogtech warns that those fingerprint traces can be easily extracted, transposed and used to enter areas previously thought to be secure.

Facial recognition is another area of biometrics that is quickly rising in popularity. Given the fact that most iPhone users have set up facial recognition, the technology is growing in general acceptance.

But although facial recognition technology has advanced significantly over the past several years, it is still somewhat limited. Facial recognition technology only assesses the face (from the hairline down) and needs someone’s face to be squared with the camera.

Lastly, iris recognition is rapidly becoming more popular. Iris recognition maps the unique identifying traits associated with the iris and then encrypts the data, making it significantly difficult to hack this type of stored data.

However, some of the same disadvantages associated with facial recognition also apply to iris recognition. Users must be squared with the camera lens and very close to the camera.

Additionally, with the iris recognition system, users must remain still and must often rest their chin on a support device in order for a good image to be captured. The use of this support device has really come into significant question, given the current COVID-19 pandemic and the risk of infection.

Biometrics Is the Logical Technology to Pursue to Improve Our Security

We believe that given the need to better protect and secure IoT devices personally and professionally, biometrics seems to be the logical direction to pursue. As this technology continues to advance, biometrics should easily surpass two-factor authentication as the primary means to secure personal and professional data and devices.

However, we must also realize that other than fingerprinting, biometric ease of use is still in its infancy. Much more work is needed to make biometrics both convenient and secure.

To help our STEM students be prepared for this new world of biometrics, our associate, bachelor’s and master’s programs all have a significant focus on cybersecurity, information system security and system security essentials.

In addition, we offer classes with application and web development. One specific course that primarily concentrates on biometrics is ISSC325: Biometrics. This course “presents an introduction to biometrics, the study of recognizing individuals based on their unique physical or behavioral traits related to computer and information security. Authentication, authorization, identification, and access control through biometric perspective are emphasized. The course orients practical applications of biometrics in the real world, providing a realistic view of the use of biometrics within the emerging threats in information security.”

You can help steer the direction of biometrics towards a more logical authentication solution by building your knowledge and skills in this discipline. Without question, we will need expertise and skilled practitioners in light of our changing technologies.

About the Authors

Dr. John Rhome is currently the Senior Director of IT for Centene, as well as a part-time STEM instructor for American Public University. Dr. Rhome’s research interests include the significance of employee empowerment, teamwork and diversity in the modern-day organization. Dr. Rhome is a passionate presenter of his research interests, as well as being a huge supporter of STEM programs with many universities.

He is extremely active in his local community by supporting county improvement programs, Feeding Florida and youth development activities. Dr. Rhome holds a Doctorate in Organizational Leadership from the University of Phoenix, an MBA in technology management from the University of Phoenix and a bachelor’s in management information systems from the University of Tampa.

Dr. Novadean Watson-Williams is currently the Program Director for the undergraduate programs in Information Technology Management and Computer Technology at American Public University. She serves an aggressively growing department and has over 20 years of experience in the information technology field. Dr. Watson-Williams holds an A.A. in Computer Studies and a B.S. in Information Systems Management from the University of Maryland University College, a B.S. in Social Science Education from the University of South Florida, an M.A. in General Counseling from Louisiana Tech University, and a D.B.A. in Information Systems from Argosy University. 

Previously, she published several blog articles on topics such as “Countering Cybersecurity Attacks through Accountability,” “Creating a Personal Brand through Using the Internet,” “Leadership Using Effective Nonverbal Communication”, “Inspiring Self-Improvement through Technology Education, Collective Intelligence and Soft Skills”. She has also co-published several other articles, including “RFID with Real Implications,” “Artificial Intelligence in Information Security” and the “Evolution of Information Security.”

Comments are closed.