With growing cyber-crime activities, protection of confidential information has become a herculean task. Traditional methods of implementing security for sensitive data such as passwords and keys are not at all effective. Hence the need for ironclad security is paramount.
New technology solutions are gradually being implemented to combat cyber crime threats. Bio-metrics is one such technology that uses pertinent means to identify and authenticate individuals in a reliable way. This technology uses biological characteristics such as fingerprints, face, Iris and voice recognition to authenticate access to electronic devices. The reference model is first stored in the database. Person’s bio-metric data is then compared with the stored data to unlock the device.
Current Bio-metric authentication system also has some pitfalls. The current system makes two types of errors: False Accept Rate (FAR) and False Reject Rate (FRR). FAR error occurs when the device accepts an unauthorized person and when a genuine person is rejected, it is known as FRR. These errors make bio-metric system vulnerable to spoofing attacks.
In an attempt to resolve this issue, Google has introduced two new metrics in addition to FRR and FAR. These are Spoof Accept Rate (SAR) and Impostor Accept Rate (IAR).
Impostor Accept Rate (IAR): It refers to the probability of bio-metric model accepting input from a fake user who mimics the genuine user’s bio-metrics. For instance trying to sound or look like a target user to unlock the device is called Impostor attack.
Spoof Accept Rate (SAR): This refers to the probability that a bio-metric model accepts previously recorded, known good samples of voice. For example replaying a voice recorder or using face or fingerprint picture, mold, or mask of a genuine user to bypass the sensor and unlock the device. Such attacks are called Spoof Attacks.
SAR/IAR metrics is used to categorize the new bio-metric authentication mechanism as Strong or Weak.
Strong Unlock: For the bio-metric Unlock to be considered as strong SAR/IAR metrics should be lower than or equal to 7%.
Weak Unlock: If SAR/IAR is greater than 7%, it is considered weak bio-metric authentication.
While both Strong and Weak bio-metrics can unlock a device. However, Android P will enforce strict authentication policies on users if the bio-metric falls under weak bio-metric. The policies are:
Bio-metrics if designed securely, measured accurately and implemented to preserve privacy adequately has the potential to simplify and strengthen the authentication process.
Getting implemented in Android P, Bio-metric Prompt API aims to integrate Bio-metric authentication into the apps present in the device. This is implemented to provide a safe platform to assure consistent level of security across all devices.
Hits: 76
Subscribe to our newsletter today to receive updates on the Latest News and Threats.
Want to stay informed about the latest threats & malware? Sign up for our newsletter & learn how to get rid of all types of threats from your computer.