Biometrics are a growing technology that will most likely be seen applied to network security in the near future. Three options are discussed in this paper; keystroke dynamics, fingerprinting, and iris scanning. Each option has its strengths and weaknesses but none of them are a standalone solution to access a network. Should any of these solutions be applied they would need to be combined with password or token security measures that are currently in place. Keywords: biometrics, keystroke dynamics, fingerprint, iris scan
Biometrics and Information Technology
This paper will discuss current and future biometrics capabilities and how those capabilities may be applied to information technology (IT) security, most importantly how the U.S. military can incorporate biometrics into its network security framework. Almost all major corporations as well as the U.S. government are looking to, or have already incorporated biometrics into their layered IT security. Biometrics, coupled with passwords and tokens can significantly increase network security, however, biometrics alone at their current capabilities are more susceptible to security breaches than passwords alone. Background
CNN recently reported that there are over 60,000 cyber-attacks occurring every day on military networks and effective security measures are continually being sought to protect information from those that could use it to do the nation harm. In the past 8 years the military has incrementally increased user level security measures to protect this vital information. In 2003 a military computer user could simply log on to the network using a relatively short password associated with their user name. As security concerns began to increase those password length and symbol requirements became more stringent. Now the military exclusively utilizes a token system to access military networks in the form of a common access card (CAC) with smart chip technology paired with a personal identification number (PIN). Only eight years ago military network users were required to read and sign a hard copy computer user agreement to gain access to the network. Presently users are required to undergo annual computer user training as well as sign an annual computer user agreement, and every time a user logs on, they are required to accept the governments’ computer usage policy. The U.S. Army has been using biometrics in the operational environment for at least the past 10 years to track insurgents in Iraq and Afghanistan, but they have yet to implement these biometric tools to increase network security at the user level, however, the Army is currently looking to field portable electronic devices to Soldiers deployed to increase the portability and ease of use of these biometric applications (Horn, 2011). Because of this increased interest in the use of Biometrics, it will probably be only a matter of time before biometric tools are implemented for user level network security access. Some of the possible solutions that are being developed utilizing biometrics are keystroke dynamics, fingerprinting, and iris or retinal scanning to further strengthen passwords and tokens. Keystroke Dynamics
The normal thoughts on computer security are you can authenticate with something you know (passwords), something you have (tokens), or something you are (biometrics), but this section will discuss the possibility of authentication by how you enter the password or token. This “how” is key stroke dynamics. The theory of key stroke dynamics is founded on the assumption that a person’s typing behavior is a direct result of physical characteristics that are unique to a particular individual and thus can be used for authentication. This uniqueness is not unlike the more well-known biometric applications of fingerprinting, voice recognition or the iris scan (Douhou, 2009).
The concept of keystroke dynamics in not a new idea, in World...