Last week, the Biometric Alliance Initiative (BAI), a European-funded project aiming at conjugating mass-market biometrics with bespoke certification processes, has just announced the availability of its new evaluation and certification benchmark. To anyone like me, who, at one time or another, got involved in biometric implementation deep enough to appreciate the Tower of Babel this actually is, the BAI is a stepping stone in easing up the process.
The benchmark, for biometric technologies used in biometric-based non-governmental solutions, aims to enable the evaluation and certification of biometric technologies in a consistent manner that encompasses all their various aspects while establishing a common approach for laboratories.
[From: Biometric Alliance Initiative Press Release- December 2015]
You can see why this is need. Biometric solutions, as most identification solutions you would say, were not initially engineered for the mass-market. They work brilliantly in closed-loop sovereign solutions where security is of utmost importance and where the convenience parameter can be considered as trivial.
The challenge with mass-market biometrics is not just a question of trade-offs between convenience and security, but also managing a range of issues from interoperability to environment. Not to mention the ageing factor, which could well be unkind to mass-market biometrics in the coming years, were the current roll-outs not sufficiently well designed. I thought it would be helpful to set out a few of the issues that might seem obvious but stand as challenges for mass-market biometrics.
Environment factors are complex. In contrast to most other verification methods, biometrics need to be split into a two-parameter equation: The biometric trait, and the biometric device. The biometric trait and the sensing device are both characterised by behaviours which are dependent on the environment. Some optical fingerprint sensors, for instance, which technically take a picture of the fingerprint, might give very poor results under direct sunlight. With that in mind, how about an access control for a building which does not work in spring and autumn, between 8h-9h and 16h-17h? And you having dry skin certainly does not help. That is just a simple picture. The underlying technologies of other sensors can make them prone to other settings like moisture or dirt, just as your biometric traits are. With that in mind, if you try to picture a small-scale solution consisting of varying technologies being translated by a multi-national company into all of its branches, I think you are currently grinning sarcastically.
Performance in terms of both transaction speed and precision (biometric error rates) are implementation dependent. The specifics of each use case might dictate bespoke operational ranges. The performance of a biometric match which is not only inherent to the biometric modality, but also to the form factor, might be perfectly acceptable for a use case (e.g payment) and fatal to another one (e.g transit). Try to think of hypothetical biometric gateways at London Waterloo tube station during peak hours, with some people not managing to go through due to false rejections, others taking ages to match and you’ll appreciate the need for some thorough testing and fine-tuning in that sense.
Interoperability builds mass markets, but biometric data formats, the way the biometric “image” is coded, are not always interoperable. With open ISO standards on one side of the spectrum, and an ever increasing panel of innovative offers in vendor-specific biometric and solution-specific encrypted biometric data formats on the other, the biometric market offer can be confusing. Incompatibility which might exist between different versions of the ISO standards makes things even worse. Rolling out a biometric solution without prior analysis of the supported formats might feel like inserting a video CD in a video tape recorder- there is certainly a film on the video CD, and the video CD can certainly be inserted (but not sure of getting it back though) into the VCR, but you wouldn’t be able to watch the movie.
Security, or rather insecurity in biometrics is not as straight-forward as it seems to be. The brilliance of Tsutomu Matsumoto or the Chaos Computer Club cannot be denied…but, because there is always a but, gelatine cannot fool all types of sensors, nor can they be a threat in all use-cases. Fake fingerprints certainly did work for Sean Connery in “Diamonds are Forever” to get past Tiffany Case’s fingerprint scanner back in 1971, but I highly doubt a particular set of materials would be sufficient to fool all sensors with all types of users ( I’m thinking of people like me with an abnormally high number of minutiae). Furthermore, security is not just the ease of fooling the sensor, it also invokes other factors linked to the authentication (multiple-factor solutions), the configuration chosen ( more restrictive, at the expense of security, or the opposite) or even the setting (assisted solution or automated).
Context is critical. Buying a cup of coffee and launching nuclear missiles are different contexts. The underlying technologies behind different biometric solutions are sensitive to different settings and to different requirements. And they are interdependent: some fancy solution exposed to an exotic environment could be more prone to security breaches, while being non-interoperable with other systems and slow.
The BAI framework takes up a new modus operandi in addressing these specifics. The expertise of well-established players in the field of testing and certification like Elitt and Paycert has helped implement the biometric factor into a feasible, transparent and repeatable testing and certification infrastructure. Other members, coming from varying perspectives, ranging from potential-end users to regulators, have largely contributed in giving their respective viewpoints on the feasibility and efficiency of each aspect of this framework hence giving an empiric tint to this framework.
Setting standards for any types of technology can be challenging. Setting the associated certification infrastructure is also challenging as it needs to be transparent, technically sound and of course repeatable – with consistent results when testing. For the payments industry, its major challenges will be technical compatibility – particularly the ability for the certification to adapt to use across all types of cards and payments devices – and security. Cardholder information is incredibly sensitive, and with high consequences for breaches, security will always be a high priority for users.
This approach aims at instilling high levels of trust not only amongst the wide spectrum of actors of the biometric market, but also amongst indirect players. The FIDO alliance, for instance, which delegates the verification method of the authenticator (which could be biometric) to open implementation, while focusing its post-verification protocols, can only be strengthened if the biometric factor has been properly tried, tested and deemed fit for the context. The whole chain of trust could hence be made stronger, right from the biometric device through the whole of the FIDO protocols.
Ensuring context-appropriate implementations is the key to sustainable biometric solutions, and this is what the Biometric Alliance Initiative — to which I have been contributing for the past two years — is all about. I expect this benchmark to lead to a much wider use of a much wider range of biometrics in the mass market in the coming year.