PASSWORD TO BIOMETRICS TO BEHAVIOMETRICS
In the movie “The 6th Day”, Adam Gibson played by Arnold Schwarzenegger, is deterred from entering a prohibited area when a scanner rejects his thumbprint. A security guard leans to him inquiring if he can help, Schwarzenegger grabs the guard at gunpoint and whispers, “Yeah, you can stick your thumb in that.” The guard complies, which enables Schwarzenegger to gain access. Spoofing is not easy, most biometric sellers strive to make spoofing difficult, but the truth is all single biometrics are spoof-able, and the movies we see reveal that. One thing Hollywood got right, though, is how spoof-able biometrics tend to be, whether it be by peeling body parts, taking pictures or videos, or by capturing a fingerprint with glue.
User identification and authentication is an important and essential requirement of staving off privacy leakage and ensuring that the security of the system is not breached. The most popular identification tools in devices are passwords or pin codes which do not provide adequate security and compels the user to memorise the passage code for each appliance. Corbato who invented the password in the 1960s four years ago blurted that the password has become a kind of a nightmare. Passwords have had their day considering the fact that we have had more than 707 million data breaches. Pin codes and passwords have well-known vulnerabilities.
What is needed today is a personal authentication method that does not rely on our memory. One recent alternative for the password in recent years has been biometrics such as fingerprints, face or even eyes. Fingerprint is the most widely used in recent years as it is cheap, fast and reliable. Both fingerprint and password suffer from being a single authentication method. Two factors should be a mandatory requirement. In smartphones recently, fingerprint and face detection has been introduced to increase the level of security and get rid of the bother of remembering cumbersome passwords. Biometric identification which includes facial, voice and fingerprint recognition are largely device-dependent and need expensive processing units.
A better approach under the circumstances would be to combine different physical, cognitive, physiological or behavioural attributes by evaluating them without any conscious input of the user. Behaviometrics is a recently emerging concept for identification, and it promises to provide a cost-effective alternative without jeopardising security. Behaviometrics gauges how we and our bodies individually act or operate, it reads traits that can be as revealing as fingerprints. It may measure our gait or striding or walking patterns, our keyboard typing cadences, our voices, our brain waves, and the heartbeats that render distinctive signatures to identify us singly. Just as anatomical biometrics are being applied for security, identification, and access control similarly, we can deploy behaviometrics for similar purposes.
As behaviometrics is a continual identification of behavioural peculiarities, it is non-intrusive and takes into account human characteristics like typing, walking, social interaction and communication in either online and offline setting. Thus biometrics is gradually evolving into behaviometrics. Behaviometrics is not about what one does; it’s about how one does what he does.
Behaviometrics being quantifiable behaviour can be used to recognise or ascertain the identity of an individual. Behaviometrics zeroes on behavioural habits rather than physical characteristics.” Everything we do on the phone, laptop or desktop reveals habits. These are comprised of a compilation of semi-behaviors, deduced by a variety of cognitive, physiological and mechanical characteristics, and are not liable to be spoofed or replicated by anyone. Behavioural biometrics recognises these contours by accumulating information, not on what the user is doing but rather how they are doing it.
Behaviometrics, virtually, peers at the way we type, the way we scroll, the way we toggle and the way we do several different things online without us. being aware of how we are doing them. For illustration, some individuals may scroll on the right side, trying the scroll bar on the right, whereas other people might use the arrows up and down, to navigate the screen. .
Likewise everyone has a way of using their device. The way we clasp the phone and the pressure we expend, whether we are fidgety or have a hand tremor, form part of our behaviour that is subconscious and inborn. As a consequence, this is not something that we can physically see or touch; therefore , behaviometrics is impossible to copy or steal.
Besides, some move the cursor rapidly across the screen in a zig-zag manner and then hover over a button. While some gently circle the cursor. And as unique as our signatures, everybody has a way of touching the screen, browsing it and closing it.
Behaviometrics continuously oversees the user during the entire working session to build a steady authentication process because a human behavioural habit comprises a diversity of many distinctive semi-behaviours; all mixed into a more broader and larger unique profile.
As every ,person, shapes his unique behaviometrics pattern not only by biometric attributes but also by social and psychological impacts, it is just about ridiculous to duplicate or simulate somebody else’s behaviour before the computer. Thereby, spoofing becomes impossible.
Behaviometrics technology generates a highly detailed and precise picture of the user by analysing an expanse of behavioural patterns, actively assessing the user’s distinct interaction signature with his device.
By continuously comparing several characteristics of the recent input characteristics with a formerly compiled user profile, behaviometrics can recognise abnormalities in the user’s behaviour within seconds and stop intrusions while they are taking place.
