Section 10.6. Conclusion


10.6. Conclusion

The assumption that biometrics is inherently a usable form of security is flawed. For the system to be secure, input must be controlled and the system must provide appropriate education, training, and lead-through to support the user in providing the required input.

On the surface, there appear to be many valid reasons to adopt biometricsfor example, to replace PINs at the ATM. From a high-level perspective, biometrics appears to be a viable alternative to other forms of security. Field trials and surveys have shown that both system performance and consumer acceptance of biometrics is both promising and improving.[43], [44], [45], [46]. Public exposure to biometrics is increasing; and the cost of biometrics devices is coming down. And yet, there has been no large-scale deployment of consumer biometrics in the ATM environment.

[43] DARPA, "Human ID at a Distance."

[44] Thalheim, Krissler, and Ziegler.

[45] Ibid.

[46] Tomorrow's Markets.

This may be because many issues still exist with respect to adopting biometrics at ATMs. Many of these problems relate to the environment of use and the diversity of the user baseproblems that are typically ignored by biometrics advocates.

Although biometrics technologies are still improving, inherent performance limitations remain and are extremely difficult to work around, except perhaps by combining multiple technologies or by providing for a bypass. In our work, we have found that certain participants simply cannot use certain systems, and we have been unable to identify the reasons for the failure. This situation would be unacceptable at an ATM if it prevented people from accessing their money.

In addition, the environmentboth meteorological and socialis not always conducive to easy biometrics use. Rapidly changing illumination levels, and hot, cold, wet, and dry weather conditions, can all affect usage. Imagine that you are trying to use an ATM on a cold, wet night, with a queue of people waiting behind you. You repeatedly try to give your biometrics but are rejected. This makes you anxious and on each failure you are less likely to be accepted as you get more anxious, feel more rushed, and are more distracted by the surrounding activity.

Our ability to predict consumer acceptance of new technologies and services requires that we acknowledge some of the inherent limitations of focus groups and surveys. Research clearly demonstrates that there is no substitute for "hands-on" user experience with functional, contextually apropos prototypes, to ensure that predicted behavior will be converted into real behavior. The earlier we engage consumers with prototypes of the intended system, the better. However, more research is required to enable the design of usable biometrics to ensure that the experience with the system is satisfactory.

Every biometrics device has its own set of usability issues, and more work is required to ensure that more users can correctly access the system, and that the system itself is more accessible. Further, biometrics technologies do not resolve the usability/security tradeoff, and must establish fault tolerance limits. Narrowly setting these limits maximizes security but decreases usability. Further research is required to understand the relationship between security and issues such as false rejects and failure to acquire.

Progress in the definition and resolution of usability in any proposed system will require a pluralist approach in methodology. Qualitative techniques are useful in identifying potential barriers to biometrics usage, and sophisticated technology is required to determine user positions and envelopes.

Biometrics usability, while essential to the success of biometrics implementations, is not the only factor that will affect user acceptance. The social issues surrounding biometrics are complex. While currently there may be a stigma attached to keeping records that include aspects of unique biological identifiers, this is not necessarily justified. If biometrics systems are properly regulated and not used for intrusive record-keeping of an individual's life, consumer groups should not be worried. However, it will be many years before biometrics is incorporated into the current authentication environment.

There is a common perception within the biometrics industry that some consumers will never adopt biometrics technologies, decrying them as intrusive. Other experts believe that consumers will resist adopting biometrics technologies only if these technologies prove to be susceptible to failure, time consuming, or otherwise inconvenient.

For this technology to be of real value to consumers, industry consensus must be reached before biometrics devices become ubiquitous. Biometrics devices will become more accurate and reliable as technology evolves, and more affordable as development costs are recouped and production techniques progress. In a financial service environment, it will be some time before biometrics technologies can be implemented on a large scale. Standards are required that allow greater interoperability between biometrics systems; and biometrics system accuracy depends on how many identifiable data points the system is able to map. A system that combines different sources of biometrics data is invariably more accurate and more reliable. Such a system will also be more expensive and more difficult to tune.

Today, it appears that biometrics is interesting and even appropriate for certain niche market applications, but it will be some time before biometrics is implemented en masse. There are many issues to resolve before it will be ready for applications with large, diverse, and untrained user populations.

Certain biometrics vendors (iris and fingerprint) are currently striving to achieve the goal of identifying individuals quickly, accurately, and reliably among a sample size of millions. But it appears that this objective is a long way from becoming commercially viable.



Security and Usability. Designing Secure Systems that People Can Use
Security and Usability: Designing Secure Systems That People Can Use
ISBN: 0596008279
EAN: 2147483647
Year: 2004
Pages: 295

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net