Biometrics and airport security
2
7 October 2009 Biometric Technology Today FEATURE With airport security now a regular part of our travelling lives, a lot of attention is being paid to how we can make the processes and pro- cedures in this area more effective and efficient. A large part of this challenge centres on the abil- ity to accurately ID people, whether they happen to be passengers, airport staff, or anyone who needs to work on-site at the airport. As it happens, biometrics will only play a small – albeit important – part in achieving this overall objective. Additional security tools and a raft of operational procedures will also be essential in order to determine who should have access to certain areas and/or permis- sions. In reality, knowing whether someone has permission to be somewhere – or to do something – is much more important than who they actually are. Identification without biometrics To understand how biometrics can be used to determine these permissions, it’s useful to begin by looking at how we identify people without the use of biometrics. Let’s consider a secure entry system – whether it’s for airport staff or bank employees or for use at the post office – that is controlled by entering a PIN code onto a keypad. Using a PIN code in this way is actu- ally a very black-and-white process: if all the digits are entered correctly in the exact order required, then the PIN is accepted. There is not a ‘nearest-match’ paradigm with PIN, i.e. if the The drawbacks of using this kind of technol- ogy to provide authorised access to a secure area are clear; not only can PIN numbers can be forgotten, they can also be stolen. This is where biometrics can offer a com- pelling solution. Consider for a moment if access to a restricted area were controlled by the use of face recognition technology in place of a PIN. By using this technology, the image of a face can act as a very large and complex PIN – known a ‘template’ within the biometric industry – that can be entered and compared against the stored Facial PIN for that particular person. Unlike a conventional numeric PIN, it is not possible to forget your face, of course, and one could argue that it would be much harder to steal a Facial PIN than a conventional four-digit numeric one. The same rationale is equally true for other biometrics such as finger- print, iris, or palm, although the complexity of the ‘PIN’ – or template – will differ depending on the biometric being used. Enrolment process To see how such a system would work in an air- port setting, let’s return to our earlier example: the need for certain employees to gain access to a secure area within the airport. For biometric applications, the critical first step to set up such a system would be an enrolment process. (For the purposes of this article, I am assuming that the airport/airline has already performed checks on their employees to ensure that they are bona fide). For this example, we shall stay with facial recognition technology, but other biometrics will have similar enrolment processes. The enrolment process involves taking a cou- ple of photographs of the employee’s face. Yes, photographs; not facial ‘scanning’. We always recommend complying with relevant interna- tional standards wherever possible; for example, These photographs are then transformed into a template. Here is an example of how a small change in a process can have a large and positive benefit, because at this stage a quality control (QC) step is introduced. The QC step performs a quick verification of the employee by taking several photographs and comparing these against the template as well. Verification If the verification returns a very high match- score, then you know you have a good template representing the employee. If the verification returns a match-score below a pre-determined threshold, then additional photographs are taken, and the process loop is repeated until the match-score is above the threshold. The cost of doing this quality control step at this stage is a fraction of the cost of recalling an employee to do the enrolment again at a future date, if it was found in deployment that the template was less than optimal. Once the template is deemed acceptable, it can then be stored and linked to either the employee’s name or a unique identifier such as an employee’s reference number. This process continues until all of the employees who are cleared for access to the secure area(s) have been enrolled. This may all sound very simple, and yet - regardless of the biometric being used – an obvious security question remains: what hap- pens if one person matches someone else’s template? Verification matrix Well, thanks to the rigorous quality-control implemented earlier, the access control system now contains a complete set of employee tem- plates and photographs. Therefore a verification matrix can be used to cross-verify all of the employees’ photographs by all of the employ- ees’ templates. Any near-matches can then be displayed to the enrolment operator in order to address this issue, and to prevent dual enrol- ments (e.g. applying twice for an ID card, using two different names). For the purposes of this article, we are considering a system in which the employee’s template is stored on a smart card, rather than stored in a central database. That means that we now have two-factor authentication: some- thing the employee has (their smart card) and something they are (their face). The employee walks up to the secure-area entry point, inserts his or her smart card, and waits a moment while a couple of photographs are taken (to ISO specification, ideally). The verification process then compares the photographs against the template from the smart card. Some will argue, however, that two-factor authentication is not comprehensive enough for a high security setting. After all, Chip and PIN is a form of 2FA, and most people would want something a bit more secure than that when it comes to authorising access to a secure area. For this reason, an employee can also be asked to enter his or her unique PIN code, as well, in order to provide three-factor authentication (3FA). This added layer of security would need to verify something that the employee has, something that he knows, and something that he is. At this stage, if the face, smart card and PIN all deliver a positive match, then – and only then – will the door open. This use of three-factor authentica- tion also helps to address the issue of having two (or more) employees that look like each other. With this approach, the two employees who look similar enough to fool the system would also need to swap or steal smart cards, and also know each other’s PIN in order to gain access. Biometrics and airport security The use of biometric ID checks remains a divisive subject for many people, but could this technology help to make our airports more secure? John Elliot, prin- cipal consultant at independent consultancy firm Consult Hyperion reports.
