How effective is the Biometric Access Control System in Enterprise performance? (Mohan Ranga Rao Dontineni, Chakravarthy Garimella, Hitang Patel, Akshay Patel) Group-5 Course: Access Control Prof: Douglas Dune University of the Cumberlands Biometric Access Control System –Critical Analysis on Different types Abstract The latest enhancements and advancements happening in Information Technology are throwing a great challenge of security. Information security these days is identified as an integral of IT industry, and this is the growing concern for almost all the organizations. In dealing with this challenge, key role is played by access control and authentication. Within this context, this research paper presented a critical review on the Biometric means of Access Control System. Biometrics denotes to any parameters or metrics that are related to a human being’s characteristics which are unique for each and every individual. In the trending access control techniques, biometrics is recognized as a realistic and effective form of authentication. Biometric authentication is available in many types as this is built using different biological parameters. These parameters are used to conclude and authorize the authentication of an individual, during access control. This paper has focused on presenting various biometric systems, their applicability, and a critical comparison on the effectiveness in ensuring the secured access control. Table of Contents Chapter 1: Introduction ................................................................................................................................ 4 1.1 Rationale ............................................................................................................................................. 4 Chapter 2: Literature Review ........................................................................................................................ 4 2.1 Need for Access Control:..................................................................................................................... 5 2.2 Types of Access Control Systems: ....................................................................................................... 5 2.3 Biometric Access Control System........................................................................................................ 6 2.3.1 Significance .................................................................................................................................. 8 2.4 Key Industries implementing Biometrics ............................................................................................ 8 2.5 Types of Biometrics ............................................................................................................................. 9 2.5.1 Retina Scanner ........................................................................................................................... 10 2.5.4 DNA ............................................................................................................................................ 12 2.5.5 Facial biometrics ........................................................................................................................ 12 Chapter 3: Research Methodology ............................................................................................................. 13 Chapter 4: Brief Analysis & Comparison ..................................................................................................... 14 Chapter 5: Summary: .................................................................................................................................. 15 Chapter 1: Introduction With the enhanced and advancing technologies and internet, the major concern being raised is the security (Kartalopoulos, 2008). This is concern is been common starting from a personal computer till an organization or the military. For any company or any kind of business, network security is holding a significant role. Promising the employee efficiency, critical techniques of security ensure protection of business information (Adeyinka, 2008). 1.1 Rationale The current paper is investigating on the areas of Network Security, in specific with the Access Control Systems. Having an effective system of access control holds top priority in all the organizations irrespective of the field. This is to secure the data and the critical information within. Ensuring both virtual and physical accesses to be strong, the companies these days are focusing high-end data protection and security access control mechanisms. This research would investigate on the effectiveness of the Biometric type of access control systems, by analyzing various types of biometric systems in usage these days. Chapter 2: Literature Review The main purpose or intent of the Access Control is to provide secured access to an enterprise, network or any personal computer. The access will be as permitted by the owner or any authorized personnel (BhavyaDaya, 2006). The second purpose of these access control systems will be to restrict the access to critical areas or an organizations, databases or workstations etc. The system can provide, deny or offer a controlled access for the employees, as required. The main motto of the system is to protect the critical and sensitive information of the enterprise (Warfield, 2009). 2.1 Need for Access Control: Physical security stands at the top level when it comes to securing or controlling the access. However, seeking to the next level of security, the businesses and organizations have different other justifications to go for a tough access control system. In going to the basic level of definitions, an Access Control System is a perfectly designed electronic system, which has the ability to control the access by means of a network. The system is capable of recognizing the authorized personnel while entering through the network. In other case, the access control system denies the access to the people. When entering a highly important area of the Military, or any data warehouse of an organization, or any secured places in the industry, this access control system will validate and authorize the admission (Unar, et, al, 2014). On a whole, this system aims at ensuring the highest levels of security. 