Dr. Aly, O.
Computer Science
Introduction
The purpose of this discussion is to discuss and analyze the biometric access control to secure a highly sensitive area of the organization operating environment. The discussion begins with a brief overview of the Access Control, followed by Biometric Technology, and the Implementation of Biometric System.
Access Control
The Access Control technique whether for the physical asset or logical assets such as sensitive data is to limit and control the access to the authorized users only to access network, system or device. The Access Control technique involves access type to the network, system or device. The Access Control is provided to those authorized users through physical and logical controls. The physical access is to limit access to the physical components such as network, system, or device. Locks are the most popular physical Access Control technique to prevent access to the data centers including the network devices such as routers, switches and wires, and systems. Other physical Access Control techniques include guards and biometrics, which should be considered as part of the security measures, based on the assets values, and the need to protect such assets. The logical Access Control, on the other hand, limits and control the access of the authorized users using software or hardware components. Examples of the logical Access Control include authentication and encryption. The implementation of the physical and logical Access Control requires a good comprehension of the requirements, the administration methods of the Access Control, and the assets which will be protected. Protecting a physical data center is different protecting the data stored in the data center (Abernathy & McMillan, 2016).
Biometric Technology
Biometric technology is physiological or behavioral characteristics. The physiological characteristics include any unique physical attribute of the user, including iris, retina, and fingerprints. The behavioral characteristics measure the actions of the user in a situation, including voice patterns, and data entry characteristics. Biometric technologies as security measures started to be embedded into the operating system such as Apple’s Touch ID technology. Understanding both physiological and behavioral characteristics must have a priority to ensure the adoption of these technologies for more secure access control.
The physiological characteristics of the Biometric technology employ a biometric scanning device to measure certain information about a physiological characteristic. The physiological biometric systems include fingerprint, finger scan, hand geometry, hand topography, palm or hand scans, facial scans, retina scans, iris scans, and vascular scans.
The behavioral characteristics of the Biometric technology employ a biometric scanning device to measure the action of the person. The biometric behavior system includes signature dynamics, keystroke dynamics, and voice pattern or print.
The security professional must have a good understanding of the following biometric related technology so that they would not struggle during the implementation of such a technology. These terms include enrollment time, feature extraction, accuracy, throughput rate, acceptability, false rejection rate (FRR), false acceptance rate (FAR), crossover error rate (CER). Table 1 summarizes each of these terms with a brief description.
Table 1. Biometric Technology Related Terms.
When using Biometric technology, security professionals often refer to a Zephyr Chart which illustrates the comparative strengths and weaknesses of the biometric system. However, other methods should also be considered to measure the effectiveness of each biometric system, and its level of user acceptance. Table 2 summarizes popular biometric methods. The first popular biometric methods ranked by the effectiveness of the most effective method first. The second popular methods ranked by user acceptance. As shown in the table, an iris scan is on the top list as an effective method, while voice pattern is at the top of user acceptance method.
Table 2. Summary of the Popular Biometric Methods.
Implementation of Biometric System
In accordance to (CSA, 2011), security control must be strategically positioned and conform to acceptable quality standards consistent with prevalent norms and best practices. Thus, entry points must be secured using Access Control system such as proximity cards/biometric access. When dealing with Cloud environment, the traditional authentication method for user username and password should not be sufficient. Organizations and Cloud users must employ strong authentication techniques such as smartcard/PKI, Biometrics, RSA token, and so forth (Sukhai, 2004). The implementation of Biometric technology provides a more secure layer to access either the physical location where systems, network, and devices are located or to the data which stored in these data centers. With respect to the user, the user can view it as a convenient method as these biometric methods are part of the bodies which can last as long as the user is authorized to access these facilities and these data. Since the iris scan seems to be the most effective biometric method, the researcher will employ such a method during the implementation of the Biometric technology. The iris scan method scans the colored portion of the eye, including all rifts, coronas, and furrows. It has a higher accuracy than any other biometric scan.
In summary, this discussion discussed and analyzed Biometric Access Control which can be implemented to secure a highly sensitive area of the organization. The discussion analyzed the Access Control techniques, Biometric Methods, and the Implementation of Biometric Method. The analysis indicates that iris scan is the most effective methods, while voice pattern is ranked at the top of the user acceptance.
References
Abernathy, R., & McMillan, T. (2016). CISSP Cert Guide: Pearson IT Certification.
CSA. (2011). Security guidance for critical areas of focus in cloud computing v2. 1. Cloud Security Alliance, v3.0, 1-76.
Sukhai, N. B. (2004). Access control & biometrics. Paper presented at the Proceedings of the 1st annual conference on Information security curriculum development.
Think and Knowledge Tank 