-
Upload
john-elliott -
Category
Documents
-
view
213 -
download
0
Transcript of Biometrics and airport security
7October 2009 Biometric Technology Today
FEATURE
With airport security now a regular part of our travelling lives, a lot of attention is being paid to how we can make the processes and pro-cedures in this area more effective and efficient. A large part of this challenge centres on the abil-ity to accurately ID people, whether they happen to be passengers, airport staff, or anyone who needs to work on-site at the airport.
As it happens, biometrics will only play a small – albeit important – part in achieving this overall objective. Additional security tools and a raft of operational procedures will also be essential in order to determine who should have access to certain areas and/or permis-sions. In reality, knowing whether someone has permission to be somewhere – or to do something – is much more important than who they actually are.
Identification without biometricsTo understand how biometrics can be used to determine these permissions, it’s useful to begin by looking at how we identify people without the use of biometrics. Let’s consider a secure entry system – whether it’s for airport staff or bank employees or for use at the post office – that is controlled by entering a PIN code onto a keypad. Using a PIN code in this way is actu-ally a very black-and-white process: if all the digits are entered correctly in the exact order required, then the PIN is accepted. There is not a ‘nearest-match’ paradigm with PIN, i.e. if the
The drawbacks of using this kind of technol-ogy to provide authorised access to a secure area are clear; not only can PIN numbers can be forgotten, they can also be stolen.
This is where biometrics can offer a com-pelling solution. Consider for a moment if access to a restricted area were controlled by the use of face recognition technology in place of a PIN. By using this technology, the image of a face can act as a very large and complex PIN – known a ‘template’ within the biometric industry – that can be entered and compared against the stored Facial PIN for that particular person. Unlike a conventional numeric PIN, it is not possible to forget your face, of course, and one could argue that it would be much harder to steal a Facial PIN than a conventional
four-digit numeric one. The same rationale is equally true for other biometrics such as finger-print, iris, or palm, although the complexity of the ‘PIN’ – or template – will differ depending on the biometric being used.
Enrolment processTo see how such a system would work in an air-port setting, let’s return to our earlier example: the need for certain employees to gain access to a secure area within the airport. For biometric applications, the critical first step to set up such a system would be an enrolment process. (For the purposes of this article, I am assuming that the airport/airline has already performed checks on their employees to ensure that they are bona fide). For this example, we shall stay with facial recognition technology, but other biometrics will have similar enrolment processes.
The enrolment process involves taking a cou-ple of photographs of the employee’s face. Yes, photographs; not facial ‘scanning’. We always recommend complying with relevant interna-tional standards wherever possible; for example,
These photographs are then transformed into a template. Here is an example of how a small change in a process can have a large and positive benefit, because at this stage a quality control (QC) step is introduced. The QC step performs a quick verification of the employee by taking several photographs and comparing these against the template as well.
VerificationIf the verification returns a very high match-score, then you know you have a good template representing the employee. If the verification returns a match-score below a pre-determined threshold, then additional photographs are taken, and the process loop is repeated until the match-score is above the threshold. The cost of doing this quality control step at this stage is a fraction of the cost of recalling an employee to do the enrolment again at a future date, if it was found in deployment that the template was less than optimal.
Once the template is deemed acceptable, it can then be stored and linked to either the employee’s name or a unique identifier such as an employee’s reference number. This process continues until all
of the employees who are cleared for access to the secure area(s) have been enrolled.
This may all sound very simple, and yet - regardless of the biometric being used – an obvious security question remains: what hap-pens if one person matches someone else’s template?
Verification matrixWell, thanks to the rigorous quality-control implemented earlier, the access control system now contains a complete set of employee tem-plates and photographs. Therefore a verification matrix can be used to cross-verify all of the employees’ photographs by all of the employ-ees’ templates. Any near-matches can then be displayed to the enrolment operator in order to address this issue, and to prevent dual enrol-ments (e.g. applying twice for an ID card, using two different names).
For the purposes of this article, we are considering a system in which the employee’s template is stored on a smart card, rather than stored in a central database. That means that we now have two-factor authentication: some-thing the employee has (their smart card) and something they are (their face). The employee walks up to the secure-area entry point, inserts his or her smart card, and waits a moment while a couple of photographs are taken (to ISO specification, ideally). The verification process then compares the photographs against the template from the smart card.
Some will argue, however, that two-factor authentication is not comprehensive enough for a high security setting. After all, Chip and PIN is a form of 2FA, and most people would want something a bit more secure than that when it comes to authorising access to a secure area.
