In the previous article "User creden" in the cissp development path series specially planned by 51cto Security channel, j0ker introduces the second authentication factor used for user verification-the credential held by the user. The creden held by the user can add a level of security protection on the basis of the most basic user password verification. However, the creden held by the user will increase the security solution procurement cost, in addition, creden。 are also at risk of being stolen, lost, copied, or abused. Therefore, in many scenarios that require higher security levels, more secure access control measures are often required, this is the third factor that j0ker will introduce in this article-what you are ).
In the previous article "User creden" in the cissp development path series specially planned by 51cto Security channel, j0ker introduces the second authentication factor used for user verification-the credential held by the user. The creden held by the user can add a level of security protection on the basis of the most basic user password verification. However, the creden held by the user will increase the security solution procurement cost, in addition, creden。 are also at risk of being stolen, lost, copied, or abused. Therefore, in many scenarios that require higher security levels, more secure access control measures are often required, this is the third factor that j0ker will introduce in this article-what you are ).
Because each person's features are unique in the biological aspect, biological features can be used as a means for user identity verification, and devices that provide biometric feature verification functions, biometric device ). Because every user's biometric features cannot be counterfeited, although the procurement and use costs of biometric feature recognition equipment are very high, the security it provides remains irreplaceable. The user biometric feature verification process is an automated process. Based on different verification objects, biometric feature verification methods can also be divided into physical and behavioral features:
Physical Features: a method that verifies a user's identity through the unique physical features of the user, including fingerprint, Iris, pupil, and palm.
Behavior Features: a method that verifies a user's identity through the unique features of user behavior, including voiceprint and signature.
Users' physical features will not change with the passage of time, for example, Human fingerprints will not change throughout the life; the user's behavior feature selection standard is controllable behavior and is less affected by the user's psychological status, but it may still change with the passage of time. Therefore, you need to upgrade the user verification database frequently. The biometric verification methods based on users' physical characteristics and behavioral characteristics have their own advantages and disadvantages. The former can provide better security, but the cost of procurement and maintenance is higher, which has a greater impact on users; the latter is the opposite. Of course, both types of biometric feature verification methods provide high security and can be used together with verification methods such as passwords and smart cards to provide better security.
If enterprises want to purchase and deploy biometric verification devices to enhance the security of access control, how should they evaluate the advantages and disadvantages of biometric verification devices? There are three common evaluation indicators in the Information Security Industry: accuracy, processing speed, and user acceptability)
Precision: accuracy is the most critical evaluation indicator for biometric feature verification equipment. biometric feature verification equipment must accurately identify whether a user's identity is true or not, otherwise the device has no meaning. Error rejection rate (the probability of false rejection of Valid users, FRR), error acceptance rate (the probability of incorrect acceptance of illegal users, far), and cross error rate (Cross result of error rejection rate and error acceptance rate, CER) is used to measure the precision of biometric feature verification equipment. For the relationship between the three, see Figure 1. The error acceptance rate is generally considered to be the main indicator to measure the probability of a device error in biometric feature verification, while the cross error rate is the main indicator to measure the accuracy of the device. The more sensitive the device, the higher the error rejection rate. The more insensitive the device, the higher the error acceptance rate.
Figure 1: Error rejection rate, error acceptance rate, and Cross Error Rate
The Conversion Relationship Between the cross error rate, the error acceptance rate, and the error rejection rate is as follows: the cross error rate of 1% is equivalent to the total error rate of 2%, that is, the error acceptance rate of 1% plus the error rejection rate of 1%. Therefore, we can easily find out from this conversion relationship what devices have the lowest error rate or the best settings.
Processing speed: the processing speed represents the data processing capability of the biometric verification device, and the amount of time within which the user performs verification acceptance or rejection. The faster the processing speed, the more users that can be verified per unit time, the higher the procurement cost. It is generally believed that the entire process from collecting user biometric features to displaying identity verification results to users takes 5 to 10 seconds, which is acceptable to users.
User Acceptance level: user acceptance level is also an important indicator for measuring biometric feature verification devices, because users are the end users of biometric feature verification devices. Therefore, the user's acceptance and willingness to use of the specified biometric feature recognition technology determines the effectiveness of this biometric feature verification device. To determine the user acceptance level of biometric verification equipment, based on j0ker's experience, enterprises can take the following steps to first let users know the information assets and their importance that need to be protected using biometric verification methods, secondly, let users know that the biometric verification devices that the company wants to deploy do not pose health hazards to users. Finally, enterprises should also let users know that the biometric verification devices they use do not collect personal and health information of users.
Finally, let's take a look at the common biometric feature verification devices on the market:
Name Data Collection, user input, processing time, Accuracy
Fingerprint Recognition: 5%-bytes. You need to leave a fingerprint at the specified position. The number of reducers can reach in 5 to 7 seconds.
Palm recognition 9-byte users need to put the palm on the developed platform 3 to 5 seconds CER up to 2.2%
Voice mode recognition: 1000-10000 bytes. The user reads a paragraph from the microphone, 10 to 14 seconds. the CER is 10%.
Iris Recognition 96-byte users need to align their eyes with a camera 4 to 7 seconds CER up to 1.5%
Pupil recognition 256 bytes users need to align their eyes with an LCD screen 2 to 4 seconds CER up to 0.5%
Signature Dynamic Identification 1500 byte user signature on the specified platform 5 to 10 seconds in the test