2.2 Types of Access Control Systems: Access control systems come in different categories in securing the networks and organizations. Among all various systems make use of networks for the purpose of communication. Taking a simple example of getting an access for the door, the access is controlled using many mechanisms (Shradha, et, al, 2015). Swipe Card RFID Tag Biometric system Door controllers and many others. Any of the above techniques can be used in providing access to the door. These are some of the types of access control system majorly being used these days. Based on the organization’s requirement, and as per the required levels of security at the premises/ data, the enterprise can select and fix the feasible system. These admission points can have an individual control or an at an organization level (Duarte, 2016). The two Main categories are the Biometric and Non-Biometric access control systems: Biometric and Non biometric: Non-biometric system will not admit any kind of biological variables as an input to gain the access to the destination. Few examples to non-biometric systems are RSA tokens, authentication using passwords etc. Whereas the system that accepts the biological variables or psychological parameters like fingerprints, iris, speech recognition etc., is the biometric type of access control system. This paper puts in detailed analysis on various types of Biometric access control systems and their effectiveness. 2.3 Biometric Access Control System Biometrics is automated methods of recognizing a person based on a physiological or behavioral characteristic (Bowyer, et, al, 2016). This kind of authentication is being identified as the most used techniques in access controlling. In the context of protecting and securing the advanced applications or the devices, this biometric authentication is the most used and trending technology these days. Extracted and identified from Greek Language, the term biometric is a combination of two Greek language bios and metron. These words when combined give the meaning of “life’s measurement”. The detailed description of these phrases clarifies as making use of physical features of body to identify that specific person/ individual (Aditi Roy et al., 2017). These features can be divided into two different types namely, static or physiological and the second is behavioral. These are briefed in the later sections of the paper. There are also key requirements/ constraints which are needed to be satisfied to become the biometric variables. These are given below: Universality: Each and every individual contains these features Measurability: The biometric feature should be obtained and processed by the system in an efficient manner. Permanence: The feature will not vary throughout the lifetime of an individual. Protected from circumvention: The system can be able to differentiate between the dummy features and the original one Generally, the biometric type of access control is done through two modes of operation Verification & Identification: During the process of verification, the user shall provide the data of his/her features i.e. the biometrics to the system. This is followed by analysis and the comparison of the features done by the system. The features given are verified with the template. The end user authentication or authorization will be successful only when the matching is done. In other case, the access will be denied (Jain, et, al., 2010). 2.3.1 Significance The increased levels of frauds and data thefts are raising concerns for data security. This is becoming highly apparent to incorporate a high end personal identification and authentication technologies everywhere. When compared with the current methods like, PIN or a password, Biometric authentication is ruling the globe as the best and secured technique of access control (Battaglia, et, al, 2014). The reason behind the increasing significance and application of Biometrics are: Biometric parameters are related only to one individual and are unique. Cannot be used or carried by any other person. The individual has no need to carry any specific items, and is highly convenient. Due to its high accuracy, it offers constructive authentication. Cost effective techniques These methods are also communally acceptable. Ability to provide and audit track for organizations. 2.4 Key Industries implementing Biometrics The solutions from biometric type of access control are highly capable of offering secured and confidential data transactions and also the intended privacy to the data (Alsaadi, 2015). The emerging technologies have made many fields and industries look forward in adapting the biometric authentication. Few are listed below: Biometrics & its Adaption Network security in organizations Local, State and Central Governments Government IDs Federal Bureau Military and defense services Banking industry/ electronic banking Financial and Investment organizations Social, & health industry Hospitality and Travel Law Enforcement Retail Sales Personal Machines Domain Access/Single sign on/ remote Access Web Security 2.5 Types of Biometrics Categorization of biometrics is done in two types. Physiological and behavioral biometrics, which internally include various types of human parameters to authenticate (Debnath, et, al, 2009) Figure 1 below depicts the biometrics types and the variables under each category. Figure 1: Types of Biometrics This paper analyzes the psychological types of biometrics and its effectiveness. 2.5.1 Retina Scanner This approach of biometrics uses the unique retina patterns of an individual in providing authority of access. Numerous neural cells are located in the thin tissue of the retina of a human being. The posterior portion of the eye consists of this retina as depicted below (Debnath, et, al, 2009) and (Kalyani, 2017). Figure 2: Retina Scanning The retina is distributed with blood by the capillaries and the composite shape of these capillaries makes this unique for every individual. Surprisingly, this will not be same even in the case two identical twins. This static and unique feature of retina makes this biometric the most precise as well the highly reliable one (Shradha, et, al, 2015). 2.5.1 Iris Combined with light infrared radiance, iris makes use of digital camera technology to generate the pictures of a specific replication from the convex cornea. This is presented in figure 3 below: Figure 3: IRIS The images captured are changed into digital templates, which provide mathematical illustrations of iris. This serves the most unique variable of any person (Battaglia, et, al, 2014). 2.5.3 Fingerprint Scanner The graphical crests present on the human palms, which look similar to glides are the fingerprints of a person. These ridge configurations on the human fingers remain for lifetime unless for the scenarios like burns or accidents. These prints are completely private, unique and form an efficient and smart type of biometric access. Figure 4: Fingerprints matching process This is also cost effective mechanism of access control where the fingerprint scanners are available for cheaper prices. This also comes with 3D photo, where the shape, scale and size of thumb are analyzed (Alsaadi, 2015). 2.5.4 DNA Figure 5 below shows the basic structure of DNA, which is unique for every human being. This is also a toughest biometric, however, this is used in legal verifications. 