Biometric Applications for Information Security

Introduction

In recent times, the use of computer towards accessing information has increased and this has made our lives simplified in different ways, whereby easing people around the globe to communicate and share information. Due to this growing computer technology, the need for an improved network service which involves public accessing these devices is to be put in place. Generally, this advancement in knowledge towards the use of modernised technology has lead to the investigating and unveiling of new threats to computer system security which affects the today’s organisations.

From my research carried out it has been noticed that most organisations are in search of better means of improving their information security system, and also a cost effective means towards safeguards against fraud and impersonation. As we all know that data protection is a valuable resource which must be kept strictly, controlled and managed properly in an organisation. In the nutshell, the term security basically referred to as the protection and guidance of a system from unauthorised access, be it intentional or accidentally, irrespective of the service provided by the database management system. This work will generally involve the use of keystroke dynamics as a means of establishing a unique identity, which will be used as an additional measure towards enhancing information/data security in an organisation (e.g. Banks, Institutions, legislative departments, finance houses, production firms etc). This unique identity will help present a safeguard towards authenticating the access to computers by recognizing an individual based on his stored features i.e. mouse movement, keyboard application, typing rhythm etc.

The protection of an information database system at all level in an organisational system, has over the years become an essential concern, this is as a result of different type of threats and unauthorised advances made by malicious individuals. Many organisations, over the years gone ahead towards the development and adoption of a stronger web-based services of computer controls, because from my research I gathered that information and transaction worth fortunes are been dealt with on a daily basis and the organisation has to ensure its protection by all means. Because any breach of security will lead to fatal destruction of the system. During my report it was noticed that in most organisational application, the access to information database system where usually restricted through the use of a login ID/password protection scheme. This has been in place for years and if by any means this scheme is breached, and then the organisations information is generally exposed towards any possible fraudulent misuse. During my research work I gathered that, hardware based security managed systems has a positive impact towards the reduction of unauthorised access by imposter. According to “David Zhang and Anil Jain” 2006, in their book “Advance biometric” it stated that acceptance rate is still study dependent and the results indicate that the false acceptance ratio (FAR) is still on the order of 5%, beyond the acceptable risk level of many organizations, considering the costs in terms of hardware and training time. In the nutshell it will be said that security and database plays an important role in all areas where computers are used, including business, electronic commerce, engineering, medicine, law, library science and many lot of more fields.

I would like to give a brief definition of what database is all about and its surrounding topics on which we will deal with as we proceed on the project work. Generally, database can be said to be a cart where information are stored, updated and retrieved, it is a very important part of everyday life, and has to be secured from utterances. The term Biometric said to be gotten from the combination of the Greek words ‘Bios’, which means life, and ‘Metrikos ‘which is said to be measuring. This technology is said to be the ability to identify an individual based on their unique characteristic, which can either be physiologically (passive) or behavioural (active) characteristic mode of identification.

Over the years it has been notice that one of the most secured and effective means of authenticating and identifying an individual involves the verification of their personal unique characteristic. This is sometimes usually done in conjunction with a PIN or token (known as multi-factor authentication) also by users name and password. One of the proper ways of managing biometric secured information database includes its registration, storage, and verification which is known as “Biometric Identity Management”. However, from research Information security is known to be one of the fastest growing areas in the IT world, and its efficiency is to be assured by minimising exposure to external and internal attacker. “Enhancing information security using keystroke dynamics (Behavioural Biometrics) as an additional measure in organisations” as my research topic was brought to light. This research report is basically aimed at reviewing information database security system and the use of keystroke biometric towards security enhancement, where by reviewing the effective implementation, design and management of information system in organisation, and protecting it from intruder. Also it will clearly highlight on the pros and cons of traditional means compared to biometrics means of application. I will strictly focus on keystroke biometrics, which is a human behavioural biometric whereby need for any form of physiological attribute, is not needed. This study (Information security and biometric application) will be place into the following stages: (Nanavati. S, (2002), Von Solms S.H (2000))

• Identification and authentication – An individual been identified and authenticated;
• Authorisation – Being authorised to use certain resources;
• Confidentiality – Ensuring confidential information i.e. data or software, stays confidential and accessible only to authorised individuals;
• Integrity – Making sure only authorised individuals can change the content of data or software;
• Non-denial – Ensuring that an individual cannot deny the authorisation of a transaction (e.g. in Banks), like changing the content of data.