As technology evolves with continuous use over the years, it will only become more robust, secure, accurate and infallible with the ability to triangulate behaviour across connected appliances by reading up from a wide spectrum of interactions of a particular user with a variety of connected devices.
Hence, behaviometrics has found several applications. DARPA has evolved an “active authentication” technology that takes into account the private habits, cognitive methods, and rituals used by an individual while performing tasks which in combination can identify him. For instance, one such behaviometrics is the keystroke dynamics measuring the varied ways in which someone inputs or types the individual characters on a keyboard. Trivial discrepancies of inputting data through a keyboard such as the force with which an individual type characters, the sequence, and the manner in which he cuts and paste can serve as unique fingerprints to the world. An online education company called “Coursera” is also using keystroke recognition to confirm that the same student attends the course and takes the test before handing out a certificate.
TypeWATCH is a product put out into the market by Watchful Software that runs on the network in the background and continuously monitors the users typing inflexions or cadence based on which it recognises and blocks unauthorised access. Likewise, a Swedish company called Behaviometrics AB has created a tool that analyses how each cell phone user or a tablet user holds, wields and clasps his phone such as the slope/angle, his typing style or method, his habits of swiping or pinching the screen time duration of his pauses, pressure or vigour or exertion of fingers on the screen etc. Any deviation from the established cognitive gait sets off an alarm. Denmark’s largest bank Danske Bank has incorporated this technology. When the software perceives any deviance of behaviour pattern of the user ,it sets off an alarm bell and blocks access to the account. Banks reckon such devices could cut fraud rates by as much as 20 percent. New types of behaviometrics are originating all the time, Nymi wristband scans a person’s heartbeat using a voltmeter and uses its unusual electro-cardiac rhythm to unlock their smartphone, laptop, car or home. National Physical Laboratory in the UK has created a walking-gait recognition system that in combination with a CCTV system can recognise a person based on how he or she walks. An even simpler way of identifying someone would be through the accelerometer that comes equipped inside smartphones. Just analysing the twenty-four-hour data over a few days would be adequate to identify an individual.
Motorola, in partnership with MC10, has developed invisible wearable RFID tattoos that we can use for password authentication. Proteus Digital Health has created a pill that one can swallow which reacts with the acid in the stomach to turn a person into an authentication token by spawning out an 18 bit code.
Behaviometrics is also a valuable part of smart environments such as smart homes as user signals and interaction with the houses can be used to reconfigure intelligent home settings. Application of behaviometrics is not only limited to smart spaces, but it is also used as a useful tool for continuous authentication. Besides smart homes, applications of behaviometrics includes smart traffic systems and smart health.
Behaviometrics is not just a transition in the paradigm from biometrics which is one time and static to continuous authentication, but the actual power of behaviometrics is in its ability to learn and improve the accuracy by continuously studying patterns and everything in the background and using it regularly to enhance the security layer. The longer one uses the device, the stronger and more accurate is the security of any system.
The US Air Force is using behaviometrics as a new omnipresent surveillance technology to be used in law enforcement to scan suspicious behaviour. The system comprises a camera that tags facial movements biometrically to build a psychological profile of the individual under surveillance. With just one image, its sensor can build a three-dimensional model of a person’s face: the cornerstone of a unique “bio-signature” that can be employed to trace that person anywhere. With a few more frames, the equipment can capture that face’s unique facial muscle movements, and turn those motions into a “behaviometric” profile that’s even more precise. In plain language, the movements of the muscles in ones face will reveal one’s hidden intentions through the process of “behaviour analysis,” to one’s presence as a suspicious individual who may be committing to the act of thought crime, or planning an attack. This new technology is the next step up from DARPA’s infamous gait analysis program, which could identify terrorists by the way they walked. The technology can be used to keep tabs on “insurgent operations,” and also for “law enforcement, banking, private corporations, schools and universities, casinos, theme parks, retail, and hospitality,” to identify that “insurgent” walking through a shopping mall.
Behaviometric technologies bring with them a host of privacy issues, for example, we could easily identify an individual typing on his keyboard based on how he or she slams on the keyboard. This could prove significant for recognising the world’s most excellent hacker, but it can be bad news for an activist protesting against government policy in a police state.
Finally, just as behaviometrics establishes our identity and secures us from hacks and breaches, likewise we all have an inner soulmetrics or consciousness which we all can cultivate in our unique ways to establish contact and access inner bliss and peace while securely blocking all noise and turmoil of the outer world.
Source from: epaper/deccanchronicle/chennai/dt:25.11.2019
Dr.K. Jayanth Murali is an IPS Officer belonging to 1991 batch. He is borne on Tamil Nadu cadre. He lives with his family in Chennai, India. He is currently serving the Government of Tamil Nadu as Additional Director General of Police, Law and Order.