2.5.5 Facial biometrics This technique of biometrics access takes the measurements of the facial elements of human beings, which are unique for everyone. Figure 6: Facial Recognition Every person will have distinctly unique features of face which cannot be matched. Using this, the biometric access is authorized and this is a secured mechanism (Duarte, 2016). Chapter 3: Research Methodology This study has undergone a qualitative research and in specific this has implemented the Secondary Research Method to conduct the analysis and conclude the findings. Qualitative Research: This kind of research is primarily focused on getting an understanding on the subject chosen, here the access control mechanisms. This qualitative research offers key insights into various aspects of research topic and assists in developing critical inferences. Qualitative research also aid in revealing the latest trends and perceptions of the audiences and this in turn help in diving deeper into subject. Secondary Data Collection method: Under this method, the research will collect the existing data and information from reliable and consistent sources like, journals, research papers, articles, White papers and others. The collected information is analyzed to draw the final conclusion. Chapter 4: Brief Analysis & Comparison The study conducted on various types of psychological biometric access control mechanisms has depicted the critical information on all the techniques. The key points interpreted are below: Type of Biometric Uniqueness Performance Retina High High IRIS High High Fingerprint High High Facial High Medium The literature survey conducted and the analysis done from the works of various authors and researches have shown the effectiveness and reliability of all the types of biometric systems. After conducting a secondary survey through the existing literatures and paper works, the current research has drawn key insights into the access control systems, in specific with the bio-metric authentication. Technically, the system is capable of providing two major functions. These are verification and authentication. Hence, the bio-metric access control mechanisms should be strong enough to equip these two functionalities in parallel. Different strategies of bio-metrics are currently being generated which will be making use of advanced features of human beings. Many of these are facial thermogram, ear canal, walking style of a person, veins in one’s hands and many other possible features. All the future trends in this technology of access control can pose great challenge to the data theft and ensure high end security in access controlling. Chapter 5: Summary: Industries and companies globally are concerned towards the data security despite the technological advancements. The security mechanisms also pose a challenge to secure integrity and confidentiality of the data. Under these circumstances, one reliable solution is the Biometric access control mechanisms. A Biometric authentication offers critical compensation when compared with the conventional techniques of security. These are proved to be highly effective an efficient in ensuring the strict authorized access control and high security for the data wherever deployed. After conducting great researches and thorough analysis in this filed, the study can be concluded that these various approaches of bio metric authentications are highly consistent and reliable as well. Among all the available and varied options presented in this paper, the future is promising for iris, retina, and finger printing techniques. The authenticity and the performance of the access control mechanisms in the real time are highly significant. The systems of biometric access are highly capable of analyzing, comparing and detecting the original features of the individual when given for access mechanism. If the features or the variables given by the individual are dummy or not of the actual person, the systems throws an error of mismatch and the individual cannot be given access. With all these distinct advantages available with this type of biometric access controlling, the authenticity and the integrity of the data can always be protected. This is applicable for any personal machines or a series of computers on a network and for an entire organization, business or secured places with sensitive data. Acknowledgement: All the information or the data presented in this research paper are extracted from the existing materials and external sources. The paper has presented the genuine authors and their research paper information in the References section, in assuring the authenticity of their works. References: 1. Adeyinka, O., 2008. "Internet Attack Methods and Internet Security Technology," Modeling & Simulation, 2008. AICMS 08. Second Asia International Conference on, vol., no., pp.77‐82. 2. Aditi Roy et al., 2017. “MasterPrint: Exploring the Vulnerability of Partial Fingerprint-Based Authentication Systems.”, IEEE Transactions on Information Forensics and Security 12.9 (2017): 2013-2025. 3. Alsaadi IM 2015.Physiological biometric authentication systems, advantages disadvantages and future development: A review. Int J SciTechnol Res 12: 285-289. 4. Battaglia F, Iannizzotto G, Bello L 2014. A biometric authentication system based on face recognition and rfid tags. Mondo Digitale 49: 340-346. 5. BhavyaDaya, 2006. Network Security: History, Importance, and Future University of Florida Department of Electrical and Computer Engineering 6. Bowyer, Kevin W, Hollingsworth KP, Flynn PJ 2016.A survey of iris biometrics research: 2008-2010. Handbook of iris recognition. Springer, London 23-61. 7. Debnath Bhattacharyya, Rahul Ranjan, FarkhodAlisherov A., and Minkyu Choi.Biometric Authentication: A Review, InternationJourmnal of Service, Scienece and technology, Vol 2, No.3, Sep 2009 8. Duarte T 2016.Biometric access control systems: A review on technologies to improve their efficiency. Power Electronics and Motion Control Conference (PEMC). 9. Jain, Anil K., Jianjiang Feng, and Karthik Nandakumar, 2010. ”Fingerprint matching”, 2010. Computer 43.2 10. Kalyani CH 2017.Various Biometric Authentication Techniques: A Review. J BiomBiostat 8: 371. 11. Kartalopoulos, S. V., 2008. "Differentiating Data Security and Network Security," Communications, 2008. ICC '08. IEEE International Conference on, pp.1469‐1473 12. Shradha T, Chourasia NI, Chourasia VS 2015.A review of advancements in biometric systems. International Journal of Innovative Research in Advanced Engineering 2: 187-204. 13. Unar JA, Chaw Seng W, Abbasi A 2014.A review of biometric technology along with trends and prospects. Pattern recognition 47: 2673-2688 14. Warfield M., 2009. “Security Implications of IPv6,” Internet Security Systems White Paper, documents.iss.net/whitepapers/IPv6.pdf