Biometrics for Internet of Things (IoT)</a>
Posted by Rajashree Rao
Recently, Apple unveiled its iconic iPhone X calling it to be the future of the "Smart Phone" with its new feature called 'Face ID' to unlock the phone without a home button. Apparently, the Face ID uses the infrared system to scan users face, to unlock the new iPhone X which is quite concerning as the phone uses unimodal biometric authentication system.
The serious spoof I see here in having a unimodal authentication system is that, in today's day and age, the phone has become an integral part or the single 'thing or device' which acts to be a lifeline or backbone of one's life. The device shares and stores all the personal and confidential data or information related to that individual. In this digitized world, the modus operandi of performing either business related tasks or personal activities are all done through the phone or via mobile apps.
In such a scenario it becomes critical for the Industry to ensure that the device or thing is enabled with the multimodal biometric authentication system. Let me elaborate how and why it is imperative. If my banking app were to use the same authentication of facial id which is meant only for unlocking my phone screen, then it poses a huge risk of security threat which will lead to unauthorized access of my data & information leading to cybersecurity crimes.
To avert such dangerous loopholes in the system, I believe that the Industry needs to consider enabling Multimodal biometric authentication system. This authentication system will provide the user the complete control in authenticating independently for every individual thing or device or app which they interact frequently. If one device gives authentication to another thing, then there is a security breach. Again, here the industry will need to embed a simple computing mechanism which will enable the decision-making capability within an individual thing or at the device level. This will address the filtration of data right at the thing itself reducing the overwhelming volumes of data getting collected for analytics in the cloud.
The US Senator Al Franken has also written a letter to Tim Cook concerning the Face ID technology's eventual uses that may not be contemplated by its customers. They have requested Apple to share more information on Face ID and where and how it intends to store the faceprints of its users as well as to the law enforcement requests for that very data that are sure to come.
Similarly, Samsung's Galaxy Nexus in 2011 had this kind of technology first, although it was easily fooled by pictures of people's faces and had to call it off as it realized that this technology of unimodal biometric authentication posed a huge security concern which was sure to be misused or abused.
If you consider a manufacturing plant there are various industrial assets which will need to have exclusive access for its operator to operate it. In the event any third-party or another operator needs access, there will be an access management in place for authenticating the user ensuring hundred percent protection of the R&D, Blueprints, etc. related confidential information from the security breach.
As IoT proliferates, the market is expected to grow from USD 170.57 Billion in 2017 to USD 561.04 Billion by 2022 and the connected 'Things' to reach 20.4 billion by 2020. It also predicts IoT spending to increase to $2.5 million a minute, with 1 million new IoT devices being sold every hour by 2021. The significant growth in the number of connected devices opens up for risks in Data Security and Privacy. Hence comes the dire need for Multimodal Biometric Authentication System.
I strongly recommend of using the Multimodal biometric system to overcome the limitations of the Unimodal biometric system of authentication. The next important aspect is that an individual need to have independent authentication to the Edge Platform. This will allow the user to authenticate the data which needs to be made available in the cloud either for further analysis or use by the respective authorities in the Industry..
To summarize, it is crucial for the Industry to take a step-back and rethink coherently in unleashing the enormous potentials that vests within these emerging technologies which are capable of transforming the computing systems/techniques/infrastructures from the Macrocosm existence to Microcosm and creating an environment of foolproof Security & Privacy in maintaining the confidentiality of individual's data and access to information.