The deployment of Biometrics and the above stages will require a solid understanding of the technology and why it is been deployed, its mode of function, performance and accuracy will be looked into and analysed. Also the choice of which biometric application to use depends highly on the intended application of the system, here are some of the biometric applications in existence today: finger print; face recognition, hand geometry and iris recognition etc. Some of these biometric features are applied in areas like, time and attendance systems, voter’s registration, immigration and border control, access control, computer security, and financial firms. This project research work will involve a practical part of the application and to achieve the aims successfully, the following objective will be put into consideration.

Objectives:

• Presenting details of biometric applications for information security purposes.
• Comprehensive review on information security threat, breaches, awareness solutions and discussing case studies on its effect on organisational system.
• Building / implementing a keystroke access database application.
• Critically analyse and evaluate the impact of the design keystroke enable database(Pros and Cons)
  • To conclude on findings and recommendation for future developments of information security system.

Why the Study and Goals

The scope of this study is to present, review and analyse problems which are been faced in organisations information security, where by been able to create and suggest a means of securing sensitive information from external sources and mostly internal sources. In recent times from information gathered it has been found that most security breaches /threat in organisations have been linked to internal sources. Here I will recommend a keystroke biometric application in organisations which are known to have a friendly environment between member of staff and the easy of sharing personal details, are on the high side. Generally I am not saying there are no securities measures in organisations to curb these intrusions, but as earlier mentioned most of these leakages are carried out by internal sources. But most organisations make use of traditional login process (user names and password, chip and pin). Alternatives to password-based authentication, keystroke biometric can either be used as an additional measure or replace the traditional method, this can help identify intruded and access are denied. A special focus will be on keystroke dynamics, in which firstly, the goal is to verbalize requirements which these alternative authentication schemes need to satisfy. After reviewing the alternative methods from a security and usability point of view, the result should be to answer the question whether the presented schemes is capable of being alternatives to password-based authentication mechanisms or not.

Related Studies

In the past and at present a lot of studies and researches is been carried out, in regards to users identification, verification and authentication, with their respective ways of securing information system. Keystroke dynamics was first introduced in the early 1980s as a method for identifying the individuality of a given sequence of characters entered through a traditional computer keyboard (R. Gaines, W. Lisowski, S. ). Keystroke dynamics originated from studies of the typing patterns exhibited by users when entering text into a computer using a standard keyboard. Researches in this field focused on the keystroke pattern in terms of keystroke duration and keystroke latencies. Evidence from preliminary studies indicated that typing patterns were sufficiently unique and easily distinguishable from one another, much like a person’s written signature (R. Gaines, W. Lisowski, S., R. Joyce and G. Gupta ).Here are some studies which have been carried out towards information security such as that conducted by “Arwa Al-Hussain (2008)”, “Biometric-based Authentication Security”, “Saleh Bleha”, “Charles Slivinsky”, and “Bassam Hussein”: “Computer-access security systems using keystroke dynamics”, “R. Joyce and G. Gupta”: User authorization based on keystroke latencies. And also “Revett, K. and Khan, A”, 2005, carried out a research on Enhancing login security using keystroke hardening and keyboard griddling. But In my research work I will look into all aspect of biometric applications in regards to keystroke dynamic application and it suitability towards detecting intruders trying to gain access into a database information system.

Problem Statement

In this research which is to attempt the implementation of keystroke biometric and mouse application as a security measures towards preventing the gaining of access to sensitive data from unauthorised individual in organisation, also to prevent password sharing and identity theft from within and outside the organisation.

To be able to achieve this, I will be looking into the different types of biometrics and the added advantage presented by keystroke biometrics in relation to cost and easy of application.

Finally I will not neglect the difficulties that may be encountered towards the successful achievement and completion of this research, also all necessary steps will be taken to have a conclusive project work.

Outline of Dissertation Topics and Organisation

The other part of this paper work is organised and subdivided in the following pattern.

Chapter 2 will focus more on the in-depth of Biometrics application, the benefits of biometrics compared to traditional authentication methods, advantages and disadvantages of the different identification mechanism ,it challenges and effect on today’s society and finally the different types of biometrics.

Chapter 3 will concentrate on the information security issues, social engineering and security solutions presented by biometrics enhanced system.

In Chapter 4 an in-depth analysis of the keystroke biometrics will be look into and its application towards information security.

Chapter 5 will concentrate mainly on implementation of keystroke biometrics, a demonstration of its design application and functions, towards security enhancement and also user acceptability survey on the application mode will be analysed.

Finally in chapter 6 I will conclude on findings and recommendation for future developments of information security system.