People are beginning to interact with biometric technology more and more. From fingerprint scanners on smartphones to hand scanners at the gym, biometrics are becoming synonymous with security. But is this technology a solution to the security concerns confronting IoT? When everything is connected on an internet network, is a biometric scanner a practical answer to the tough question of privacy and security?
Biometric security is a method of user verification based on the biological aspects of the authorized user(s). More simply put, you can use parts of your body as a key. This is done with devices which measure and analyze your physical and/or behavioral characteristics. As a viewer of television and movies, you are most likely familiar with the physical readings. These include face structure, hand shape, retina (eyes), ear features, DNA, and of course, fingerprints.
Biometric authentication that uses behavior is less common in pop culture and our daily lives. The most commonly depicted form of biometric behavior verification is 'voice recognition'. But typing patterns, the way you walk, and how you movel, can also be measured for security protocols.
Alternative vs. Sole Authentication
Because biometric technology is so young, it is often a form of alternative authentication. The most common example that people look to is the iPhone. You can use the fingerprint scanner or a numeric code to unlock the device. In fact, you do not have to use the fingerprint scanner at all. But some use the scanner not just for their phone, but also for the authentication process of their apps.
Carrying over this same trend in access verification, a fingerprint scanner could be placed on the hardware of the product as well as the applications used to interact with the device. This would be a convenient way to add layers of protection to your connected web of network integrated devices. There would be a single key for every IoT device you use.
Pushing this idea further, biometric authentication could move from an alternative to the sole form of user verification. It is only at this point that users would be relying completely on the security of the biometrics for their IoT devices. Other than that, they will be offered convenience in the way of a quick alternative to a code. But as the government is learning with smart meters, convenience often comes at the expense of security.
The largest issue with sole authentication has reared its head prominently in the security field. Installation of these devices has been the purview of the commercial locksmith industry since the inception of biometric authentication. One of the largest issues the field deals with are the recognition errors. The False Accept Rate (FAR) and False Reject Rate (FRR) pose a risk to the ease and or difficulty of access. But both these variables are linked. Your FAR goes up as your FRR goes down, and vice versa. So there will always be give and take with this form of security.
Changing Your Security
Due to the nature of IoT, most of the information you place on these devices will be on the internet. That means that you biometric imprints will be vulnerable. From criminals, this means access to everything secured with your biometric profile, if they can steal it. Even if these profiles are not gathered online, they are quite simple to get. Unlike a password, you cannot hide your biometric profile. It is in your photos, videos, and on most of what you touch.
Then there is the issue of taking action in the event of a security breach. Where before, a compromised account could have the password changed, there is is no easy way to change your fingerprints, eyes, face, voice, etc. Once this data is compromised, any use of future biometric security puts you at risk.
The Threat to Privacy
Another concern is the gathering of your information by the government. Personal information stored on the internet is routinely accessed by governmental entities. It is, therefore, reasonable to assume, that the use of your biometrics for IoT devices would eventually lead to your biometric profile being stored on a government server. Trusting the government is not even enough to discredit this risk, as internal and external forces are prevailing threats to this type of data.
It does not seem like biometric technology is currently the way to fill in the security gaps facing the IoT. It is not practical at this point to use one new technology to solve the issues of the other. However, there is promise in their growth side by side. If biometric readings continue to be an alternative means of security verification, then the IoT and biometric technology will be able to grow together and anticipate the needs of one another. As a security solution biometrics have a promising future but are unrealistic as of today.