For this reason, an employee can also be asked to enter his or her unique PIN code, as well, in order to provide three-factor authentication (3FA). This added layer of security would need to verify something that the employee has, something that he knows, and something that he is. At this stage, if the face, smart card and PIN all deliver a positive match, then – and only then – will the door open. This use of three-factor authentica-tion also helps to address the issue of having two (or more) employees that look like each other. With this approach, the two employees who look similar enough to fool the system would also need to swap or steal smart cards, and also know each other’s PIN in order to gain access.
Biometrics and airport securityThe use of biometric ID checks remains a divisive subject for many people, but could this technology help to make our airports more secure? John Elliot, prin-cipal consultant at independent consultancy firm Consult Hyperion reports.
8Biometric Technology Today October 2009
SURVEY
Travel, borders and immigration
A number of citizen identification applications using biometric procedures are now operating worldwide. The growing success of these appli-cations acts as a benchmark for states consider-ing rolling out the technology.The roll call of applications is becoming more diverse. For example, the technology is now being used for:
ePassports, visas and Registered Traveller Programmes (RTPs);
as Italy, Sweden, China, Republic South Africa, Thailand, the UAE, Bahrain, Qatar and Spain;
and El Salvador; -
dence permits in Europe for non-EU citi-zens;
such as Bangladesh, Pakistan and South Africa;
-isations including the US Department of Defense and the US Army;
-structures, such as the US Transport Worker ID and the UK Critical Worker ID.
Going mainstreamThree biometric technologies have now become mainstream. These are face recogni-tion, which has been applied to areas such as ePassports, Schengen Visas, driving licences and residence permits; fingerprint recognition, which is used for ePassports, Schengen Visas, RTPs, asylum application procedures and national elections; and iris recognition, which can be seen in action in RTPs.
Another trend now emerging is the deploy-ment of big database systems using biometric data sets. These include the EURODAC asy-lum registration programme in Europe, which started in 2003 and records 10 fingerprints per person. In Africa, the HANIS national ID programme, which started in 2002, has 45 million data sets and also records 10 finger-prints per person. In the US, the US-VISIT, which records the face image and two finger-prints per person, now holds more than 100 million data sets. And in Bangladesh, its sys-tem contains fingerprint images of citizens and now holds around 100 million data sets.
In addition to these massive programmes, there are also around 100 countries with smaller database systems aimed at recording criminals which use Automatic Fingerprint Identification Systems (AFIS).
Biometric standardisationThe main work around biometric standardisa-tion is being carried out by the International Standardization Organization (ISO). Of partic-
on images and templates, such as face, finger-print and iris. One element of these activities is to define the data format. In addition to these global standardisation activities, some countries are also carrying out additional work on data quality. For example, in the US the Federal Bureau of Investigation (FBI) has developed its Electronic Fingerprint Transmission Standard (EFTS/F), while in Germany the Federal Office for Information Security (BSI) has defined its Technical Guideline TR3104.
Trends in biometrics technologiesThree trends are starting to emerge in the field of biometric technologies used in the public sector:a) A growing use of data capture in traditional
biometric technologies;b) Feasibility testing of new biometric
technologies;c) Combination of different biometric
technologies.
The US-VISIT scheme is a classic exam-
Immigration Office has switched from storing two fingerprints to 10. Likewise, the European Commission has expanded data capture from two
Biometric identification is the key for travel documents, border control and immigration management. This article, by Silicon Trust member Dr Detlef Houdeau, gives a silicon provider’s overview of the technology, current stand-ardisation work and applications. It also reflects on the big security and data protection issues in the market and examines new trends.
Business caseEven with all of this information, airport secu-rity managers will still want to know whether there a real business case for having this kind of system. Airports are, after all, just like any other business, and are therefore concerned with both operational efficiency and profitability. The answer is: it depends. Security managers would of course need to undertake a rigorous Risk Assessment programme before proceeding with any kind of new security system, and would also need to ask themselves the following:
access control system? -
ment require for biometric security, and who
can help to ensure that compliance in this area is achieved?
with vulnerable system components? If so, how can the attacker’s gain be reduced to make the cost of attack prohibitive?
-ership compared with other security systems?
-ance benefits, such as faster ID processing or greater accuracy?
industry-specific regulations, new rules, or changes to legislation?
Like any type of technology, biometric controls are only useful if they are able to provide a specific solution to a specific problem, such as the access
control example that we have used here. Although the technology to support this kind of system exists right now, the first step for airport security managers would be to seek out high-level special-ist advice in this area. Even so, security managers would still need to overcome any negative percep-tion of biometrics, manage change internally, and to understand the limitations of the technology. If they can achieve these goals, however, then they will be one step closer to maximising the benefits of a very powerful way of ensuring an accurate – and instant – way of identifying people, and ulti-mately making our airports more secure.
This feature was provided by John Elliott, principal
consultant at Consult Hyperion.
Contact: Tel: +44 1483 301793,
email:[email protected]; Web: www.chyp.com
