You stink! And so do I!
I am a big proponent of biometrics. If you’ve been reading this blog for any length of time you probably already know that. Today I’d like to look at two developments in biometric authentication.
First, Gizmodo reported recently on what seems to be a new method of authentication: BO. It appears that body odor is unique to each individual. I suppose that makes sense, but I haven’t actually done any testing, myself. The article discusses using scent sensors to aid in identifying passengers in an airport security environment. That is probably a good use of the technology.
If the sensors could be made affordably enough, it could be good to use them to authenticate computer users. One could sit down at a computer and have immediate access. Of course this begs the question of how defeatable this is. Could I use your old gym clothes to impersonate you? And what about false rejection: might deodorant actually mask the odors well enough that a computer couldn’t sniff them? All this remains to be seen, but I think the idea may indeed be quite good.
Another technology that appears to be gaining steam is palm vein recognition. I’ve talked about this before in Learning Tree Course 468, System and Network Security Introduction. The palms of our hands all have veins. The pattern of those veins in the hand is unique. A device can shine an infrared (IR) light on those veins and a camera can take an image. That image can then be compared with a stored pattern (which would be encoded) to find a match.
One distinct advantage to the palm vein scanner is that it doesn’t require contact. That is, the palm is not placed directly on the scanner, but above it. That means that diseases aren’t spread by the scanner (which is why they are marketed to hospitals) and there is no residue left to contaminate the next user. I will leave it as an exercise for the reader to imagine where fingers that go in fingerprint scanners might have been placed before they were placed on the scanner.
Another advantage is that no image is left on the scanner. The finger oils left on the surface of a fingerprint scanner can be used to either authenticate the next user (I’ve seen this in standalone scanners) or they can be copied so an attacker can use them later.
The retail use of the palm vein scanner is new. It would be sanitary and probably easier than cameras to implement. I’m looking forward to seeing where this leads. If you have any interesting stories of the successes or failures of biometrics, please share them in the comments below.